RSA Key Generator
Generate RSA public/private key pairs in PEM format — runs entirely in your browser
2048-bit is the minimum recommended for production. 4096-bit takes longer but provides a larger security margin.
All key generation happens entirely in your browser using the Web Crypto API. No keys are transmitted to any server.
You’re setting up SSH access to a server and need a key pair. Or you’re implementing a JWT signing workflow and need RSA keys. Or you’re testing an HTTPS client that requires a self-signed certificate. In each case, you need an RSA public/private key pair — and you need it now, without installing OpenSSL or waiting for a DevOps ticket.
What RSA Keys Are and Why They Matter
RSA (Rivest–Shamir–Adleman) is the most widely deployed public-key cryptosystem in the world. It underpins HTTPS certificates, SSH authentication, email signing (PGP/S-MIME), and JWT RS256 signing. RSA works on asymmetric cryptography: two mathematically linked keys where data encrypted with one can only be decrypted by the other.
- Public key: Share freely. Used to encrypt data or verify digital signatures.
- Private key: Never share. Used to decrypt data or create digital signatures.
The security of RSA depends on the computational difficulty of factoring large integers — specifically the product of two large prime numbers used during key generation.
Choosing the Right Key Size
| Key Size | Security Level | Generation Time | Recommended For |
|---|---|---|---|
| 1024-bit | Insufficient | < 100ms | Legacy compatibility only |
| 2048-bit | Adequate | 100–500ms | General production use (minimum) |
| 4096-bit | High | 500ms–5s | High-value secrets, long-lived certificates |
NIST recommends a minimum of 2048-bit RSA keys through at least 2030. For new systems, 2048-bit is the pragmatic choice: it provides adequate security against all practical attacks while remaining interoperable with all current software. Use 4096-bit when you’re protecting long-lived secrets or sensitive cryptographic material.
Do not use 1024-bit RSA for new systems. NIST deprecated 1024-bit in 2010, and academic research has shown it to be within reach of well-funded adversaries.
PEM Format Explained
The keys this tool generates use PEM (Privacy Enhanced Mail) format — the most widely accepted format for RSA keys:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...
-----END PUBLIC KEY----------BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEA...
-----END PRIVATE KEY-----The content between the headers is Base64-encoded DER (Distinguished Encoding Rules) binary data. PEM files can be loaded directly into OpenSSL, Node.js, Python’s cryptography library, Java’s JSSE, Go’s crypto/rsa package, and virtually every other cryptographic library.
Key formats:
- SPKI (Subject Public Key Info): The standard format for public keys, used in X.509 certificates and TLS.
- PKCS#8: The standard format for private keys, unencrypted. For production storage, encrypt PKCS#8 keys with a passphrase using
openssl pkcs8.
Using RSA Keys with OpenSSL
# Generate a 2048-bit RSA key pair with OpenSSL
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -pubout -out public.pem
# Encrypt a file with the public key
openssl pkeyutl -encrypt -inkey public.pem -pubin -in plaintext.txt -out encrypted.bin
# Decrypt with the private key
openssl pkeyutl -decrypt -inkey private.pem -in encrypted.bin -out decrypted.txt
# Verify a key pair matches (public key fingerprint must match)
openssl rsa -in private.pem -pubout | openssl md5
openssl md5 public.pemUsing RSA Keys in Node.js
const { generateKeyPairSync, privateEncrypt, publicDecrypt } = require('crypto');
// Generate key pair
const { publicKey, privateKey } = generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
});
// Encrypt with public key
const encrypted = publicEncrypt(publicKey, Buffer.from('Hello, RSA!'));
// Decrypt with private key
const decrypted = privateDecrypt(privateKey, encrypted);
console.log(decrypted.toString()); // 'Hello, RSA!'// JWT signing with RS256 (using jsonwebtoken)
const jwt = require('jsonwebtoken');
const token = jwt.sign({ userId: 123, role: 'admin' }, privateKey, {
algorithm: 'RS256',
expiresIn: '1h',
});
const payload = jwt.verify(token, publicKey, { algorithms: ['RS256'] });Using RSA Keys in Python
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes, serialization
# Generate key pair
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
)
public_key = private_key.public_key()
# Encrypt with public key
ciphertext = public_key.encrypt(
b"Hello, RSA!",
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None,
),
)
# Decrypt with private key
plaintext = private_key.decrypt(
ciphertext,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None,
),
)SSH Authentication with RSA Keys
RSA keys are commonly used for SSH authentication. The process differs from PEM encryption — SSH uses its own key format:
# Generate SSH key pair (creates id_rsa and id_rsa.pub)
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# Add public key to server's authorized_keys
ssh-copy-id user@server
# Connect using the private key
ssh -i ~/.ssh/id_rsa user@serverNote: Modern SSH best practice prefers Ed25519 keys (ssh-keygen -t ed25519) over RSA for new systems, as Ed25519 provides equivalent security with much shorter keys and faster operations.
RSA vs. Other Asymmetric Algorithms
| Algorithm | Key Size | Security | Speed | Use Case |
|---|---|---|---|---|
| RSA-2048 | 2048 bits | Good | Moderate | Widely compatible |
| RSA-4096 | 4096 bits | Strong | Slow | High-value secrets |
| ECDSA P-256 | 256 bits | Strong | Fast | Modern TLS, JWT |
| Ed25519 | 256 bits | Strong | Very fast | SSH, signatures |
For new systems where compatibility with legacy software is not required, ECDSA or Ed25519 provide equivalent or better security with significantly shorter keys.
Security Considerations
Key storage: Private keys should be stored encrypted at rest. Use openssl pkcs8 -topk8 -v2 aes256 to add passphrase protection. Never commit private keys to version control.
Key rotation: RSA keys should be rotated periodically — annually for certificates, every 2–3 years for SSH keys.
Randomness quality: This tool uses crypto.subtle.generateKey(), which relies on the browser’s cryptographically secure random number generator (CSPRNG). Modern browsers use OS-level entropy sources (e.g., /dev/urandom on Linux, CryptGenRandom on Windows) that are suitable for cryptographic key generation.
Frequently Asked Questions
Is it safe to generate RSA keys in the browser?
Yes. The Web Crypto API (crypto.subtle.generateKey) uses the same cryptographically secure randomness as native tools. Keys are generated entirely in your browser and never leave your device.
What is the public exponent 65537? 65537 (0x10001) is the standard public exponent for RSA. It’s a prime number (2^16 + 1) chosen for efficiency: it has only two set bits, making modular exponentiation fast. Using 65537 does not weaken security.
Can I use these keys for HTTPS certificates? Not directly. HTTPS certificates require a Certificate Signing Request (CSR) signed by a Certificate Authority. The private key this tool generates can be used as the basis for a CSR, but you’ll need OpenSSL to generate the CSR itself.
What’s the difference between PKCS#1 and PKCS#8 private key format?
PKCS#1 (-----BEGIN RSA PRIVATE KEY-----) is RSA-specific. PKCS#8 (-----BEGIN PRIVATE KEY-----) is algorithm-agnostic and is the modern standard. This tool outputs PKCS#8, which is compatible with all major libraries.
How do I add a passphrase to protect my private key?
Use OpenSSL: openssl pkcs8 -topk8 -v2 aes256 -in private.pem -out private_encrypted.pem. You’ll be prompted to set a passphrase.