ToolMight LogoToolMight

RSA Key Generator

Generate cryptographically secure public and private RSA SSH key pairs locally in standard PEM PKCS#8 format.

Loading Tool...
Sponsored

Generate cryptographically secure public and private RSA SSH key pairs locally in standard PEM format. Choose custom key lengths up to 4096 bits and export PKCS#8/SPKI structures securely inside your browser.

Learn About This Tool

Understanding RSA cryptography and SSH key pairs

RSA (Rivest–Shamir–Adleman) is an asymmetric cryptographic algorithm. It relies on a key pair: a **Public Key** that can be shared with anyone to encrypt payloads, and a **Private Key** that must be kept secret to decrypt those payloads. In SSH configurations, the public key is uploaded to a remote server (e.g. inside ~/.ssh/authorized_keys), allowing you to authenticate securely without typing a password. To generate secure credentials for client setups, try our Password Generator. Here is the standard PEM private key file wrap:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3yE...
-----END PRIVATE KEY-----
  • Asymmetric keys secure system logins and code checkouts
  • Public key is safe to share on public servers or GitHub settings
  • Private key acts like a physical key and must never leave your computer
  • Web Crypto API ensures high entropy generation locally in RAM

Choosing key sizes: 2048, 3072, vs 4096 bits

Key size determines the cryptographic strength of your keys. Higher bit lengths require exponentially more computing power to brute-force: - **2048 bits**: The minimum standard for SSH, fast and widely supported. - **3072 bits**: Recommended by security agencies for long-term safety. - **4096 bits**: Ultra-secure, ideal for root keys and high-compliance servers. If you are verifying signatures or hashes of server configs, check out our Cryptographic Hash Generator.
  • 2048-bit keys balance processing speed and standard compliance
  • 4096-bit keys offer superior security margins at the cost of slight generation latency
  • Generates keys with standard public exponent 65537 (AQAB) for optimal safety
  • Compatible with OpenSSH, Git, AWS EC2, and Linux distributions

Absolute privacy through browser Web Crypto API

Generating cryptographic keys on remote web servers is a major security risk. Any server log or database leak could expose your private key. Our key generator executes 100% locally using your browser's native **Web Cryptography API**. Your keys are generated in temporary RAM sandbox and never sent over the internet.
  • Guarantees that private key bytes never cross the network
  • Zero server cookies, databases, or analytics tracking key values
  • No network latency during key generation cycles
  • Enables instant copy or local file downloads for system setups

How to Use RSA Key Generator

1

Choose your target key length

Select the key length (2048, 3072, or 4096 bits) from the dropdown option menu based on your security parameters.

2

Generate the asymmetric key pair

Click 'Generate Key Pair'. The browser executes the cryptographic algorithm locally in a fraction of a second.

3

Copy or download the public and private keys

Inspect the generated PEM-wrapped keys. Use the Copy buttons or download files to save them directly to your drive.

Sponsored

Common questions

How do I generate an RSA key pair online?

Select your desired key size (e.g. 2048 or 4096 bits) and click the Generate button. Our tool compiles secure public and private key pairs instantly in your browser. If you need secure passwords instead of SSH keys, check out our Password Generator.

Is this online RSA key generator safe to use?

Yes, 100%. The key generation logic uses the browser's native window.crypto.subtle Web Cryptography API. Keys are generated entirely inside your local device's memory; they are never uploaded to any external server.

What is the difference between the public and private key?

The public key is used by remote systems (like GitHub or AWS) to encrypt data or authenticate you. The private key resides securely on your computer to decrypt that data or prove your identity. The private key must never be shared.

What key size should I choose for SSH?

For standard setups, 2048 bits is the minimum required and is highly compatible. For maximum security, we recommend choosing 4096 bits.

What format are the generated keys in?

The private key is formatted in standard PEM PKCS#8 (labeled BEGIN PRIVATE KEY), and the public key is formatted in PEM SubjectPublicKeyInfo (SPKI) (labeled BEGIN PUBLIC KEY).

How do I use these keys in my Linux server?

Save the private key as a file (e.g., id_rsa) and run chmod 600 id_rsa. Save the public key in your server's ~/.ssh/authorized_keys file.

What is the public exponent used?

The generator utilizes the standard exponent 65537 (expressed as [0x01, 0x00, 0x01] or AQAB in base64), which is the security industry standard for optimal encryption efficiency and safety.

Does the generator support SSH-DSS or DSA keys?

No, DSA/DSS is deprecated and insecure. Our tool focuses on generating secure, modern RSA key pairs which are fully supported by all modern SSH implementations.

Can I download the keys directly?

Yes. Click 'Download Private Key' or 'Download Public Key' inside the header panels to write the key files directly to your downloads directory.

Why does generating a 4096-bit key take slightly longer?

Finding prime numbers of larger bit sizes requires more mathematical checks. A 4096-bit key search consumes more CPU iterations, resulting in a brief generation pause (usually under 1 second).

Does this tool require internet connection?

No. Once loaded, the key pair generator operates 100% offline since the Web Cryptography engine resides completely inside your browser.

How do I add these keys to my GitHub account?

Copy the generated Public Key, log in to your GitHub account settings, navigate to "SSH and GPG keys", click "New SSH Key", and paste the public key there.

Can I verify the integrity of my key pair?

Yes, you can calculate the SHA-256 hash checksum of your keys using our Hash Generator to verify that files match.

What is PKCS#8 format?

PKCS#8 is a standard syntax for cryptographic private key information, widely used to represent RSA, ECC, and private key structures with uniform formatting.

Can I generate multiple key pairs in sequence?

Yes. Each click of 'Generate Key Pair' generates a completely unique, randomized cryptographic key pair, replacing the old outputs.

Related tools