What is RSA Key Generator?

Generate RSA key pairs privately using the Web Crypto API. Choose key sizes from 1024 to 4096 bits and export keys in PEM format for use with SSH, TLS certificates, JWT signing, and encrypted communications. Your private key never leaves your device.

The Web Crypto API does the heavy maths on your device — keys never leave your machine. Pick 1024, 2048, 3072, or 4096 bits and choose whether the pair is for encryption (RSA-OAEP) or signing (RSASSA-PKCS1-v1_5). Export in four formats: PEM PKCS#8 (the modern default), PEM PKCS#1 (the traditional RSA blocks), JWK for JWT and OIDC stacks, or an OpenSSH ssh-rsa line you can paste straight into authorized_keys. A SHA-256 fingerprint lets you compare the key against your server's records. Optionally protect the private key with a passphrase — it gets wrapped as a standards-compliant EncryptedPrivateKeyInfo (PBES2 + PBKDF2-HMAC-SHA256 + AES-256-CBC), decryptable later with openssl pkcs8. If you only kept the private key, paste it in the Derive Public tab to recover the matching public key.

How to use

1. Select the RSA key size (2048 or 4096 bits recommended for production use).
2. Pick an output format (PKCS#8, PKCS#1, JWK, or OpenSSH) and optionally set a passphrase to encrypt the private key — then click generate to create the pair on your device.
3. Copy or download the public and private keys in the format you picked.

When to use

• Signing JWTs in a project where the private key must never touch a third-party service.
• Generating disposable key pairs for unit tests, staging environments, or CI runners.
• Creating a fresh key for a new SSH user or a developer onboarding ticket.

Result

Generate a 4096-bit RSA key pair for signing JWTs. The public key goes in your auth server config, the private key stays on your secure machine.

FAQ

Should I pick 2048 or 4096 bits?

2048 is the current floor for production and is what most TLS certificates still use. 4096 buys roughly 10–20 more years of safety margin but is noticeably slower at signing (around 5x). 1024 is broken in any modern threat model and only available for legacy interop.

Can I use the same key pair for both encrypting and signing?

Technically yes, but it's a bad idea. The Web Crypto API forces you to pick one usage per key, which matches the NIST recommendation. Mixing operations on one key creates protocol attacks and complicates rotation. Generate two pairs instead.

How do I get an SSH key out of this tool?

Choose the OpenSSH output format (or the SSH Key preset): the public side comes out as a ready ssh-rsa authorized_keys line, and the private side is a standard PKCS#8 PEM you save as id_rsa. If you already have a PEM private key, you can also run ssh-keygen -y -f id_rsa > id_rsa.pub to derive the public line, or puttygen --to-openssh for PuTTY. Both accept PKCS#8 and PKCS#1 input directly.

Is RSA still the right choice over Ed25519 in 2026?

Ed25519 is faster, has 256-bit keys, and is the modern default for SSH and signing. Stick with RSA when you need broad interoperability — TLS roots, JWT libraries with conservative defaults, older HSMs, legacy SAML, or any consumer that doesn't accept EdDSA yet.

What does the SHA-256 fingerprint actually tell me?

It's a short cryptographic summary of the public key (the SPKI bytes). Compare it over a separate channel — phone call, signal message, in person — to confirm the key you received is the key the other side generated, not a substitute.

Related Tools