RSA Key Generator for PEM Public & Private Key Pairs
This RSA key generator creates a matching public and private key pair in standard PEM format, ready for encryption, digital signatures, SSL/TLS, JWT, and SSH. It is built for developers and anyone who needs a fresh RSA key pair without installing OpenSSL or running a single command.
RSA (Rivest-Shamir-Adleman) is an asymmetric algorithm: the public key encrypts data or verifies a signature, while the private key decrypts data or creates a signature. Pick your key size, key type, and hash, and you get both keys plus a SHA-256 fingerprint in one click.
How to Generate an RSA Key Pair
Select key size
Choose 2048, 3072, or 4096 bits. 2048-bit is the everyday standard; larger sizes add security but take longer to generate.
Choose key type and hash
Pick RSA-OAEP for encryption or RSASSA-PKCS1-v1_5 for signing, then select a hash of SHA-256, SHA-384, or SHA-512.
Generate the key pair
Click Generate Key Pair. The public and private keys appear in PEM format, along with a SHA-256 fingerprint of the public key.
Copy or download
Use the copy button to send a key to your clipboard, or download each key as a .pem file for OpenSSL, SSH, and other tools.
Features
RSA Key Pairs in PEM
Generate a matching public and private RSA key pair, both output in standard PEM-encoded text.
Multiple Key Sizes
Choose 2048, 3072, or 4096 bits to balance speed against the level of security you need.
Encryption or Signing
Pick RSA-OAEP for encrypting data or RSASSA-PKCS1-v1_5 for digital signatures and verification.
Hash Algorithm Choice
Pair the key with SHA-256, SHA-384, or SHA-512 to match your application's security profile.
SPKI & PKCS8 Output
Public keys use SPKI encoding and private keys use PKCS8, compatible with OpenSSL, SSH, and most crypto libraries.
SHA-256 Fingerprint
Each pair includes a SHA-256 fingerprint of the public key in colon-separated hex for quick identification.
Copy & Download
Copy any key to the clipboard in one tap, or download the public and private keys as .pem files.
Client-side Web Crypto
All generation runs locally through the browser's native Web Crypto API, so no key ever leaves your device.
Frequently Asked Questions
How do I generate an RSA key pair?
Select a key size, choose your key type and hash, then click Generate Key Pair. The public and private keys appear instantly in PEM format, ready to copy or download as .pem files. There is nothing to install.
What key size should I use: 2048 or 4096?
2048-bit is the current industry standard and is sufficient for most applications. Choose 3072 or 4096 for long-term protection or high-security environments. Larger keys take longer to generate and make cryptographic operations slower.
Is it safe to generate RSA keys online?
Yes. Keys are generated entirely in your browser using the Web Crypto API, which relies on a cryptographically secure random number generator. The keys are never transmitted to any server, so the private key stays on your device.
What is the difference between the public and private key?
You share the public key so others can encrypt data for you or verify your signatures. You keep the private key secret to decrypt that data or to sign on your behalf. With RSA-OAEP the public key encrypts; with RSASSA-PKCS1-v1_5 the private key signs.
What is PKCS#8 and PEM format?
PEM is the Base64 text wrapper with -----BEGIN-----/-----END----- markers. Inside it, the private key uses PKCS8 encoding and the public key uses SPKI encoding. This combination is fully compatible with OpenSSL and most cryptographic tools and libraries.
What is the key fingerprint?
The fingerprint is a SHA-256 hash of the public key, shown in colon-separated hexadecimal. It gives a short, unique identifier you can use to confirm a public key has not been altered during transmission.
Why does 4096-bit generation take longer?
Larger key sizes require finding larger prime numbers, which is computationally intensive. Generating a 4096-bit key may take a few seconds depending on your device, while a 2048-bit key is typically near-instant.
No comments yet. Be the first to comment!