Free RSA Key Pair Generator (Web Crypto) | Cryptography Tool

RSA Key Pair Generator (Web Crypto)

Key size (bits)

Generated

✓ Ready to export

🔒 Privacy Protected

Your data is processed locally and never sent to any server.

FAQ

Keywords

rsa key pair generator (web crypto)devlocal processingprivacyfree online tool

How it works

RSA (Rivest–Shamir–Adleman) is the dominant asymmetric cryptographic algorithm, enabling two parties to communicate securely without sharing a secret key in advance. The mathematical foundation is the practical impossibility of factoring the product of two large prime numbers. Key generation, performed here using the browser's Web Crypto API, produces a linked pair: the public key can be freely distributed, while the private key must be kept secret.

**Key size guidance** RSA-2048 meets NIST recommendations through 2030. RSA-3072 is recommended for data requiring 20+ years of confidentiality. RSA-4096 is used in high-assurance PKI roots. Key generation time roughly quadruples with each doubling of key size — a 4096-bit key takes ~4× longer to generate than 2048-bit. The Web Crypto API uses hardware entropy from the operating system (equivalent to /dev/urandom), making the key generation process cryptographically secure.

**RSA-OAEP vs RSA-PSS** RSA-OAEP is used for encryption (encrypting small payloads like AES keys). RSA-PSS is used for digital signatures. Never use raw RSA (textbook RSA) — it is deterministic and malleable. PKCS#1 v1.5 padding for encryption is also deprecated due to Bleichenbacher padding oracle attacks; OAEP is the correct choice.

**PEM format** The output is PEM (Privacy Enhanced Mail) — base64-encoded DER bytes wrapped in -----BEGIN PUBLIC KEY----- / -----BEGIN PRIVATE KEY----- headers. PEM is accepted by OpenSSL, Node.js crypto module, Python's cryptography library, and most TLS/PKI tooling.

Frequently Asked Questions

What RSA key size should I use?

RSA-2048 is the current NIST minimum, recommended through 2030. RSA-3072 is recommended for data needing 20+ years of confidentiality. RSA-4096 is used for high-assurance PKI roots. Key generation time roughly quadruples per doubling of key size — a 4096-bit key takes ~4× longer than 2048-bit. For most web applications and API authentication, RSA-2048 provides adequate security at reasonable performance.

What is the difference between RSA-OAEP and RSA-PSS?

RSA-OAEP is an encryption scheme — it encrypts small payloads (like an AES session key). RSA-PSS is a signature scheme — it signs data to prove authenticity and non-repudiation. Never use raw textbook RSA or PKCS#1 v1.5 padding for encryption (vulnerable to Bleichenbacher padding oracle attacks). Always use OAEP for encryption and PSS for signing.

Is it safe to generate RSA keys in a browser?

Yes, when using the Web Crypto API. The browser's key generation uses hardware entropy from the OS (equivalent to /dev/urandom or CryptGenRandom on Windows) and runs in a C++ cryptographic engine, not JavaScript. The generated private key can optionally be marked non-extractable, meaning it cannot be read back from JavaScript even by the generating page.

What is PEM format?

PEM (Privacy Enhanced Mail) is Base64-encoded DER (Distinguished Encoding Rules) binary data wrapped in -----BEGIN TYPE----- / -----END TYPE----- headers. Types include CERTIFICATE, PRIVATE KEY, PUBLIC KEY, CERTIFICATE REQUEST. PEM is accepted by OpenSSL, Node.js, Python's cryptography library, nginx, Apache, and virtually all TLS/PKI tooling. The base64 is wrapped at 64 characters per line.