RSA is a common asymmetric (public-key) encryption algorithm whose security rests on the mathematical difficulty of factoring the product of two large prime numbers. It uses a public/private key pair so people can communicate securely without sharing a secret key in advance.
RSA is one of the two big asymmetric encryption algorithms you'll meet in Topic 5.4 (the other is ECC). "Asymmetric" means it uses a key pair instead of a single shared key. You generate two keys at the same time through a mathematical process, and they're mathematical inverses of each other. One is your public key, which you hand out to anyone. The other is your private key, which you guard. Whatever one key locks, only its partner can unlock (EK 5.4.A.2).
What makes RSA RSA is the math underneath it. Its security comes from how hard it is to factor the product of two very large prime numbers. Multiplying two big primes together is easy for a computer; working backward to find those primes from the product is brutally slow. That one-way difficulty is the wall protecting your data. RSA keys are typically large for this reason, with 2048-bit keys being a common modern standard. You can run RSA from the command line with OpenSSL or with specialized tools like the RSA Encryption Tool (EK 5.4.C.1, EK 5.4.C.2).
RSA lives in Unit 5: Securing Applications and Data, specifically Topic 5.4 Asymmetric Cryptography. It's the headline example for objective AP Cybersecurity 5.4.C, which asks you to apply asymmetric algorithms to encrypt and decrypt data. It also ties straight into 5.4.A (picking the right key to send or receive) and 5.4.B (why longer keys mean bigger keyspaces and stronger security). RSA is the algorithm that makes the abstract idea of public-key crypto concrete, so it shows up anywhere the exam wants to test whether you actually understand how key pairs, digital signatures, and certificates work.
Keep studying AP Cybersecurity Unit 5
Visual cheatsheet
view galleryECC / Elliptic Curve Cryptography (Unit 5)
ECC is RSA's leaner cousin. It hits the same security level with much smaller keys, so a 256-bit ECC key can match the strength of a 2048-bit RSA key. When a question asks for asymmetric security with smaller key sizes, the answer is ECC, not RSA.
Public Key and Private Key (Unit 5)
RSA is the engine; the public and private keys are the parts it runs on. To send someone an encrypted file with RSA, you use their public key, and only their matching private key can decrypt it. Knowing which key does what is half of what 5.4.A tests.
Digital Signature and Certificate Authority (Unit 5)
RSA isn't only for hiding messages. Flip the keys around (sign with the private key, verify with the public key) and you get a digital signature, which is what a certificate authority uses to vouch for a website's identity. This is the bridge between Topic 5.4 and how trust works online.
TLS (Unit 5)
TLS is the protocol that secures your web traffic, and RSA is one of the algorithms it historically used to safely exchange keys at the start of a connection. RSA solves the chicken-and-egg problem of sharing a secret without ever meeting first.
Expect RSA on multiple-choice questions in two main flavors. First, key-selection: a stem says someone needs to decrypt a file encrypted with RSA and asks which key to use (answer: the private key of the recipient's pair). Second, identification: a stem describes an algorithm "based on the mathematical difficulty of factoring large prime numbers" and asks you to name it (answer: RSA). You should also be able to spot the workflow, like generating a 2048-bit RSA key pair with OpenSSL and extracting the public key into a separate file to share. No released FRQ has used "RSA" verbatim, but the concept supports any free-response prompt about securing data transmission with asymmetric encryption.
Both are asymmetric algorithms, so it's easy to mix them up. The split is the math and the key size. RSA relies on factoring large primes and needs big keys (like 2048-bit). ECC relies on elliptic curve math and gets the same security with much smaller keys. If a question stresses "smaller key sizes, equivalent security," pick ECC; if it stresses "factoring large prime numbers," pick RSA.
RSA is an asymmetric encryption algorithm whose security comes from the difficulty of factoring the product of two large prime numbers.
To encrypt for someone you use their public key, and only their private key can decrypt it, so on the exam decrypting an RSA file means using the private key.
RSA commonly uses 2048-bit keys, and longer keys mean a larger keyspace (2^n) and stronger security, though they take more time to process.
ECC reaches the same security as RSA with much smaller keys, so 'smaller key size, equivalent security' points to ECC, not RSA.
Beyond hiding messages, RSA also powers digital signatures and digital certificates by reversing the roles of the public and private keys.
You can run RSA in practice using OpenSSL on the command line or open-source tools like the RSA Encryption Tool.
RSA is a common asymmetric (public-key) encryption algorithm covered in Topic 5.4. Its security rests on how hard it is to factor the product of two large prime numbers, and it uses a public/private key pair so people can communicate securely without sharing a secret key first.
Asymmetric. RSA uses two different keys (a public key and a private key) that are mathematical inverses of each other, unlike symmetric encryption where the same single key both encrypts and decrypts.
The private key. If a file was encrypted using your public key, only your matching private key can unlock it, which is exactly the type of stem the exam uses to test key selection.
Both are asymmetric, but RSA is built on factoring large prime numbers and needs large keys (like 2048-bit), while ECC uses elliptic curve math and achieves the same security with much smaller keys. If a question highlights smaller key sizes with equivalent security, the answer is ECC.
Longer keys create a larger keyspace (an n-bit key has 2^n possibilities), which makes brute-force guessing far harder. Because computing power keeps improving, recommended key lengths like 2048-bit help keep RSA secure, even though longer keys take more time to encrypt and decrypt.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.