Team
math

RSA Calculator

RSA is a widely used asymmetric encryption system that protects sensitive communications across the internet. This calculator guides you through key generation, the mathematical operations behind encryption and decryption, and practical implementation steps. Whether you're studying cryptography, implementing secure systems, or verifying calculations, this tool automates the modular arithmetic involved in the RSA algorithm while explaining each stage clearly.

Last updated:

Creators Jasmine J. Mah, BSc
5,188 people find this calculator helpful

What Is RSA Encryption?

RSA (Rivest–Shamir–Adleman) is an asymmetric encryption scheme that relies on the mathematical difficulty of factoring large composite numbers. Unlike symmetric encryption, where one key both encrypts and decrypts, RSA uses a pair: a public key that anyone can access and a private key that remains secret.

When Alice wishes to send a secure message to Bob, she uses Bob's public key to encrypt it. Only Bob, holding the corresponding private key, can decrypt the message. This one-way property—easy to encrypt with the public key, but computationally infeasible to decrypt without the private key—makes RSA suitable for protecting everything from email to financial transactions.

The security of RSA depends on two large prime numbers. The product of these primes forms part of the public key, yet determining the original primes from their product remains extraordinarily difficult with current computing power, provided the primes are sufficiently large.

The RSA Algorithm: Key Generation Steps

Generating an RSA key pair involves four main steps:

  • Select two distinct prime numbers (p and q): Choose primes with similar bit lengths to maximize security. For real-world use, these should each contain hundreds of digits.
  • Compute the modulus (N): Multiply p and q together. This value forms part of both keys and determines the maximum message size.
  • Calculate the Carmichael function (λ(N)): This is the least common multiple of (p − 1) and (q − 1). It governs which values can serve as encryption exponents.
  • Choose the encryption exponent (e): Select an integer between 2 and λ(N) that shares no common factors with λ(N). The value 65,537 is standard in practice.
  • Derive the decryption exponent (d): Calculate the modular multiplicative inverse of e modulo λ(N).

Your public key is the pair (e, N). Your private key is (d, N). Guard d carefully.

RSA Encryption and Decryption Formulas

Both encryption and decryption rely on modular exponentiation. The sender raises the plaintext to the power of the encryption exponent, while the recipient uses the decryption exponent to recover the original message.

N = p × q

λ(N) = lcm(p − 1, q − 1)

e × d ≡ 1 (mod λ(N))

C = M^e mod N

M = C^d mod N

  • p, q — Large distinct prime numbers
  • N — Modulus; the product of p and q
  • λ(N) — Carmichael function of N; the least common multiple of (p−1) and (q−1)
  • e — Encryption exponent (public); chosen such that gcd(e, λ(N)) = 1
  • d — Decryption exponent (private); the modular multiplicative inverse of e modulo λ(N)
  • M — Plaintext message, a number less than N
  • C — Ciphertext; the encrypted message

Common RSA Implementation Pitfalls

Mistakes in RSA deployment can completely undermine security, even if the mathematics is sound.

  1. Reusing a Key to Encrypt Different Messages — The same plaintext encrypted with the same public key always produces the same ciphertext. An attacker can detect repeated messages or patterns. Modern systems use padding schemes (like OAEP) that randomize each encryption, eliminating this vulnerability.
  2. Choosing a Small Encryption Exponent Without Padding — While e = 3 or e = 17 speeds up encryption, unpadded small messages can be recovered by taking cube roots or 17th roots of the ciphertext without modular reduction. Always use proper padding for any real deployment.
  3. Generating Weak Prime Numbers — Primes close together, primes with special structure, or primes generated carelessly allow factorization attacks. Use cryptographically secure random number generators and proven primality tests when selecting p and q.
  4. Neglecting the Secrecy of d — If the private exponent d leaks, the entire security of RSA collapses. An attacker can decrypt all past and future messages. Store d offline or in a hardware security module, and rotate keys immediately if compromise is suspected.

Why RSA Is Asymmetric Cryptography

In symmetric encryption (such as AES), both parties share a single secret key. This creates a distribution problem: before any secure communication, the key must be transmitted, risking interception.

RSA sidesteps this by using two mathematically linked keys. The public key can be published in a directory or embedded in a certificate, while the private key never leaves the owner's control. This eliminates the need to securely exchange keys beforehand.

The trade-off is speed. RSA is slower than symmetric encryption, so in practice, RSA often encrypts a symmetric key (like an AES session key) rather than large volumes of plaintext. This hybrid approach combines the convenience of public-key distribution with the efficiency of symmetric encryption.

Frequently Asked Questions

What makes RSA secure if everyone can see the public key and the modulus N?

The security rests on computational hardness, not secrecy. Although N is public, factoring it back into p and q is believed to be computationally infeasible for large primes (typically 1024 bits or larger). An attacker would need to reverse engineer d from e and N—a task equivalent to factorization. Quantum computers could theoretically break RSA by factoring efficiently, but no practical quantum computer capable of this yet exists. For now, RSA with sufficiently large keys remains secure in real-world scenarios.

Can I use the same RSA key pair for both encryption and digital signatures?

Technically yes, but it is not recommended. Using the same key for both purposes increases the risk of attacks and violates security best practices. In standard deployments, you generate separate key pairs: one for encryption (to receive secret messages) and one for signing (to authenticate your identity). This separation limits the damage if one key is compromised and reduces the surface area for cryptanalytic attacks.

What happens if p and q are not prime?

RSA's security fundamentally depends on p and q being prime. If either is composite, factorization becomes trivial, and an attacker can recover the private key from the public key. Additionally, the Carmichael function λ(N) would be computed incorrectly, breaking the mathematical relationship between e and d. Always verify primality using a rigorous test (such as the Miller–Rabin test) before using values in RSA.

How large should p and q be in practice?

Modern RSA implementations use N values of at least 2048 bits (each prime roughly 1024 bits). The 2048-bit standard is expected to remain secure until at least 2030. For long-term security against future attacks, many organizations have migrated to 4096-bit keys. Smaller keys (512 or 1024 bits) are now considered broken and should never be used in production systems. Larger keys increase computational overhead but provide exponentially greater resistance to factorization.

What is the relationship between e, d, and λ(N)?

The decryption exponent d is the modular multiplicative inverse of the encryption exponent e modulo λ(N). Mathematically, e × d ≡ 1 (mod λ(N)). This relationship ensures that encrypting and then decrypting (or vice versa) recovers the original message: (M^e)^d ≡ M (mod N). Both e and d are derived from the same Carmichael function, which is why knowing λ(N) is equivalent to breaking the key pair.

Can RSA be broken if someone has access to the public key for a long time?

The public key alone cannot break RSA; brute-force or mathematical attacks on the public key are currently infeasible. However, improper implementation, weak random number generation, or side-channel attacks (measuring encryption time or power consumption) might leak information. Additionally, an attacker with quantum computers could exploit Shor's algorithm to factor N efficiently. For these reasons, deploying RSA securely requires careful implementation, regular key rotation, and eventual migration to post-quantum cryptographic schemes.

More math calculators (see all)

Slope Intercept Form Calculator Perimeter of a Rectangle Calculator 30-60-90 Triangle Calculator Scalene Triangle Calculator Qr Decomposition Calculator Radius of a Sphere Calculator Subtracting Fractions Calculator Euclidean Algorithm Calculator