RSA Key Pair Generator (Web Crypto)
Generate an RSA public and private key pair in PEM format, sized 2048, 3072 or 4096 bits. The pair is created in your browser with the Web Crypto API (RSA-OAEP, SHA-256) and nothing is sent to a server. Use it for testing and learning, and generate production keys with audited tooling instead.
How to generate an RSA key pair
- Choose a key size: 2048 bits is the common minimum, 3072 or 4096 for more margin.
- Click Generate key pair to create the public and private keys in your browser.
- Copy or download each PEM block, and keep the private key secret.
Examples
A 2048-bit RSA public key (PEM)
key size 2048, click Generate key pair
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A... -----END PUBLIC KEY-----
The matching private key (PEM)
same generated pair
-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEF... -----END PRIVATE KEY-----
Frequently asked questions
Are my keys generated locally, or sent to a server?
Locally. The key pair is generated entirely in your browser with the Web Crypto API. The private key never leaves the page, is not uploaded to any server, and is not logged anywhere. Closing the tab discards it.
Should I use these keys in production?
No. Treat this as a tool for testing, demos and learning. For production keys, use audited, battle-tested tooling such as OpenSSL, ssh-keygen or your platform's key management service, and generate and store private keys on trusted infrastructure rather than in a web page.
What format and algorithm are the keys?
Keys are RSA-OAEP with SHA-256. The public key is exported as SPKI and the private key as PKCS#8, each base64-encoded and wrapped in a PEM block with 64-character lines. The public key block starts with -----BEGIN PUBLIC KEY----- and the private key with -----BEGIN PRIVATE KEY-----.
Which key size should I choose?
2048 bits is the widely accepted minimum for RSA today and is a fine default. 3072 bits gives a larger security margin, and 4096 bits more still at the cost of slower operations and larger keys. Larger sizes take noticeably longer to generate in the browser.
What is the difference between the public and private key?
The public key can be shared freely and is used to encrypt data or verify signatures. The private key must stay secret and is used to decrypt data or create signatures. Anyone holding the private key can impersonate you, so never paste it into untrusted tools or commit it to a repository.
Can I encrypt and decrypt with these keys here?
The keys are real RSA-OAEP keys, so the public key can encrypt a short message and the matching private key can decrypt it. RSA can only encrypt data smaller than the key size, so for larger payloads real systems use RSA to wrap a symmetric key rather than encrypting the data directly.
Related tools
HMAC Generator
Generate an HMAC for a message and secret key with SHA-1, SHA-256, SHA-384 or SHA-512. Verify webhook and API signatures, with hex or base64 output.
TOTP Generator
Generate time-based one-time passwords from a base32 secret, just like an authenticator app. Test 2FA flows with live RFC 6238 codes in your browser.
SRI Hash Generator
Generate a Subresource Integrity hash and a ready-to-paste script or link tag from your asset contents. Hashed in your browser, nothing is uploaded.
AES Encryption
Encrypt and decrypt text with AES-GCM and a password. Uses 256-bit keys derived with PBKDF2, runs entirely in your browser, and nothing is uploaded.
CSP Analyzer
Paste a Content-Security-Policy header and get it parsed into directives and audited for weaknesses, with severity and fixes. Runs in your browser.
CVSS Calculator
Calculate a CVSS v3.1 base score and severity from the eight base metrics. Build the vector string and see how each choice moves the score, in your browser.