Skip to content
Kordu Tools
Encryption & Decryption Runs in browser Updated 02 Apr 2026

RSA Decrypt

Decrypt RSA-OAEP ciphertext with your PEM private key in the browser. Supports RSA-2048 and RSA-4096. Private key never transmitted.

Note: RSA can only encrypt small amounts of data (up to ~200 bytes for RSA-2048). For large data, use AES and encrypt the AES key with RSA.

Never share your private key.

Key Pair

For large data encryption, use the AES Encrypt tool instead.
Loading rating…

How to use RSA Decrypt

  1. Generate or provide your private key

    Click 'Generate Key Pair' to create a new RSA-2048 or RSA-4096 key pair on this page, or paste your existing PKCS#8 PEM private key (begins with -----BEGIN PRIVATE KEY-----).

  2. Select Decrypt mode

    Click the 'Decrypt' tab in the mode toggle.

  3. Select the hash algorithm

    Choose the same hash algorithm used during encryption (SHA-256 by default). Mismatching the hash algorithm causes decryption to fail.

  4. Paste the Base64 ciphertext

    Paste the Base64-encoded RSA ciphertext into the input panel.

  5. Click Decrypt

    Click Decrypt. The plaintext appears if the private key matches the public key used for encryption.

  6. Copy the result

    Click Copy to copy the decrypted plaintext to your clipboard.

RSA Decrypt FAQ

What do I need to decrypt RSA ciphertext?
You need the Base64-encoded RSA ciphertext, the RSA private key in PKCS#8 PEM format corresponding to the public key used for encryption, and the hash algorithm selected during encryption (SHA-256 by default).

Is this tool safe? Is my private key sent to a server?
No. The private key never leaves your browser. Decryption uses the WebCrypto API, which runs entirely locally. No data is transmitted or logged. That said, treat your private key with care — never share it and store it in a secure location.

Are inputs sent to a server?
No. All RSA decryption is performed by the browser's native WebCrypto API. There are zero network requests during decryption.

Why does RSA decryption fail?
Common causes: wrong private key (the public/private key pair does not match), wrong hash algorithm selected (e.g. SHA-384 vs SHA-256), corrupted or truncated Base64 ciphertext, or the ciphertext was produced with a different RSA padding scheme (PKCS#1 v1.5 instead of OAEP).

What format does the private key need to be in?
PKCS#8 PEM format (the key begins with -----BEGIN PRIVATE KEY-----). Keys generated on this page are already in the correct format. OpenSSL-generated keys are typically PKCS#1 (-----BEGIN RSA PRIVATE KEY-----) and must be converted: openssl pkcs8 -topk8 -nocrypt -in key.pem -out key_pkcs8.pem

Can I decrypt OpenSSL RSA output here?
Yes, if the OpenSSL output was produced with RSA-OAEP padding and you have the PKCS#8 private key. Convert a PKCS#1 key to PKCS#8 first using: openssl pkcs8 -topk8 -nocrypt -in key.pem -out key_pkcs8.pem

What is the size limit for RSA decryption?
RSA-OAEP with SHA-256 and a 2048-bit key supports payloads up to 190 bytes of plaintext. RSA-4096 supports up to 446 bytes. For longer payloads, the ciphertext was likely produced with hybrid encryption — RSA-encrypted AES key plus AES-encrypted data.

What is RSA-OAEP?
RSA-OAEP (Optimal Asymmetric Encryption Padding) is the secure padding scheme for RSA encryption, standardized in PKCS#1 v2.2. It is far more secure than the older PKCS#1 v1.5 padding and is the only RSA encryption scheme supported by the WebCrypto API.

What is the difference between RSA-2048 and RSA-4096?
RSA-4096 provides a larger key (4096-bit modulus vs 2048-bit), making factoring harder. However, it is 4–8× slower for key generation and operations. RSA-2048 is considered secure through at least 2030. RSA-4096 provides extra margin at a performance cost.

Background

Decrypt RSA-OAEP ciphertext using your private key directly in the browser. All operations run on your device via the WebCrypto API — no data is transmitted.

RSA asymmetric decryption: The public key encrypts; only the private key can decrypt. This tool accepts Base64 ciphertext produced by the RSA Encrypt tool on this site (RSA-OAEP scheme with SHA-256 by default).

Getting started:

  1. Generate a key pair on this page (RSA-2048 or RSA-4096)
  2. Paste the Base64-encoded RSA ciphertext
  3. Paste your private key in PKCS#8 PEM format
  4. Click Decrypt to recover the plaintext

Important size limits: RSA is designed for small payloads. The maximum plaintext for RSA-2048 with SHA-256 is 190 bytes; RSA-4096 supports up to 446 bytes. For larger data, the standard workflow is hybrid encryption: the sender encrypts a random AES key with RSA, then AES-encrypts the actual payload. You decrypt the AES key with RSA, then decrypt the payload with AES.

Privacy: Your private key never leaves your browser. All decryption runs via the WebCrypto API. Nothing is logged or transmitted.

Related tools

RSA Encrypt

Encrypt text with RSA-OAEP using a public key in your browser. Generate RSA-2048 or RSA-4096 key pairs. Max ~190 bytes plaintext. Nothing uploaded.

AES Decrypt

Decrypt AES ciphertext in your browser. Supports GCM, CBC, CTR, and ECB modes with 128/192/256-bit keys. Password never transmitted.

Base64 Decoder

Decode Base64 or Base64URL strings to plain text or download as a binary file. Handles MIME line-wrapping and PEM certificates automatically.

SHA-256 Hash Generator

Generate SHA-256 hashes from text instantly. WebCrypto hardware-accelerated, real-time output. Used in Bitcoin, TLS, and digital signatures. Zero uploads.

Password Generator

Generate cryptographically secure passwords with custom length (8–128), character sets, entropy display, and exclude-ambiguous option. Runs in your browser.

Learn more

developer

API Authentication Methods Compared: OAuth, JWT, API Keys

Compare API authentication methods with real HTTP examples. OAuth 2.0, JWT, API keys, and session tokens explained. 78% of breaches involve weak auth.