RSA Key Pair Generator

Generate RSA public and private keys locally

Choose the key size, refresh the pair, and copy PEM output instantly — all in your browser

Last updated: January 24, 2026

CreatorFrank Zhao

Bits:

Public Key

Private Key

Introduction / Overview

The RSA Key Pair Generator creates a public key and a private key for you, using your browser. You can copy them in PEM format and paste them into tools like OpenSSH, JWT libraries, or TLS test setups.

It’s especially useful when you need a quick key pair for development, local testing, demos, or learning — without installing OpenSSL or running shell commands.

Who is this for?

Developers, DevOps engineers, and security-minded users who need RSA keys for SSH, signing, or encrypted messages.

Is it private?

Key generation runs locally in your browser. Still, treat private keys as secrets: don’t paste them into chat apps, issue trackers, or public repos.

If you plan to encrypt or sign text after generating keys, you may also like Encrypt / Decrypt Text and Hash Text for quick sanity checks.

How to Use / Quick Start

1
Choose the key size in Bits.
Common choices are $2048$ or $3072$ .
2
Click the refresh icon to generate a new pair.
You’ll see a new Public key and Private key in PEM format.
3
Copy what you need.
Use the copy icon on the right side of each key box.

Example 1: 2048-bit key

A quick way to reason about size is converting bits to bytes.

\frac{2048}{8} = 256\ \mathrm{bytes}

So the RSA modulus is about $256$ bytes.

Example 2: 4096-bit key

Larger keys can be slower to generate, but the same conversion applies.

\frac{4096}{8} = 512\ \mathrm{bytes}

Expect larger PEM blocks and slower operations.

How to interpret the output

The Public key can be shared. The Private key must stay secret. In most workflows you keep the private key in a secure location and distribute the public key to anyone who needs to verify signatures or encrypt messages to you.

Real-World Examples / Use Cases

SSH key-style experiments

You want to understand how public/private keys work before using OpenSSH.

Input: $bits = 2048$ .

Result: a public key you can distribute and a private key you protect.

JWT signing tests

You need a temporary RSA key pair to test RS256 token signing locally.

Input: $bits = 3072$ .

Tip: use Hash Text to sanity-check encoded payloads.

Signature verification demos

You want to demonstrate that signatures verify with the public key, not the private key.

Input: $bits = 2048$ .

Result: share the public key and show verification in your app.

Generating many test keys

You need multiple independent key pairs for test fixtures.

Tip: refresh to generate a fresh pair each time.

Common Scenarios / When to Use

Local development

Create keys for dev-only configs and local services.

Security demos

Show the relationship between public keys and private keys.

Sharing public keys

Copy and distribute only the public key.

Encrypting small payloads

RSA is often used to protect small secrets (like symmetric keys), not large files.

Rotation practice

Practice key rotation workflows before doing them in production.

Debugging formats

Compare PEM headers and check whether your library expects PKCS#1 or PKCS#8.

When you need to protect passwords or API secrets, avoid “rolling your own crypto”. For password storage, use Bcrypt instead.

Tips & Best Practices

Keep private keys out of logs. If you ever printed a private key into CI logs, assume it’s compromised and rotate it immediately.

Prefer $2048$ or $3072$ for most modern uses.
If generation feels slow, reduce Bits or try again in a fresh tab.
Use a password manager or secret manager to store private keys safely.

RSA is commonly used for key exchange or signatures. For encrypting large text blobs directly, a hybrid approach (RSA + symmetric encryption) is typically faster.

For quick symmetric encryption demos, try Encrypt / Decrypt Text.

Calculation Method / Formula Explanation

RSA key generation is not a simple “calculator formula”, but the core relationships are worth knowing. Conceptually, RSA builds a modulus $n$ from two large primes.

n = p\,q

\varphi(n) = (p-1)(q-1)

e\,d

\equiv

1

\pmod{\varphi(n)}

The generator picks suitable primes and computes the private exponent. The Bits setting mainly controls the approximate size of $n$ .

Related Concepts / Background Info

PEM format

PEM is a text encoding with headers like $\texttt{BEGIN PUBLIC KEY}$ . It’s widely supported, easy to copy, and friendly for configuration files.

Public key fingerprints

Many systems display a short fingerprint of a public key. It’s a compact identifier, not a secret.

RSA vs symmetric crypto

RSA is asymmetric. Symmetric ciphers (AES, etc.) are much faster for large data. In practice you often combine them.

Key rotation

Rotation means replacing a key pair with a new one, updating all consumers of the public key, and retiring the old private key.

Frequently Asked Questions (FAQs)

Is it safe to generate RSA keys in the browser?

For development and testing, it’s usually fine. For production, prefer generating keys on a trusted machine and storing them in a secrets manager or HSM.

What key size should I choose?

A common baseline is $2048$ bits. If you want a bigger margin, use $3072$ . Higher values can be slower.

Why does the private key look much longer than the public key?

The private key encodes additional parameters needed for signing/decryption. The public key mainly includes $n$ and $e$ .

Can I share the public key publicly?

Yes. That’s the point. The private key is the one that must remain secret.

Why does generation sometimes feel slow?

RSA key generation requires finding large primes. Larger $bits$ means more work.

Is this PKCS#1 or PKCS#8?

This tool outputs a public key as $\texttt{BEGIN PUBLIC KEY}$ (SPKI) and a private key as $\texttt{BEGIN RSA PRIVATE KEY}$ (PKCS#1). Some libraries expect PKCS#8, so you may need conversion.

What if my library says “invalid PEM”?

Check whether it expects PKCS#1 vs PKCS#8, and whether it wants a public key in SPKI vs PKCS#1 format. Also ensure you copied the full header and footer lines.

Limitations / Disclaimers

This tool is meant for education, demos, and development workflows. It does not replace professional security guidance.

Do not paste private keys into public channels or analytics tools.
For production, use audited tooling (OpenSSL), dedicated key management, and well-reviewed libraries.
Different ecosystems may require different key encodings.

External References / Sources

Want to keep everything in-browser? Pair RSA key generation with lightweight checks like HMAC Generator and Hash Text to validate payloads and signatures in test flows.

Related Calculators

Chronometer

Use a simple chronometer (stopwatch) to track elapsed time down to milliseconds. Runs locally in your browser.

Try Now

Email normalizer

Normalize email addresses to a standard format for easier comparison. Useful for deduplication and data cleaning. Runs locally in your browser.

Try Now

ETA calculator

Estimate the time needed to consume a total amount at a constant rate, and get an expected end time. Runs locally in your browser.

Try Now

JWT parser

Parse and decode your JSON Web Token (JWT) and display its content. All computation runs locally in your browser.

Try Now

MIME types

Know which file extensions are associated to a MIME type, and which MIME type is associated to a file extension. Includes a full MIME types table.

Try Now

Lorem ipsum generator

Generate random Lorem Ipsum placeholder text with customizable paragraphs, sentences, and word counts. Runs locally in your browser.

Try Now