🔐 RSA Encrypt / Decrypt – Browser-Based RSA Tool
RSA (Rivest–Shamir–Adleman) is the world's most widely used public-key cryptosystem. Unlike symmetric ciphers such as AES, RSA uses a mathematically linked key pair: a public key for encryption and a private key for decryption. Anyone can encrypt a message using your public key, but only you — holding the private key — can decrypt it. This tool implements RSA-OAEP encryption and decryption entirely in your browser using the native Web Crypto API, with no data ever leaving your device.
🔑 How RSA Encryption Works
RSA security is founded on the computational difficulty of factoring the product of two large prime numbers. During key generation, two large primes p and q are chosen, and their product n = p × q forms the modulus. The public key consists of (n, e) where e = 65537 is the standard public exponent. The private key contains (n, d) where d is the modular inverse of e.
Encryption computes: C = M^e mod n — and decryption reverses it: M = C^d mod n. In practice, raw RSA is never used directly; a padding scheme (OAEP) is always applied to ensure semantic security.
⚙️ RSA-OAEP Padding
OAEP (Optimal Asymmetric Encryption Padding) is the recommended padding scheme for RSA encryption, standardized in PKCS#1 v2.1. It incorporates a random seed and a hash function (SHA-256 by default) to add randomness to the ciphertext — meaning the same plaintext encrypted twice will produce different ciphertexts. This property, called semantic security, prevents dictionary attacks and distinguishability attacks.
The maximum plaintext size with RSA-OAEP depends on the key size and the hash function: maxBytes = keyBytes − 2 × hashBytes − 2. For a 2048-bit key with SHA-256: 256 − 64 − 2 = 190 bytes. RSA is designed for small payloads such as symmetric keys — for large data, use hybrid encryption (encrypt a random AES key with RSA, then encrypt the data with AES-GCM).
📏 Key Sizes and Security
| Key Size | Security Level | Max Plaintext (SHA-256) | Recommendation |
|---|---|---|---|
| 1024 bits | ~80 bits | 62 bytes | ⚠️ Deprecated — do not use |
| 2048 bits | ~112 bits | 190 bytes | ✅ Minimum for production |
| 3072 bits | ~128 bits | 318 bytes | ✅ Strong — recommended |
| 4096 bits | ~140 bits | 446 bytes | ✅ High assurance / long-term |
🔍 PEM Key Format
RSA keys are most commonly distributed in PEM (Privacy Enhanced Mail) format — a Base64-encoded DER structure wrapped in human-readable headers. Public keys use the SPKI (SubjectPublicKeyInfo) format (-----BEGIN PUBLIC KEY-----), while private keys use PKCS#8 format (-----BEGIN PRIVATE KEY-----). Both are the standard formats used by OpenSSL, TLS certificates, and SSH key infrastructure.
🛡️ Security Notes
- All operations run in your browser. No keys, plaintext, or ciphertext are transmitted to any server. The Web Crypto API uses your browser's native cryptographic implementation.
- Never share your private key. The private key is the only secret in RSA. Anyone who obtains your private key can decrypt all messages encrypted to your public key.
- Use this tool for testing and learning. For production systems, use battle-tested cryptographic libraries (OpenSSL, libsodium, Web Crypto in a controlled environment) and follow your organization's key management policies.
- RSA-OAEP is preferred over PKCS#1 v1.5. PKCS#1 v1.5 is vulnerable to Bleichenbacher's adaptive chosen-ciphertext attack. The Web Crypto API supports only RSA-OAEP for this reason.
📋 Typical Use Cases
- Testing RSA key pairs generated by OpenSSL or other tools
- Encrypting short secrets (API tokens, passwords, symmetric keys) for secure transmission
- Learning asymmetric cryptography concepts in a hands-on environment
- Verifying that a public/private key pair is correctly matched before deployment
- Inspecting PEM key metadata: modulus length, public exponent, fingerprint