In questo articolo
Understanding RSA Encryption
RSA is one of the foundational public-key cryptography algorithms, used to secure everything from web traffic to email encryption and digital signatures. It works by generating two mathematically linked keys -- a public key that anyone can use to encrypt data or verify signatures, and a private key that only the owner uses to decrypt data or create signatures. The security relies on the mathematical difficulty of factoring the product of two very large prime numbers.
Despite the emergence of newer algorithms like elliptic curve cryptography, RSA remains essential in many systems. It is the default signing algorithm for X.509 certificates used in HTTPS, a required algorithm in many compliance frameworks, and the only option supported by some legacy systems. Understanding RSA key generation helps you make informed decisions about key sizes, output formats, and where different algorithms apply in your security infrastructure.
How to Use the RSA Key Generator
CheckTown's RSA Key Generator creates key pairs in your browser using the Web Crypto API for secure, client-side generation.
- Select your key size -- 2048 bits (minimum recommended), 3072 bits (good for most uses), or 4096 bits (highest security, slower operations)
- Choose your output format -- PEM (Base64-encoded, widely used in web servers and OpenSSL) or JWK (JSON format, common in web APIs and JWT libraries)
- Click Generate to create your key pair -- the private key and public key appear in their respective fields
- Copy or download the keys -- use the public key for encryption or verification, and store the private key securely for decryption or signing
Prova gratuitamente — nessuna registrazione richiesta
Generate RSA Keys →RSA Key Size and Security
Choosing the right RSA key size balances security strength against performance. Larger keys are more secure but slower for encryption and signing operations.
- 2048 bits is the current minimum recommended by NIST and most industry standards -- it provides adequate security through approximately 2030 but should be considered a baseline, not a long-term choice
- 3072 bits is recommended for systems that need to remain secure beyond 2030 -- it provides a 128-bit equivalent security level and is the sweet spot for most new deployments
- 4096 bits provides the highest RSA security level and is recommended for certificate authorities, long-lived signing keys, and high-value systems where the performance cost of larger keys is acceptable
Frequently Asked Questions
What is the difference between PEM and JWK format?
PEM (Privacy Enhanced Mail) is a Base64-encoded format wrapped in header and footer lines like BEGIN PUBLIC KEY and END PUBLIC KEY. It is the standard format for OpenSSL, web servers, and certificate authorities. JWK (JSON Web Key) represents the key as a JSON object with named fields for each mathematical component. It is used in web applications, OAuth systems, and JWT token signing where JSON is the native data format.
Is RSA still secure to use?
Yes, RSA with appropriate key sizes remains secure for current use. However, it is important to use at least 2048 bits, and 3072 or 4096 bits is preferred for new systems. RSA will eventually be vulnerable to quantum computers running Shor's algorithm, but practical quantum computers capable of breaking RSA are not expected for at least a decade. For new projects without legacy constraints, consider elliptic curve algorithms like Ed25519 which offer equivalent security with smaller keys.
Can I use the generated keys for JWT signing?
Yes. RSA keys are widely used for signing and verifying JSON Web Tokens. Use the RS256, RS384, or RS512 algorithms (RSA with SHA-256, SHA-384, or SHA-512 respectively). The private key signs the token on your server, and the public key can be shared with any service that needs to verify the token. The JWK output format is particularly convenient for JWT libraries since most accept keys directly in JWK format.