RSA Asymmetric Encryption Online (PEM)
RSA asymmetric encryption tool with 1024 / 2048 / 3072 / 4096-bit key generation (RSA-OAEP + SHA-256). Keys are exported in standard PEM (SPKI for public, PKCS#8 for private). All operations run locally via Web Crypto API.
Usage
Asymmetric encryption: public key encrypts, private key decrypts. Built on Web Crypto API — keys never leave the browser.
Algorithm: RSA-OAEP + SHA-256. Public key exports as SPKI (PEM BEGIN PUBLIC KEY), private as PKCS#8 (PEM BEGIN PRIVATE KEY).
Max plaintext (RSA-OAEP): RSA-2048 = 190 B, RSA-3072 = 318 B, RSA-4096 = 446 B. For larger data use hybrid encryption (AES encrypts the content, RSA encrypts the AES key).
A leaked private key compromises every past ciphertext encrypted with the matching public key. Never commit private keys to git.
Use cases
FAQ
What key length should I use?
2048 bits is today's mainstream minimum. For long-term or high-sensitivity use, 3072 or 4096. 1024 is no longer safe.
Is it OK to publish my public key?
Yes — that's exactly RSA's design. The private key must stay strictly secret: leaking it compromises every past ciphertext.
Why does encrypting a long text fail?
RSA-OAEP has a per-operation size limit: ~190 bytes at 2048, ~318 at 3072. For larger data use hybrid encryption.
PEM vs DER?
Both are key encodings. PEM is Base64 text with BEGIN/END headers; DER is the equivalent raw binary. This tool emits PEM.