OneTools Online

RSA Key Pair Generator

What is an RSA Key Pair Generator?

An RSA Key Pair Generator is a tool that creates asymmetric cryptographic key pairs consisting of a public key and a private key. RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission, digital signatures, and identity verification.

The public key can be shared freely — it is used to encrypt data or verify signatures. The private key must be kept secret — it is used to decrypt data or create signatures. This asymmetric design enables secure communication without requiring a shared secret.

Our free online RSA key generator uses the Web Crypto API — the browser's built-in cryptographic module — to generate keys entirely on your device. Keys never leave your browser, ensuring complete privacy and security.

Key Features

  • Multiple Key Sizes: Generate 1024, 2048, or 4096-bit RSA keys — choose the security level that fits your needs
  • Standard PEM Format: Keys are exported in standard PEM format with proper header and footer markers, ready for use in OpenSSL, SSH, web servers, and other tools
  • Web Crypto API: Uses the browser's built-in cryptographic module — no external libraries required
  • One-Click Copy: Copy public and private keys to clipboard with dedicated copy buttons
  • Quick Regeneration: Generate a new key pair instantly with the refresh button
  • Client-Side Processing: All key generation happens locally in your browser — zero data uploaded
  • Offline Capable: Works without internet after initial page load

Practical Use Cases for RSA Key Pairs

  • SSL/TLS Certificates: Generate key pairs for securing websites with HTTPS
  • SSH Authentication: Create key pairs for secure remote server access via SSH
  • JWT Signing: Use RSA keys to sign and verify JSON Web Tokens (JWTs) for API authentication
  • PGP/GPG Encryption: Generate keys for email encryption and digital signing
  • Code Signing: Sign software packages and code to verify authenticity and integrity
  • API Security: Implement client-server authentication with RSA key exchange
  • Digital Signatures: Create and verify digital signatures for documents and transactions

How to Use the RSA Key Pair Generator

  1. Select Key Size: Choose the RSA key size from the dropdown — 1024, 2048, or 4096 bits. 2048 bits is recommended for most use cases
  2. Automatic Generation: A new key pair is generated automatically when you select a key size. The public and private keys appear in their respective text areas
  3. Copy Keys: Use the copy buttons next to each key's text area to copy the PEM-formatted key to your clipboard
  4. Regenerate: Click the Refresh button at any time to generate a new key pair

All key generation is performed locally in your browser using the Web Crypto API. Your private key is never transmitted or stored on any server.

Frequently Asked Questions About RSA Key Pairs

What is the difference between a public key and a private key?
The public key is designed to be shared openly — it can encrypt data or verify signatures, but cannot decrypt what it encrypted. The private key must be kept secret — it can decrypt data encrypted with the corresponding public key and create signatures that the public key can verify. This asymmetric property is what makes RSA so useful for secure communication.
Which RSA key size should I choose (1024, 2048, or 4096 bits)?
2048-bit keys are the current industry standard and are recommended for most applications. They offer a good balance between security and performance. 1024-bit keys are considered weak by modern standards and should only be used for legacy compatibility. 4096-bit keys offer stronger security but require significantly more computational resources for generation and operation. For government and high-security applications, 4096 bits is recommended.
Are my generated private keys truly secure?
Yes, the keys are generated using the Web Crypto API, which is the same cryptographic module used by browsers for HTTPS connections. The keys are generated with cryptographically secure randomness and never leave your browser. We do not store, transmit, or have any access to the keys you generate. However, you must store your private key securely — if you lose it, it cannot be recovered, and if it is compromised, anyone with access can decrypt your data.
How can I use the generated RSA keys?
The generated keys are in standard PEM format and can be used with a wide range of tools and software. You can: (1) Copy the private key to your ~/.ssh/id_rsa file for SSH authentication (ensure correct file permissions: chmod 600); (2) Use the public key in OpenSSL commands for certificate signing requests; (3) Import the keys into tools like PuTTY, OpenSSL, or GnuPG; (4) Use the keys in your applications for JWT signing, encryption, or digital signatures.
Can I use this tool offline?
Yes! The RSA key pair generator works entirely offline after the initial page load. Since all cryptographic operations use the Web Crypto API built into your browser, no internet connection is required for key generation. This makes it ideal for air-gapped environments and high-security scenarios where network isolation is required.