What is RSA?
RSA (Rivest-Shamir-Adleman) is an asymmetric cryptographic algorithm that uses a pair of keys - a public key for encryption and a private key for decryption. It is one of the first practical public-key cryptosystems and is widely used for secure data transmission.
Quick Facts
| Full Name | Rivest-Shamir-Adleman |
|---|---|
| Created | 1977 by Rivest, Shamir, and Adleman |
| Specification | Official Specification |
How RSA Works
RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT. Its security relies on the practical difficulty of factoring the product of two large prime numbers. RSA can be used for both encryption and digital signatures. For encryption, the sender uses the recipient's public key; for signatures, the signer uses their private key. Common key sizes are 2048 and 4096 bits. While RSA is slower than symmetric algorithms like AES, it solves the key distribution problem by allowing secure communication without sharing secret keys.
Key Characteristics
- Asymmetric encryption (public/private key pair)
- Based on difficulty of factoring large primes
- Used for encryption and digital signatures
- Common key sizes: 2048, 3072, 4096 bits
- Slower than symmetric encryption
- Solves key distribution problem
Common Use Cases
- SSL/TLS certificate key exchange
- Digital signatures
- Email encryption (PGP/GPG)
- Secure key exchange
- Code signing
Example
RSA Key Generation (simplified):
1. Choose two large primes: p, q
2. Compute n = p × q (modulus)
3. Compute φ(n) = (p-1)(q-1)
4. Choose e (public exponent, commonly 65537)
5. Compute d = e⁻¹ mod φ(n) (private exponent)
Public Key: (n, e)
Private Key: (n, d)
Encryption: ciphertext = message^e mod n
Decryption: message = ciphertext^d mod n
OpenSSL Commands:
# Generate private key
openssl genrsa -out private.pem 2048
# Extract public key
openssl rsa -in private.pem -pubout -out public.pem
# Encrypt with public key
openssl rsautl -encrypt -pubin -inkey public.pem -in file.txt
# Decrypt with private key
openssl rsautl -decrypt -inkey private.pem -in encrypted.bin