RSA Key Generator
Generate extractable RSA signing key pairs locally and export SPKI public keys and unencrypted PKCS8 private keys in PEM format.
Public Key — SPKI PEM
Generated SPKI public key will appear here.
Private Key — Unencrypted PKCS8 PEM
Generated PKCS8 private key will appear here.
Private Key Warning
Generation and export happen locally with Web Crypto. The private key is extractable and exported without password-based encryption. Do not use a browser-generated private key in a sensitive production system unless your security process explicitly allows this workflow. Copying the key places it on the clipboard.
Generating RSA Signing Keys in Browser-Compatible Formats
This tool asks Web Crypto to create an RSASSA-PKCS1-v1_5 key pair configured with SHA-256 and public exponent 65537. The public key is exported as SubjectPublicKeyInfo (SPKI), while the private key is exported as unencrypted PKCS8.
These outputs can help with local testing, signature experiments, and systems that explicitly accept these formats. They are not SSH key files, certificate requests, certificates, or encrypted private keys.
How to Use the RSA Key Generator
- Select a modulus length supported by the tool.
- Click Generate RSA Signing Keys.
- Copy the SPKI public key only where a public key is expected.
- Handle the unencrypted PKCS8 private key as sensitive material.
Output and Algorithm Details
- Algorithm: RSASSA-PKCS1-v1_5 with SHA-256.
- Public exponent: 65537.
- Public output: SPKI PEM labelled PUBLIC KEY.
- Private output: Unencrypted PKCS8 PEM labelled PRIVATE KEY.
- Key usage: Signing and signature verification.
Important Format Boundaries
- The output is not an OpenSSH private or public key.
- The tool does not create a certificate or certificate signing request.
- The private key is not protected by a passphrase.
- A system expecting RSA-PSS or RSA-OAEP may require a different algorithm configuration.
Frequently Asked Questions
Can I use these keys for SSH?
Not directly. SSH commonly expects OpenSSH-specific formats and metadata. Use an SSH-focused key-generation tool for that workflow.
Does this create an SSL or TLS certificate?
No. It creates only an RSA key pair. A certificate also contains identity, validity, extensions, and a certificate-authority signature.
Why is 1024-bit unavailable?
The tool excludes 1024-bit generation because it is too small for new general-purpose security deployments.
Are the private keys encrypted?
No. The PKCS8 output is unencrypted. Store it only through a process designed for sensitive private-key material.
