What Is RSA? Public-Key Cryptography Explained
RSA (Rivest–Shamir–Adleman) is an asymmetric encryption algorithm invented in 1977. Unlike symmetric ciphers like AES, RSA uses two mathematically linked keys: a public key that anyone can see and a private key that only the owner holds. RSA underpins much of the internet's security infrastructure.
The Math Behind RSA
RSA security relies on the practical difficulty of factoring the product of two large prime numbers. Generating a key pair: choose two large primes p and q, compute n = p×q (the modulus), compute φ(n) = (p-1)(q-1), choose a public exponent e (commonly 65537), and derive the private exponent d such that e×d ≡ 1 (mod φ(n)). Encrypting with the public key and decrypting with the private key is efficient; recovering d from just n and e requires factoring n.
Recommended RSA Key Sizes
1024-bit keys are considered broken — avoid them. 2048-bit is the current minimum for new deployments and considered secure until at least 2030. 4096-bit provides a larger margin for long-lived keys (certificate authorities). NIST recommends transitioning toward elliptic-curve cryptography (ECC) for new applications as ECC provides equivalent security with much smaller keys.
RSA Encryption vs RSA Signing
In encryption, the sender uses the recipient's public key to encrypt a message; only the recipient's private key can decrypt it. In digital signing, the signer uses their private key to create a signature; anyone with the public key can verify its authenticity. In practice, RSA is rarely used to encrypt large data directly — instead, RSA encrypts a symmetric key (hybrid encryption).
RSA vs ECC
A 256-bit ECC key provides security equivalent to a 3072-bit RSA key, with faster key generation and smaller signatures. Modern TLS prefers ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) over RSA key exchange. However, RSA remains the most widely supported algorithm for backward compatibility.