RSA Calculator - Public Key Encryption & Decryption Tool

Generate RSA key pairs, encrypt and decrypt numeric messages — an interactive tool for learning public key cryptography and number theory.

Enter two distinct prime numbers (p and q), a public exponent (e), and an optional plaintext number to encrypt and decrypt using the RSA algorithm.

RSA Calculator - Public Key Encryption & Decryption Tool
Generate RSA key pairs, encrypt and decrypt numeric messages — an interactive tool for learning public key cryptography and number theory.

About the RSA calculator

RSA (Rivest–Shamir–Adleman) is the most widely deployed public-key cryptosystem in the world. It underpins HTTPS, email encryption, digital signatures, and secure software distribution. Understanding RSA requires familiarity with three number-theory concepts: prime factorisation, modular arithmetic, and Euler's totient function — all of which this calculator makes interactive and tangible. The RSA key generation process begins by selecting two distinct large prime numbers, p and q. For educational purposes this tool works with small primes, but real RSA implementations use primes with thousands of digits. The modulus n is computed as n = p × q. Next, Euler's totient φ(n) = (p − 1)(q − 1) is calculated. The public exponent e must be chosen such that 1 < e < φ(n) and gcd(e, φ(n)) = 1 — the most common choices are 3, 17, and 65,537 (the Fermat primes), with 65,537 used in virtually all production systems. The private exponent d is the modular multiplicative inverse of e modulo φ(n), found using the Extended Euclidean Algorithm: d ≡ e⁻¹ (mod φ(n)). Encryption is performed with the public key (e, n): ciphertext C = Mᵉ mod n, where M is the plaintext integer. Decryption uses the private key (d, n): plaintext M = Cᵈ mod n. The security of RSA rests on the practical impossibility of factoring a large n into its prime components p and q — a problem for which no polynomial-time classical algorithm is known. This RSA calculator is designed for learning rather than production security. It uses JavaScript BigInt for exact integer arithmetic, so results are mathematically correct for any prime inputs the browser can handle. However, real-world secure systems need primes of at least 2,048 bits, proper padding schemes (OAEP), and cryptographic random number generators — none of which this educational tool provides. Common use cases for this calculator include: computer science coursework on cryptography and number theory; verifying hand calculations of RSA key generation; exploring how small changes in e or the choice of p and q affect the private key d; and building intuition for why factoring n is the hard problem at the core of RSA's security. To use the calculator, enter any two distinct prime numbers for p and q, choose a public exponent e that is coprime with φ(n), optionally enter a numeric message smaller than n, and click Generate. The tool instantly shows n, φ(n), d, and the encrypted and decrypted values so you can verify that decryption recovers the original message.

RSA calculator examples

Three worked examples showing key generation and message encryption with small primes.

Inputs (p, q, e, M)Key ResultsNotes
p=61, q=53, e=17, M=65n=3233, φ=3120, d=2753, C=2790, M′=65Classic textbook example. n=3233, φ(n)=3120. d=17⁻¹ mod 3120 = 2753. Encrypt 65: 65¹⁷ mod 3233 = 2790. Decrypt: 2790²⁷⁵³ mod 3233 = 65 ✓
p=7, q=11, e=13, M=5n=77, φ=60, d=37, C=26, M′=5Small primes for hand-verification. φ(77)=60, gcd(13,60)=1 ✓. d=13⁻¹ mod 60=37. Encrypt 5: 5¹³ mod 77=26. Decrypt 26³⁷ mod 77=5 ✓
p=17, q=19, e=5, M=88n=323, φ=288, d=173, C=200, M′=88Medium example. φ(323)=288, gcd(5,288)=1 ✓. d=5⁻¹ mod 288=173. Encrypt 88: 88⁵ mod 323=200. Decrypt 200¹⁷³ mod 323=88 ✓

How to use the RSA calculator

  1. Enter two distinct prime numbers in the 'Prime p' and 'Prime q' fields. Start with well-known small primes like 61 and 53 to verify the classic example.
  2. Enter a public exponent e that is greater than 1, less than φ(n) = (p−1)(q−1), and coprime with φ(n). Common choices are 3, 17, or 65537.
  3. Optionally enter a numeric plaintext message M that is smaller than n (p × q) in the Message field.
  4. Click 'Generate Keys & Encrypt'. The calculator shows the modulus n, totient φ(n), private key d, and — if you entered a message — the ciphertext C and decrypted M′.
  5. Verify that the decrypted value M′ matches your original message M to confirm the RSA round-trip works correctly.

RSA calculator FAQ

What are p, q, n, e, and d in RSA?
p and q are two distinct prime numbers you choose. n = p × q is the public modulus. e is the public exponent — shared publicly. d is the private exponent, kept secret. The pair (e, n) is the public key; (d, n) is the private key. Anyone can encrypt a message using (e, n), but only the holder of d can decrypt it.
Why must e be coprime with φ(n)?
The private key d is the modular inverse of e modulo φ(n). A modular inverse exists only when gcd(e, φ(n)) = 1, i.e., when they share no common factors. If e shared a factor with φ(n), there would be no valid d and RSA key generation would fail.
Why must the message M be smaller than n?
RSA encryption is Mᵉ mod n. If M ≥ n, the modular reduction would lose information — two different messages could produce the same ciphertext, making decryption ambiguous. In practice, real RSA implementations pad messages with OAEP to ensure this constraint is always satisfied.
Is this RSA calculator secure for real use?
No. This tool is for educational purposes only. Production RSA requires prime numbers with at least 2,048 bits (roughly 617 decimal digits), cryptographically secure random prime generation, and padding schemes like OAEP. Small primes are trivially factorable and should never be used to protect real data.
What is Euler's totient φ(n)?
Euler's totient function φ(n) counts how many integers from 1 to n are coprime with n. For n = p × q where p and q are distinct primes, φ(n) = (p − 1)(q − 1). This value is central to RSA because it defines the group in which the key relationship d ≡ e⁻¹ (mod φ(n)) holds.
How does RSA decryption prove the private key works?
By Euler's theorem, for any M coprime with n, M^φ(n) ≡ 1 (mod n). Since e × d ≡ 1 (mod φ(n)), we have (Mᵉ)ᵈ = M^(ed) = M^(1 + k·φ(n)) = M × (M^φ(n))^k ≡ M × 1^k = M (mod n). So decryption always recovers the original message as long as M < n.