Asymmetric encryption · RSA

RSA-OAEP Text Encryption and Decryption Online

Convert plaintext to ciphertext (and back) with RSA-OAEP. Configure key sizes, hash algorithms, and output encodings—all in a single browser session.

Asymmetric encryption · RSA-OAEP

Encrypt or decrypt text with RSA-OAEP by supplying PEM-encoded keys. Generate modulus-sized key pairs with selectable hash algorithms, then copy ciphertext or plaintext back to your clipboard without external servers.

Plaintext input

Ciphertext output

RSA-OAEP ciphertext is shown as Base64 depending on the encoding selection.

Key size

Hash algorithm

Keys export as PEM, ready for secure backend signatures or company-wide deployments.

Public key (PEM)

Private key (PEM)

Understanding RSA-OAEP

RSA-OAEP is just plain RSA wrapped with the Optimal Asymmetric Encryption Padding (OAEP) method, which adds a hash and mask-generation layer so reactions to repeated encryptions become indistinguishable. RSA without padding is deterministic and hard to secure, so OAEP is the standard choice for most encrypted messages today.

Quick OpenSSL reference

Below are the common commands for generating a RSA-OAEP key pair and for encrypting/decrypting small text payloads while piping Base64 so the ciphertext stays copy-friendly.

Generate keys

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out private.pem
openssl rsa -pubout -in private.pem -out public.pem

Encrypt & decrypt text

The snippet below echoes plaintext into openssl pkeyutl, encrypts with RSA-OAEP + SHA-256, Base64-encodes the ciphertext for easy transport, then decodes it back into a binary blob and decrypts with the private key to recover the original text.

echo "Encrypt me" | openssl pkeyutl -encrypt -inkey public.pem -pubin \
  -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 | base64 > cipher.base64
base64 -d cipher.base64 | openssl pkeyutl -decrypt -inkey private.pem \
  -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 > recovered.txt

Why ciphertext changes every time

RSA-OAEP purposely mixes randomness into every encryption via the mask generation function (MGF) and hash that compose the OAEP padding. Even if you encrypt the same plaintext with the same public key repeatedly, the random seed inside OAEP forces each ciphertext to look different. This property is essential for semantic security and prevents attackers from spotting repeated messages.