Asymmetric encryption · RSA

RSA-OAEP File Decryption

Paste your PEM private key and decrypt RSA-OAEP ciphertexts entirely in the browser to validate integrations or unwrap session keys.

Choose a file

Upload a file

Click to browse or drag & drop files here

RSA-OAEP is best for small blobs or session keys. Large uploads will likely exceed the modulus limit.

Processed output

Decrypted payloads will be available here when a valid RSA package is supplied.

Hash algorithm

Generate test keys

Generated keys appear in the PEM editors below so you can experiment end-to-end.

Public key (PEM)

Private key (PEM)

Use the private key that pairs with the public key used during encryption to recover the bytes.

Usage notes

Use this RSA-OAEP view to validate ciphertexts from CI pipelines, penetration tests, or customer reports without leaving the browser. The tool automatically unwraps bundled payloads so larger files keep working, but the OpenSSL example below reflects the classic direct-RSA workflow, which only supports a few hundred bytes per block (e.g., ~214 bytes with a 2048-bit key and SHA-256). Guard the private key carefully and keep the tab open while the browser streams the bytes back into a downloadable plaintext file.

Equivalent OpenSSL workflow

Recreate the browser’s RSA path with a single openssl pkeyutl -decrypt invocation:

# Decrypt a small RSA-OAEP ciphertext
openssl pkeyutl -decrypt -inkey private.pem \
  -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 \
  -in secret.bin.rsa -out secret.bin

# Optional: if you received Base64 text, decode first
base64 -d secret.bin.rsa.b64 > secret.bin.rsa