RSALocker

RSA na an asymmetric encryption algorithm dat uses a key pair: thepublic keyencrypts data, while theprivate keydecrypts it. Di public key fit be shared openly with anyone who wants to send you encrypted data, but di private key must remain secret.

The main advantage na dat di sender does not need to share a secret in advance. Anyone fit encrypt with di public key, but only di holder of di matching private key fit decrypt di result. If di private key na lost, di encrypted data cannot be recovered.

Longer RSA keys provide stronger security, but they also slow down key generation and encryption/decryption.

2048-bit: widely considered secure today, suitable for general use, and di fastest option.

3072-bit: adds a wider security margin and na recommended for longer-term confidentiality.

4096-bit: di highest security level on dis page, best for very high security requirements, but slower to generate and use.

Note: RSA fit only encrypt limited-size plaintext in a single operation. With 2048-bit/SHA-256 di limit na about 190 bytes; with 4096-bit it na about 446 bytes. Use chunking or hybrid encryption for larger payloads.

RSA-OAEP (Optimal Asymmetric Encryption Padding) na di recommended padding scheme for RSA encryption today. It uses a hash function to add randomness and defend against chosen-plaintext attacks.

SHA-256(recommended): strong security, broad adoption, and good compatibility.
SHA-384 / SHA-512: a wider security margin, but they slightly reduce di maximum plaintext size.
SHA-1: kept only for legacy compatibility and not recommended for new systems.

Encryption and decryption must use di same hash algorithm.

The raw output of RSA encryption na binary data, which na not convenient for direct storage or text transmission. Output Encoding converts di bytes into a printable format.

Base64: encodes every 3 bytes into 4 ASCII characters, producing output about 1.33× di original size. Compact and widely used in APIs, email, and JSON payloads.

Hex: represents every byte as 2 hexadecimal characters, doubling di output size. Easier to inspect and useful for debugging byte by byte.

1️⃣ What na PEM format?
PEM (Privacy-Enhanced Mail) na a text format used to store and transfer keys and certificates. It Base64-encodes binary DER data and wraps it with headers and footers like-----BEGIN <LABEL>-----and-----END <LABEL>-----. Common labels includePUBLIC KEY, PRIVATE KEY, andCERTIFICATE. It na easy to copy, paste, and transmit in text-based workflows, making it one of di most common key exchange formats.

2️⃣ Which other formats na common besides PEM?
- DER: a pure binary format dat stores ASN.1 structures directly. It na not human-readable and na common in Java ecosystems.
- HEX: expresses DER binary content as a hexadecimal string, useful for debugging or embedding in code.
- Base64 (without headers): raw DER encoded as Base64 without PEM headers, often used in compact configurations or token payloads.
- PKCS#12 (PFX): a binary container format dat fit bundle public and private keys together, usually protected by a password and often used by browsers or Windows systems.

3️⃣ When suppose you use each format?
- PEM: di most universal option, suitable for OpenSSL, web servers (Nginx/Apache), and API exchange.
- DER: commonly used in Java environments or where strict binary storage na required.
- HEX: useful in debugging, embedded systems, or whenever exact byte inspection na needed.
- Base64 (without headers): useful when formatting na constrained or a compact representation na required.
- PKCS#12: useful when both public and private keys must be transported together while protecting di private key with a password.