RSA Key Generator

Generate Your RSA Key Pair

Choose bit size, key usage and format — then generate, copy or download your keys instantly.

Key Configuration NOT GENERATED
Ready to generate keys
Public Key
Private Key — Keep secret!
Key Operations
Ciphertext (Base64)
Decrypted Plaintext
Signature (Base64)
🔒 Security Notes
  • All operations run client-side — your keys never leave this browser tab.
  • Never share or transmit your private key over insecure channels.
  • Use at minimum 2048-bit keys for production; 4096-bit for maximum security.
  • For SSH authentication, copy only the public key to your server's authorized_keys.
  • Store private keys in an encrypted vault or hardware security module (HSM).
Features

Everything You Need for
RSA Cryptography

A complete public-key cryptography toolkit for developers, sysadmins and security researchers.

1024 – 4096-Bit Key Generation

Generate RSA key pairs in any standard size. NIST-recommended 2048-bit for current use; 4096-bit for maximum long-term security. All computed via the native Web Crypto API.

PEM, PKCS8 & OpenSSH Formats

Export public keys as PEM (SPKI) or OpenSSH-compatible format for direct use in authorized_keys. Private keys export as PKCS8 PEM, compatible with OpenSSL, Java, Node.js and Python.

RSA-OAEP Encrypt & Decrypt

Encrypt plaintext messages with the public key using RSA-OAEP with SHA-256. Decrypt ciphertext with the private key. Results are Base64-encoded for easy transmission.

RSA-PSS Sign & Verify

Digitally sign messages using RSASSA-PSS with SHA-256. Verify that a signature was produced by the holder of the corresponding private key with a single click.

Key Inspection & Fingerprint

Paste any RSA PEM key to inspect its format, type and key size. A SHA-256 fingerprint is automatically computed from your public key for identity verification workflows.

100% Client-Side Privacy

Every operation — key generation, encryption, decryption, signing, verification — runs entirely in your browser. No data, key material or messages are ever transmitted to any server.

Process

How the RSA Key Generator Works

Four simple steps to generate production-grade RSA keys in your browser.

Choose Parameters

Select your key size (2048 or 4096-bit recommended), key usage (encrypt/sign) and output formats for both public and private keys.

Generate Key Pair

The browser's Web Crypto API generates two mathematically linked keys using the RSA algorithm with a cryptographically secure random number generator.

Copy or Download

Copy the PEM-encoded public or private key to clipboard, or download them as .pem files ready for use in servers, applications and SSH clients.

Encrypt, Sign & Verify

Use the built-in operations panel to encrypt messages with the public key, decrypt with the private key, create digital signatures, and verify them instantly.

What is RSA Encryption & Why Use an RSA Key Generator?

RSA — named after its inventors Rivest, Shamir and Adleman — is the most widely deployed asymmetric cryptographic algorithm in the world. Published in 1977, it underpins the security of HTTPS/TLS, SSH authentication, email encryption (PGP/S-MIME), digital certificates and countless enterprise security systems. Unlike symmetric ciphers which share a single secret key, RSA uses a mathematically linked key pair: a freely shareable public key and a closely guarded private key.

The public key can safely be distributed to anyone. Senders use it to encrypt data that only the private key holder can decrypt, or to verify digital signatures produced by the private key. The private key must remain secret at all times — it is what decrypts incoming messages and what produces unforgeable digital signatures that prove the sender's identity.

Choosing the right key size is critical. 1024-bit RSA is obsolete and should never be used in new systems. NIST recommends 2048-bit RSA as the minimum for use until at least 2030, while 4096-bit keys provide significantly stronger security suitable for long-lived certificates, root CAs and high-sensitivity applications. Larger keys are computationally slower but provide a far larger security margin against future attacks, including advances in classical and quantum computing.

In SSH (Secure Shell) authentication, RSA is used in the ssh-rsa format. You generate a key pair, place the public key in the server's ~/.ssh/authorized_keys file, and keep the private key locally on your client. This eliminates password-based authentication, removing a major attack vector. Modern SSH clients and servers also support ECDSA and Ed25519, but RSA 4096 remains universally supported and widely trusted.

Best practices when using RSA keys: always generate keys locally in a secure environment; never reuse key pairs across different services; store private keys in encrypted keystores or hardware security modules (HSMs); use passphrase protection on private key files; rotate keys periodically; and revoke any key that may have been compromised immediately. This free RSA Key Generator follows all cryptographic standards, runs entirely in your browser via the Web Crypto API, and never transmits your sensitive key material anywhere.

FAQ

Frequently Asked Questions

Common questions about RSA keys, formats and best practices.

RSA is an asymmetric cryptographic algorithm that uses two mathematically linked keys. The public key encrypts data; only the corresponding private key can decrypt it. Security rests on the computational difficulty of factoring the product of two large prime numbers — a problem that remains infeasible with today's computers for key sizes of 2048 bits or larger.
The RSA public key can be shared openly. Others use it to encrypt data that only you can read, or to verify a signature you produced. The private key must be kept strictly secret. It decrypts incoming ciphertext and creates digital signatures that prove your identity. Losing the private key means losing the ability to decrypt previously encrypted data.
NIST recommends 2048-bit RSA as the minimum for general use through 2030. 4096-bit keys offer significantly greater security margins and are recommended for certificate authorities, long-lived certificates and high-security applications, at the cost of moderately slower operations. 1024-bit keys are obsolete and broken — never use them in new systems.
PEM (Privacy-Enhanced Mail) is a Base64-encoded DER structure wrapped in BEGIN/END header lines — the standard for TLS certificates and most applications. PKCS8 is a standard format for private key information used in Java, Python and OpenSSL. OpenSSH format starts with "ssh-rsa" followed by a Base64-encoded blob and is used in SSH authorized_keys files for server authentication.
Generate a key pair using this tool with the OpenSSH public key format option. Copy the public key and append it to ~/.ssh/authorized_keys on your server. Save the private key locally and set its permissions to 600 (owner read-only). When you SSH into the server, your client automatically uses the private key to authenticate without a password.
Absolutely not. All key generation, encryption, decryption, signing and verification runs entirely in your browser using the Web Crypto API. No key material, plaintext or ciphertext is transmitted to any server. The page can even be saved and run offline. Your keys are generated fresh each time and remain private on your device.
A key fingerprint is a short SHA-256 hash of the public key. It provides a compact, human-verifiable identity for a key — far shorter than the full PEM. SSH clients display fingerprints when you first connect to a new host, allowing you to verify you are connecting to the intended server and not a man-in-the-middle. This tool computes the SHA-256 fingerprint automatically after each generation.
Explore More Tools

Ready to Explore More Free Tools?

Discover our full suite of cryptocurrency, encryption, AI-powered and developer utilities — all free, no sign-up required.

Crypto Tools 100+ AI Tools
⚠ Disclaimer: This tool is provided for educational and development purposes only. "Bitcoin", "SHA-256", "SHA-512" and related names are trademarks or registered trademarks of their respective owners. SEOWebChecker is not affiliated with, endorsed by, or connected to any blockchain network, cryptocurrency project or standards body. No financial or legal advice is implied. Use outputs at your own risk. See our Privacy Policy for data handling details.