CommandDialog

Command dialog

RSA Public Key Recovery

Recover your lost RSA public key instantly. Securely generate the PEM-formatted public key from your private key, all within your browser for safety.

Related Tools

See more

Encrypt / Decrypt Text

Encrypt or decrypt text instantly with modern symmetric algorithms. Fast, secure, and fully in-browser.

Text Hash Generator

Hash any text with common algorithms like MD5, SHA, and RIPEMD, privately in your browser.

Text Hash Validator

Validate a text string against given hash by MD5, SHA1, SHA256, SHA224, SHA512, SHA384, SHA3, or RIPEMD160

HMAC Generator

Computes a hash-based message authentication code (HMAC) using a secret key and your favorite hashing function.

What Is an RSA Public Key Recovery Tool?

In day-to-day server operations and development work, it is not uncommon to encounter an awkward situation: you still have the critical RSA private key, but the corresponding public key has been lost or was never backed up. Since the public key is required for SSH passwordless login, GitHub Deploy Keys, and various encrypted communication scenarios, losing it often means authentication can no longer be completed.

Our RSA Public Key Recovery Tool is a practical utility specifically designed for this kind of “reverse extraction” scenario. By simply pasting a PEM-formatted private key, you can instantly recover and export the exact matching public key. The tool currently supports mainstream key sizes, including 1024, 2048, and 4096 bits.

Why Can a Public Key Be Derived from a Private Key?

In the RSA cryptosystem, the public key and private key are not independent of each other. In fact, the public key is effectively a subset of the private key’s information.

Mathematical Principles

As explained in our RSA Key Pair Generator, the core parameters of an RSA key pair include the modulus nn, the public (encryption) exponent ee, and the private (decryption) exponent dd.

  • Public key structure: composed of (n,e)(n, e).

  • Private key structure: in a standard PEM-formatted private key, additional parameters are stored to optimize computation, typically including:

    • The two prime numbers: p,qp, q
    • The modulus: n=p×qn = p \times q
    • The public exponent: ee (commonly 6553765537)
    • The private exponent: dd

Recovery Method

This tool parses the ASN.1-encoded structure of the private key, directly extracts the nn and ee parameters, and re-encapsulates them according to the PEM specification to generate the corresponding public key.

Why Use This Technique?

  1. Fix configuration issues: When you cannot connect to a remote server via SSH and are unsure whether the public key you have matches your private key, regenerating the public key from the private key is the most reliable way to verify correctness.

  2. Identity re-authentication: Many API services (such as AWS and GitHub) require you to provide a public key. If you only have a .pem private key file, this tool allows you to quickly generate the required public key.

  3. Asymmetric encryption integrity: Asymmetric cryptography relies on properly paired public and private keys. This recovery approach preserves that pairing without regenerating an entirely new key pair, avoiding complex configuration changes that would otherwise be required when replacing a private key.

Why Choose Our RSA Public Key Recovery Tool?

Privacy First

  • Fully client-side processing: Although the tool runs in a web interface, all recovery logic is executed entirely within your local browser.
  • Private keys never leave your device: Your private key is never uploaded to our servers or transmitted over the network. This in-browser processing model provides strong protection when handling highly sensitive key material.

Broad Compatibility

  • Multiple key sizes supported: Full support for 1024-bit, 2048-bit, and 4096-bit RSA keys.
  • Standard output format: The recovered public key is generated in the standard PEM format (-----BEGIN PUBLIC KEY-----), making it fully compatible with Linux/Unix environments and a wide range of development libraries.

How to Use the RSA Public Key Recovery Tool?

The process is extremely simple and requires only two steps:

  1. Enter the private key: Paste your RSA private key (PEM format) into the “Private Key Input” field on the left.
  2. Retrieve the public key: The tool automatically detects and computes the result, displaying the recovered public key in real time on the right. You can then click “Copy” or “Download” to save it.

Frequently Asked Questions

Is the public key recovered from the private key exactly the same as the original public key?

Yes. In the RSA mathematical model, the modulus n and public exponent e that make up the public key are fully recorded in the private key file. The public key extracted by this algorithm is mathematically identical to the original and can be used as a direct replacement.

Why does my private key start with "BEGIN RSA PRIVATE KEY" instead of "BEGIN PRIVATE KEY"?

This reflects the difference between PKCS#1 (the former) and PKCS#8 (the latter). PKCS#1 is RSA-specific, while PKCS#8 is a generic key container format. This tool provides solid compatibility with both commonly used PEM standards.

What should I do if I get a "format error" when recovering the public key?

Please ensure that the content you pasted includes the full header (“-----BEGIN …-----”) and footer (“-----END …-----”). If the private key is encrypted (password-protected), it must be decrypted first before the public key can be recovered.

Why recover a public key from a private key instead of generating a new key pair?

In many production environments, the private key is already deployed on clients or in automation scripts. Regenerating a key pair would require updating configurations on all related systems. Recovering the original public key from the existing private key allows you to restore server-side configuration without changing the deployed private key.

What format is the recovered public key in?

The tool generates a standard PEM-formatted public key, typically starting with “-----BEGIN PUBLIC KEY-----”. This format follows the PKCS#8 standard and is widely supported by OpenSSL, Java, Python, and most cloud provider consoles.

Does this tool support password-protected (encrypted) private keys?

The current online recovery tool is primarily designed for unencrypted PEM private keys. If your private key contains the marker “Proc-Type: 4,ENCRYPTED”, it is recommended to decrypt it locally using OpenSSL before performing public key recovery, to ensure secure handling of the key material.

Is there any risk of data leakage during the recovery process?

No. The tool uses 100% client-side processing. Your private key exists only in your browser’s memory during the operation and is never transmitted over the network or uploaded to any server.

Can I use the recovered public key to verify whether it matches a given private key?

Yes. If you have multiple private and public keys and are unsure about their pairings, you can recover a standard public key from each private key and compare the result with the public keys you have on hand.

Does the tool support recovery from 4096-bit private keys?

Yes. The tool supports RSA key recovery for 1024-bit, 2048-bit, and up to 4096-bit keys. As long as the private key is in a standard PEM format, the corresponding public key can be accurately extracted.

Can the recovered public key be used directly with GitHub?

Yes, but note the required format. GitHub typically expects a single-line key starting with “ssh-rsa”. After saving the PEM-formatted public key recovered by this tool, you can convert it to OpenSSH format using the local command “ssh-keygen -f public.pem -i -m PKCS8”.