RSA Encryption & Decryption Tool
Online RSA asymmetric encryption with key pair generation, public key encryption, and private key decryption
Encryption Configuration
Key Management
Select Operation
What is RSA Encryption?
RSA (Rivest-Shamir-Adleman) is the world's first widely used asymmetric encryption algorithm, invented in 1977 by three MIT mathematicians: Ron Rivest, Adi Shamir, and Leonard Adleman. Unlike symmetric algorithms like AES, RSA uses a key pair: a public key for encryption and a private key for decryption. The public key can be shared openly while the private key must be kept secret, fundamentally solving the key distribution problem. RSA's security is based on the mathematical difficulty of factoring large integers - multiplying two large primes is easy, but factoring the result back is extremely hard. Keys of 2048 bits or longer are currently recommended, as 1024-bit keys are no longer considered secure. Quantum computing poses a potential threat to RSA, but practical quantum computers don't yet exist. RSA is used in HTTPS/TLS handshakes for key exchange, digital signatures and authentication (SSH, code signing), email encryption (PGP/GPG), and blockchain transaction signing. In practice, RSA typically encrypts symmetric keys (like AES keys), which then encrypt the actual data - this hybrid approach balances security and performance. This tool uses the browser's native Web Crypto API for RSA operations, with all processing done locally.
How to Use
Basic Operations
- Select key size (2048-bit or above recommended)
- Select padding scheme (OAEP recommended for better security)
- Select hash algorithm (SHA-256 recommended)
- Click 'Generate Key Pair' to create public and private keys
- For encryption: paste public key into the public key area, enter plaintext, ciphertext is generated automatically
- For decryption: paste private key into the private key area, enter ciphertext, plaintext is generated automatically
- Copy results or click 'Swap' to exchange input and output
Parameter Guide
Examples
Basic Encryption
Encrypt a message using RSA public key
1. Generate 2048-bit key pair
2. Copy the public key
3. Enter plaintext: Hello, RSA!
4. Select OAEP + SHA-256
5. Output: Base64-encoded ciphertextTypical Workflow
Standard secure communication flow
Sender:
1. Obtain recipient's public key
2. Encrypt message with public key
3. Send ciphertext
Recipient:
1. Decrypt with private key
2. Read original messageUsage Tips
Best practice recommendations
RSA is for small data (like keys)
For large data, use hybrid encryption:
1. RSA encrypts AES key
2. AES encrypts actual data
3. Send RSA ciphertext + AES ciphertextFAQ
What's the difference between RSA and AES?
RSA is an asymmetric algorithm using public key encryption and private key decryption, suitable for key exchange and digital signatures but slower and limited to small data. AES is a symmetric algorithm using the same key for both operations, fast and suitable for large data. In practice, both are combined: RSA exchanges AES keys, then AES encrypts the data.
What key size should I choose?
2048-bit is the current minimum security standard for general use. 3072-bit provides higher security margins for enterprise applications. 4096-bit offers maximum security but noticeably slower performance. NIST recommends 3072-bit or above after 2030. 1024-bit keys are considered insecure and should be avoided.
What's the difference between OAEP and PKCS#1 v1.5?
OAEP (Optimal Asymmetric Encryption Padding) is the recommended scheme with semantic security - same plaintext produces different ciphertexts each time, preventing chosen-ciphertext attacks. PKCS#1 v1.5 is the legacy standard with good compatibility but known vulnerabilities (like Bleichenbacher attacks). New applications should always use OAEP.
How much data can RSA encrypt?
RSA encryption size is limited by key length and padding. For 2048-bit keys with OAEP(SHA-256), maximum plaintext is about 190 bytes. For large data, use hybrid encryption: generate a random session key, encrypt it with RSA, then encrypt actual data with AES or another symmetric algorithm.
What's the difference between public and private keys?
The public key encrypts data and can be shared with anyone. The private key decrypts data and must be kept strictly secret. Data encrypted with the public key can only be decrypted with the corresponding private key (and vice versa for signing). Public keys are stored in SubjectPublicKeyInfo (SPKI) format and private keys in PKCS#8 format, both PEM-encoded.
Is this tool's encryption secure?
This tool uses the browser's native Web Crypto API for RSA encryption, and the algorithm implementation is standards-compliant. However, note that: 1) Browser environments are less secure than dedicated encryption devices; 2) Private keys may be exposed through browser extensions or console; 3) This tool is suitable for learning, testing, and general use - production environments should use professional encryption services. All data processing happens locally in your browser.
Why does decryption fail?
Common reasons for decryption failure: 1) Wrong private key used (must match the public key used for encryption); 2) Incorrect ciphertext format (check if Base64/Hex format matches); 3) Inconsistent padding or hash algorithm; 4) Ciphertext was tampered with or truncated; 5) Incomplete PEM key format (must include header/footer lines). Ensure encryption and decryption use the exact same configuration and key pair.