RSA Key Generator

What is RSA?

RSA (Rivest-Shamir-Adleman) is an asymmetric cryptographic algorithm that uses a pair of mathematically related keys: a public key and a private key. Unlike symmetric encryption (where both parties share the same secret key), RSA allows anyone to encrypt a message using the recipient’s public key, but only the recipient can decrypt it with their corresponding private key.

Asymmetric cryptography solved one of the oldest problems in cryptography: key distribution. Before RSA and similar algorithms, two parties had to securely exchange a shared secret before they could communicate privately. RSA eliminates this requirement — you can publish your public key to the world, and anyone can send you an encrypted message without ever meeting you.

RSA is one of the most widely deployed cryptographic algorithms in history. It secures HTTPS connections, SSH sessions, email encryption (PGP/S/MIME), digital signatures, code signing, and countless other protocols. Despite being nearly 50 years old, RSA remains secure when used with sufficiently large keys, though modern elliptic-curve alternatives are increasingly preferred for new systems.

How Key Generation Works

RSA key generation relies on the mathematical difficulty of factoring the product of two large prime numbers. While multiplying two primes is trivial, finding the original primes from their product is computationally infeasible for sufficiently large numbers.

The key generation process works as follows:

1. Choose two large random primes, p and q (each typically half the desired key size, so for a 2048-bit key, each prime is about 1024 bits)
2. Compute the modulus n = p x q (this becomes part of both the public and private keys)
3. Compute the totient phi(n) = (p-1)(q-1)
4. Choose the public exponent e (almost always 65537, which balances security and performance)
5. Compute the private exponent d such that (d x e) mod phi(n) = 1 (the modular multiplicative inverse)
6. Discard p and q — the individual primes must never be stored or revealed

The public key is the pair (n, e). The private key is the pair (n, d). The security of RSA depends entirely on the fact that recovering d from (n, e) requires factoring n, which is computationally infeasible for large n.

Encryption vs Digital Signatures

RSA supports two fundamental operations that use the key pair in opposite directions.

Encryption

In RSA encryption, the sender uses the recipient’s public key to encrypt a message. Only the recipient, who holds the corresponding private key, can decrypt it. This provides confidentiality — no one else can read the message.

In practice, RSA is rarely used to encrypt data directly. RSA encryption is limited to data smaller than the key size (e.g., 245 bytes for a 2048-bit key with OAEP padding). Instead, RSA is used in a hybrid encryption scheme: a random symmetric key (e.g., AES-256) encrypts the actual data, and RSA encrypts the symmetric key. This combines the key-distribution advantages of RSA with the speed and flexibility of symmetric encryption.

Digital Signatures

In digital signing, the signer uses their private key to create a signature over a message (actually over a hash of the message). Anyone with the signer’s public key can verify the signature, confirming that (a) the message was signed by the private key holder, and (b) the message has not been altered.

Digital signatures provide three properties:

• Authentication: Proves the signer’s identity
• Integrity: Proves the message has not been modified
• Non-repudiation: The signer cannot deny having signed (useful for legal and contractual contexts)

Key Size and Algorithm Comparison

Algorithm	Key Size	Security Level	Signature Size	Performance
RSA-1024	1024-bit	Deprecated (~80 bits)	128 bytes	Fast
RSA-2048	2048-bit	Minimum (~112 bits)	256 bytes	Moderate
RSA-3072	3072-bit	Post-2030 (~128 bits)	384 bytes	Slower
RSA-4096	4096-bit	High security (~140 bits)	512 bytes	Slow
ECDSA P-256	256-bit	~128 bits	64 bytes	Fast
Ed25519	256-bit	~128 bits	64 bytes	Fastest

Ed25519 achieves the same security as RSA-3072 with keys that are 12 times smaller and operations that are significantly faster. For new projects, Ed25519 is the recommended choice for digital signatures, and X25519 (ECDH) for key exchange.

Common Use Cases

• TLS/SSL (HTTPS): RSA keys are used in X.509 certificates to authenticate servers and establish encrypted connections. During a TLS handshake, the server’s RSA key may be used for key exchange or digital signature depending on the cipher suite
• SSH authentication: SSH keys (typically RSA or Ed25519) allow passwordless login to remote servers. Your public key is placed on the server, and your private key remains on your local machine
• Code signing: Software publishers sign binaries with RSA keys to prove authenticity. Operating systems verify these signatures before installing or running the code
• PGP/GPG email encryption: RSA key pairs enable end-to-end encrypted email. You publish your public key so others can encrypt messages to you, and you sign outgoing messages with your private key
• JWT signing (RS256): JWTs signed with RSA (RS256 algorithm) use the private key to sign and the public key to verify. This is useful in distributed systems where many services need to verify tokens but only one service issues them
• Document signing: PDF and XML digital signatures use RSA to provide legally binding, tamper-evident signatures on contracts, invoices, and official documents
• Key exchange: Although RSA can directly encrypt symmetric keys, modern protocols (TLS 1.3) prefer ephemeral Diffie-Hellman key exchange for forward secrecy, using RSA only for authentication