Are the keys generated securely?

Yes. Keys are generated with the browser’s Web Crypto API using a cryptographically secure RNG, entirely on your device.

Are my keys sent anywhere?

No. The private key never leaves your browser.

What format is exported?

Standard PEM (PKCS#8 private key and SPKI public key).

RSA Key Generator

Choose a key size and generate a fresh RSA key pair as PEM — created in your browser with the Web Crypto API and never uploaded.

Files never leave your browser

Key Size

Your private key never leaves your browser — keys are generated locally with the Web Crypto API.

How to use RSA Key Generator

The RSA Key Generator creates a fresh RSA public/private key pair in standard PEM format using the browser's native Web Crypto API. Choose between 2048-bit (fast, widely compatible) and 4096-bit (maximum security) key sizes. The private key is generated and displayed only in your browser and is never transmitted to any server.

Select the key size: 2048-bit for standard use or 4096-bit for maximum security.
Click Generate Key Pair and wait a moment while your browser generates the keys.
Copy the public key PEM and share it with services that need to encrypt data to you or verify your signatures.
Copy the private key PEM and store it securely — never share it.
Use the keys with tools such as openssl, Node.js crypto, or JWT libraries.

Your data never leaves your device — 100% private processing.

RSA key sizes and security levels

RSA security relies on the computational difficulty of factoring large integers. Key size is the primary security parameter: larger keys are harder to factor but slower to generate and use. NIST recommends a minimum of 2048-bit RSA through 2030, with 3072 or 4096-bit for longer-lived keys. A 4096-bit RSA key is not twice as secure as a 2048-bit key — it is roughly equivalent in security margin to an AES-128 key (vs AES-112 for 2048-bit). Generating a 4096-bit key takes several seconds in a browser; 2048-bit is near-instant. For JWT signing and verification in most web applications, 2048-bit RSA or switching to ECDSA (which provides equivalent security with much shorter keys) is the practical recommendation.

RSA key size comparison
Key size	Security level	Generation time	Recommended use
1024-bit	~80 bits	Instant	Deprecated — not secure
2048-bit	~112 bits	Milliseconds	Standard — TLS, JWT, SSH
3072-bit	~128 bits	Seconds	Long-term security requirements
4096-bit	~140 bits	Several seconds	Maximum security, archival keys

PEM format and key encoding

PEM (Privacy Enhanced Mail) is the most widely used format for storing cryptographic objects. A PEM file is a Base64-encoded DER (Distinguished Encoding Rules) structure wrapped with header and footer lines like -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----. SPKI (SubjectPublicKeyInfo) is the standard DER structure for public keys as exported by the Web Crypto API; PKCS#8 is the standard for private keys. The same PEM files work with OpenSSL, Node.js crypto, Python cryptography, Java KeyStore, and most other crypto libraries. To use a public key for JWT verification in Node.js: crypto.createPublicKey({ key: pemString, format: 'pem', type: 'spki' }). For SSH, you would further convert SPKI to the ssh-rsa format using ssh-keygen.

Glossary

RSA: Rivest–Shamir–Adleman — an asymmetric cryptographic algorithm based on the difficulty of factoring the product of two large prime numbers.
PEM: Privacy Enhanced Mail format — Base64-encoded DER data with -----BEGIN/END----- header and footer lines.
SPKI: SubjectPublicKeyInfo — the ASN.1 structure for public keys as defined in X.509; the format exported by Web Crypto for public keys.
PKCS#8: A standard syntax for storing private key information, including the algorithm identifier and the private key itself.
Asymmetric cryptography: A cryptographic system using mathematically linked key pairs: data encrypted with the public key can only be decrypted with the private key, and vice versa.

Frequently Asked Questions

Free · No spam

Get weekly tool tips & updates

New tools, power-user tips, and productivity hacks — delivered free every Friday.

No spam, ever. Unsubscribe with one click.

Why use RSA Key Generator?

No installation — use directly from any browser
Handles large inputs without crashing or timeouts
Syntax highlighting and formatted output for readability
Copy to clipboard shortcut for fast workflow integration

Common use cases

Validate and format JSON responses from APIs
Encode/decode Base64 strings during debugging
Generate UUIDs for database seeds or test data
Minify CSS or JavaScript before deployment
Diff two code snippets to spot regressions

Related Developer Tools

HMAC Generator

Generate HMAC signatures with SHA-1, SHA-256, SHA-384, or SHA-512 and a secret key. Uses the Web Crypto API. Free and private.

AES Encrypt / Decrypt

Encrypt and decrypt text with AES-256-GCM and a password. Strong, standards-based encryption in your browser. Free and private.

JWT Decoder

Decode and inspect JSON Web Tokens (JWT) online. View header, payload, and expiry. 100% client-side — your token never leaves your browser.

JSON Formatter & Validator

Format, validate, and minify JSON instantly. Includes syntax highlighting, error detection, and a collapsible tree view — free, private, in-browser.

Regex Tester

Test and debug regular expressions online. See live matches, capture groups, and replace output. Free, private, instant.

Base64 Encoder & Decoder

Encode text or files to Base64, or decode Base64 strings back to text. Fast, free, and runs entirely in your browser.

Explore all Developer Tools.