RSA Encryption

Generate RSA key pairs, encrypt/decrypt with RSA-OAEP, and sign/verify with RSA-PSS - via WebCrypto API. PEM format supported.

Key size warning

RSA key sizes below 2048 bits are deprecated. Use 2048 minimum; 4096 for long-term security.

Key Generation

Key size

Hash algorithm

Public key (SPKI/PEM)

Private key (PKCS8/PEM) - keep secret

Encrypt

Public key (PEM) Message

Ciphertext (Base64)

Decrypt

Private key (PEM) Ciphertext (Base64)

Plaintext

Sign

Private key (PEM) Message

Signature (Base64)

Verify

Public key (PEM) Message Signature (Base64)

How it works

RSA-OAEP uses RSA with Optimal Asymmetric Encryption Padding - secure against chosen-ciphertext attacks. Encryption uses the public key; decryption uses the private key.

RSA-PSS uses probabilistic signature padding for signing. Signing uses the private key; verification uses the public key. Both operations run entirely in the browser via the WebCrypto API - keys never leave the browser.

Keys are exported in PEM format: SPKI for public keys, PKCS#8 for private keys.

Security note

RSA encrypts small messages only (limited to key size minus padding). For large data use hybrid encryption: generate an AES key, encrypt data with AES-GCM, encrypt the AES key with RSA-OAEP. Never use RSA-PKCS1v1.5 for new systems - use OAEP only.

View source Report issue