RSA Encrypt Decrypt & Key Generator Online

Generate/import RSA keys, encrypt/decrypt large files (RSA-OAEP + AES-GCM hybrid), sign/verify (RSA-PSS). Runs entirely in your browser.

Mode:

Characters: 0

Result will appear here…

Sign / Verify (RSA-PSS, SHA-256)

Signature appears in output (base64)

Security Notes

  • Hybrid mode (RSA-OAEP wrapping AES-GCM) is recommended for messages/files of arbitrary length.
  • RSA direct encryption is only for very small messages. Use OAEP padding.
  • Sign/Verify uses RSA-PSS with SHA-256 (recommended).
  • Everything runs client-side. Never paste private keys on untrusted machines.

How RSA Encryption Works

RSA Algorithm Overview

RSA is an asymmetric cryptographic algorithm that uses a pair of keys: a public key for encryption and a private key for decryption. The security of RSA relies on the mathematical difficulty of factoring large prime numbers.

Hybrid Encryption (Recommended)

Since RSA can only encrypt small amounts of data directly, hybrid encryption combines RSA with symmetric encryption:

  • Generate a random AES-256-GCM key
  • Encrypt your data with AES-GCM (fast, handles large files)
  • Encrypt the AES key with RSA-OAEP (secure key exchange)
  • Combine both encrypted parts into a single payload

Digital Signatures

Digital signatures provide authentication and non-repudiation. This tool uses RSA-PSS (Probabilistic Signature Scheme) with SHA-256 hashing, which is more secure than traditional PKCS#1 v1.5 signatures.

Key Sizes and Security

  • 2048 bits: Current minimum recommendation, suitable for most applications
  • 3072 bits: Enhanced security, equivalent to 128-bit symmetric encryption
  • 4096 bits: High security for long-term protection, slower performance

Common Use Cases

Secure File Sharing

Encrypt sensitive documents, images, or any files before sharing them via email or cloud storage.

Message Encryption

Encrypt confidential messages that only the intended recipient can read.

Document Signing

Create digital signatures to verify document authenticity and integrity.

API Security

Generate key pairs for API authentication and secure data exchange.

Security Best Practices

Keep Private Keys Secure: Never share your private key. Store it in a secure location and consider using password protection for long-term storage.
Use Hybrid Encryption: Always use hybrid mode for files or messages larger than a few bytes. Direct RSA encryption is limited and slower.
Verify Recipients: Always verify you have the correct public key for your intended recipient before encrypting sensitive data.
Client-Side Security: This tool runs entirely in your browser. No keys or data are sent to external servers, ensuring your privacy.
Regular Key Rotation: For high-security applications, consider generating new key pairs periodically and securely distributing public keys.