RSA Encryption Simulator Back
Cryptography Educational Demo

RSA Encryption Simulator — Key Generation, Encryption and Decryption

Build an RSA key pair (n, e, d) from two primes p and q, then encrypt and decrypt a message m. A small-scale educational demo where every step of public-key cryptography is small enough to follow by hand.

Parameters
Prime p
Prime q
Public exponent e
Message m

If p or q is not prime, it is rounded to the nearest prime. e must satisfy gcd(e, phi(n)) = 1.

Results
Modulus n = p·q
Euler totient φ(n)
Private exponent d
Ciphertext c = m^e mod n
Key Pair and Encryption Flow

Left = key pair (n, φ, e, d) / right = encryption flow m → [^e mod n] → c → [^d mod n] → m'

Theory & Key Formulas

RSA is a public-key cryptosystem whose security rests on the difficulty of integer factorization. The key generation steps are:

Pick two primes p and q, then form the modulus and Euler's totient:

$$n = p\,q, \qquad \varphi(n) = (p-1)(q-1)$$

Choose the public exponent e coprime with φ(n) (gcd(e, φ(n)) = 1). The private exponent d is the modular inverse of e modulo φ(n), found with the extended Euclidean algorithm:

$$e\,d \equiv 1 \pmod{\varphi(n)}$$

Encryption and decryption are both modular exponentiations modulo n:

$$c = m^{e} \bmod n, \qquad m' = c^{d} \bmod n$$

A precondition is 0 ≤ m < n. By Fermat–Euler, the round trip recovers m' = m.

What is the RSA Encryption Simulator?

🙋
I have heard of RSA, but what is it actually doing? When I opened this simulator I saw a lot of numbers and felt a little intimidated.
🎓
In a nutshell, you keep two primes p and q secret and publish only their product n = p·q. With the defaults p=11 and q=13, you get n=143. Anyone can see n, but factoring n back into p and q is the hard problem RSA leans on. In the "Key Pair" panel above, n and e are public while p, q and d are private — note the color coding.
🙋
Then what are e and d? When I leave the message m at 42, the ciphertext shows up as 81.
🎓
e is the public exponent, d is the private one. Encryption is $c = m^e \bmod n$, which here is $42^7 \bmod 143 = 81$. By hand: $42^2 = 1764 \equiv 48 \pmod{143}$, $42^4 \equiv 48^2 = 2304 \equiv 16$, finally $42^7 = 42 \cdot 48 \cdot 16 = 32256 \equiv 81 \pmod{143}$. Small enough to follow on paper.
🙋
And decryption? It says d = 103, but $81^{103}$ doesn't look like something I can do in my head…
🎓
That is where modular exponentiation comes in. Instead of producing one giant intermediate, you square repeatedly and reduce modulo n at every step. Internally the demo uses BigInt and binary exponentiation. The point is that $81^{103} \bmod 143$ comes back to 42. If the m' box turns green and reads 42, the round trip succeeded.
🙋
Why does it return at all? It feels like magic.
🎓
It is the Fermat–Euler theorem at work. We pick d so that $e \cdot d \equiv 1 \pmod{\varphi(n)}$, hence $(m^e)^d = m^{ed} \equiv m \pmod n$. Real systems use 1024-bit primes so n is at least 2048 bits, but the underlying identity is exactly what this demo shows. Try changing e and watch how d and c shift in step.

Frequently Asked Questions

If p and q leak, anyone can immediately compute φ(n) = (p−1)(q−1) and then derive d from e via the extended Euclidean algorithm. The whole private key falls out and any ciphertext can be decrypted. RSA's security hinges on the assumption that nobody can factor n into p and q in reasonable time. Once those primes are known, that assumption is meaningless.
65537 = 2¹⁶ + 1 is a Fermat prime that is coprime with almost every φ(n) you encounter. Its binary representation has only two ones (100000000000000001), so square-and-multiply exponentiation costs very few multiplications, making encryption fast. At the same time it is large enough to avoid Coppersmith-style attacks that target tiny exponents like e = 3. The trade-off makes 65537 the default in essentially every standard implementation.
No. This tool is purely educational and limits p and q to primes below 100, so n is only three or four digits — anyone can factor it in seconds. Modern guidance requires n of at least 2048 bits (over 600 decimal digits). Production deployments also require padding such as OAEP and proper randomization; using textbook RSA as-is is considered insecure. Treat the values here as a learning aid only.
RSA operates modulo n, so the message must satisfy 0 ≤ m < n. With p=3 and q=5 you get n=15, and m=42 is clearly out of range. Encrypting it would silently reduce to m mod n and you could never recover 42. Either pick larger primes so n grows, or pick a smaller m. In real systems long messages are split into blocks below n, or RSA is combined with a symmetric cipher in a hybrid scheme.

Real-World Applications

HTTPS / TLS key exchange and signatures: The padlock you see in a browser is backed in part by RSA. Server certificates carry RSA signatures up to the root CA, and many TLS handshakes still use RSA either for signing the ephemeral key exchange parameters or as a backup transport.

PGP / GnuPG email encryption and code signing: Personal and corporate email encryption, plus the package signatures shipped with most Linux distributions, have used RSA key pairs for decades. RSA fits long-lived "identity" use cases very well, and the practice of verifying fingerprints by hand is rooted in this model.

SSH public-key authentication: The classic ssh-rsa key is essentially this demo at scale. The client signs a challenge with d and the server verifies it with the registered public key (n, e). Newer systems are moving to Ed25519, but RSA-4096 keys remain in heavy use.

Smart cards and ID cards: Many electronic ID cards and corporate smart cards store an RSA private key in tamper-resistant memory, and signing happens entirely inside the card. Because the private key never leaves the card, even a compromised host machine cannot exfiltrate it.

Common Misconceptions and Caveats

The most common pitfall is to think that "textbook RSA is fine to deploy as-is". What this simulator implements is deterministic RSA — the same plaintext always produces the same ciphertext. That makes dictionary attacks trivial against short, predictable messages. Real systems must combine RSA with a randomized padding such as OAEP for encryption (so the same plaintext gives a different ciphertext every time) and PSS for signatures.

The next trap is judging key strength by raw bit count alone. Hearing "RSA 2048-bit" can suggest parity with a 2048-bit symmetric key, but security is measured in equivalent strength. RSA 2048 offers about 112 bits of equivalent security. NIST recommends RSA 3072 to match AES-128 and RSA 15360 to match AES-256. Bit length does not translate one-to-one across cryptosystems.

Finally, the symmetry "encrypt with public, decrypt with private" does not always hold the way people imagine. Mathematically RSA is symmetric: you can encrypt with e and decrypt with d, or sign with d and verify with e. But you must not reuse the same key for both roles, and you must follow the PKCS#1 schemes that separate them. This demo intentionally exposes the bare math, but in real implementations keep encryption keys and signing keys distinct.

Related Tools

Diffie-Hellman Key Exchange Simulator — Public Key Math Diffie-Hellman key exchange simulator. Pick a prime p, generator g, and private keys a, b f... Acid Base Ph Calculate pH, concentration, and pOH for acids, bases, and buffers in real time. Visualize ... Blood Type Genetics Simulate ABO blood type inheritance using Punnett squares. Select parental genotypes to cal... Car Braking Distance Calculator Real-time calculation of car braking distance and stopping distance by varying speed, road ... Cell Division Explore mitosis stages with interactive simulations of E. coli, yeast, cancer, and mammalia... Cell Potential Simulate action potentials & calculate membrane potentials. Use the Nernst & Goldman-Hodgki...