RSA Key Pair Generator Online

RSA(Rivest-Shamir-Adleman) is an asymmetric encryption technique that uses RSA key pair as public and private keys to perform the encryption and decryption.

Here is the other free tool to perform RSA encryption and decryption for free.

Below is an online tool to generate RSA key pairs. It generates public and private keys online with different key sizes such as 512, 1024, 2048, 3072, and 4096 bits.

Generate RSA Key Pair Online


Public Key(X.509 Format)

Private Key(PKCS8 Format)

Any private or public key value that you enter, or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen.

This tool provides flexibility for RSA encrypt with a public key as well as private key and vice versa.

If you appreciate this tool, then you can consider donating.

We are thankful for your never ending support.

By default, the private key is generated in PKCS#8 format and the public key is generated in X.509 format.

Usage Guide

Below is the usage guide of this tool.

To generate the RSA key pair, select the RSA key size among 515, 1024, 2048 and 4096 bit and then click on the button to generate the keys for you.

Since 2015, NIST has recommended a minimum of 2048-bit keys for RSA. A 4096-bit key size does provide a reasonable increase in strength over a 2048-bit key size, but the encryption strength doesn't drop off after 2048 bits. There's a significant increase in CPU usage as a result of a 4096-bit key size. Hence, it is recommended to use 2048-bit keys.

Generate RSA Key Pair through OpenSSL

Open a command line shell with openSSL and execute below commands to generate an RSA key pair.

Generate Private Key

You can generate a public and private RSA key pair by running the below command. It generates a 2048-bit private key and outputs it to the private.pem file.

$ openssl genrsa -out private.pem 2048

Export Public Key

Given a private key, you can export its public key and output it to public.pem using below command.

$ openssl rsa -in private.pem -pubout -out public.pem

Next, open the public.pem and ensure that it starts with -----BEGIN PUBLIC KEY-----. This is how we know that this file is the public key of the pair.

Encrypt Data

We can now use this key pair to encrypt and decrypt a file, data.txt.

$ openssl rsautl -encrypt -inkey public.pem -pubin -in data.txt -out data.txt.enc

Decrypt Data

Below command can be used to decrypt RSA encrypted file. Let's use the file encrypted above.

$ openssl rsautl -decrypt -inkey private.pem -in data.txt.enc -out data.txt

Common RSA Terminologies

.key is the private key of the standard PKCS#8 structure. This is generally stored at the server and only accessible by the key owner.

.csr or .req or sometimes .p10 stands for Certificate Signing Request as defined in PKCS#10; This is a request for a certificate authority to sign the contains information such as the public key and common name required by a Certificate Authority to create and sign a certificate for the requester, the encoding could be PEM or DER.

.crt is the certificate produced by the certificate authority that verifies the authenticity of the key. (The key itself is not included.) This is given to other parties, e.g. HTTPS client.

.pem Privacy Enhanced Mail (PEM) files are a type of Public Key Infrastructure (PKI) file used for keys and certificates. It could be any of the above files including a public key, a private key, or both, because a PEM file is not a standard.

.jks stands for Java Key Store. It can be used to store private keys with their certificate chains (root CA, intermediate CA's, leaf certificates or just a single self-signed certificate), certificates of other parties (usually but not necessarily CAs) to form a trust store, or both.