What key size should I use for RSA?

For new keys, use at least 2048 bits; 4096 bits is preferred for long-lived keys or high-security contexts. 1024-bit RSA is no longer secure and should be replaced. For modern TLS, ECDSA (elliptic curve) keys at 256 bits provide equivalent security to RSA-3072 with better performance.

What is the difference between RSA encryption and RSA signatures?

RSA encryption: sender encrypts with recipient's public key; recipient decrypts with their private key. RSA signature: signer signs (encrypts a hash) with their private key; verifier checks with the signer's public key. The mathematical operation is similar but the key usage is opposite.

Is RSA quantum-resistant?

No. A sufficiently large quantum computer could use Shor's algorithm to factor RSA moduli in polynomial time, breaking RSA. NIST is standardizing post-quantum cryptographic algorithms (like CRYSTALS-Kyber and CRYSTALS-Dilithium) as replacements. Current RSA implementations are safe for now but should be planned for migration.

What key size should I use for RSA?

For new keys, use at least 2048 bits; 4096 bits is preferred for long-lived keys or high-security contexts. 1024-bit RSA is no longer secure and should be replaced. For modern TLS, ECDSA (elliptic curve) keys at 256 bits provide equivalent security to RSA-3072 with better performance.

What is the difference between RSA encryption and RSA signatures?

RSA encryption: sender encrypts with recipient's public key; recipient decrypts with their private key. RSA signature: signer signs (encrypts a hash) with their private key; verifier checks with the signer's public key. The mathematical operation is similar but the key usage is opposite.

Is RSA quantum-resistant?

No. A sufficiently large quantum computer could use Shor's algorithm to factor RSA moduli in polynomial time, breaking RSA. NIST is standardizing post-quantum cryptographic algorithms (like CRYSTALS-Kyber and CRYSTALS-Dilithium) as replacements. Current RSA implementations are safe for now but should be planned for migration.

What is RSA? — Public-Key Cryptography Explained

Definition

RSA is an asymmetric cryptographic algorithm that uses a pair of mathematically linked keys: a public key and a private key. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa. The security of RSA relies on the mathematical difficulty of factoring the product of two large prime numbers. RSA was invented in 1977 and is still widely used for key exchange in TLS, SSH authentication, and digital signatures.

How It Works

RSA key generation selects two large prime numbers p and q, computes n = p × q (the modulus), and derives the public exponent e and private exponent d such that encryption and decryption are inverse operations modulo n. To encrypt a message m, compute c = m^e mod n. To decrypt, compute m = c^d mod n. In practice, RSA is almost never used to encrypt large data directly — it is too slow. Instead, RSA encrypts a randomly generated symmetric key (key encapsulation), which then encrypts the actual data. Common key sizes are 2048 bits (minimum) and 4096 bits for long-term security.

Common Use Cases

▸TLS/HTTPS handshake: server's RSA public key is used to establish a shared secret
▸SSH authentication: your RSA public key is installed on servers; the private key authenticates you
▸Code signing: developers sign software releases with a private key; users verify with the public key
▸Encrypting small secrets like API keys for transmission
▸Certificate authorities use RSA to sign SSL/TLS certificates

Example

// SSH key pair (RSA 4096)
Private key: ~/.ssh/id_rsa (KEEP SECRET)
Public key:  ~/.ssh/id_rsa.pub (share freely)

Public key format:
ssh-rsa AAAAB3NzaC1yc2EAAAA... user@host

PEM format:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA...
-----END RSA PRIVATE KEY-----

Related Tools

#RSA Key Generator

Generate RSA key pairs (2048 or 4096-bit) and export as PEM in your browser.

#PEM Key Parser

Paste a PEM private or public key to detect its type, algorithm, and key size.

#SSH Key Generator

Generate an RSA SSH key pair. Shows the OpenSSH public key and the PEM private key.

#SSL Certificate Decoder

Paste a PEM certificate and decode its subject, issuer, validity dates, SANs, and more.

FAQ

What key size should I use for RSA?: For new keys, use at least 2048 bits; 4096 bits is preferred for long-lived keys or high-security contexts. 1024-bit RSA is no longer secure and should be replaced. For modern TLS, ECDSA (elliptic curve) keys at 256 bits provide equivalent security to RSA-3072 with better performance.
What is the difference between RSA encryption and RSA signatures?: RSA encryption: sender encrypts with recipient's public key; recipient decrypts with their private key. RSA signature: signer signs (encrypts a hash) with their private key; verifier checks with the signer's public key. The mathematical operation is similar but the key usage is opposite.
Is RSA quantum-resistant?: No. A sufficiently large quantum computer could use Shor's algorithm to factor RSA moduli in polynomial time, breaking RSA. NIST is standardizing post-quantum cryptographic algorithms (like CRYSTALS-Kyber and CRYSTALS-Dilithium) as replacements. Current RSA implementations are safe for now but should be planned for migration.