RSA Key Pair Generator — Public & Private Keys

Generate RSA public and private key pairs in standard PEM format (PKCS#8). Choose 2048-bit or 4096-bit key size for JWT RS256 signing, SSH authentication, TLS/SSL certificates, and file encryption. Keys are generated in your browser using the Web Crypto API — private keys never leave your machine.

RSA Key Pair Generator: Select a key size (2048 or 4096 bits) and click generate. Download the public and private keys in PEM format. Use them for SSH, TLS certificates, JWT signing, or file encryption.

RSA Key Pair Generator

Generate secure RSA Public and Private keys locally.

Public Key (Shareable)

Private Key (Keep Secret)

Client-Side Security

Keys are generated using the native Web Crypto API in your browser. They never leave your device.

OpenSSL Compatible

Generated keys use standard PEM format (PKCS#1 / PKCS#8) compatible with OpenSSL, SSH, and most servers.

Industry Standard

Use 2048-bit for standard security or 4096-bit for long-term data protection.

Key Takeaways

Generates RSA key pairs in standard PEM format
Supports 2048-bit and 4096-bit key sizes
2048-bit is the minimum recommended for security in 2026
4096-bit provides stronger security but slower operations
Keys are generated in your browser — private key never leaves your machine

What is RSA Key Pair Generator?

RSA Key Pair Generator — An RSA Key Generator is a free tool that creates RSA public/private key pairs in PEM format for use in encryption, digital signatures, and SSH authentication.

Generate RSA public and private key pairs online with this free tool. Create 2048-bit or 4096-bit RSA keys in standard PEM format (PKCS#8) for JWT RS256/RS512 signing, SSH authentication, TLS/SSL certificate generation, S/MIME email encryption, and file encryption. The public key encrypts data and verifies signatures; the private key decrypts data and creates signatures. Both keys are generated entirely in your browser using the Web Crypto API — the private key is never transmitted to any server. Copy or download keys directly for use in Node.js, Python, Java, Go, or OpenSSL workflows.

How to Use RSA Key Pair Generator

1
Select key size: 2048-bit (standard) or 4096-bit (higher security, slower operations).
2
Click Generate to create the RSA key pair in PEM format.
3
Copy the public key for sharing and the private key for secure storage.
4
Use the keys in your JWT signing, SSH config, TLS setup, or encryption workflow.

Key Features

2048-bit and 4096-bit RSA key pair generation

Standard PEM format output (PKCS#8) compatible with OpenSSL

Separate public key (SPKI) and private key (PKCS#8) display

Browser-based generation via Web Crypto API — private key never leaves your device

One-click copy for quick integration into code, configs, and .pem files

Use Cases

Generating RSA keys for JWT RS256 token signing in authentication systems

Creating SSH key pairs for server access and Git authentication

Generating test certificates for TLS/SSL development and staging environments

Testing RSA encryption and decryption across Node.js, Python, and Java implementations

About RSA Key Pair Generator

What RSA Is and Why It's Still Everywhere

RSA (Rivest–Shamir–Adleman, published 1977) is the original practical public-key cryptosystem. Its security comes from the mathematical difficulty of factoring large semi-prime numbers — given n = p × q where p and q are large primes, recovering p and q from n is currently believed to require sub-exponential time. RSA still dominates TLS certificate signing, JWT RS256 tokens, S/MIME email encryption, and SSH keys despite slower competitors emerging. Why it persists: universal library support, decades of cryptanalysis without practical breaks, hardware acceleration in modern CPUs, and a mature ecosystem of PKI tooling.

Key Size Selection

Key size	Security bits	NIST status	Typical use	Relative speed
1024-bit	~80 bits	Deprecated (since 2014)	Legacy only — do not use	Fast
2048-bit	~112 bits	Acceptable through 2030	JWT, TLS, most APIs	Baseline
3072-bit	~128 bits	Recommended for new systems	Long-lived signing keys	~2× slower
4096-bit	~140 bits	High-security future-proofing	Root CAs, long-term archive	~4× slower

Recommendation: 2048-bit is the right default for almost everyone — fast enough for per-request signing, secure through at least 2030. Choose 3072 or 4096 for keys that will be deployed for 10+ years (root CAs, long-lived TLS certs) or where compliance policy demands it.

PKCS#8 vs PKCS#1 vs OpenSSH Format

The tool outputs PKCS#8 (private) and SPKI (public), the modern standards used by every current cryptographic library. The keys begin with:

-----BEGIN PRIVATE KEY----- = PKCS#8 (this tool's output, also openssl genpkey's default)
-----BEGIN RSA PRIVATE KEY----- = PKCS#1 (older openssl genrsa output)
-----BEGIN OPENSSH PRIVATE KEY----- = OpenSSH proprietary, used by ssh-keygen
-----BEGIN PUBLIC KEY----- = SPKI (this tool's public output)
-----BEGIN RSA PUBLIC KEY----- = PKCS#1 public

Convert between formats with OpenSSL: openssl rsa -in pkcs8.pem -traditional -out pkcs1.pem (PKCS#8 → PKCS#1) or ssh-keygen -p -m PEM -f id_rsa (OpenSSH → PEM).

RSA vs Ed25519 / ECDSA — When to Choose Which

Ed25519 (Edwards curve, RFC 8032) is the modern default for SSH keys and is increasingly preferred for new signing applications. A 256-bit Ed25519 key provides ~128 bits of security (equivalent to RSA-3072) with much smaller signatures (64 bytes vs 384 for RSA-3072) and faster operations. ECDSA P-256 is the NIST-approved elliptic-curve alternative, used in TLS 1.3 cipher suites and JWT ES256. When to choose RSA: when interoperating with legacy systems, when you need encryption (RSA-OAEP) in addition to signing, when your platform mandates RSA (some government / banking systems), or when JWT compatibility requires RS256. When to choose Ed25519 / ECDSA: new SSH keys, modern TLS, performance-sensitive signing, embedded devices, anywhere "new green-field" applies.

Production Key Management

Keys generated in any browser tool — including this one — are fine for development, JWT signing in non-critical apps, and learning. For production keys protecting payments, user data, infrastructure access, or compliance-sensitive workloads, use:

Cloud KMS: AWS KMS, Google Cloud KMS, Azure Key Vault — keys never leave the KMS
Hardware Security Modules (HSMs): AWS CloudHSM, YubiHSM, Thales
Secrets managers: HashiCorp Vault, AWS Secrets Manager, Doppler
Never commit private keys to Git. Use git-secrets pre-commit hooks or scan with TruffleHog
Rotate signing keys per your policy — typically every 1–2 years; immediately on suspected compromise
Restrict file permissions for private keys: chmod 600 private.pem

Quantum Computing Caveat

A sufficiently large quantum computer running Shor's algorithm could factor RSA keys in polynomial time, breaking RSA entirely. As of today, no such computer exists, and credible estimates place practical attacks at least 10–15 years away. For high-stakes long-term secrets (intelligence, multi-decade legal documents), the "harvest-now-decrypt-later" risk is real — adversaries could store encrypted RSA traffic today and decrypt it once quantum hardware arrives. NIST has standardized post-quantum algorithms (ML-KEM / Kyber, ML-DSA / Dilithium) that you may want to hybrid-deploy alongside RSA for forward secrecy. For typical web app JWT signing or session keys, RSA-2048 is fine for the foreseeable future.

Frequently Asked Questions

Should I use 2048-bit or 4096-bit RSA keys?: 2048-bit is the minimum recommended by NIST in 2026 and sufficient for most applications. Use 4096-bit for high-security requirements, long-lived certificates, or when compliance policy requires it. 4096-bit keys are ~4x slower for signing operations.
Can I use these RSA keys for JWT signing (RS256)?: Yes. Copy the private key to sign JWTs with RS256, RS384, or RS512 algorithms. Share the public key with services that need to verify the tokens. Standard PEM format works with jsonwebtoken (Node.js), PyJWT (Python), and all major JWT libraries.
Is it safe to generate RSA keys in a browser?: Yes for development and testing. The Web Crypto API provides cryptographically secure key generation. For production keys protecting sensitive data or infrastructure, use dedicated tools like OpenSSL or cloud HSM services.
What is the difference between RSA and Ed25519?: RSA is older and more widely supported. Ed25519 (elliptic curve) is newer, faster, and provides equivalent security with much smaller keys (256-bit vs 2048-bit). Ed25519 is now preferred for SSH keys; RSA remains standard for TLS and JWT.
Why does my private key fail to import in my application?: Common causes: wrong key format (PKCS#1 vs PKCS#8), missing BEGIN/END markers, line break differences (CRLF vs LF), or algorithm mismatch (expecting EC key but getting RSA). Check your library’s expected format.
How should I store RSA private keys in production?: Use a secrets manager (AWS Secrets Manager, HashiCorp Vault, Doppler), cloud KMS (AWS KMS, GCP KMS, Azure Key Vault), or HSM (AWS CloudHSM, YubiHSM). Never commit private keys to Git. For application configs, use environment variables or encrypted config files with restricted file permissions (chmod 600).
Can I use this RSA key for SSH?: Not directly — OpenSSH uses a different key format. Generate the RSA key here, save the PEM private key to a file, then convert: `ssh-keygen -p -m PEM -f your-key.pem` then `ssh-keygen -y -f your-key.pem > your-key.pub` to get the ssh-rsa public key. Easier path: just use `ssh-keygen -t ed25519` directly on your machine for new SSH keys.
Is 2048-bit RSA still safe in 2026?: Yes. NIST SP 800-57 marks 2048-bit RSA as acceptable through 2030. There is no known practical attack faster than the General Number Field Sieve, which would take billions of CPU-years for a 2048-bit key. For keys with a planned lifetime past 2030, upgrade to 3072-bit.
What's the public exponent and why is it always 65537?: The public exponent (e) is part of the public key used during encryption and signature verification. F4 = 2^16 + 1 = 65537 is the universal standard because: it's prime (required for RSA), it has only two set bits making encryption/verification very fast, and it's large enough to avoid certain low-exponent attacks. The tool always uses 65537. Custom exponents like 3 are dangerous (Bleichenbacher's attack); never use them.
Why does my generated private key start with 'BEGIN PRIVATE KEY' instead of 'BEGIN RSA PRIVATE KEY'?: Because the tool outputs PKCS#8 format (the modern standard), not PKCS#1 (the older format). Most current libraries accept both. To convert PKCS#8 to PKCS#1: `openssl rsa -in private.pem -traditional -out private-pkcs1.pem`. The OpenSSL `-traditional` flag forces the older PKCS#1 format.
Can I use this for JWT signing with jose / jsonwebtoken?: Yes — directly. Copy the private key (in PKCS#8 PEM) and use it with jsonwebtoken `jwt.sign(payload, privateKey, { algorithm: 'RS256' })` or jose `new SignJWT(payload).setProtectedHeader({alg: 'RS256'}).sign(privateKeyObject)`. Share the public key with services that need to verify. PyJWT and jose-jwt in Python accept the same format with `jwt.encode(payload, private_key, algorithm='RS256')`.

Loading your tools...

RSA Key Pair Generator — Public & Private Keys

Key size

Security bits

NIST status

Typical use

Relative speed

1024-bit

~80 bits

Deprecated (since 2014)

Legacy only — do not use

Fast

2048-bit

~112 bits

Acceptable through 2030

JWT, TLS, most APIs

Baseline

3072-bit

~128 bits

Recommended for new systems

Long-lived signing keys

~2× slower

4096-bit

~140 bits

High-security future-proofing

Root CAs, long-term archive

~4× slower

Frequently Asked Questions

Should I use 2048-bit or 4096-bit RSA keys?

2048-bit is the minimum recommended by NIST in 2026 and sufficient for most applications. Use 4096-bit for high-security requirements, long-lived certificates, or when compliance policy requires it. 4096-bit keys are ~4x slower for signing operations.

Can I use these RSA keys for JWT signing (RS256)?

Yes. Copy the private key to sign JWTs with RS256, RS384, or RS512 algorithms. Share the public key with services that need to verify the tokens. Standard PEM format works with jsonwebtoken (Node.js), PyJWT (Python), and all major JWT libraries.

Is it safe to generate RSA keys in a browser?

Yes for development and testing. The Web Crypto API provides cryptographically secure key generation. For production keys protecting sensitive data or infrastructure, use dedicated tools like OpenSSL or cloud HSM services.

What is the difference between RSA and Ed25519?

RSA is older and more widely supported. Ed25519 (elliptic curve) is newer, faster, and provides equivalent security with much smaller keys (256-bit vs 2048-bit). Ed25519 is now preferred for SSH keys; RSA remains standard for TLS and JWT.

Why does my private key fail to import in my application?

Common causes: wrong key format (PKCS#1 vs PKCS#8), missing BEGIN/END markers, line break differences (CRLF vs LF), or algorithm mismatch (expecting EC key but getting RSA). Check your library’s expected format.

How should I store RSA private keys in production?

Use a secrets manager (AWS Secrets Manager, HashiCorp Vault, Doppler), cloud KMS (AWS KMS, GCP KMS, Azure Key Vault), or HSM (AWS CloudHSM, YubiHSM). Never commit private keys to Git. For application configs, use environment variables or encrypted config files with restricted file permissions (chmod 600).

Can I use this RSA key for SSH?

Not directly — OpenSSH uses a different key format. Generate the RSA key here, save the PEM private key to a file, then convert: `ssh-keygen -p -m PEM -f your-key.pem` then `ssh-keygen -y -f your-key.pem > your-key.pub` to get the ssh-rsa public key. Easier path: just use `ssh-keygen -t ed25519` directly on your machine for new SSH keys.

Is 2048-bit RSA still safe in 2026?

Yes. NIST SP 800-57 marks 2048-bit RSA as acceptable through 2030. There is no known practical attack faster than the General Number Field Sieve, which would take billions of CPU-years for a 2048-bit key. For keys with a planned lifetime past 2030, upgrade to 3072-bit.

What's the public exponent and why is it always 65537?

The public exponent (e) is part of the public key used during encryption and signature verification. F4 = 2^16 + 1 = 65537 is the universal standard because: it's prime (required for RSA), it has only two set bits making encryption/verification very fast, and it's large enough to avoid certain low-exponent attacks. The tool always uses 65537. Custom exponents like 3 are dangerous (Bleichenbacher's attack); never use them.

Why does my generated private key start with 'BEGIN PRIVATE KEY' instead of 'BEGIN RSA PRIVATE KEY'?

Because the tool outputs PKCS#8 format (the modern standard), not PKCS#1 (the older format). Most current libraries accept both. To convert PKCS#8 to PKCS#1: `openssl rsa -in private.pem -traditional -out private-pkcs1.pem`. The OpenSSL `-traditional` flag forces the older PKCS#1 format.

Can I use this for JWT signing with jose / jsonwebtoken?

Yes — directly. Copy the private key (in PKCS#8 PEM) and use it with jsonwebtoken `jwt.sign(payload, privateKey, { algorithm: 'RS256' })` or jose `new SignJWT(payload).setProtectedHeader({alg: 'RS256'}).sign(privateKeyObject)`. Share the public key with services that need to verify. PyJWT and jose-jwt in Python accept the same format with `jwt.encode(payload, private_key, algorithm='RS256')`.

Tools

Finance

AI

Media

Marketing

More

RSA Key Pair Generator — Public & Private Keys

Key Takeaways

What is RSA Key Pair Generator?

How to Use RSA Key Pair Generator

Key Features

Use Cases

About RSA Key Pair Generator

What RSA Is and Why It's Still Everywhere

Key Size Selection

PKCS#8 vs PKCS#1 vs OpenSSH Format

RSA vs Ed25519 / ECDSA — When to Choose Which

Production Key Management

Quantum Computing Caveat

Frequently Asked Questions

RSA Key Pair Generator — Public & Private Keys

Key Takeaways

What is RSA Key Pair Generator?

How to Use RSA Key Pair Generator

Key Features

Use Cases

About RSA Key Pair Generator

What RSA Is and Why It's Still Everywhere

Key Size Selection

PKCS#8 vs PKCS#1 vs OpenSSH Format

RSA vs Ed25519 / ECDSA — When to Choose Which

Production Key Management

Quantum Computing Caveat

Frequently Asked Questions