What ciphertext formats na supported here?

Dis page supports Base64 text, Hex text, and uploaded .enc binary files. File mode processes di raw bytes directly, so you do not need to pick an encoding manually.

Why can't I use an ENCRYPTED PRIVATE KEY file directly?

Password-protected ENCRYPTED PRIVATE KEY files must be unlocked with a passphrase first. To keep dis page lightweight and browser-only, it currently supports unencrypted PRIVATE KEY / RSA PRIVATE KEY files only.

What usually causes RSA decryption to fail?

The most common causes na a mismatched private key, a different OAEP hash than di one used during encryption, corrupted ciphertext, or input dat na not di original encrypted output.

// crypto tool v2.0

RSAUnlocker

Q: Why does RSA decryption require a private key?

RSA na an asymmetric algorithm. Di public key encrypts data, while di matching private key decrypts it. Without di correct private key, RSA-OAEP ciphertext cannot be recovered.

BROWSER ONLY

WEB CRYPTO API

Go to encrypt tool

⚙

Algorithm setup

Key Size

OAEP Hash

🔑

Key Material

Private Key (PEM)

RSA-OAEP decryption uses di private key (4096-bit /SHA-256) - it must match di public key used during encryption

⬇

Release to load di .enc file

CIPHERTEXT / INPUT

PLAINTEXT / OUTPUT

Decrypted file ready to download

Need encryption?

Ready - paste a private key and ciphertext, then click Decrypt

Algorithm

RSA

OAEP / SHA-256

Key Strength

4096

bits

Security Level

HIGH

Asymmetric

Decrypted

bytes dis session

🔑

Why does RSA decryption require a private key?

RSA na an asymmetric encryption algorithm. Di public key encrypts data, whilethe matching private key na required for decryption. Di private key corresponds uniquely to di public key used on di encryption page, so a mismatched key go cause decryption to fail.

The private key must remain confidential. If it na lost, nobody, including di original data owner, fit recover di matching ciphertext. Save di private key file carefully when it na generated.

📏

Key size must match di encryption setup

The selected key size suppose match di public key size used during encryption. If it does not, private key import fit fail immediately because di key material does not line up.

In most cases, once you paste di correct PEM private key, di browser go work with di right length automatically. If import still fails, verify dat both di key size and hash selection match di encryption settings.

⚙️

OAEP hash must match encryption exactly

The hash algorithm used for RSA-OAEP decryption must be identical to di one used during encryption. If di hash differs, decryption go fail or return invalid output.

If di encryption step used SHA-256, which na di recommended default, dis page must also use SHA-256. If you na unsure, test di available hash options until di correct combination succeeds.

🔠

Input encoding: what format na di ciphertext in?

The encryption tool outputs encoded text. To decrypt it correctly, dis page must use di same encoding so it fit restore di original binary bytes before running RSA-OAEP decryption.

Base64ciphertext uses letters, digits, and+/=. Hexciphertext uses0-9anda-f, with two characters per byte. If you upload a binary .enc file, di encoding selector na ignored automatically.

📄

PEM format explained

1️⃣ What na PEM?
PEM (Privacy-Enhanced Mail) na a text format used to store and transfer keys and certificates. It Base64-encodes binary DER data and wraps it with header and footer lines such as-----BEGIN PRIVATE KEY-----and-----END PRIVATE KEY-----. Common labels includePUBLIC KEY, PRIVATE KEY, andCERTIFICATE. Because it na plain text, PEM na easy to copy, paste, and exchange across systems.

2️⃣ What other formats might you see?
- DER: a raw binary format dat stores ASN.1 structures directly and na common in Java or certificate tooling.
- HEX: a hexadecimal string representation of DER bytes, useful for debugging or embedding byte data in code.
- Base64 without headers: di DER payload encoded as Base64 but without PEM wrappers, often used in compact configuration formats.
- PKCS#12 (PFX): a binary container dat fit package public and private keys together, usually protected with a password.

3️⃣ When suppose each format be used?
- PEM: di most universal choice for OpenSSL, web servers, API exchange, and manual key handling.
- DER: useful when binary storage na preferred or required by platform-specific tooling.
- HEX: handy for debugging and for situations where byte-level inspection matters.
- Base64 without headers: useful when di surrounding format does not allow PEM wrappers and you want a compact text payload.
- PKCS#12: best when you need to transport a certificate and private key together with password protection.