RSA Key Pair Generator
Generate RSA public/private key pairs for encryption
RSA Key Pair Generator
Generate RSA public/private key pairs for encryption
Recommended for most applications
About RSA Key Pair Generator
Generate cryptographically secure RSA public/private key pairs for encryption, digital signatures, and SSL/TLS certificates. RSA (Rivest-Shamir-Adleman) is one of the most widely used public-key cryptosystems for secure data transmission and authentication.
- Support for 1024, 2048, 3072, and 4096-bit key sizes
- PKCS#1 and PKCS#8 format compatibility
- PEM and DER encoding options
- OpenSSL-compatible key generation
- Secure random number generation
How to Use RSA Key Pair Generator
- Select Key Size - Choose bit length (1024, 2048, 3072, or 4096 bits)
- Choose Format - Select PEM or DER encoding format
- Generate Keys - Create cryptographically secure key pair
- Download Keys - Save private and public keys securely
- Verify Keys - Test encryption/decryption functionality
Frequently Asked Questions
How to generate an RSA key pair?
Use utilAZ's online generator: select your key size (2048 or 4096 bit), choose PEM or DER format, and click Generate. Alternatively use OpenSSL: openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048 then extract the public key with openssl rsa -pubout -in private.pem -out public.pem.
What is an RSA key pair used for?
RSA key pairs are used for asymmetric encryption (encrypt with public key, decrypt with private key), digital signatures (sign with private key, verify with public key), SSL/TLS certificates, SSH authentication, JWT signing, S/MIME email encryption, and code signing.
Difference between public and private key RSA?
The public key (n, e) can be freely shared and is used to encrypt data or verify signatures. The private key (n, d) must be kept secret and is used to decrypt data or create signatures. They are mathematically linked -- data encrypted with one can only be decrypted with the other.
How to encrypt with RSA public key?
In practice, RSA encrypts a symmetric AES key (hybrid encryption) rather than raw data due to size limits. Use OAEP padding (not PKCS#1 v1.5) for security. In OpenSSL: openssl pkeyutl -encrypt -pubin -inkey public.pem -in plaintext.bin -out cipher.bin -pkeyopt rsa_padding_mode:oaep.
RSA 2048 vs 4096 which is better?
RSA-2048 is the current industry standard, sufficient for most use cases through ~2030. RSA-4096 doubles the security margin and is recommended for long-lived keys, government/military use, or post-quantum preparedness. The tradeoff: 4096-bit keys are ~4-8x slower for signing and ~30x slower for generation.
How to password protect an RSA private key?
Use OpenSSL: openssl rsa -aes256 -in private.pem -out private_enc.pem which wraps the key with AES-256-CBC encryption. For PKCS#8 format: openssl pkcs8 -topk8 -v2 aes-256-cbc -in private.pem -out private_pkcs8.pem. Always use a strong passphrase of 16+ characters.
Common Use Cases
- SSL/TLS certificate generation
- SSH key authentication
- Code signing certificates
- Email encryption (S/MIME)
- VPN authentication
- API authentication tokens
- File encryption/decryption
- Digital signature verification
Technical Details
RSA Algorithm Specifications:
- Key Generation: Uses strong prime number generation with Miller-Rabin primality testing
- Public Exponent: Commonly 65537 (0x10001) for optimal security-performance balance
- Padding Schemes: PKCS#1 v1.5, PKCS#1 v2.0 (OAEP), and PSS for signatures
- Hash Functions: Compatible with SHA-256, SHA-384, SHA-512
- Standards Compliance: FIPS 186-4, RFC 3447 (PKCS#1 v2.1)
Key Size and Security Levels
| Key Size | Security Level | Status | Recommended Use |
|---|---|---|---|
| 1024-bit | ~80 bits | Deprecated | Legacy systems only |
| 2048-bit | ~112 bits | Standard | General purpose use |
| 3072-bit | ~128 bits | Enhanced | High security requirements |
| 4096-bit | ~152 bits | Maximum | Long-term security |
How RSA Key Generation Works
RSA key pairs are generated by selecting two large prime numbers, computing their product (the modulus), and deriving a public exponent (commonly 65537) and a corresponding private exponent. The security of RSA depends on the difficulty of factoring the modulus back into its prime components.
Quick Examples
# Python
from cryptography.hazmat.primitives.asymmetric import rsa
key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
// Node.js
const { generateKeyPairSync } = require('crypto');
const { publicKey, privateKey } = generateKeyPairSync('rsa', {
modulusLength: 2048
});The tool above handles key generation entirely in your browser using the Web Crypto API, so your private key is never transmitted over the network. You can export keys in PEM or JWK format for use in TLS certificates, SSH authentication, JWT signing, and more.