RSA Key Calculator

Generate RSA public and private keys from primes p and q. Compute n=p×q, φ(n)=(p−1)(q−1), public exponent e, and private key d=e⁻¹ mod φ(n). Includes encrypt/decrypt demo and security analysis.

n = p × q
φ(n) = (p−1)(q−1)
d (private exponent)
Key Status
Extended More scenarios, charts & detailed breakdown
n
φ(n)
d (private exponent)
Public key (e, n)
Private key (d, n)
Professional Full parameters & maximum detail

Key Parameters

n = p×q
φ(n) = (p−1)(q−1)
Carmichael λ(n) = lcm(p−1, q−1)
d = e⁻¹ mod φ(n)

Security Analysis

Key bit length & security
Why e=65537?

How to Use This Calculator

  1. Enter two distinct primes p and q and a public exponent e (default 17 for demo, 65537 for real use).
  2. Public key (e,n) and private key (d,n) appear instantly.
  3. Use Encrypt tab: compute c = m^e mod n for a message.
  4. Use Decrypt tab: recover m = c^d mod n using the private key.
  5. Use Professional for Carmichael λ(n) and security assessment.

Formula

n=p×q | φ(n)=(p−1)(q−1) | d=e⁻¹ mod φ(n)

Encrypt: c=m^e mod n | Decrypt: m=c^d mod n

Example

p=61, q=53: n=3233, φ(n)=3120, e=17 → d=2753. Encrypt m=65: c=65^17 mod 3233=2790. Decrypt: 2790^2753 mod 3233=65

Frequently Asked Questions

  • Choose two distinct primes p and q. Compute n=p×q and φ(n)=(p−1)(q−1). Choose e coprime to φ(n) (typically 65537). Compute d=e⁻¹ mod φ(n). Public key: (e,n); Private key: (d,n).
  • 65537=2^16+1 is a Fermat prime with only two 1-bits, making modular exponentiation fast. It's large enough to prevent small-exponent attacks but small enough for efficient encryption.
  • NIST recommends 2048 bits minimum through 2030, 3072 bits for longer security. 1024-bit RSA is considered broken. 4096 bits provides high security margin.
  • λ(n)=lcm(p−1, q−1) divides φ(n). Modern RSA (RFC 8017) uses λ(n) instead of φ(n) for d, producing a smaller private exponent that is equally secure.
  • Small d (Wiener's attack), common modulus attack, low-entropy prime selection, small e without proper padding, and textbook RSA without OAEP/PKCS#1 padding are all exploitable vulnerabilities.

Related Calculators

φ Euler Totient φ(n) mod⁻¹ Modular Inverse gcd+ Extended Euclidean mod Chinese Remainder Theorem
Sources & References (5)
  1. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems — Rivest, Shamir & Adleman (1978) — MIT / Communications of the ACM
  2. NIST FIPS 186-5 — Digital Signature Standard — NIST
  3. RFC 8017 — PKCS #1 RSA Cryptography Specifications v2.2 — IETF
  4. Applied Cryptography — Bruce Schneier — Wiley
  5. Cryptography Engineering — Ferguson & Schneier — Wiley