CoderTools

RSA Encryption/Decryption Tool

Public key encryption, private key decryption with key generation and digital signing

🔒 100% Local ProcessingYour input data is processed entirely in your browser. It is not uploaded to any server.

What is RSA Encryption?

RSA (Rivest–Shamir–Adleman) is one of the first and most widely used public-key cryptosystems used for secure data transmission. Unlike symmetric algorithms (like AES) which use a single key, RSA uses a pair of keys: a public key for encryption and a private key for decryption. This asymmetry allows you to share your public key openly while keeping your private key secret.

The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the 'factoring problem'. It is a standard for encryption and digital signatures used in SSL/TLS certificates, email encryption (PGP/S/MIME), and secure remote connections (SSH).

Key Features

  • <strong>Key Generation</strong>: Create secure 1024, 2048, or 4096-bit RSA key pairs in PEM format.
  • <strong>Encryption</strong>: Encrypt messages using a Public Key so only the Private Key holder can read them.
  • <strong>Decryption</strong>: Decrypt messages using your Private Key.
  • <strong>Digital Signatures</strong>: Sign messages with a Private Key to prove authenticity; anyone with the Public Key can verify it.
  • <strong>Padding Modes</strong>: Supports modern <strong>OAEP</strong> (optimal for security) and legacy <strong>PKCS#1 v1.5</strong> (compatibility).
  • Multiple hash algorithms: SHA-1, SHA-256, SHA-384, SHA-512
  • Padding mode selection: Supports OAEP (recommended) and PKCS#1 v1.5 (legacy compatibility)
  • Multiple formats: Input/output supports Text, Base64, Hex and more

Key Size Selection

Choosing the right key size is crucial for security and performance:

  • 1024-bit: 1024-bit: Not recommended for new systems, may be cracked within years
  • 2048-bit: 2048-bit: Currently recommended minimum, suitable for most applications
  • 4096-bit: 4096-bit: Provides highest security, but slower encryption/decryption

Padding Mode

This tool supports two RSA padding modes. Choose based on security requirements and compatibility needs:

  • OAEP: Optimal Asymmetric Encryption Padding, provides semantic security and protects against chosen ciphertext attacks. Recommended for new systems.
  • PKCS#1 v1.5: Legacy padding mode with known Bleichenbacher attack vulnerability. Only recommended for compatibility with legacy systems.

Format Options

This tool supports multiple data formats for easy integration with different systems:

  • Text: Direct UTF-8 text input/output, suitable for regular strings
  • Base64: Base64 encoded format, commonly used for network transmission and binary data storage
  • Hex: Hexadecimal format, convenient for viewing and debugging binary data

Use Cases

  • Secure communication: Encrypt sensitive data before transmission
  • Digital signatures: Verify message authenticity and integrity
  • Key exchange: Securely exchange symmetric keys
  • Identity authentication: Verify sender identity
  • Software licensing: Generate and verify licenses

Security Best Practices

  • <strong>Key Size</strong>: Use at least 2048-bit keys. 4096-bit is recommended for long-term security. 1024-bit is no longer considered secure.
  • <strong>Padding</strong>: Always prefer OAEP (Optimal Asymmetric Encryption Padding) over PKCS#1 v1.5. OAEP prevents 'Padding Oracle' attacks.
  • <strong>Key Secrecy</strong>: Never share your Private Key. Anyone with it can read your encrypted messages or impersonate you.
  • <strong>Hybrid Encryption</strong>: RSA calculates slowly and has size limits. For large files, use RSA to encrypt a random AES key, then encrypt the file with AES.
  • <strong>Client-Side Only</strong>: This tool runs entirely in your browser using the Web Crypto API. Your private keys never leave your device.

Technical Limitations

  • <strong>Data Size</strong>: RSA cannot encrypt data larger than its key size minus padding overhead. E.g., 2048-bit RSA with OAEP supports max ~214 bytes.
  • <strong>Performance</strong>: RSA is significantly slower than symmetric encryption (AES). Do not use it for bulk data.
  • <strong>Format</strong>: This tool uses standard PEM format (Base64 with -----BEGIN... headers). Ensure your other tools support this format.

Technical References

Frequently Asked Questions (FAQ)

Is it safe to generate/use RSA keys on this website?

Yes. The tool runs 100% in your browser using JavaScript. No keys or data are sent to our servers. Your private key remains strictly on your device.

What is the difference between Public and Private keys?

The **Public Key** is used to encrypt data and verify signatures; it can be shared publicly. The **Private Key** is used to decrypt data and create signatures; it must be kept secret. Content encrypted with the Public Key can ONLY be decrypted by the Private Key.

Why can't I encrypt a long text string?

RSA has a maximum message length limit based on the key size and padding. For a 2048-bit key using OAEP padding, the limit is about 214 bytes. For longer texts, use 'Hybrid Encryption' (Encrypt the data with AES, then encrypt the AES key with RSA).

Should I use OAEP or PKCS1 v1.5 padding?

You should use **OAEP** whenever possible. It provides better security properties. PKCS#1 v1.5 is a legacy standard susceptible to padding oracle attacks, though it is still needed for compatibility with old systems.

What key size should I choose (2048 vs 4096)?

**2048-bit** is the current industry standard and is secure for most uses. **4096-bit** is more secure but much slower to generate and use. **1024-bit** is insecure and should not be used.

What is PEM format?

PEM (Privacy Enhanced Mail) is the standard format for storing crypto keys. It essentially consists of Base64 encoded ASN.1 data wrapped in headers like `-----BEGIN PUBLIC KEY-----`.

Related Tools

AES Encryption/Decryption

Securely encrypt and decrypt text using AES algorithm

Base64 Encoder/Decoder

Quickly encode and decode Base64 strings, supporting both text and file conversion

SHA Hash Generator

Online SHA hash generator supporting SHA-1, SHA-256, SHA-384, SHA-512 algorithms

MD5/MD4 Hash Generator

Generate MD5 and MD4 hash values for text or files with multiple output formats

JWT Encoder/Decoder

Decode, verify, and generate JSON Web Tokens with support for multiple signing algorithms

Password Generator

Generate strong, secure random passwords with customizable length, character types, strength indicator, and batch generation

Quick Menu

No recent tools