RSA Encryption/Decryption

Generates RSA-OAEP key pairs at 2048, 3072, or 4096 bits using SHA-256 and a 65537 public exponent, and uses them to encrypt and decrypt short messages locally via the Web Crypto API. Keys are exported as PEM (SPKI public key / PKCS#8 private key) with download buttons, and the keypair is persisted in the browser's tool-data store so it survives reloads. Ciphertext is Base64-encoded.

1. On the Generate Keys tab, pick a key size (2048/3072/4096) and click Generate; the public and private PEM keys appear with copy and download buttons. 2. On the Encrypt tab, paste a public key and the plaintext, then click Encrypt - the ciphertext is Base64 output. 3. On the Decrypt tab, paste a private key and a Base64 ciphertext, then click Decrypt to recover the plaintext. 4. Use Clear Keys to wipe both the displayed keys and the persisted storage.

RSA-OAEP with SHA-256 has per-message maximum plaintext sizes driven by the modulus: 2048-bit keys accept up to 190 bytes, 3072-bit up to 318 bytes, and 4096-bit up to 446 bytes (OAEP padding overhead = 2 * hashLen + 2). The tool blocks encrypt attempts that exceed this and shows the current byte count vs the limit. RSA is therefore suitable for keys, symmetric session keys, or short secrets - not bulk data. For large payloads, use RSA to wrap an AES key instead.