Toolypet
SECURITY TOOL

RSA Key Generator

Generate RSA key pairs (2048/4096-bit) using the Web Crypto API. Export in PEM format for development, testing, and learning about public-key cryptography.

Standard security. Suitable for most applications. Faster generation.

Algorithm
RSA-OAEP (SHA-256)
PKCS#1 v2 with Optimal Asymmetric Encryption Padding

Click generate to create an RSA key pair

RSA: The Mathematics of Public-Key Cryptography

The Prime Factorization Problem

RSA security relies on the computational difficulty of factoring the product of two large primes. A 2048-bit RSA key uses two ~1024-bit primes whose product (the modulus n) has approximately 617 decimal digits. The best known classical algorithm (General Number Field Sieve) would require approximately 2112operations to factor a 2048-bit modulus — far beyond current computing capacity. The largest RSA number factored publicly is RSA-250 (829 bits), which took 2,700 CPU-years in 2020.

Key Size vs Security Level

RSA KeySecurity BitsECC EquivalentValid Until
1024-bit80160-bitDeprecated
2048-bit112224-bit~2030
4096-bit~140256-bit2030+

NIST recommends 2048-bit RSA as the minimum through 2030. For longer-term security or compliance with standards like PCI DSS, use 4096-bit. Note: a 4096-bit RSA key is 8x slower for signing/decryption than 2048-bit, not just 2x.

RSA vs Elliptic Curve (ECDSA/EdDSA)

A 256-bit ECDSA key (P-256 curve) provides the same security as a 3072-bit RSA key, but with 10x smaller signatures and 2-5x faster operations. EdDSA (Ed25519) is even faster and immune to timing side-channel attacks. For new projects, prefer ECDSA P-256 or Ed25519. RSA remains necessary for backward compatibility with older systems, S/MIME email, and some government standards that specifically require RSA.

Quantum Threat and Post-Quantum Migration

Shor's algorithm on a sufficiently powerful quantum computer could factor RSA keys in polynomial time. NIST selected CRYSTALS-Kyber (key exchange) and CRYSTALS-Dilithium(signatures) as post-quantum standards in 2024. RSA remains safe today — current quantum computers have ~1,000 qubits while breaking RSA-2048 requires ~4,000 error-corrected qubits. Plan for “crypto agility”: design systems to swap algorithms without major refactoring.

Frequently Asked Questions

Why does 4096-bit key generation take longer?

RSA key generation requires finding two large primes. For 4096-bit keys, each prime is ~2048 bits. Primality testing uses probabilistic algorithms (Miller-Rabin) that must run more iterations on larger numbers. Generation time is roughly proportional to the cube of the key size: 4096-bit keys take ~8x longer than 2048-bit keys.

What is the difference between SPKI and PKCS#8 formats?

SPKI (Subject Public Key Info) is the standard format for public keys, containing the algorithm identifier and the key data. PKCS#8 is the standard for private keys, also including algorithm metadata. Both are DER-encoded ASN.1 structures wrapped in Base64 PEM armor. The Web Crypto API natively exports in these formats.

Should I use these keys in production?

No. Browser-generated keys are suitable for development, testing, and education. For production, generate keys using OpenSSL, a hardware security module (HSM), or a cloud KMS (AWS KMS, Google Cloud KMS). These provide better entropy sources, key storage protection, and audit logging.