Learn it, compute it, and test yourself — the whole algorithm in one place, built for your exam.
RSA is an asymmetric (public-key) cryptosystem. Instead of one shared secret key, every person has a pair of keys that are mathematically linked:
Anyone can use it to encrypt a message to you, or verify your signature.
Only you hold it. It's used to decrypt incoming messages, or sign.
The magic: what one key locks, only the other can unlock. You never have to share a secret in advance.
RSA rests on a one-way "trapdoor" function. Multiplying two large primes is easy:
But going backwards — factoring n back into p and q — is believed to be computationally infeasible for huge numbers. Without the factors you can't find φ(n), and without φ(n) you can't find the private exponent d. That asymmetry of effort is the whole security argument.
n = p·q. Public, and shared by both keys. Its bit-length is the "key size" (e.g. 2048-bit RSA).n coprime to it. For two primes, φ(n) = (p-1)(q-1).1 < e < φ(n) and gcd(e, φ(n)) = 1. Often a fixed value like 65537.e, i.e. e·d ≡ 1 (mod φ(n)).c = mᵉ mod n using your public key.c travels over the wire.m = cᵈ mod n with your private key.Because e·d ≡ 1 (mod φ(n)), we have e·d = kφ(n)+1 for some integer k. Then by Euler's theorem:
| Symbol | Name | Computed as | Secret? |
|---|---|---|---|
| p, q | primes | chosen | secret |
| n | modulus | p·q | public |
| φ(n) | totient | (p−1)(q−1) | secret |
| e | public exp. | gcd(e,φ)=1 | public |
| d | private exp. | e⁻¹ mod φ | secret |
| c | ciphertext | mᵉ mod n | public |
mᵉ mod n without astronomically large intermediates.d, the inverse of e mod φ(n).gcd(e, φ(n)) = 1 before accepting e.We'll send the message m = 4 using small primes p = 3, q = 11. Trace it from key generation to recovery.
We recovered m = 4 — exactly the original message. The round-trip works.
Want to verify with different numbers? Hop over to the Calculator tab and type these in.