What is the difference between 2048-bit and 4096-bit RSA?

2048-bit RSA is currently considered secure and is the minimum recommended key size. 4096-bit RSA provides a higher security margin and is recommended for long-lived keys or high-value systems, but it is approximately 4-8x slower for cryptographic operations. Most TLS certificates and SSH keys use 2048 or 3072 bits. For keys that need to remain secure for 20+ years, 4096 bits is a safer choice.

What is PKCS8 format for private keys?

PKCS8 (Public Key Cryptography Standards #8) is the standard format for storing private keys. A PKCS8 private key file begins with '-----BEGIN PRIVATE KEY-----'. It can store keys for various algorithms (RSA, EC, Ed25519) in a unified format. PKCS8 is the preferred format used by modern tools including OpenSSL, Java, and Node.js crypto modules.

What is SPKI format for public keys?

SubjectPublicKeyInfo (SPKI) is the standard format for public keys used in X.509 certificates and the Web Crypto API. An SPKI public key file begins with '-----BEGIN PUBLIC KEY-----'. It includes both the key data and metadata about the algorithm, making it self-describing and interoperable across tools.

Is it safe to generate RSA keys in a browser?

Yes, when using the Web Crypto API (window.crypto.subtle), RSA key generation uses the browser's secure random number generator (CSPRNG) and happens entirely within your browser process. Keys are never transmitted. However, for production security-critical applications, consider generating keys in a trusted, audited environment (dedicated HSM, air-gapped machine, or server with hardened OS) and using additional protections like password-encrypting the private key.

RSA Key Pair Generator

Generate RSA key pairs and export as PEM. Inspect existing keys. Uses Web Crypto API — your keys never leave the browser.

Key Size

Click "Generate Key Pair" to create a new RSA key pair.

RSA Key Format Reference

Format	PEM Header	Usage
PKCS#8 Private	`-----BEGIN PRIVATE KEY-----`	Modern private key format, used by OpenSSL, Java, Node.js
PKCS#1 Private	`-----BEGIN RSA PRIVATE KEY-----`	Legacy RSA-only format, used by older OpenSSL versions
SPKI Public	`-----BEGIN PUBLIC KEY-----`	Standard public key, used in X.509 certs and Web Crypto API
PKCS#1 Public	`-----BEGIN RSA PUBLIC KEY-----`	RSA-specific legacy format (rare)
Certificate	`-----BEGIN CERTIFICATE-----`	X.509 cert containing public key + identity info

Common OpenSSL Commands

# Generate 2048-bit RSA key
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private.pem

# Extract public key from private key
openssl rsa -in private.pem -pubout -out public.pem

# Inspect a key
openssl rsa -in private.pem -noout -text

# Generate self-signed certificate
openssl req -new -x509 -key private.pem -out cert.pem -days 365

RSA Key Sizes Comparison

Key Size	Security Level	Use Case	Performance
1024 bit	Broken (do not use)	Legacy only	Fastest
2048 bit	~112 bits (secure to ~2030)	TLS, SSH, code signing	Fast
3072 bit	~128 bits (NIST recommended)	Long-lived keys	Moderate
4096 bit	~140 bits (high security)	Critical infrastructure	Slow (4-8x vs 2048)

How to Generate an RSA Key Pair

Choose key size: 2048 bits is standard; 4096 bits for higher security (note: takes longer to generate).
Click "Generate Key Pair." The browser uses its secure random number generator and Web Crypto API.
Download or copy the private key (keep this secret!) and the public key (share freely).
Inspect mode: paste any PEM public or private key to view its algorithm, key size, and other properties.

About RSA Encryption

RSA (Rivest–Shamir–Adleman) is the most widely used asymmetric encryption algorithm, invented in 1977. It is based on the computational difficulty of factoring the product of two large prime numbers. The public key contains the modulus n (the product of two primes) and a public exponent e (usually 65537). The private key contains the modulus and the private exponent d, which can only be computed if you know the prime factors.

RSA-OAEP vs. RSA-PKCS1v15

This tool generates keys with the RSA-OAEP (Optimal Asymmetric Encryption Padding) scheme, which is the modern, secure standard. The older PKCS1v15 padding scheme is vulnerable to padding oracle attacks (the Bleichenbacher attack) and should not be used in new systems. RSA-OAEP uses random padding with SHA-256 as the hash function, preventing these attacks. The Web Crypto API only supports RSA-OAEP for encryption, which is the right choice.

PEM Format Explained

PEM (Privacy Enhanced Mail) is the most common format for storing cryptographic keys and certificates. A PEM file is a Base64-encoded representation of DER (Distinguished Encoding Rules) binary data, wrapped with header and footer lines like -----BEGIN PRIVATE KEY-----. The format was originally developed for email but became the universal standard for TLS certificates, SSH keys, and code signing certificates. PEM files are plain text and can be opened with any text editor — though you should never share private key PEM files.

Private Key Security

An RSA private key is the most sensitive file in a cryptographic system. Anyone with your private key can decrypt any data encrypted with your public key and forge signatures in your name. Store private keys securely: use OS keychain storage, encrypted key files (PKCS#12 / .p12 format), or hardware security modules (HSMs) for production use. For development keys, at minimum use filesystem permissions to restrict access. For comparison, see our AES Encryption tool for symmetric key use cases and JWT Decoder for working with JWTs that use RSA signing.

When to Use RSA vs. ECDSA

RSA is the most compatible asymmetric algorithm — every TLS library, operating system, and programming language supports it. However, Elliptic Curve Cryptography (ECDSA/Ed25519) offers equivalent security with much smaller key sizes and faster operations. A 256-bit ECDSA key provides the same security as a 3072-bit RSA key. For new systems where all parties control the implementation (APIs, microservices), ECDSA (P-256) or Ed25519 are better choices. For maximum compatibility with legacy systems (enterprise PKI, old SSH clients), RSA 2048/4096 remains necessary.

Frequently Asked Questions

An RSA key pair consists of a mathematically related public key and private key. The public key can be shared freely and is used to encrypt data or verify signatures. The private key must be kept secret and is used to decrypt data or create signatures.

2048-bit RSA is currently considered secure (minimum recommended). 4096-bit provides a higher security margin for long-lived keys but is 4-8x slower for cryptographic operations. Most TLS certificates use 2048 or 3072 bits. For keys lasting 20+ years, 4096 bits is the safer choice.

PKCS8 is the standard format for storing private keys, beginning with "-----BEGIN PRIVATE KEY-----". It stores keys for various algorithms in a unified format and is preferred by modern tools including OpenSSL, Java, and Node.js crypto modules.

SubjectPublicKeyInfo (SPKI) is the standard public key format used in X.509 certificates and the Web Crypto API, beginning with "-----BEGIN PUBLIC KEY-----". It includes both the key data and algorithm metadata, making it self-describing and interoperable.

Yes, when using the Web Crypto API (window.crypto.subtle). Key generation uses the browser's CSPRNG and happens entirely within your browser — keys are never transmitted. For production security-critical applications, consider generating keys in a dedicated HSM or air-gapped machine with additional protections like password-encrypting the private key.