What is RSA?

RSA was published in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman, making it one of the first practical public-key cryptosystems. It works by generating two large prime numbers, multiplying them to produce a modulus, and deriving a public and private key pair from that modulus. Encrypting with the public key produces ciphertext that can only be decrypted with the private key, because reversing the operation requires factoring the modulus back into its primes — a problem for which no efficient algorithm is known for sufficiently large numbers.

Key size is critical to RSA security. RSA-2048 (2048-bit key) is the current minimum recommended size and is considered secure through 2030. RSA-4096 provides a larger security margin at the cost of slower operations. Unlike symmetric key sizes, RSA key sizes do not map directly to equivalent security levels — RSA-2048 provides roughly 112 bits of symmetric-equivalent security, while RSA-4096 provides roughly 128 bits.

RSA is being gradually supplemented by elliptic curve cryptography (ECC), which achieves equivalent security with much smaller key sizes and faster operations. However, RSA remains deeply embedded in existing infrastructure: TLS certificates, SSH keys, PGP/GPG, code signing, and countless enterprise systems still rely on it. The emerging threat of quantum computing has also spurred interest in post-quantum alternatives, as a sufficiently powerful quantum computer could factor RSA keys efficiently using Shor's algorithm.

How Vaulted uses RSA

Vaulted does not use RSA directly. Because Vaulted's encryption model is based on symmetric AES-256-GCM with key delivery via URL fragment, there is no need for public-key cryptography. However, RSA is indirectly involved in protecting Vaulted's infrastructure: the TLS certificates that secure HTTPS connections between your browser and Vaulted's server rely on RSA or ECC key pairs for the initial handshake before symmetric encryption takes over for data transfer.