Key Points
- RSA asymmetric encryption employs a public and private key to provide robust data transmission security by limiting message decryption to authorized parties.
- It is commonly used in various applications, including secure email, SSL/TLS protocols, and digital signatures, making it critical to ensuring online security.
- RSA encryption can be easy to implement with managed PKI services like SecureW2’s JoinNow Connector PKI. JoinNow Connector PKI supports multiple cryptographic algorithms, including RSA and SHA-256, and was built with the industry’s best device onboarding technology.
RSA encryption is one of the most widely used cryptographic systems in the world. Named after its creators — Ron Rivest, Adi Shamir, and Leonard Adleman, who introduced the algorithm in 1977 — RSA remains a foundational component of secure internet communication, digital certificates, and public key infrastructure (PKI). If your organization uses SSL/TLS, VPNs, email encryption, or certificate-based network authentication, RSA is almost certainly part of the stack.
This guide covers how the RSA algorithm works, how RSA compares to AES, recommended RSA key sizes, and where quantum computing fits into the picture.
What Is RSA Encryption?
RSA is an asymmetric encryption algorithm, meaning it uses two mathematically linked keys: a public key and a private key. The public key encrypts data; only the corresponding private key can decrypt it. This stands in contrast to symmetric encryption (like AES), where a single shared key handles both encryption and decryption.
Asymmetric encryption solves a problem that symmetric systems struggle with: secure key exchange. With RSA, anyone can encrypt a message using the recipient’s public key, but only the recipient’s private key can unlock it. There is no need to transmit a shared secret over an insecure channel.
RSA also supports digital signatures. A sender can sign a message with their private key, and anyone with the sender’s public key can verify the signature’s authenticity. This dual capability — encryption and signing — is why RSA became the backbone of PKI and digital certificate issuance.
How Does the RSA Algorithm Work?
The RSA algorithm relies on a simple mathematical asymmetry: multiplying two large prime numbers together is fast, but factoring the resulting product back into its prime components is computationally infeasible at sufficient key lengths. This is known as the prime factorization problem.
Here is the four-step process:
Step 1: Select Two Large Prime Numbers
The algorithm starts by generating two large, random prime numbers, commonly labeled p and q. These primes are multiplied together to produce a modulus n (n = p x q), which becomes part of both the public and private keys. The primes themselves are discarded and never shared.
Step 2: Generate the Public and Private Keys
Using p and q, the algorithm computes Euler’s totient function: φ(n) = (p – 1)(q – 1). A public exponent e is selected — typically 65537 — that is coprime with φ(n). The public key is the pair (e, n).
The private exponent d is computed as the modular inverse of e with respect to φ(n), meaning e x d ≡ 1 (mod φ(n)). The private key is the pair (d, n). Computing d without knowing p and q is as hard as factoring n — which is the entire basis of RSA security.
Step 3: Encrypt the Message
The sender converts the plaintext message into a numerical value m and computes the ciphertext c using the public key: c = m^e mod n. The resulting ciphertext is unreadable without the private key.
Step 4: Decrypt the Message
The recipient uses their private key to recover the original message: m = c^d mod n. Because only the recipient holds d, only they can perform this computation and read the plaintext.
RSA Key Sizes: 2048, 3072, and 4096 Bits
The security of RSA encryption scales directly with key length. Longer keys mean larger primes, which means factoring n takes exponentially more computational effort.
Current recommendations from NIST (SP 800-131A Rev. 2) are:
- 2048 bits — The minimum acceptable key size today. Provides approximately 112 bits of security. NIST considers this sufficient through 2030 for most applications.
- 3072 bits — The recommended default for new deployments requiring longer-term protection. Provides approximately 128 bits of security, equivalent to a 256-bit ECDSA key.
- 4096 bits — Used in high-security environments. Provides strong protection but roughly doubles the cost of TLS handshakes compared to 2048-bit keys.
For context, a 2048-bit RSA key has a modulus with roughly 617 decimal digits. The largest RSA number publicly factored (RSA-250, in 2020) had 250 decimal digits and required approximately 2,700 CPU-core-years of computation. Factoring a 2048-bit key remains far beyond current classical computing capability.
Organizations choosing between RSA key sizes should consider certificate lifetime, compliance requirements, and performance impact. For enterprise Wi-Fi and VPN authentication, where certificates are frequently renewed, 2048-bit keys offer a strong balance of security and performance. For long-lived root CA certificates, 3072 or 4096 bits is the safer choice.
RSA vs AES: How They Compare
RSA and AES (Advanced Encryption Standard) are fundamentally different algorithms that serve complementary roles. Comparing them head-to-head is misleading without understanding their distinct purposes.
Here is a side-by-side comparison of their cryptographic capabilities:
|
Feature |
RSA |
AES |
|---|---|---|
|
Type |
Asymmetric (Public/Private key pair) |
Symmetric (Single shared key) |
|
Primary Use |
Key exchange, digital signatures, certificate issuance |
Bulk data encryption |
|
Key Sizes |
2048, 3072, 4096 bits |
128, 192, 256 bits |
|
Speed |
Slower — computationally expensive for large payloads |
Fast — optimized for high-throughput data encryption |
|
Typical Role in TLS |
Authenticates the server and exchanges the session key |
Encrypts the actual data stream |
In practice, modern protocols use both RSA and AES. During a TLS handshake, RSA (or ECDSA) authenticates the server’s identity and facilitates key exchange. Once a shared session key is established, AES takes over to encrypt the data stream at high speed. This hybrid approach combines RSA’s strength in authentication with AES’s efficiency in bulk encryption.
The choice between RSA and AES is not either/or. Rather, it is about applying each algorithm where it excels.
Strength and Security of RSA Encryption
RSA’s security rests on the computational difficulty of integer factorization. While multiplying two 1024-digit primes takes milliseconds, reversing that multiplication — factoring the product — would take classical computers longer than the age of the universe at current key lengths.
Several factors affect how secure a given RSA implementation actually is:
- Key length. Shorter keys (1024 bits or below) are considered broken. NIST deprecated 1024-bit RSA in 2013. Use 2048 bits minimum.
- Key generation quality. The primes p and q must be generated using a cryptographically secure random number generator. Predictable or low-entropy primes weaken the entire system.
- Private key storage. If an attacker obtains the private key, they can decrypt all traffic encrypted with the corresponding public key. Hardware Security Modules (HSMs), Trusted Platform Modules (TPMs), and cloud-based key vaults are standard protections.
- Side-channel attacks. Timing attacks, power analysis, and electromagnetic leakage can reveal information about the private key without directly factoring n. Constant-time implementations and blinding techniques mitigate these risks.
RSA has been publicly scrutinized for nearly 50 years. No classical attack has broken properly implemented RSA at recommended key lengths. That track record is a significant part of why it remains embedded in global internet infrastructure.
The Quantum Threat to RSA Encryption
Quantum computing introduces a fundamentally different risk. Shor’s algorithm, published in 1994, can factor large integers in polynomial time on a sufficiently powerful quantum computer. A working implementation would break RSA at any currently used key length.
Where things stand today:
- Current quantum hardware is not yet capable of running Shor’s algorithm at the scale needed to factor 2048-bit RSA keys. The largest number factored by a quantum computer remains trivially small by RSA standards.
- Timeline estimates vary. Many researchers place the arrival of a “cryptographically relevant” quantum computer in the 2030s, though recent algorithmic improvements (such as the JVG algorithm disclosed in early 2026) have compressed some projections.
- NIST has responded. The agency released its first three post-quantum cryptography (PQC) standards in 2024 and a fourth in early 2025. Federal guidance calls for deprecating RSA and elliptic-curve cryptography (ECC) by 2030, with full disallowance by 2035.
- The EU has directed member states to begin PQC transitions no later than the end of 2026.
- Harvest-now, decrypt-later is the immediate concern. Adversaries can capture encrypted traffic today and store it until quantum decryption becomes feasible. Long-lived secrets — health records, defense communications, financial data — are most at risk.
For enterprises, the practical response is twofold: continue using RSA (or ECDSA) for current operations while planning the migration to post-quantum cryptography algorithms. Organizations that use managed PKI with crypto-agile infrastructure will have the smoothest transition, since certificate algorithms can be updated centrally without touching every endpoint.
RSA in Certificate-Based Authentication and PKI
RSA’s most pervasive enterprise application is inside Public Key Infrastructure (PKI). Every time a certificate authority (CA) issues a digital certificate — for a web server, a user identity, or a device — it typically signs that certificate using an RSA key (or increasingly, an ECDSA key).
There are five key steps in a certificate-based authentication flow for enterprise Wi-Fi or VPN:
- A managed PKI issues an X.509 digital certificate to each user or device, signed with the CA’s RSA private key.
- The certificate is provisioned to the endpoint — either through self-service onboarding (for BYOD) or automatic enrollment via MDM (Intune, Jamf, Google Workspace).
- When the device connects to the network, it presents its certificate to a RADIUS server.
- The RADIUS server validates the certificate’s signature chain, checks revocation status, and verifies the identity against the organization’s Identity Provider.
- If valid, the device is granted access. No passwords are involved.
This is where RSA encryption directly intersects with network security. The certificate’s RSA signature proves the device’s identity is legitimate and was issued by a trusted authority. Unlike passwords, RSA-signed certificates cannot be phished, shared, or replayed.
SecureW2 JoinNow Dynamic PKI uses RSA (and other algorithms, including SHA-256) to issue and manage digital certificates across the full lifecycle — generation, distribution, renewal, and revocation. JoinNow Cloud RADIUS validates those certificates at the point of network access with 99.999% uptime, checking identity and device compliance against your Identity Provider on every authentication.
Common RSA Encryption Use Cases
RSA encryption is embedded in protocols and systems across the internet, including:
- SSL/TLS certificates. RSA key pairs secure the TLS handshake that protects web traffic. The server’s RSA public key authenticates its identity; the handshake negotiates a symmetric session key for data encryption.
- Digital signatures. Code signing, document signing, and email signing (S/MIME, PGP) all rely on RSA to prove authenticity and detect tampering.
- VPN authentication. IPsec and SSL VPNs use RSA during the initial key exchange to establish encrypted tunnels.
- SSH key authentication. RSA key pairs are the most common method for authenticating to remote servers over SSH, though Ed25519 keys are gaining adoption.
- Enterprise Wi-Fi (802.1X). EAP-TLS, the strongest 802.1X authentication method, uses RSA-signed certificates to authenticate both the client and the RADIUS server.
- Secure email. S/MIME and PGP use RSA to encrypt email content and sign messages, so only the intended recipient can read them.
Strengthen Your PKI with RSA-Backed Certificate Authentication
RSA encryption has secured internet communication for nearly five decades, and it continues to anchor PKI, TLS, and enterprise network authentication. The organizations that get the most security value from RSA are those that pair it with automated certificate lifecycle management — issuing, renewing, and revoking certificates without manual intervention.
SecureW2 JoinNow Dynamic PKI handles the full certificate lifecycle using RSA and other algorithms, with automatic enrollment for managed devices and self-service onboarding for BYOD. JoinNow Cloud RADIUS validates every connection against your Identity Provider in real time, with 99.999% uptime and no on-premise servers to maintain.
Schedule a demo to see how certificate-based authentication with RSA-signed certificates eliminates passwords and strengthens your network access security.
Frequently Asked Questions
What is the difference between RSA encryption and RSA digital signatures?
RSA encryption uses the recipient's public key to scramble data so only the recipient's private key can decrypt it. RSA digital signatures work in reverse: the sender signs data with their own private key, and anyone with the sender's public key can verify the signature. Encryption protects confidentiality; signatures prove authenticity and integrity.
Is RSA encryption still secure in 2026?
Yes, for now. RSA at 2048 bits or above remains secure against all known classical attacks. The primary long-term risk comes from quantum computing. NIST recommends using RSA 2048 as the minimum through 2030 and beginning migration to post-quantum algorithms. For most enterprise use cases, RSA remains a sound choice when paired with a crypto-agile PKI that can swap algorithms when the time comes.
What is the difference between RSA and ECDSA?
Both are asymmetric algorithms used in PKI and digital signatures. ECDSA (Elliptic Curve Digital Signature Algorithm) provides equivalent security to RSA at much shorter key lengths — a 256-bit ECDSA key matches a 3072-bit RSA key. ECDSA is faster and uses less bandwidth, making it increasingly popular for TLS certificates and device authentication. Many organizations now default to ECDSA for new certificate deployments while maintaining RSA for backward compatibility.
Can quantum computers break RSA encryption?
A sufficiently powerful quantum computer running Shor's algorithm could factor RSA keys in polynomial time, effectively breaking the algorithm. Current quantum hardware is not yet capable of this. Timelines vary, but most researchers estimate the 2030s. NIST has published post-quantum cryptography standards (FIPS 203, 204, 205) to prepare organizations for migration.
How does RSA encryption relate to certificate-based authentication?
Certificate-based authentication uses X.509 digital certificates — typically signed with RSA or ECDSA — to prove identity. When a device presents an RSA-signed certificate to a RADIUS server during 802.1X authentication, the server verifies the signature chain to confirm the certificate was issued by a trusted CA. This replaces passwords with cryptographic proof of identity, eliminating phishing and credential theft risks.
