RSA Online Encryptor/Decryptor
Online RSA encryption/decryption tool supporting key generation, public key encryption, private key decryption and digital signature verification with PEM format keys
About RSA Encryption
RSA (Rivest–Shamir–Adleman) is one of the first and most widely used public-key cryptographic systems. Unlike symmetric algorithms (like AES) that use a single key, RSA uses a pair of keys: a public key for encryption and a private key for decryption. This asymmetry allows you to share your public key openly while keeping your private key secret.
RSA's security is based on the mathematical difficulty of factoring large integers (the product of two large prime numbers). It is the cornerstone of SSL/TLS certificates, email encryption (PGP), and secure remote connections (SSH).
Key Features
- Key Generation: Generate secure 1024, 2048, or 4096-bit RSA key pairs in PEM format.
- Encryption: Encrypt messages with a public key that only the private key holder can decrypt and read.
- Decryption: Decrypt received encrypted messages using your private key.
- Digital Signatures: Sign messages with your private key to prove authenticity; anyone can verify the signature with your public key.
- Padding Modes: Supports modern OAEP (most secure) and legacy PKCS#1 v1.5 (compatibility).
- Multiple hash algorithms supported: SHA-1, SHA-256, SHA-384, SHA-512
- Padding mode selection: Supports OAEP (recommended) and PKCS#1 v1.5 (legacy compatibility)
- Multiple format support: Input/output supports text, Base64, Hex and more formats
Use Cases
- Secure Communication: Encrypt sensitive data before transmission
- Digital Signatures: Verify message authenticity and integrity
- Key Exchange: Securely exchange symmetric keys
- Authentication: Verify sender identity
- Software Licensing: Generate and verify licenses
Security Best Practices
- Key Length: Use at least 2048-bit keys. 4096-bit is recommended for long-term security. 1024-bit is no longer secure.
- Padding Mode: Prefer OAEP padding over PKCS#1 v1.5. OAEP effectively prevents "padding oracle" attacks.
- Key Privacy: Never share your private key. Anyone with the private key can read your encrypted messages or impersonate you.
- Hybrid Encryption: RSA is computationally slow and has length limitations. For large files, use RSA to encrypt a random AES key, then use AES to encrypt the file.
- Client-Side Only: This tool runs completely in your browser using the Web Crypto API. Your private key never leaves your device.
Frequently Asked Questions (FAQ)
Is it safe to generate/use RSA keys on this website?
Yes. This tool runs entirely in your browser via JavaScript. No keys or data are sent to our servers. Your private key stays strictly on your device.
What's the difference between public and private keys?
The public key is used to encrypt data and verify signatures, and can be shared publicly. The private key is used to decrypt data and create signatures, and must be kept secret. Only the private key can decrypt content encrypted with the public key.
Why can't I encrypt very long text?
RSA's maximum message length is limited by the key size and padding mode. For a 2048-bit key with OAEP padding, the limit is about 214 bytes. For longer text, use 'hybrid encryption' (encrypt data with AES first, then encrypt the AES key with RSA).
Should I use OAEP or PKCS1 v1.5 padding?
Whenever possible, you should use OAEP. It provides better security. PKCS#1 v1.5 is an old standard vulnerable to padding attacks, typically only used for compatibility with legacy systems.
What key size should I choose (2048 vs 4096)?
2048-bit is the current industry standard and is secure for most purposes. 4096-bit is more secure but much slower to generate and use. 1024-bit is considered insecure and should not be used.
What is PEM format?
PEM (Privacy Enhanced Mail) is a standard format for storing cryptographic keys. It's essentially Base64-encoded ASN.1 data wrapped in headers like -----BEGIN PUBLIC KEY-----.