What key size should I use for RSA encryption?

2048-bit RSA keys are the current minimum recommended size and suitable for most uses. 4096-bit keys provide additional security margin but are significantly slower. For new applications requiring long-term security, 4096-bit is preferred.

What is the difference between RSA-OAEP and PKCS#1 v1.5?

RSA-OAEP (Optimal Asymmetric Encryption Padding) is the modern secure standard and is recommended for all new applications. PKCS#1 v1.5 is an older padding scheme with known vulnerabilities (Bleichenbacher attack) and should only be used for legacy compatibility.

Are RSA keys generated on the server?

No. All RSA key generation and encryption/decryption runs entirely in your browser using the Web Crypto API. Your keys and data are never sent to any server.

← Back to all tools

RSA Encryption / Decryption

Asymmetric encryption with public/private key pairs. Generate keys and encrypt/decrypt data client-side.

ℹ

RSA is not suitable for large data — it is limited by key size. For large payloads, use AES to encrypt the data and RSA to encrypt the AES key (hybrid encryption).

⚙

Key Pair Generation

RSA

Key Size

Hash Algorithm

Padding Mode

🗝️

Key Pair

Public Key (PEM)

Private Key (PEM)

⚠

Keep your private key secret. Never share it or paste it into untrusted tools.

📝

Encrypt / Decrypt

Plaintext / Ciphertext *

Output

Encrypted / decrypted result will appear here…

⚙️

How RSA Encryption Works

RSA is an asymmetric encryption algorithm that uses a key pair: a public key to encrypt and a private key to decrypt. Anyone can encrypt a message with your public key, but only you can decrypt it with your private key. This makes RSA ideal for secure key exchange and digital signatures.

This tool generates RSA key pairs and performs encryption/decryption using OAEP padding with SHA-256 via the Web Crypto API — the current standard for secure RSA operations. Keys are generated locally in your browser and never transmitted anywhere.

Common use cases

Encrypting small pieces of data like symmetric keys or tokens
Generating RSA key pairs for testing and development
Verifying how RSA encryption and decryption works
Learning public-key cryptography concepts hands-on

PEM

RSA Key and Ciphertext Formats

This RSA tool exports keys as PEM strings, including PUBLIC KEY and PRIVATE KEY headers. Ciphertext is encoded as Base64 so it can be copied into JSON, forms, logs, or another RSA decryption tool.

For best compatibility, use RSA-OAEP with SHA-256 for new tests. Use PKCS#1 v1.5 only when you need to compare against a legacy system that explicitly requires it.

❓

Frequently Asked Questions

What key size should I use?

2048-bit is the minimum recommended key size for RSA. Use 4096-bit for high-security scenarios where long-term data protection is required. Larger keys are more secure but slower to generate and use.

Is RSA safe for large files?

RSA is designed for small data — typically only used to encrypt a symmetric key. For bulk data encryption, use AES. A common hybrid approach is to encrypt your data with AES, then encrypt the AES key with RSA.

Are my keys saved anywhere?

No. Keys are generated entirely in your browser and are never stored or transmitted. You must save your private key manually — losing it means losing access to anything encrypted with the corresponding public key.

What is the difference between a public key and a private key?

The public key can be shared with anyone and is used to encrypt data. Only the matching private key can decrypt what was encrypted with the public key. This asymmetric design means you can receive encrypted messages from anyone without ever sharing a secret.

Why can't RSA encrypt large files?

RSA can only encrypt data smaller than its key size (e.g. ~245 bytes for a 2048-bit key with OAEP). For large data, use a hybrid approach: encrypt the data with AES, then use RSA to encrypt only the AES key. This is how TLS/HTTPS works.

What padding scheme should I use with RSA?

Use RSA-OAEP for all new applications — it is the modern secure standard. Avoid PKCS#1 v1.5 padding which is vulnerable to padding oracle attacks (Bleichenbacher attack). Most browsers support RSA-OAEP natively via the Web Crypto API.