What Is RSA?
RSA (named after Rivest, Shamir, and Adleman, who published the algorithm in 1977) is the world's most widely used asymmetric encryption algorithm. Unlike symmetric encryption (one key for both encryption and decryption), RSA uses a mathematically linked key pair: a public key and a private key.
The fundamental property: what one key encrypts, only the other key can decrypt. This asymmetry enables secure communication between parties who have never met and shared a secret.
The Mathematics Behind RSA (Simplified)
RSA security is based on the integer factorization problem: multiplying two large prime numbers is computationally trivial, but factoring the result back into its prime factors is practically impossible for large enough numbers.
- Choose two large random primes: p = 61, q = 53 (in practice, 1024+ digit numbers)
- Compute n = p × q = 3233 (the modulus, shared publicly)
- Compute φ(n) = (p-1)(q-1) = 3120 (Euler's totient)
- Choose e such that gcd(e, φ(n)) = 1 — public exponent (commonly 65537)
- Compute d = e⁻¹ mod φ(n) — private exponent
- Public key: (e, n) = (17, 3233)
- Private key: (d, n) = (2753, 3233)
The private key's d value requires knowing p and q, which cannot be efficiently recovered from n.
Key Operations
Encryption
Encrypt message M with public key: C = M^e mod n Decrypt ciphertext C with private key: M = C^d mod n
Digital Signatures
Sign data D with private key: S = D^d mod n (or hash(D)^d mod n) Verify signature S with public key: D = S^e mod n
This means anyone can verify a signature using the public key, but only the private key holder could have created it.
Key Sizes and Security
| Key Size | Security Level | Use Case |
|---|---|---|
| 512 bit | Broken | Do not use |
| 1024 bit | Weak | Legacy only |
| 2048 bit | ~112-bit security | ✅ Minimum recommended |
| 3072 bit | ~128-bit security | Good for 2030+ |
| 4096 bit | ~140-bit security | High-security systems |
NIST recommends 2048-bit RSA as the minimum through 2030, then 3072+ bit thereafter. The overhead of 4096-bit keys is significant — handshake latency increases measurably for web servers under load.
Common RSA Applications
SSH Authentication
Replace password-based login with key-based authentication:
# Generate RSA key pair
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# Copy public key to server
ssh-copy-id user@server.com
# Connect without password
ssh user@server.com
The public key is stored in ~/.ssh/authorized_keys on the server. The private key never leaves your machine.
HTTPS / TLS
Every HTTPS connection uses asymmetric cryptography (RSA or ECDSA) during the handshake to establish a shared symmetric session key. The website's RSA key pair is embedded in its TLS certificate.
Code Signing
Software publishers sign releases with their private key. Users can verify the signature with the public key to confirm the software hasn't been modified.
JWT (RS256 Algorithm)
JSON Web Tokens can be signed with an RSA private key (RS256). API consumers can verify signatures using the public key, enabling stateless authentication without sharing a secret.
RSA vs ECDSA: The Modern Alternative
Elliptic Curve Cryptography (ECDSA/ECDH) provides equivalent security to RSA with much smaller key sizes:
| Algorithm | Key Size | Security Level |
|---|---|---|
| RSA | 3072 bit | 128-bit |
| ECDSA | 256 bit | 128-bit |
A 256-bit ECDSA key is as secure as a 3072-bit RSA key. For new systems, ECDSA (or Ed25519) is generally preferred due to smaller key sizes, faster computation, and smaller signature sizes.
Public Key Infrastructure (PKI)
RSA keys are typically distributed via certificates following the X.509 standard. A Certificate Authority (CA) signs a certificate binding a public key to an identity (domain name, email address, or person). Browsers and operating systems maintain a list of trusted CAs.
Generating RSA Keys with This Tool
This browser-based tool generates RSA key pairs locally — no keys are transmitted to any server. You can:
- Choose key size (1024, 2048, or 4096 bits)
- Generate a new key pair instantly
- Copy the public and private keys in PEM format for use in your applications
Security note: For production use, always generate private keys on secure, trusted hardware. Browser-generated keys are suitable for learning and testing.
→ Try the RSA Key Pair Generator