Online RSA Encryption and Decryption Tool

What this tool is good for

RSA is a classic asymmetric encryption algorithm often used for short secrets, key exchange verification, legacy system compatibility, and protocol debugging. It uses a key pair: the public key encrypts, and the private key decrypts.

This page supports public-key encryption, private-key decryption, multiple padding schemes, and password-protected private keys, making it useful for development and integration checks.

Typical use cases

Verify that an RSA public key from your backend or a third-party platform can encrypt correctly.
Troubleshoot padding compatibility issues across Java, Node.js, .NET, and other stacks.
Check private key passwords, ciphertext format, and decryption results locally in the browser.

How to use it

For encryption, enter plaintext, a public key, and the matching padding scheme.
Click Encrypt to generate a Base64 ciphertext.
For decryption, paste the ciphertext, provide the private key, and keep the same padding scheme used during encryption.
If the private key starts with -----BEGIN ENCRYPTED PRIVATE KEY-----, you also need to enter the private key password.

Example


          Plaintext: hello-qr9
Padding: RSAES-OAEP
Output: a Base64 ciphertext (secure padding can produce different results each time)

If you paste that ciphertext and the matching private key into the decrypt panel, the original text can be recovered.

Common mistakes

The padding scheme on the encrypt and decrypt sides must match exactly.
The ciphertext field expects Base64 content, not a hexadecimal string.
RSA is not a good fit for very long text or large files; use symmetric encryption for bulk data instead.

FAQ

Which RSA padding mode should I choose first?

If you are not forced to match a legacy system, OAEP-based modes are usually the best first choice. RSAES-PKCS1-V1_5 is mainly for compatibility, and NONE should only be used when you clearly understand the risks and requirements.

Why is the ciphertext different every time for the same plaintext?

That is expected for secure padding modes such as OAEP, because encryption introduces randomness. As long as the private key and padding rule match, decryption still produces the same plaintext.

Why does decryption fail?

The most common reasons are mismatched keys, different padding modes, ciphertext that is not valid Base64, or a password-protected private key with the wrong password.

Is RSA suitable for encrypting long text or files directly?

Not really. RSA is better for short secrets, key material, and verification flows. Large data should usually be encrypted with a symmetric algorithm, with RSA used to protect the symmetric key.

Related tools

If you also need signatures, key generation, or key format conversion, these tools are a good next step:

RSA Sign & Verify：Create and verify RSA signatures online
RSA Key Pair Generator：Generate RSA public and private key pairs in PEM format
PEM/XML Key Converter：Convert RSA keys between PEM and XML
RSA Private Key Password：Add, change, or remove RSA private key passwords