Loading your tools...
RSA Key Pair Generator
Generate cryptographically secure RSA Public and Private keys directly in your browser. Compatible with OpenSSL, SSH, and SSL certificates.
RSA Key Pair Generator
Generate secure RSA Public and Private keys locally.
Client-Side Security
Keys are generated using the native Web Crypto API in your browser. They never leave your device.
OpenSSL Compatible
Generated keys use standard PEM format (PKCS#1 / PKCS#8) compatible with OpenSSL, SSH, and most servers.
Industry Standard
Use 2048-bit for standard security or 4096-bit for long-term data protection.
What is RSA Key Generator?
The **RSA Key Generator** is a professional-grade cryptographic tool used to create asymmetric key pairs. It generates a **Private Key** (for signing or decrypting) and a **Public Key** (for verifying or encrypting). This tool uses the robust `Web Crypto API` built into modern browsers to generate keys locally, ensuring your private keys remain private and are never transmitted over the internet.
How to Use RSA Key Generator
1
**Select Key Size**: Choose between 2048-bit (Standard) or 4096-bit (High Security). 1024-bit is available for legacy testing but not recommended.
2
**Generate Keys**: Click 'Generate Keys'. The browser will mathematically compute two prime numbers to create your key pair.
3
**Save Keys**: Copy the PEM formatted keys or download them as `.pem` files.
4
**Usage**: Use the Public Key to encrypt data or verify signatures. Keep the Private Key strictly secret for decrypting data or creating signatures.
Key Features
**High-Bit Security**: Supports industry-standard 2048-bit and ultra-secure 4096-bit key lengths.
**100% Client-Side**: Uses the native `window.crypto` API. No server-side generation means zero risk of network interception.
**Standard PEM Format**: Keys are exported in Base64 PEM format (PKCS#8 for private, SPKI for public), compatible with OpenSSL, Node.js, and Java.
**Instant Export**: One-click download for `public.pem` and `private.pem` files.
**No Dependencies**: Lightweight and fast, requiring no external libraries or downloads.
About RSA Key Generator
Understanding RSA Encryption
**RSA (Rivest–Shamir–Adleman)** is the backbone of internet security. Unlike symmetric encryption (where one password locks and unlocks), RSA is **asymmetric**. It uses two mathematically linked keys:
Public Key
Like a mailbox slot. You share this with everyone. Anyone can use it to encrypt a message to you, but they cannot decrypt it—not even themselves.
Private Key
Like the mailbox key. Only you have it. It is the only thing in the universe that can decrypt messages sent to your Public Key.
Technical Specifications
| Feature | Details |
|---|---|
| Standard | RSASSA-PKCS1-v1_5 / RSA-OAEP |
| Private Key Format | PKCS#8 (PEM encoded) |
| Public Key Format | SPKI (Subject Public Key Info) |
| Exponent | 65537 (0x10001) |
Common Use Cases
SSH Keys
Authenticating with remote servers (e.g., AWS EC2, GitHub) without passwords.
SSL/TLS Certificates
The foundation of HTTPS websites. The private key stays on the server; the public key is in the certificate.
JWT Signing
Signing JSON Web Tokens (RS256) so APIs can verify user identity without shared secrets.
Frequently Asked Questions
Is it safe to generate 4096-bit keys here?
Yes. The generation happens entirely on your device's processor using the Web Crypto API. No data is ever sent to a cloud server. 4096-bit keys take longer to generate but offer superior long-term security.
What is the difference between PKCS#1 and PKCS#8?
PKCS#1 is the older format specifically for RSA keys (Begins with `-----BEGIN RSA PRIVATE KEY-----`). PKCS#8 is the newer, generic standard for identifying private keys of *any* algorithm (Begins with `-----BEGIN PRIVATE KEY-----`). Modern OpenSSL and libraries accept both.
Can I use these keys for GitHub SSH?
Yes. You can save the generated private key to your `~/.ssh/id_rsa` file (set permissions to 600) and add the public key to your GitHub account settings.
Why should I choose 2048 vs 4096 bits?
2048-bit is the current industry standard and is secure until at least 2030. It is faster to encrypt/decrypt. 4096-bit is more secure ('future-proof') but significantly slower and consumes more CPU. Use 4096 for root certificates or high-value Top Secret data.
How do I convert these keys to other formats?
Since these are standard PEM files, you can use OpenSSL. For example, to extract the public key from a private key: `openssl rsa -in private.pem -pubout -out public.pem`.