diff --git a/src/crypto/mode/gcm.js b/src/crypto/mode/gcm.js
index 58b6abc7..4532eb96 100644
--- a/src/crypto/mode/gcm.js
+++ b/src/crypto/mode/gcm.js
@@ -25,7 +25,7 @@
 import { AES_GCM } from '@openpgp/asmcrypto.js/dist_es8/aes/gcm';
 import util from '../../util';
 
-const webCrypto = util.getWebCrypto(); // no GCM support in IE11, Safari 9
+const webCrypto = util.getWebCrypto();
 const nodeCrypto = util.getNodeCrypto();
 const Buffer = util.getNodeBuffer();
 
diff --git a/src/crypto/public_key/prime.js b/src/crypto/public_key/prime.js
index 8b5678e1..3755d08e 100644
--- a/src/crypto/public_key/prime.js
+++ b/src/crypto/public_key/prime.js
@@ -25,7 +25,7 @@ import util from '../../util';
 import { getRandomBigInteger } from '../random';
 
 /**
- * Probabilistic random number generator
+ * Generate a probably prime random number
  * @param {Integer} bits - Bit length of the prime
  * @param {BigInteger} e - Optional RSA exponent to check against the prime
  * @param {Integer} k - Optional number of iterations of Miller-Rabin test
diff --git a/src/crypto/public_key/rsa.js b/src/crypto/public_key/rsa.js
index 95e9aad6..3a8eae93 100644
--- a/src/crypto/public_key/rsa.js
+++ b/src/crypto/public_key/rsa.js
@@ -32,21 +32,6 @@ const webCrypto = util.getWebCrypto();
 const nodeCrypto = util.getNodeCrypto();
 const asn1 = nodeCrypto ? require('asn1.js') : undefined;
 
-// Helper for IE11 KeyOperation objects
-function promisifyIE11Op(keyObj, err) {
-  if (typeof keyObj.then !== 'function') { // IE11 KeyOperation
-    return new Promise(function(resolve, reject) {
-      keyObj.onerror = function () {
-        reject(new Error(err));
-      };
-      keyObj.oncomplete = function (e) {
-        resolve(e.target.result);
-      };
-    });
-  }
-  return keyObj;
-}
-
 /* eslint-disable no-invalid-this */
 const RSAPrivateKey = util.detectNode() ? asn1.define('RSAPrivateKey', function () {
   this.seq().obj( // used for native NodeJS crypto
@@ -178,44 +163,19 @@ export async function generate(bits, e) {
 
   // Native RSA keygen using Web Crypto
   if (util.getWebCrypto()) {
-    let keyPair;
-    let keyGenOpt;
-    if ((globalThis.crypto && globalThis.crypto.subtle) || globalThis.msCrypto) {
-      // current standard spec
-      keyGenOpt = {
-        name: 'RSASSA-PKCS1-v1_5',
-        modulusLength: bits, // the specified keysize in bits
-        publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent
-        hash: {
-          name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'
-        }
-      };
-      keyPair = webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);
-      keyPair = await promisifyIE11Op(keyPair, 'Error generating RSA key pair.');
-    } else if (globalThis.crypto && globalThis.crypto.webkitSubtle) {
-      // outdated spec implemented by old Webkit
-      keyGenOpt = {
-        name: 'RSA-OAEP',
-        modulusLength: bits, // the specified keysize in bits
-        publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent
-        hash: {
-          name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'
-        }
-      };
-      keyPair = await webCrypto.generateKey(keyGenOpt, true, ['encrypt', 'decrypt']);
-    } else {
-      throw new Error('Unknown WebCrypto implementation');
-    }
+    const keyGenOpt = {
+      name: 'RSASSA-PKCS1-v1_5',
+      modulusLength: bits, // the specified keysize in bits
+      publicExponent: e.toUint8Array(), // take three bytes (max 65537) for exponent
+      hash: {
+        name: 'SHA-1' // not required for actual RSA keys, but for crypto api 'sign' and 'verify'
+      }
+    };
+    const keyPair = await webCrypto.generateKey(keyGenOpt, true, ['sign', 'verify']);
 
     // export the generated keys as JsonWebKey (JWK)
     // https://tools.ietf.org/html/draft-ietf-jose-json-web-key-33
-    let jwk = webCrypto.exportKey('jwk', keyPair.privateKey);
-    jwk = await promisifyIE11Op(jwk, 'Error exporting RSA key pair.');
-
-    // parse raw ArrayBuffer bytes to jwk/json (WebKit/Safari/IE11 quirk)
-    if (jwk instanceof ArrayBuffer) {
-      jwk = JSON.parse(String.fromCharCode.apply(null, new Uint8Array(jwk)));
-    }
+    const jwk = await webCrypto.exportKey('jwk', keyPair.privateKey);
     // map JWK parameters to corresponding OpenPGP names
     return {
       n: b64ToUint8Array(jwk.n),
@@ -261,15 +221,23 @@ export async function generate(bits, e) {
   // RSA keygen fallback using 40 iterations of the Miller-Rabin test
   // See https://stackoverflow.com/a/6330138 for justification
   // Also see section C.3 here: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST
-  let q = await randomProbablePrime(bits - (bits >> 1), e, 40);
-  let p = await randomProbablePrime(bits >> 1, e, 40);
+  let p;
+  let q;
+  let n;
+  do {
+    q = await randomProbablePrime(bits - (bits >> 1), e, 40);
+    p = await randomProbablePrime(bits >> 1, e, 40);
+    n = p.mul(q);
+  } while (n.bitLength() !== bits);
+
+  const phi = p.dec().imul(q.dec());
 
   if (q.lt(p)) {
     [p, q] = [q, p];
   }
-  const phi = p.dec().imul(q.dec());
+
   return {
-    n: p.mul(q).toUint8Array(),
+    n: n.toUint8Array(),
     e: e.toUint8Array(),
     d: e.modInv(phi).toUint8Array(),
     p: p.toUint8Array(),
diff --git a/src/crypto/random.js b/src/crypto/random.js
index 0c6927db..a2f92cfe 100644
--- a/src/crypto/random.js
+++ b/src/crypto/random.js
@@ -103,8 +103,6 @@ export async function getRandomBytes(length) {
   const buf = new Uint8Array(length);
   if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
     crypto.getRandomValues(buf);
-  } else if (typeof globalThis !== 'undefined' && typeof globalThis.msCrypto === 'object' && typeof globalThis.msCrypto.getRandomValues === 'function') {
-    globalThis.msCrypto.getRandomValues(buf);
   } else if (nodeCrypto) {
     const bytes = nodeCrypto.randomBytes(buf.length);
     buf.set(bytes);
diff --git a/test/crypto/rsa.js b/test/crypto/rsa.js
index 6a5811f5..0de65b9c 100644
--- a/test/crypto/rsa.js
+++ b/test/crypto/rsa.js
@@ -10,10 +10,8 @@ chai.use(require('chai-as-promised'));
 
 const expect = chai.expect;
 
-/* eslint-disable no-unused-expressions */
 /* eslint-disable no-invalid-this */
-const native = util.getWebCrypto() || util.getNodeCrypto();
-module.exports = () => (!native ? describe.skip : describe)('basic RSA cryptography with native crypto', function () {
+module.exports = () => describe('basic RSA cryptography', function () {
   let sinonSandbox;
   let getWebCryptoStub;
   let getNodeCryptoStub;
@@ -47,6 +45,21 @@ module.exports = () => (!native ? describe.skip : describe)('basic RSA cryptogra
     expect(keyObject.p).to.exist;
     expect(keyObject.q).to.exist;
     expect(keyObject.u).to.exist;
+    expect(util.uint8ArrayBitLength(keyObject.n)).to.equal(bits);
+  });
+
+  it('generate rsa key - without native crypto', async function() {
+    const bits = 1024;
+    disableNative();
+    const keyObject = await crypto.publicKey.rsa.generate(bits, 65537);
+    enableNative();
+    expect(keyObject.n).to.exist;
+    expect(keyObject.e).to.exist;
+    expect(keyObject.d).to.exist;
+    expect(keyObject.p).to.exist;
+    expect(keyObject.q).to.exist;
+    expect(keyObject.u).to.exist;
+    expect(util.uint8ArrayBitLength(keyObject.n)).to.equal(bits);
   });
 
   it('sign and verify using generated key params', async function() {