Developer Tools

How to Generate RSA Key Pairs Online

Need an RSA key pair for SSH access, JWT signing, or encrypted communication? Generate one instantly in your browser without installing OpenSSL or any other tool.

Open RSA Key Pair Generator 100% free. No sign-up. Works in your browser.

Quick Answer

Generate RSA key pairs (2048 or 4096-bit) for free at dotsapps.com. The keys are created in your browser using the Web Crypto API — your private key never touches a server.

What Is an RSA Key Pair

RSA uses two mathematically related keys: a public key and a private key. They work together but serve opposite purposes.

The public key can be shared with anyone. People use it to encrypt messages that only you can read, or to verify signatures you've made.

The private key must be kept secret. You use it to decrypt messages encrypted with your public key, or to sign data proving it came from you.

This asymmetric approach solves a fundamental problem: how do two parties communicate securely without first sharing a secret? With RSA, you only share the public key. The private key never needs to be transmitted.

RSA Key Sizes: 2048 vs 4096 Bits

2048-bit is the current minimum recommended key size. It's considered secure through 2030 and likely well beyond. Most certificates, SSH keys, and JWT signing keys use 2048-bit RSA.

4096-bit provides extra security margin. It's about 4-8x slower for operations but offers significantly more resistance to future attacks. Choose this if you're protecting data that needs to remain secure for decades.

1024-bit is obsolete and insecure. Never use it. It can be cracked with sufficient computing resources.

For most use cases — SSH keys, JWT signing, API authentication — 2048-bit is the right choice. It balances security and performance well.

Common Uses for RSA Keys

SSH authentication — Add your public key to a server's authorized_keys file. Then log in with your private key instead of a password. This is more secure and convenient.

JWT signing (RS256) — Sign tokens with your private key. Anyone with your public key can verify the signature but can't forge tokens. This is the standard approach for distributed auth systems.

Encrypted communication — Encrypt a message with someone's public key. Only their private key can decrypt it. In practice, RSA encrypts a symmetric key (like AES), which then encrypts the actual message.

Code signing — Sign your software releases with your private key. Users verify with your public key to confirm the code hasn't been tampered with.

How to Keep Your Private Key Safe

Your private key is the crown jewel. If someone gets it, they can impersonate you, decrypt your messages, and forge your signatures.

  • Never share it. Not by email, not in a chat, not in a code repository.
  • Set file permissions. On Linux/Mac: chmod 600 ~/.ssh/id_rsa. Only your user account should be able to read it.
  • Use a passphrase. Encrypt the private key file with a password. Even if someone steals the file, they can't use it without the passphrase.
  • Don't commit to git. Add private key patterns to .gitignore. Leaked keys in git history are a top cause of security breaches.
  • Rotate keys regularly. Generate new key pairs periodically and revoke old ones.

RSA Key Format: PEM Explained

RSA keys are typically stored in PEM format. You'll recognize it by the header and footer lines:

-----BEGIN RSA PRIVATE KEY-----
(base64-encoded key data)
-----END RSA PRIVATE KEY-----

The key data between the headers is Base64-encoded binary (DER format). The PEM wrapper makes it safe to copy and paste as text.

You may also see -----BEGIN PUBLIC KEY----- for the public key. Some tools use -----BEGIN OPENSSH PUBLIC KEY----- for SSH-specific format.

The RSA generator at dotsapps.com outputs standard PEM format that works with OpenSSL, SSH, most programming languages, and cloud services.

How to Do It: Step-by-Step

  1. 1

    Open the RSA Key Generator at dotsapps.com

  2. 2

    Select the key size (2048-bit for most uses, 4096-bit for extra security)

  3. 3

    Click Generate to create the key pair in your browser

  4. 4

    Copy the public key to share with servers or services

  5. 5

    Copy the private key and store it securely — never share it

Try RSA Key Pair Generator Now →

Frequently Asked Questions

Is it safe to generate RSA keys in a browser?

Yes, when the tool runs entirely client-side. At dotsapps.com, the keys are generated using your browser's Web Crypto API. The private key never leaves your device or touches any server.

How long does it take to generate an RSA key pair?

A 2048-bit key pair generates in under a second on most modern devices. A 4096-bit key pair takes 1-5 seconds depending on your device's processing power.

Can I use these keys for SSH?

Yes. The generated keys are in standard PEM format. Save the private key as your identity file and add the public key to the server's authorized_keys file. You may need to convert to OpenSSH format depending on your SSH client.

What is the difference between RSA and Ed25519?

Ed25519 is a newer elliptic curve algorithm. It has shorter keys (256-bit), is faster, and is considered equally or more secure than RSA 2048. However, RSA has broader compatibility with older systems and services.

How often should I rotate RSA keys?

For SSH keys, rotate annually or when a team member leaves. For JWT signing keys, rotate every 6-12 months. For certificates, follow the validity period set by your certificate authority (usually 1-2 years).

Ready to Try It?

RSA Key Pair Generator is free, private, and works right in your browser. No sign-up needed.

Open RSA Key Pair Generator

Related Tools You Might Like

lock Text Encryption / Decryption fingerprint Hash Generator key JWT Decoder

100+ Free Tools. Zero Sign-ups.

Every tool runs 100% in your browser. Your data never leaves your device.

Explore All Tools

Cloud Sync

Connected to Google Drive