What is RSA?
RSA (Rivest–Shamir–Adleman) is the most widely used asymmetric encryption algorithm. It was published in 1977 and remains a cornerstone of modern internet security. RSA is used in SSL/TLS certificates, SSH keys, code signing, email encryption (S/MIME, PGP), and many other security applications.
How Asymmetric Encryption Works
RSA uses a key pair — a public key and a private key. These keys are mathematically related but it is computationally infeasible to derive the private key from the public key.
- Public key: Share with everyone. Used to encrypt data or verify signatures.
- Private key: Keep secret. Used to decrypt data or create signatures.
| Use Case | Encrypt/Sign with | Decrypt/Verify with |
|---|---|---|
| Send encrypted message | Recipient's public key | Recipient's private key |
| Digital signature | Sender's private key | Sender's public key |
| SSL/TLS handshake | Server's public key | Server's private key |
Key Sizes
| Key Size | Security Level | Status | Use Case |
|---|---|---|---|
| 1024-bit | Weak | ❌ Deprecated | Legacy only — do not use |
| 2048-bit | Good | ✅ Standard | Current minimum for SSL/TLS and SSH |
| 4096-bit | Very strong | ✅ High security | Root CAs, long-lived certificates |
RSA vs ECDSA
Elliptic Curve Digital Signature Algorithm (ECDSA) is a modern alternative to RSA that provides the same security with much shorter keys:
| RSA | ECDSA | |
|---|---|---|
| Security equivalent | 2048-bit | 256-bit (P-256) |
| Key size | Large | Small |
| Performance | Slower | Faster |
| Compatibility | Universal | Very good (modern systems) |
| Used in | Most SSL certs | Cloudflare, Google, Bitcoin |
✓ For new applications: prefer ECDSA P-256 for its better performance. Use RSA 2048-bit when maximum compatibility with older systems is required.