RSA Key Pair Generator
LiveGenerate RSA public/private key pairs in PEM format for encryption and signing.
Understanding RSA Public-Key Cryptography
RSA (Rivest-Shamir-Adleman) is an asymmetric cryptographic algorithm that generates mathematically linked key pairs — a public key for encryption and signature verification, and a private key for decryption and signing. RSA key pairs are fundamental to secure internet communication: SSH authentication uses RSA keys for passwordless server access, HTTPS/TLS certificates contain RSA public keys, code signing uses RSA signatures, and encrypted email (PGP/GPG) relies on RSA key pairs for message confidentiality and sender verification.
Generate RSA key pairs using the Web Crypto API directly in your browser. Choose key sizes from 1024 to 4096 bits and export keys in PEM (PKCS#8/SPKI) format. Use them for JWT signing, SSH authentication, SSL certificates, and encryption. Keys are generated entirely client-side — they never leave your device.
The Devkitr RSA Key Pair Generator creates PEM-formatted RSA key pairs with configurable key sizes (2048, 3072, 4096 bits) entirely in your browser using the Web Crypto API. The generated private and public keys are standard PKCS#8 and SPKI format respectively, ready for use in SSH configurations, TLS certificates, JWT RS256 signing, code signing, and encrypted communications.
In a typical development workflow, RSA Key Pair Generator becomes valuable whenever you need to generate rsa public/private key pairs in pem format for encryption and signing. Whether you are working on a personal side project, maintaining production applications for a company, or collaborating with a distributed team across time zones, having a reliable browser-based generation tool eliminates the need to install desktop software, write one-off scripts, or send data to third-party services that may log or retain your information. Since RSA Key Pair Generator processes everything locally on your device, your data stays private and your workflow stays uninterrupted — open a browser tab, paste your input, get your result.
Key Features
Multiple Key Sizes
Generate 2048-bit (minimum secure), 3072-bit (recommended), or 4096-bit (maximum strength) key pairs depending on your security requirements and performance constraints.
Standard PEM Format
Output uses standard PEM encoding (Base64 with BEGIN/END markers) compatible with OpenSSL, SSH, Node.js crypto, Java keytool, and all major cryptographic libraries.
Browser-Side Generation
Keys are generated entirely in your browser using the Web Crypto API. Private keys never leave your device and are never transmitted to any server.
Fingerprint Display
Shows the SHA-256 fingerprint of the public key for easy identification and verification when sharing or deploying public keys.
How to Use RSA Key Pair Generator
Select Key Size
Choose 2048 for compatibility, 3072 for balanced security and performance, or 4096 for maximum cryptographic strength.
Generate the Key Pair
Click generate to create the RSA key pair. Larger key sizes take slightly longer to generate due to the prime number computation.
Copy the Private Key
Save the private key securely — it must be kept confidential. Never share, commit, or transmit the private key over unencrypted channels.
Deploy the Public Key
Copy the public key for deployment — add it to SSH authorized_keys, submit for certificate signing, or configure for JWT RS256 verification.
Use Cases
Setting Up SSH Key Authentication
Generate an RSA key pair for passwordless SSH login to servers. Deploy the public key to the server's authorized_keys file and keep the private key on your machine.
JWT RS256 Token Signing
Create an RSA key pair for asymmetric JWT signing where the auth server signs with the private key and API servers verify with the public key.
Creating Self-Signed Certificates
Generate the RSA key pair needed as a prerequisite for creating self-signed TLS certificates for development HTTPS servers.
Code and Package Signing
Create RSA keys for signing software packages, Docker images, or Git commits to provide verifiable proof of origin and integrity.
Pro Tips
Use 3072-bit keys or larger for new deployments — NIST recommends RSA-3072 as the minimum for security beyond 2030.
Always protect private keys with strong file permissions (chmod 600) and never commit them to version control repositories.
For SSH, consider using Ed25519 keys instead of RSA — they provide equivalent security with shorter keys, faster operations, and simpler key management.
Back up private keys securely before deploying public keys. If you lose the private key, you lose access to everything encrypted with the public key.
Common Pitfalls
Using RSA-1024 bit keys
Fix: NIST deprecated 1024-bit RSA in 2013. Use at least 2048-bit keys, and preferably 3072 or 4096 for applications that need to remain secure beyond 2030.
Committing private keys to Git repositories
Fix: Private keys in Git history can be extracted even after deletion. Use .gitignore for key files and rotate compromised keys immediately.
Sharing key pairs where only the public key should be distributed
Fix: Only share the public key (.pub file). The private key must remain on the owner's machine. If a private key is exposed, regenerate the entire key pair.
Frequently Asked Questions
QWhat key sizes are available?
1024, 2048, 3072, and 4096 bits. 2048-bit is recommended for most use cases; 4096-bit for maximum security.
QAre the keys generated securely?
Yes. Keys are generated using the Web Crypto API's cryptographically secure random number generator. Nothing is sent to any server.
QWhat format are the keys in?
Public keys use SPKI format and private keys use PKCS#8 format, both encoded as PEM (Base64 with headers).
Related Articles
Related Tools
Base64 Encoder/Decoder
Encode text to Base64 or decode Base64 strings back to readable text.
JWT Decoder
Decode and inspect JSON Web Tokens to view header, payload, and signature.
SHA256 Generator
Generate SHA-256 hash digests from text input for checksums and verification.
MD5 Generator
Generate MD5 hash digests from text for checksums and quick comparisons.