RSA Cipher

RSA is an asymmetric encryption algorithm that uses a key pair: the public key encrypts data, while the private key decrypts it. The public key can be shared openly with anyone who wants to send you encrypted data, but the private key must remain secret.

The main advantage is that the sender does not need to share a secret in advance. Anyone can encrypt with the public key, but only the holder of the matching private key can decrypt the result. If the private key is lost, the encrypted data cannot be recovered.

Longer RSA keys provide stronger security, but they also slow down key generation and encryption/decryption.

2048-bit: widely considered secure today, suitable for general use, and the fastest option.

3072-bit: adds a wider security margin and is recommended for longer-term confidentiality.

4096-bit: the highest security level on this page, best for very high security requirements, but slower to generate and use.

Note: RSA can only encrypt limited-size plaintext in a single operation. With 2048-bit/SHA-256 the limit is about 190 bytes; with 4096-bit it is about 446 bytes. Use chunking or hybrid encryption for larger payloads.

RSA-OAEP (Optimal Asymmetric Encryption Padding) is the recommended padding scheme for RSA encryption today. It uses a hash function to add randomness and defend against chosen-plaintext attacks.

SHA-256 (recommended): strong security, broad adoption, and good compatibility.
SHA-384 / SHA-512: a wider security margin, but they slightly reduce the maximum plaintext size.
SHA-1: kept only for legacy compatibility and not recommended for new systems.

Encryption and decryption must use the same hash algorithm.

The raw output of RSA encryption is binary data, which is not convenient for direct storage or text transmission. Output Encoding converts the bytes into a printable format.

Base64: encodes every 3 bytes into 4 ASCII characters, producing output about 1.33× the original size. Compact and widely used in APIs, email, and JSON payloads.

Hex: represents every byte as 2 hexadecimal characters, doubling the output size. Easier to inspect and useful for debugging byte by byte.

1️⃣ What is PEM format?
PEM (Privacy-Enhanced Mail) is a text format used to store and transfer keys and certificates. It Base64-encodes binary DER data and wraps it with headers and footers like -----BEGIN <LABEL>----- and -----END <LABEL>-----. Common labels include PUBLIC KEY, PRIVATE KEY, and CERTIFICATE. It is easy to copy, paste, and transmit in text-based workflows, making it one of the most common key exchange formats.

2️⃣ Which other formats are common besides PEM?
- DER: a pure binary format that stores ASN.1 structures directly. It is not human-readable and is common in Java ecosystems.
- HEX: expresses DER binary content as a hexadecimal string, useful for debugging or embedding in code.
- Base64 (without headers): raw DER encoded as Base64 without PEM headers, often used in compact configurations or token payloads.
- PKCS#12 (PFX): a binary container format that can bundle public and private keys together, usually protected by a password and often used by browsers or Windows systems.

3️⃣ When should you use each format?
- PEM: the most universal option, suitable for OpenSSL, web servers (Nginx/Apache), and API exchange.
- DER: commonly used in Java environments or where strict binary storage is required.
- HEX: useful in debugging, embedded systems, or whenever exact byte inspection is needed.
- Base64 (without headers): useful when formatting is constrained or a compact representation is required.
- PKCS#12: useful when both public and private keys must be transported together while protecting the private key with a password.