Choose key size from 1024 to 4096 bits. Generate RSA key pairs, encrypt with public key, decrypt with private key. Includes a comprehensive 2000+ word guide to RSA.
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission. Its security relies on the practical difficulty of factoring the product of two large prime numbers. This guide dives deep into the mathematics, security considerations, and real-world applications of RSA.
In 1977, Ron Rivest, Adi Shamir, and Leonard Adleman at MIT developed the RSA algorithm, which became the first practical implementation of public-key cryptography as proposed by Diffie and Hellman in 1976. The trio's work earned them the Turing Award in 2002. RSA was patented in 1983, and the patent expired in 2000, allowing widespread adoption.
RSA relies on several key concepts from number theory:
To encrypt a message m, it must be represented as an integer in the range [0, n-1]. Long messages are split and often combined with symmetric encryption (hybrid cryptosystem).
The correctness follows from Euler's theorem: me·d ≡ m1+kφ(n) ≡ m (mod n) when m is coprime to n; special cases handle multiples of p or q.
Given the public key (n, e), an attacker wanting to recover the private key d would need to compute φ(n) or factor n into p and q. Factoring a 2048-bit integer is currently infeasible with classical computers. The best known factoring algorithm, the General Number Field Sieve (GNFS), has sub-exponential complexity. For 2048-bit RSA, it is estimated to require millions of years with current technology.
However, RSA is vulnerable to:
The table below compares RSA key sizes with equivalent symmetric key security (as estimated by NIST):
| RSA key size (bits) | Symmetric equivalent (bits) | Security lifetime |
|---|---|---|
| 1024 | 80 | Deprecated (broken by academic efforts) |
| 2048 | 112 | Secure until ~2030 |
| 3072 | 128 | Recommended for long-term security |
| 4096 | 152 | Overkill for most applications; slower |
Larger keys provide more security but require more computational power for encryption/decryption and key generation. For most purposes, 2048 or 3072 bits are recommended.
RSA without padding is deterministic: the same message always produces the same ciphertext, making it vulnerable to chosen-plaintext attacks. Padding adds randomness and structure.
JSEncrypt uses PKCS#1 v1.5 padding by default. For production, prefer OAEP.
RSA encryption is relatively fast (exponentiation with a small public exponent e), but decryption is slower because the private exponent d is large. To speed up decryption, the Chinese Remainder Theorem (CRT) is used, leveraging p and q separately. This makes decryption about 4 times faster. Key generation is the slowest operation because it requires finding large primes.
Because RSA can only encrypt messages up to the key size minus padding overhead (e.g., about 190 bytes for 2048-bit RSA with PKCS#1), it is never used to encrypt bulk data. Instead, a hybrid approach is employed: a random symmetric key (e.g., AES-256) is generated, the data is encrypted with that key, and the symmetric key itself is encrypted with RSA. This combines the efficiency of symmetric cryptography with the convenience of public-key distribution.
Shor's algorithm, when run on a sufficiently large quantum computer, can factor integers and compute discrete logarithms in polynomial time, rendering RSA and ECC obsolete. The cryptographic community is actively developing post-quantum algorithms (e.g., lattice-based, code-based, multivariate). NIST is in the process of standardizing several candidates. For now, RSA remains safe, but long-term secrets should consider future quantum risks.
RSA is a foundational public-key cryptosystem that enabled the modern secure internet. Understanding its mathematical underpinnings, proper use of padding, and appropriate key sizes is essential for any security practitioner. This tool allows you to experiment with different key lengths and observe the resulting PEM formats, ciphertexts, and the importance of using the correct key for decryption.
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...
-----END PUBLIC KEY-----
nmodulus (product of primes)epublic exponent (usually 65537)dprivate exponentp, qlarge prime factorsφ(n)Euler's totient (p-1)(q-1)dP, dQ, qInvCRT parameters (for faster decryption)