RSA (Rivest-Shamir-Adleman) is an asymmetric encryption algorithm that uses two mathematically linked keys — a public key to encrypt and a private key to decrypt. Because the keys are different, RSA is widely used wherever two separate endpoints need to communicate securely: VPN clients and servers, SSH connections, TLS handshakes, and digital signatures.
Below is an online tool to perform RSA encryption and decryption with support for multiple key sizes (512 to 4096 bits) and configurable cipher algorithms. It includes modern secure options like OAEP with SHA-256 as well as legacy padding schemes for compatibility across different systems.
Generate RSA Key Pair
You can generate the required RSA public/Private keys for multiple key sizes here for encryption and decryption.
Public Key(X.509 Format)
Private Key(PKCS8 Format)
RSA Encryption and Decryption
By default, the public/private keys are prepopulated with the keys generated above. You can also supply your own public/private key pairs.
RSA Encryption
RSA Decryption
Key Features, Concepts & Security Considerations
Common RSA Encryption & Decryption Errors (and Fixes)
Fix: Always use the same padding scheme for both encryption and decryption.
Fix: Use hybrid encryption — encrypt the data with AES, then encrypt the AES key using RSA.
Fix: Ensure private keys are PKCS#8 encoded and public keys are X.509 encoded. Validate your setup with our Crypto Safety Validator.
Public key encrypts; private key decrypts — keys are never the same
OAEP (recommended), PKCS#1 v1.5, and RSA default
512-bit to 4096-bit — generate a key pair directly in the tool
Secure Usage Guidelines for RSA
- Use RSA only for key exchange or encrypting small secrets — not bulk data
- Always prefer RSA-OAEP over PKCS#1 v1.5 for new implementations
- Use a minimum key size of 2048 bits; prefer 4096-bit for long-lived keys
- Never encrypt large files directly with RSA — use AES with RSA-wrapped key exchange instead
- Private keys must be securely stored — never hardcode them in source code
Padding selection matters: For secure RSA encryption, use RSA/ECB/OAEPWithSHA-256AndMGF1Padding. PKCS#1 v1.5 and SHA-1 based paddings are provided for legacy compatibility only and may cause decryption errors if mismatched.
When NOT to Use RSA Encryption
- Large files: Use AES encryption instead — RSA has a strict per-operation size limit
- Password storage: Use Argon2 or bcrypt — passwords must be hashed, not encrypted
- Streaming or real-time data: Use ChaCha20 or AES-GCM for high-throughput scenarios
For a Java implementation of RSA encryption and decryption, follow this article.
RSA Padding Schemes
- PKCS#1 v1.5 — Legacy padding. Vulnerable to certain padding oracle attacks. Explanation
- OAEP (RSA/ECB/OAEPWithSHA-256AndMGF1Padding) — Recommended for all modern applications. Protects against chosen-ciphertext attacks. Explanation
RSA Encryption Through OpenSSL
Generate Private Key
$ openssl genrsa -out private.pem 2048
Export Public Key
$ openssl rsa -in private.pem -pubout -out public.pem
Encrypt Data
$ openssl rsautl -encrypt -inkey public.pem -pubin -in data.txt -out data.txt.enc
Decrypt Data
$ openssl rsautl -decrypt -inkey private.pem -in data.txt.enc -out data.txt
Applications of RSA
- SSL/TLS secure communication
- Digital signatures
- Secure symmetric key exchange
PGP vs RSA File Encryption
RSA is suitable for encrypting small secrets but not large files. PGP encryption combines RSA with symmetric encryption, making it far more practical for file encryption.
| Feature | PGP File Encryption | RSA Encryption |
|---|---|---|
| Large file support | Yes | No |
| Multiple recipients | Yes | No |
| Hybrid encryption | Yes | No |
| Recommended for file sharing | Yes | Limited |
Frequently Asked Questions
❤️ Liked this tool?
If it saved you time, consider buying me a coffee to support future improvements.