Skip to content
🛠️ToolsShed

RSA Key Pair Generator

Generate RSA-2048 or RSA-4096 key pairs in PEM format.

Keys are generated entirely in your browser using Web Crypto API and never sent to any server.

About this tool

An RSA key pair generator creates two mathematically linked cryptographic keys—a public key for encryption and a private key for decryption—based on the RSA (Rivest-Shamir-Adleman) algorithm. These keys are essential for secure communication, digital signatures, and authentication across the internet. Whether you're building a secure API, implementing certificate-based authentication, or setting up encrypted messaging, a reliable RSA key generator is a foundational tool for modern security infrastructure.

To use this tool, simply select your desired key size (RSA-2048 or RSA-4096), click generate, and the tool will produce both keys in standard PEM format, ready to use immediately. RSA-2048 is suitable for most applications and provides strong security for the foreseeable future, while RSA-4096 offers additional security margin at the cost of slightly slower operations. After generation, you can copy each key separately to use in your application, configuration files, or cryptographic systems.

Frequently Asked Questions

Code Implementation

from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.backends import default_backend

# Generate RSA key pair
def generate_rsa_key_pair(
    key_size: int = 2048,
    public_exponent: int = 65537,
) -> tuple[rsa.RSAPrivateKey, rsa.RSAPublicKey]:
    private_key = rsa.generate_private_key(
        public_exponent=public_exponent,
        key_size=key_size,
        backend=default_backend(),
    )
    return private_key, private_key.public_key()

# Serialize to PEM
def private_key_to_pem(key: rsa.RSAPrivateKey, password: bytes | None = None) -> str:
    encryption = (
        serialization.BestAvailableEncryption(password)
        if password else serialization.NoEncryption()
    )
    return key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=encryption,
    ).decode()

def public_key_to_pem(key: rsa.RSAPublicKey) -> str:
    return key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo,
    ).decode()

# Sign and verify
def sign(message: bytes, private_key: rsa.RSAPrivateKey) -> bytes:
    return private_key.sign(message, padding.PKCS1v15(), hashes.SHA256())

def verify(message: bytes, signature: bytes, public_key: rsa.RSAPublicKey) -> bool:
    try:
        public_key.verify(signature, message, padding.PKCS1v15(), hashes.SHA256())
        return True
    except Exception:
        return False


if __name__ == "__main__":
    priv, pub = generate_rsa_key_pair(2048)
    print(private_key_to_pem(priv))
    print(public_key_to_pem(pub))

    msg = b"Hello, RSA!"
    sig = sign(msg, priv)
    print("Signature valid:", verify(msg, sig, pub))

Comments & Feedback

Comments are powered by Giscus. Sign in with GitHub to leave a comment.