encryption exponent e: 17 65537

Here, we use 17 and 65537 for e because these meet some mathematical requirements and are frequently used.

Also, please note that the default values for p and q might look big but are actually too small for real security and are used for demonstration purposes only.

Step 2: Results

After doing the math (button below), the results will show:

• The modulus (n): The product of the two primes (p and q).
• A couple of math checks: For security, software checks that e, p, q, and n meet some requirements.
• The decryption key (d): A secret number paired with the encryption key (e). It works like the reverse of (e) — whatever (e) locks, (d) unlocks.
• The public key: Alice can share this key with anyone and everyone. Other people can use it to send messages that only Alice can read.
• The private key: Alice must keep this key secret. She will use it to read messages sent using her public key. She can also use her private key to sign messages. Signing proves that the message came from Alice and that it has not been changed.

Perform Key Pair Generation

Why This Works

The public key and private key are like a pair of linked locks. The public key is used to "lock" (encrypt) messages, and only the private key can "unlock" (decrypt) them. Similarly, the private key can "lock" (sign) messages, and the public key can verify the signature.

This connection between the public and private keys is based on some advanced math. Even if someone has the public key, it’s nearly impossible to figure out the private key unless they know the two secret prime numbers (p and q) that were used to create the keys.

In The Real World

In real-world key pair generation, the numbers used are much larger than what we use here, for security reasons:

p and q

There are very, very large prime numbers — from around 150 to about 600 digits long. Best practice is for them to be roughly the same length.

n

The product of p and q. A gigantic number with only 2 factors, aside from itself and 1. Even knowing that it is the product of two primes, for well-chosen primes, it would take millions of years to brute force factor n.

FAQ

Why prime numbers?

Prime numbers ensure that the computations result in keys that cannot be easily factored by an attacker.

Why large numbers?

The larger the numbers, the harder it is for an attacker to figure out the private key from the public key.

How do they find large primes to use?

Turns out, it is a lot easier to check if a number is prime or not than it is to try to actually factor a similarly large number. So, computers randomly come up with a huge number, and check if it is prime. If it is, great! If not, they can tweak the number and check again. The software continues until it has a number it is fairly certain is prime.

• For example, if you have the number 212, you know it is not prime because it is obviously divisible by 2. So, just add 1 to it, and then check if 213 is prime. It isn't (3 and 71), and you know that 215 won't be prime (because ends in 5), so check 217 (nope). Continue until you find one that is prime — it would be a couple more tries in our example to get to 223, which is prime.
• Obviously, modern computers are using much, much, much, much bigger numbers, and probably doing a bit more advanced math on the numbers. But, maybe not — adding a small number and checking again might be faster than generating an entirely new very-large candidate prime.

Where does the decryption key (d) come from?

It’s created as part of the math that connects the public and private keys. It is like the partner to the encryption key (e). The (slightly complicated) math ensures that they work together.

Why can’t someone figure out the private key from the public key?

The private key depends on the secret prime numbers (p and q) that were used to create the public key. Without knowing these primes, the math to find the private key would take so long that even the fastest computers couldn’t do it.

Can I use the public / private keys from this page for real encryption?

NO!!!!!!
Okay, technically, maybe, but there is a lot more to creating real keys than we show here. This page demonstrates the math behind the keys. Real keys have a specific format that also includes information about the user, when the key should expire, and much more.