Generate RSA Key Pairs

RSA (Rivest-Shamir-Adleman) is one of the first public-key cryptosystems and remains widely used for secure data transmission. It relies on the mathematical difficulty of factoring the product of two large prime numbers. RSA supports both encryption (confidentiality) and digital signatures (authentication and integrity). The algorithm was published in 1977 and has since become a cornerstone of internet security, used in TLS, SSH, PGP, and countless other protocols.

RSA key generation involves selecting two large random prime numbers, computing their product (the modulus), and deriving the public and private exponents. The public exponent is typically 65537 (0x10001). The private exponent is computed using the extended Euclidean algorithm such that it is the modular inverse of the public exponent modulo the totient of the modulus. The security of RSA rests on the assumption that factoring the modulus back into its prime components is computationally infeasible for sufficiently large key sizes.

The security of an RSA key is directly related to its bit length. A 2048-bit key provides approximately 112 bits of security, 3072-bit provides about 128 bits, and 4096-bit provides roughly 152 bits. NIST and other standards bodies recommend a minimum of 2048 bits for RSA keys used through 2030. Larger keys offer more security but require more computation time for generation, encryption, and decryption operations. For most web and enterprise applications, 2048 or 3072 bits strikes the right balance.

Never share or expose your private key; store it securely with appropriate file permissions or in a hardware security module (HSM). Use separate key pairs for different purposes such as signing versus encryption. Rotate keys periodically according to your organization's security policy. Always use a strong random number generator (such as the Web Crypto API) for key generation. Consider using key sizes of 3072 bits or larger for long-lived keys that need to remain secure for many years.