What is RSA

RSA (Rivest-Shamir-Adleman) is one of the first practical asymmetric encryption algorithms. Published in 1977, it enables encryption and digital signatures using a public key and private key pair. Its security rests on a simple mathematical fact: multiplying two large prime numbers is easy, but factoring their product back into the original primes is extraordinarily hard.

How it works

RSA key generation starts by choosing two large random primes, p and q, and computing their product n = p * q. The public key contains n and a public exponent (usually 65537). The private key contains n and a private exponent derived from p and q.

• Encryption: raise the plaintext message to the public exponent, modulo n. Only someone with the private exponent can reverse this operation.
• Signing: raise a hash of the message to the private exponent. Anyone with the public key can verify it.

The security depends entirely on key size. RSA-2048 (2048-bit n) is the current minimum for production use. RSA-4096 provides a larger safety margin. Smaller key sizes like RSA-1024 are considered broken.

RSA is slow compared to symmetric encryption. Encrypting bulk data with RSA directly is impractical. In practice, RSA encrypts a small symmetric key (like an AES key), and the symmetric cipher handles the actual data. This hybrid approach is how TLS worked in older versions.

Why it matters

RSA was the algorithm that made public-key cryptography practical. It is still used in legacy TLS configurations, code signing, PGP email encryption, and SSH keys. However, elliptic curve cryptography is replacing RSA in most new systems because ECC achieves equivalent security with much smaller keys — 256-bit ECC matches roughly 3072-bit RSA.

See How Asymmetric Encryption Works for the full comparison.