RSA key is a private key based on the RSA algorithm. The private key is used for authentication and symmetric key exchange when establishing an SSL/TLS session.
This is part of the public key infrastructure commonly used in SSL certificates. Public key infrastructure presupposes asymmetric cryptography using two keys: a private key and a public key (contained in an SSL certificate).
Because asymmetric encryption takes too long to transmit encrypted data, this type of encryption is used for secure symmetric key exchange, which is actually used to encrypt and decrypt the transmitted data.
An RSA private key is usually generated along with a CSR. Neither we nor the certification authority has access to your private key. It is generated locally on our server and is never sent to us. It looks like a code block with headers:
-----BEGIN RSA PRIVATE KEY-----
You can specify the key size when generating a CSR/private key. Most certificate authorities consider 2048 bits to be the optimal size for RSA private keys. This is because it provides a reasonable level of security and does not place a heavy load on the server's CPU.
If you prefer, you can use a 4096-bit key size for your certificate's private key, but each cloning of your RSA private key slows down the SSL/TLS handshake by a factor of approximately 6-7.
If we choose the 4096-bit key size of the RSA key for SSL, the following are its impacts of it:
- Encryption strength has been improved.
- SSL handshake at the start of each connection slows down.
- CPU usage increases during the handshake.