What key size should I use?

Use 2048-bit keys minimum for security — 2048-bit offers ~112-bits of symmetric equivalent strength. 4096-bit provides stronger security (~150-bit equivalent) but slower operations. Most standards require 2048-bit minimum; critical infrastructure uses 4096-bit or ECC equivalents.

Is my private key safe?

Yes, all operations happen in your browser using the Web Crypto API. Your private key never leaves your device, is never stored on any server, and is never transmitted. When you generate a key, it stays in your browser's memory until you close the tab.

How much data can I encrypt with RSA?

RSA can only encrypt data smaller than the key size minus padding overhead. For 2048-bit keys with OAEP-SHA256 padding, you can encrypt roughly 190 bytes. For larger messages, use hybrid encryption: encrypt a symmetric key with RSA, then use that symmetric key to encrypt the full message.

OmniToolsKit

Asymmetric Encryption

Name: Asymmetric Encryption
Rating: 5 (2 reviews)
Author: OmniToolsKit

Generate key pairs and encrypt/decrypt messages using public-key cryptography (RSA, Ed25519, ECDSA, ECDH).

RSA EncryptionPublic-Key CryptoKey Pair GenerationEnd-to-End Secure

Key Generation

Generate a new public/private key pair using your chosen algorithm

Algorithm

Key Size

About this tool

Encrypt and decrypt data using RSA and other asymmetric algorithms. Generate key pairs for secure communication, digital signatures, and end-to-end encryption workflows with enterprise-grade security.

About

Asymmetric Encryption for Secure Digital Communication and Key Exchange

Asymmetric encryption, also called public-key cryptography, uses a pair of mathematically linked keys: a public key for encryption and a private key for decryption. Unlike symmetric encryption where both parties need the same secret, asymmetric encryption allows secure communication between parties who have never met — person A encrypts with person B's public key, and only person B can decrypt using their private key.

The most widely adopted asymmetric algorithm is RSA (Rivest-Shamir-Adleman), which remains secure at 2048-bit or 4096-bit key sizes. RSA is used in TLS/HTTPS handshakes, SSH key authentication, PGP encrypted email, and document signing. The trade-off is performance: asymmetric encryption is computationally slower than symmetric encryption, so in practice, hybrid cryptography combines both — RSA encrypts a symmetric key, then the symmetric key encrypts the bulk data.

OmniToolsKit's asymmetric encryption tool supports RSA key pair generation, import from PEM, and both encryption (with OAEP padding for added security) and decryption. The tool runs entirely in your browser using the Web Crypto API, so your private keys never leave your device and are never transmitted or stored anywhere.

Common Use Cases for RSA Asymmetric Encryption

Secure Key Exchange and Agreement

Two parties exchange public keys, then use RSA to securely transmit a symmetric encryption key that protects ongoing communication — the foundation of TLS handshakes and SSH key negotiation.

Digital Signatures and Non-Repudiation

Sign documents with your private key, allowing anyone with your public key to verify you created the signature and proving authenticity and integrity of the signed data.

SSL/TLS Certificate Authentication

HTTPS connections use RSA (or ECDSA) to authenticate servers and securely negotiate session keys for encrypting web traffic.

How to Use

1
Generate or Import Key Pair
Click 'Generate New Key Pair' to create a fresh RSA key pair at your chosen size (2048 or 4096 bits — 4096 is more secure but slower). Alternatively, paste an existing PEM-encoded private key to import it.
2
Enter Data to Encrypt
Type or paste the plaintext message you want to encrypt. Due to RSA limitations, you can only encrypt a limited amount of data per operation (roughly key size minus padding overhead — typically 190 bytes for a 2048-bit key). For larger data, use hybrid encryption: encrypt a symmetric key with RSA, then use it for the actual data.
3
Select Algorithm and Padding
Choose OAEP (Optimal Asymmetric Encryption Padding) for enhanced security over older PKCS#1 v1.5 padding. Select SHA-256 or higher for the hash function used in padding — this adds randomness that prevents attackers from recognizing patterns in encrypted data.
4
Encrypt or Decrypt and Copy Result
Click 'Encrypt' to produce ciphertext (typically Base64-encoded for transmission), or paste ciphertext and click 'Decrypt' if you have the private key. Copy the result to use it in your application or share securely.

Features

RSA Key Pair Generation at Multiple Sizes
Generate fresh 2048-bit or 4096-bit RSA key pairs using the Web Crypto API's cryptographically secure random number generator. Each generated key is unique and secure by default.
OAEP and PKCS Padding Modes
Support for modern OAEP (recommended) and legacy PKCS#1 v1.5 padding ensures compatibility with existing systems while allowing you to upgrade to stronger padding for new implementations.
PEM Key Import and Export
Import existing private keys from PEM-encoded text (standard format for SSH keys, TLS certificates, and cryptography tools). Export generated keys as PEM for use in OpenSSL, Node.js crypto, or other applications.
100% Browser-Based — Zero Server Transmission
All encryption, decryption, and key generation happens entirely in your browser using the Web Crypto API. Your private keys and plaintext never leave your device, ensuring maximum privacy and security.

Frequently Asked Questions

Found this tool useful?

Share your experience and help others discover it.