Generate 2048-bit RSA Key Pair

Generating a 2048-bit RSA Key Pair

A 2048-bit RSA key is currently the minimum recommended key size for production use. The "2048-bit" refers to the length of the modulus n in the RSA key pair, which directly determines the cryptographic strength.

Why 2048-bit?

The security of RSA keys is measured in terms of equivalent symmetric key strength:

RSA Key Size	Symmetric Equivalent	Status
1024-bit	~80-bit	Deprecated — factorable with modern resources
2048-bit	~112-bit	Acceptable — standard minimum through ~2030
3072-bit	~128-bit	Recommended — NIST guidance for longer term
4096-bit	~140-bit	Strong — for high-security applications

Generating with Web Crypto API

const keyPair = await crypto.subtle.generateKey(
  {
    name: "RSA-OAEP",
    modulusLength: 2048,
    publicExponent: new Uint8Array([1, 0, 1]), // 65537
    hash: "SHA-256",
  },
  true,  // extractable
  ["encrypt", "decrypt"]
);

Performance Characteristics

2048-bit keys offer a good balance between security and performance:

• Key generation: ~100-500ms on modern hardware
• Encryption: ~1ms for small payloads
• Decryption: ~10-50ms
• Signature creation: ~10-50ms
• Signature verification: ~1ms

When to Use 2048-bit

• Standard web server TLS/SSL certificates
• SSH authentication for typical workloads
• API authentication tokens with regular rotation (< 2 years)
• Development and testing environments

When to Choose Larger Keys

If your data needs to remain secure beyond 2030 or you operate in a regulated industry (finance, government, healthcare), consider 3072-bit or 4096-bit keys instead.