RSA Key Generator
Generate RSA public and private key pairs with configurable bit length.
- Home
- > Hash & Security >
- RSA Key Generator
Public Key (SPKI PEM)
Private Key (PKCS8 PEM)
What is RSA?
RSA (Rivest–Shamir–Adleman) is an asymmetric encryption algorithm invented in 1977. It uses a public key for encryption and a private key for decryption. The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers.
PEM Format
Keys are output in the standard PEM (Privacy-Enhanced Mail) format:
- Public key:
-----BEGIN PUBLIC KEY-----(SPKI format) - Private key:
-----BEGIN PRIVATE KEY-----(PKCS8 format)
Choosing the Right Key Size
| Key Size | Security Level | Generation Time | Recommendation |
|---|---|---|---|
| 1024 | Low | < 1 second | Deprecated — not recommended |
| 2048 | Good | 1–5 seconds | Recommended — NIST minimum |
| 4096 | High | 5–30 seconds | High security — slower operations |
Frequently Asked Questions
Is this safe for production keys?
Yes. Key generation uses the Web Crypto API, which is backed by the operating system's cryptographic implementation. Keys are generated locally in your browser and never sent to any server. However, for high-security production environments, consider using dedicated tools like openssl or hardware security modules (HSMs).
What is the difference between SPKI and PKCS8?
SPKI (SubjectPublicKeyInfo) is the standard format for public keys, defined in RFC 5280/X.509. PKCS8 is the standard format for private keys, defined in RFC 5208. Both use PEM encoding with Base64 content and header/footer markers.
Can I use these keys with OpenSSL?
Yes. The PEM output is compatible with OpenSSL, PHP, Python, Node.js, and most cryptographic libraries. You can save the private key to a file and use it with commands like openssl rsa -in private.pem -pubout.
Why does generation take so long for 4096-bit keys?
RSA key generation requires finding two large prime numbers. The browser's Web Crypto API performs this search using probabilistic primality tests. Larger keys require more iterations of the Miller–Rabin test for the same confidence level, and the prime candidates are larger, making the search slower. A 4096-bit key can take 10–30 seconds in the browser.
