← ← All Tools
中文

🔑 RSA Key Pair Generator

Generate RSA key pairs locally in your browser with WebCrypto API. Supports RSA-OAEP, RSASSA-PKCS1-v1_5, and RSA-PSS algorithms, 2048–4096-bit keys, PEM, PKCS#1, and JWK output — private keys are not uploaded by the tool

All key generation runs locally in your browser via WebCrypto API. Keys are not uploaded by the tool.

Algorithm

RSA-OAEP is for encryption/decryption. PKCS1-v1_5 and PSS are for digital signatures.

Key Size

Hash Algorithm

FAQ

What is the difference between RSA-OAEP, PKCS1-v1_5, and RSA-PSS?

RSA-OAEP is the recommended mode for asymmetric encryption (e.g., encrypting symmetric keys). RSASSA-PKCS1-v1_5 is a classic signature scheme with wide compatibility but known theoretical weaknesses. RSA-PSS is a modern signature scheme with provable security, recommended for new systems.

What key size should I use?

2048-bit is the current minimum security standard, suitable for most use cases. 3072-bit provides a higher security margin for long-term protection. 4096-bit offers maximum security but is slower to generate and use. 1024-bit is no longer secure — use only for testing or legacy compatibility.

What is the difference between PEM, PKCS#1, and JWK?

PEM (PKCS#8/SPKI) is the modern standard with algorithm identifiers, used by OpenSSL 3.x and most modern tools. PKCS#1 is the traditional RSA-specific format (BEGIN RSA PRIVATE KEY), used by older OpenSSL and some legacy systems. JWK (JSON Web Key) is a JSON-based key format commonly used in Web APIs, JWT, and OAuth.

Is it safe to generate keys in the browser?

This tool uses the browser's built-in WebCrypto API, maintained and audited by browser vendors. Keys are generated in local memory and are not uploaded by the tool. However, generating keys on public or shared computers carries risk — use a secure personal device. Always store your private key safely after generation.

More tools you might find useful.

🔐
AES Encrypt/Decrypt
Client-side AES encryption and decryption with GCM, CBC, and CTR modes, PBKDF2 passphrase derivation and raw key input — keys are not uploaded by the tool
🔐
BCrypt Hash Generator & Verifier
Client-side BCrypt password hash toolkit with three tabs: Generate (cost 4-15, $2a/$2b/$2y version selector, 3 output formats), Verify (auto-parses cost/version with OWASP guidance), and Inspect (dissect any bcrypt hash into prefix/cost/salt/hash). Real-time 72-byte truncation warning, progress bar, cancel button, and mobile-friendly chip controls.
🔐
DES / 3DES Encrypt & Decrypt
Client-side DES and 3DES (2-key/3-key) encryption & decryption with zero dependencies. Supports five modes (ECB/CBC/CFB/OFB/CTR) and five padding schemes (PKCS#7/Zero/ANSI X.923/ISO 10126/No Padding). Independent encoding switchers for Key/IV/Input/Output (Hex/UTF-8/Base64), real-time byte-length hints, built-in NIST test vectors, persistent deprecation banner (DES 2005, 3DES Jan 2024), and K1/K2/K3 key visualization. For education and legacy interop only — keys and plaintext are not uploaded by the tool.
#️⃣
Hash Generator
MD5 & SHA Hash Calculator
🔐
HMAC Calculator
Client-side HMAC calculator with SHA-1/256/384/512, UTF-8/Hex/Base64 key formats, text & file input, and HMAC verification

Free online RSA key pair generator — client-side with WebCrypto API. Supports RSA-OAEP (encryption), RSASSA-PKCS1-v1_5 (signing), and RSA-PSS (signing) algorithms with 2048, 3072, and 4096-bit key sizes and SHA-256/384/512 hash. Outputs PEM (PKCS#8/SPKI), PKCS#1 (traditional RSA), and JWK formats. Auto-computes SHA-256 public key fingerprint. One-click copy and .pem download. Private keys are not uploaded by the tool.