RSA Encrypt & Decrypt
Encrypt and decrypt messages using RSA-OAEP asymmetric encryption. Paste your PEM public key to encrypt or private key to decrypt. All processing is client-side.
100% Client-Side
RSA Public Key
SPKI PEM (-----BEGIN PUBLIC KEY-----)
RSA Encrypt & Decrypt — RSA-OAEP Online Tool
RSA-OAEP (Optimal Asymmetric Encryption Padding) is a secure mode of RSA encryption. Unlike raw RSA, OAEP adds randomness to the encryption process, preventing various attacks on deterministic RSA encryption.
Key Format Requirements
- Public Key (Encrypt): Must be in SPKI PEM format, starting with
-----BEGIN PUBLIC KEY-----. This is the standard format generated by OpenSSL and most tools. - Private Key (Decrypt): Must be in PKCS8 PEM format, starting with
-----BEGIN PRIVATE KEY-----. Convert PKCS#1 keys with:openssl pkcs8 -topk8 -nocrypt -in private.pem -out pkcs8.pem
Message Size Limitation
RSA-OAEP can only encrypt messages smaller than the key modulus. With SHA-256 and a 2048-bit key, the maximum plaintext is 190 bytes. For larger data, use hybrid encryption: encrypt data with AES-256-GCM and encrypt only the AES key with RSA.
Generating Compatible Keys
Generate keys with our RSA Key Generator tool, which produces PKCS#1 keys. Convert to SPKI/PKCS8 format using OpenSSL:
- Public key:
openssl rsa -pubin -in pkcs1_public.pem -pubout -out spki_public.pem - Private key:
openssl pkcs8 -topk8 -nocrypt -in pkcs1_private.pem -out pkcs8_private.pem