RSA Encryption/Decryption
Encrypt and decrypt text using RSA asymmetric (public/private key) encryption.
- Public Key: Used to encrypt data. Can be shared publicly.
- Private Key: Used to decrypt data. Must be kept secret.
What Is RSA Encryption?
RSA (RivestβShamirβAdleman) is one of the first public-key cryptographic systems, invented in 1977. Unlike symmetric encryption (like AES), RSA uses a pair of mathematically linked keys: a public key for encryption and a private key for decryption. Anyone can encrypt data with the public key, but only the private key holder can decrypt it.
How Does RSA Work?
- Key Generation: Two large prime numbers are selected and multiplied to create a modulus. The public and private exponents are derived from this modulus using modular arithmetic.
- Encryption: The plaintext is converted to a number and raised to the power of the public exponent, modulo the modulus:
ciphertext = message^e mod n. - Decryption: The ciphertext is raised to the power of the private exponent:
message = ciphertext^d mod n.
RSA's security is based on the mathematical difficulty of factoring the product of two large prime numbers. With current technology, key sizes of 2048 bits or larger are considered secure.
RSA vs AES
| Feature | RSA (Asymmetric) | AES (Symmetric) |
|---|---|---|
| Keys | Public + Private key pair | Single shared secret key |
| Speed | Slow β computation-intensive | Fast β hardware-accelerated |
| Data Size | Limited by key size (e.g., 245 bytes for 2048-bit) | Unlimited (block cipher) |
| Typical Use | Key exchange, digital signatures, small data | Bulk data encryption |
| Key Distribution | Public key can be shared openly | Secret key must be shared securely |
Common Use Cases
- TLS/HTTPS Handshake: RSA is used during the TLS handshake to securely exchange symmetric keys for the session.
- Digital Signatures: Sign documents and software to verify authenticity and integrity.
- SSH Authentication: RSA key pairs enable password-less server authentication.
- Email Encryption: PGP/GPG uses RSA to encrypt email content and attachments.
- Code Signing: Software publishers sign executables with RSA to prove they haven't been tampered with.
Frequently Asked Questions
What key size should I use?
2048-bit RSA is the minimum recommended key size for current use. 4096-bit provides a larger security margin but is slower. For new systems, consider using Elliptic Curve Cryptography (ECC) as a more efficient alternative.
Why can't I encrypt large data with RSA?
RSA can only encrypt data smaller than the key size (minus padding). In practice, RSA is used to encrypt a symmetric key (e.g., AES-256), which then encrypts the actual data. This hybrid approach combines RSA's key distribution advantage with AES's speed.