RSA Key Pair Generator
Generate RSA public/private key pairs for encryption
RSA Key Pair Generator
Generate RSA public/private key pairs for encryption
About RSA Key Pair Generator
Generate cryptographically secure RSA public/private key pairs for encryption, digital signatures, and SSL/TLS certificates. RSA (Rivest-Shamir-Adleman) is one of the most widely used public-key cryptosystems for secure data transmission and authentication.
- Support for 1024, 2048, 3072, and 4096-bit key sizes
- PKCS#1 and PKCS#8 format compatibility
- PEM and DER encoding options
- OpenSSL-compatible key generation
- Secure random number generation
How to Use RSA Key Pair Generator
- Select Key Size - Choose bit length (1024, 2048, 3072, or 4096 bits)
- Choose Format - Select PEM or DER encoding format
- Generate Keys - Create cryptographically secure key pair
- Download Keys - Save private and public keys securely
- Verify Keys - Test encryption/decryption functionality
Advertisement
Frequently Asked Questions
What is RSA encryption?
RSA is an asymmetric cryptographic algorithm that uses a pair of keys - a public key for encryption and a private key for decryption. It enables secure communication without sharing secret keys beforehand.
What key size should I use?
2048-bit keys are currently the standard for most applications. 1024-bit keys are deprecated due to security concerns. 3072-bit or 4096-bit keys provide higher security but with increased computational overhead.
What's the difference between PEM and DER formats?
PEM (Privacy-Enhanced Mail) is a Base64-encoded format that's human-readable and widely supported. DER (Distinguished Encoding Rules) is a binary format that's more compact but not human-readable.
How should I store my private key?
Private keys should be stored securely with restricted file permissions, encrypted with a passphrase, and backed up safely. Never share private keys or store them in publicly accessible locations.
Can RSA keys be used for both encryption and signing?
Yes, RSA key pairs can be used for both encryption/decryption and digital signing/verification. However, it's considered best practice to use separate key pairs for different purposes.
Common Use Cases
- SSL/TLS certificate generation
- SSH key authentication
- Code signing certificates
- Email encryption (S/MIME)
- VPN authentication
- API authentication tokens
- File encryption/decryption
- Digital signature verification
Sponsored Content
Technical Details
RSA Algorithm Specifications:
- Key Generation: Uses strong prime number generation with Miller-Rabin primality testing
- Public Exponent: Commonly 65537 (0x10001) for optimal security-performance balance
- Padding Schemes: PKCS#1 v1.5, PKCS#1 v2.0 (OAEP), and PSS for signatures
- Hash Functions: Compatible with SHA-256, SHA-384, SHA-512
- Standards Compliance: FIPS 186-4, RFC 3447 (PKCS#1 v2.1)
Key Size and Security Levels
| Key Size | Security Level | Status | Recommended Use |
|---|---|---|---|
| 1024-bit | ~80 bits | Deprecated | Legacy systems only |
| 2048-bit | ~112 bits | Standard | General purpose use |
| 3072-bit | ~128 bits | Enhanced | High security requirements |
| 4096-bit | ~152 bits | Maximum | Long-term security |
Programming Examples
Python (using cryptography library):
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding
def generate_rsa_keypair(key_size=2048):
# Generate private key
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=key_size
)
# Get public key
public_key = private_key.public_key()
# Serialize private key to PEM
private_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
# Serialize public key to PEM
public_pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
return private_pem, public_pem
# Example usage
private_key, public_key = generate_rsa_keypair(2048)
print("Private Key:", private_key.decode()[:100] + "...")
print("Public Key:", public_key.decode()[:100] + "...")
Node.js (using node-forge):
const forge = require('node-forge');
function generateRSAKeyPair(keySize = 2048) {
// Generate key pair
const keypair = forge.pki.rsa.generateKeyPair({
bits: keySize,
e: 0x10001 // 65537
});
// Convert to PEM format
const privateKeyPem = forge.pki.privateKeyToPem(keypair.privateKey);
const publicKeyPem = forge.pki.publicKeyToPem(keypair.publicKey);
return {
privateKey: privateKeyPem,
publicKey: publicKeyPem,
keySize: keySize
};
}
function encryptWithPublicKey(publicKeyPem, message) {
const publicKey = forge.pki.publicKeyFromPem(publicKeyPem);
const encrypted = publicKey.encrypt(message, 'RSA-OAEP');
return forge.util.encode64(encrypted);
}
// Example usage
const keys = generateRSAKeyPair(2048);
console.log('Key pair generated successfully');
console.log('Private key length:', keys.privateKey.length);
console.log('Public key length:', keys.publicKey.length);
Advertisement