Generate RSA key pairs in your browser
RSA is an asymmetric cryptography algorithm. The public key is safe to share freely β it is used by others to encrypt messages to you, or to verify signatures you create. The private key must be kept absolutely secret β it is used to decrypt messages and to create digital signatures. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa.
PEM (Privacy Enhanced Mail) is a Base64-encoded representation of the binary DER format, wrapped with a header and footer line. It is the most widely supported key format and is accepted by OpenSSL, Java's KeyFactory, Python's cryptography library, and most TLS/SSH tools. The header tells you the key type: BEGIN PUBLIC KEY (SPKI format) or BEGIN PRIVATE KEY (PKCS#8 format).
Yes, when using the Web Crypto API (window.crypto.subtle). This API is implemented natively by the browser in native code β the key material is generated using the OS's cryptographically secure random number generator and never exposed to JavaScript as raw bytes (only exported on demand). This tool exports the key only to display it locally; nothing is sent over the network.
PKCS#1 (BEGIN RSA PRIVATE KEY) is an older RSA-specific format. PKCS#8 (BEGIN PRIVATE KEY) is the modern algorithm-agnostic envelope format recommended by most current tools. The Web Crypto API exports in SPKI (public) and PKCS#8 (private) by default. OpenSSL can convert between them with openssl pkcs8 if needed.
Save the public key to public.pem and private key to private.pem. Then: encrypt with openssl rsautl -encrypt -pubin -inkey public.pem -in plain.txt -out encrypted.bin, and decrypt with openssl rsautl -decrypt -inkey private.pem -in encrypted.bin -out plain.txt.