Skip to main content

RSA encryption

Generate, import, and manage your RSA encryption keys.

Updated over 2 weeks ago

RSA encryption lets you securely encrypt small amounts of data, such as email addresses. You can encrypt data before passing it to our system for decryption or send encrypted data to external systems either for eventual return or for decryption by the external system.


Before you start

Things you need to know:

  • Private keys can be imported into your account (with an optional password and encryption).

  • A public key can be imported into your account - this can then only be used for encryption purposes.

  • Keys for import must be 2048 bits and serialized in the PEM format.


Key specifications

  • Keys are 2048-bit RSA keys

  • Encryption uses OAEP (SHA256) padding with MGF1 using SHA256

  • Maximum data encryption capacity is 190 bytes due to key size and padding requirements

  • Encrypted data is Base64 encoded (URL safe) to allow inclusion in links

Key management options

  • Generate new key pairs within your account

  • Import private keys with optional password protection

  • Import public keys for encryption-only purposes

  • Keys for import must be 2048 bits and in PEM format

Generate a new keypair

  1. Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.

  2. Expand the Key Role drop-down menu and choose a role.

    • The role is used to determine which RSA key to use when decrypting / encrypting plaintext.

  3. For Key Name, enter your key's name.

  4. Select Generate new Keypair.

  5. Select Generate / Import.

Import a private or public key

  1. Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.

  2. Expand the Key Role drop-down menu and choose a role.

    • The role is used to determine which RSA key to use when decrypting / encrypting plaintext.

  3. For Key Name, enter your key's name.

  4. Select either Import Private Key or Import Public Key Only.

  5. If you selected Import Private Key, enter a Password.

  6. For Key (PEM format), enter the key.

  7. Select GENERATE / IMPORT.


Test your encryption

Use the RSA test tool to verify your encryption and decryption processes.

  1. Expand the User menu, and go to Settings > Security and Privacy > RSA Encryption.

  2. To open the RSA test tool, select Test RSA.

  3. Expand the Key to Use drop-down menu and choose the RSA encryption key you want to use.

Encrypt plain text

To encrypt plain text:

  1. For Plain text, enter the plain text you want to encrypt.

  2. Select Encrypt.

  3. The text encrypts and generates in the Encrypted, base64 encoded Text box.

Decrypt text

To decrypt the encoded text:

  1. For Encrypted, base64 encoded Text, enter the encrypted text you want to decrypt.

  2. Select Decrypt.

  3. The text decrypts and generates in the Decrypted Text box.


Disable unencrypted identification

By default, users can be identified by either encrypted or unencrypted email addresses. For additional security and privacy, you can disable unencrypted identification:

  1. Expand the User menu, and go to Settings > Security and Privacy > Content Serving Encryption.

  2. Select the Disable Unencrypted Identification checkbox.

  3. Select Save.

Did this answer your question?