Key Management

RSA Key Pair Generator

Generate secure RSA public and private keys in PEM format. All cryptographic generation happens instantly and safely in your local browser memory.

100% Client-Side

We don't use servers to generate keys. Your private keys are created using your device's local CPU entropy.

Standard PEM Format

Keys are automatically exported as PKCS#8 and SPKI and wrapped in Base64 for easy `.env` injection.

Military-Grade Security

Support for 2048-bit (standard) and highly secure 4096-bit RSA moduli for SSL, SSH, or JWT configurations.

SPKI / PEM Format
PKCS#8 / PEM Format (Keep Secret)

How Local Generation Works

Your Private Key mathematically never leaves your device's memory.

Never send a Private Key over email.

Your RSA Private Key is the master key to your servers and databases. Pasting it into Slack, Discord, or Email means it will be stored in plaintext on their servers forever.

If you need to share this newly generated key with a colleague, use ZeroKey to encrypt it locally and send a link that permanently self-destructs the moment they copy it.

Encrypt Your Secret Key

What is RSA Asymmetric Cryptography?

RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem widely used for secure data transmission. In an asymmetric cryptographic system, two different mathematically linked keys are generated: a Public Key and a Private Key.

The Public Key can be shared with anyone. It is used to encrypt messages. However, once a message is encrypted with the Public Key, it can only be decrypted by the matching Private Key. The Private Key must be kept absolutely secret. RSA is the foundational technology behind HTTPS/TLS certificates, SSH logins, and JSON Web Token (JWT) RS256 signing.

How to generate an RSA Key Pair in JavaScript

You no longer need to execute OpenSSL commands in your terminal or install massive NPM packages to generate RSA keys. You can use the native browser Web Crypto API:

rsa-generator.js 
async function generateRSA() {
    // 1. Generate the raw Key Pair
    const keyPair = await window.crypto.subtle.generateKey(
        {
            name: "RSASSA-PKCS1-v1_5",
            modulusLength: 2048, // Can be 1024, 2048, or 4096
            publicExponent: new Uint8Array([1, 0, 1]), // 65537 standard
            hash: "SHA-256"
        },
        true, // extractable
        ["sign", "verify"]
    );

    // 2. Export them into binary ArrayBuffers
    const publicKeyBuffer = await window.crypto.subtle.exportKey("spki", keyPair.publicKey);
    const privateKeyBuffer = await window.crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
    
    // You would then Base64 encode these buffers to create PEM strings
    return { publicKeyBuffer, privateKeyBuffer };
}

Frequently Asked Questions

Is it safe to generate RSA keys online?
Generating keys on standard online tools is extremely dangerous because a malicious remote server could secretly save a copy of your Private Key. However, this ZeroKey Utility is completely different. It runs 100% locally using your browser's Web Crypto API. The keys are generated mathematically on your own device, and we make zero network requests to fetch or store them.
What is PEM Format?
PEM (Privacy-Enhanced Mail) is the most common text format for cryptographic keys and certificates. When the browser generates a key, it outputs raw binary data. PEM takes that binary data, encodes it using Base64, and wraps it with header and footer lines (e.g., -----BEGIN PRIVATE KEY-----). This makes it easy to copy, paste, and store inside `.env` configuration files without risking data corruption.

Privacy First

We use essential cookies & analytics strictly to improve our free tools. No PII or cryptography secrets are ever tracked.

Policy