What key size should I use?

2048 bits for general use. 3072 for higher security. 4096 for long-lived keys (10+ years). 1024 is deprecated and should never be used.

PEM (base64 with BEGIN/END markers) for text contexts. DER (binary) for embedded systems. The tool outputs PEM; convert with openssl if you need DER.

Where should I store the private key?

Save it immediately to a password manager or secrets vault. The tool does not persist it — once the tab closes, it is gone.

Yes — pair the private key with a CSR and submit to a CA. For Let's Encrypt use certbot which handles key + CSR + cert in one flow.

Generate RSA public/private keypairs in PEM format. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT — though Clifford Cocks at GCHQ independently discovered a similar system in 1973 but it remained classified.
The largest RSA key ever factored was 829 bits (RSA-250) in February 2020, requiring 2,700 CPU core-years of computation across research institutions.
PEM format stands for 'Privacy Enhanced Mail' — it was defined in RFC 1421-1424 in 1993 for email encryption but became the de facto standard for storing cryptographic keys.

What key size should I use?: 2048 bits for general use. 3072 for higher security. 4096 for long-lived keys (10+ years). 1024 is deprecated and should never be used.
PEM or DER format?: PEM (base64 with BEGIN/END markers) for text contexts. DER (binary) for embedded systems. The tool outputs PEM; convert with openssl if you need DER.
Where should I store the private key?: Save it immediately to a password manager or secrets vault. The tool does not persist it — once the tab closes, it is gone.
Can I use this for TLS certs?: Yes — pair the private key with a CSR and submit to a CA. For Let's Encrypt use certbot which handles key + CSR + cert in one flow.

Generate RSA public/private keypairs in PEM format. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT — though Clifford Cocks at GCHQ independently discovered a similar system in 1973 but it remained classified.
The largest RSA key ever factored was 829 bits (RSA-250) in February 2020, requiring 2,700 CPU core-years of computation across research institutions.
PEM format stands for 'Privacy Enhanced Mail' — it was defined in RFC 1421-1424 in 1993 for email encryption but became the de facto standard for storing cryptographic keys.

What key size should I use?: 2048 bits for general use. 3072 for higher security. 4096 for long-lived keys (10+ years). 1024 is deprecated and should never be used.
PEM or DER format?: PEM (base64 with BEGIN/END markers) for text contexts. DER (binary) for embedded systems. The tool outputs PEM; convert with openssl if you need DER.
Where should I store the private key?: Save it immediately to a password manager or secrets vault. The tool does not persist it — once the tab closes, it is gone.
Can I use this for TLS certs?: Yes — pair the private key with a CSR and submit to a CA. For Let's Encrypt use certbot which handles key + CSR + cert in one flow.