RSA Key Generator & Encryption

Generate RSA keys, encrypt with public keys, and verify signatures

Safety note: Keys are generated locally in your browser. Keep private keys secure and never share them publicly.

RSA key generation + encryptionGenerate keys, encrypt with a public key, and verify signatures

Step 1

Generate RSA Key Pair

Key usage

Use encryption keys for public key encryption. Use signing keys for public key decrypt (signature verify).

Key size

Public key (PEM)

Private key (PEM)

Keys are generated in your browser. Save them before leaving this page.

Step 2

RSA Public Key Encryption

Encrypt small messages with a public key (RSA-OAEP). For large data, encrypt a short key with RSA and use it to encrypt the file.

Plaintext message

Maximum message size for this key: 190 bytes (RSA-OAEP with SHA-256).

Public key (PEM)

Encrypted output (base64)

Step 3

RSA Private Key Decryption

Encrypted input (base64)Private key (PEM)

Decrypted text

Step 4

Public Key Decrypt (Signature Verify)

RSA "decrypt with public key" usually means verifying a signature. Sign with a private key, then verify with a public key.

Sign message (private key)

Message to signPrivate key (PEM)

Signature (base64)

Verify signature (public key decrypt)

Message to verifySignature (base64)Public key (PEM)

Related Tasks

Use the SHA256 Hash Tool to hash large inputs before signing.
Generate a secure passphrase with the Password Generator.

RSA Encryption Online and Key Generation

This RSA tool helps you generate RSA keys online, encrypt with a public key, decrypt with a private key, and verify signatures (sometimes described as RSA public key decrypt). It is designed for debugging, testing APIs, and validating cryptography workflows.

Common Uses

Generate RSA keys for local testing and development.
Encrypt a short secret or token with a public key.
Decrypt an RSA payload with a private key.
Verify signatures when a system "encrypts" with a private key.

How RSA Public Key Decrypt Works

RSA public key decrypt usually means verifying a signature. A sender signs a message with a private key. Anyone with the public key can verify the signature and confirm the message is authentic and unchanged.

Validation Tips for Developers

Compare results with OpenSSL using the same padding and hash (RSA-OAEP with SHA-256 or PKCS1 v1.5 signing).
Make sure the payload, headers, and exact whitespace match what you are signing or encrypting.
Use known test vectors before wiring the tool into production workflows.

OpenSSL Examples

Use OpenSSL to verify that keys, encryption, and signatures match what this tool produces. The commands below assume you have a PEM public key in public.pem and a private key in private.pem.

Encrypt with a public key (RSA-OAEP)

# Mac / Linux
echo -n "hello" | openssl pkeyutl -encrypt -pubin -inkey public.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 | base64

# Windows PowerShell
"hello" | openssl pkeyutl -encrypt -pubin -inkey public.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 | openssl base64

Decrypt with a private key (RSA-OAEP)

# Mac / Linux
base64 -d encrypted.txt | openssl pkeyutl -decrypt -inkey private.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256

# Windows PowerShell
Get-Content encrypted.txt | openssl base64 -d | openssl pkeyutl -decrypt -inkey private.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256

Sign and verify (RSA-PKCS1 v1.5)

# Mac / Linux (sign)
echo -n "hello" | openssl dgst -sha256 -sign private.pem | base64

# Mac / Linux (verify)
echo -n "hello" | openssl dgst -sha256 -verify public.pem -signature signature.bin

# Windows PowerShell (sign)
"hello" | openssl dgst -sha256 -sign private.pem | openssl base64

# Windows PowerShell (verify)
"hello" | openssl dgst -sha256 -verify public.pem -signature signature.bin

On Windows, the OpenSSL executable is often available through Git for Windows or the OpenSSL installer. Make sure line endings match the exact message you sign or encrypt.

Helpful References