Tools

RSA Encryption and Decryption Online

Encrypt with a public key and decrypt with the matching private key. Key generation runs in the browser and nothing leaves your device.

Scheme

Public Key (PEM)

Plaintext

Base64 Ciphertext

Usage Notes

RSA-OAEP is recommended for new applications.
PKCS1v1.5 is supported for legacy compatibility.
RSA can only encrypt small messages (limited by key size minus padding).
For large data, use RSA to encrypt a symmetric key (hybrid encryption).
Key generation runs entirely in your browser.

Loading RSA Cipher...

Encrypt text with a public RSA key and decrypt with a private RSA key. Generate 2048-bit key pairs in your browser. Supports RSA-OAEP and PKCS1v1.5 padding schemes.

What is RSA-CIPHER?

RSA (Rivest-Shamir-Adleman) is the most widely deployed asymmetric (public-key) encryption algorithm, published in 1977. RSA relies on the mathematical difficulty of factoring the product of two large prime numbers. A key pair consists of a public key (shared openly) and a private key (kept secret). Anyone with the public key can encrypt data; only the private key holder can decrypt it. RSA is used in TLS certificates, SSH key authentication, PGP email encryption, code signing, and digital signatures.

Example

Input:

Mode: Encrypt
Scheme: RSA-OAEP
Public key: (PEM format)
Plaintext: Hello World

Output:

Base64 ciphertext: abc123...== (varies by key pair)

FAQ

What is the difference between RSA-OAEP and PKCS1v1.5?
PKCS1v1.5 is the older RSA padding scheme (from 1993) and is vulnerable to padding oracle attacks (Bleichenbacher attack). RSA-OAEP (Optimal Asymmetric Encryption Padding) was introduced in 1994 and is secure against chosen-ciphertext attacks. Use RSA-OAEP for all new applications. PKCS1v1.5 is supported here only for legacy compatibility.
What key size should I use?
The tool generates 2048-bit keys, which provides approximately 112 bits of security and is the current minimum recommended by NIST. For long-term security (data that must remain secret beyond 2030), use 3072-bit or 4096-bit keys. Keys smaller than 2048 bits should not be used.
How large a message can RSA encrypt?
RSA can only encrypt data smaller than the key size. For a 2048-bit key with OAEP padding, the maximum plaintext is 214 bytes. For longer messages, the standard practice is hybrid encryption: generate a random AES key, encrypt the data with AES, and encrypt the AES key with RSA.
Is it safe to generate keys in the browser?
Yes. The key generation uses node-forge which relies on the browser's cryptographically secure pseudorandom number generator (CSPRNG). Generated keys are never transmitted anywhere. However, for production use, generate keys using dedicated tools like OpenSSL and protect private keys with hardware security modules or encrypted key stores.
What format are the keys in?
Keys are in PEM (Privacy Enhanced Mail) format, which is Base64-encoded DER wrapped between -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- markers (or PRIVATE KEY for private keys). This is the standard format used by OpenSSL, SSH, TLS certificates, and most cryptography software.