Keypair Generator (RSA / ECDSA / Ed25519) Generate RSA, ECDSA, and Ed25519 key pairs as PEM, locally.
100% offline
Generated locally — keys are never uploaded.
Choose an algorithm and press Generate to create a PEM key pair.

About Keypair Generator (RSA / ECDSA / Ed25519)

Asymmetric cryptography uses a matched pair of keys — a public key you can share and a private key you keep secret. This keypair generator creates RSA, ECDSA, and Ed25519 key pairs and exports them as PEM, the format SSH, TLS, JWT signing, and most libraries expect.

Everything runs in your browser with the Web Crypto API. The private key is generated on your device and never sent to a server, so you can create keys for development, testing, or production offline — with no command line and no openssl install.

Pick an algorithm, choose a size or curve, and generate. You get standard `-----BEGIN PUBLIC KEY-----` (SPKI) and `-----BEGIN PRIVATE KEY-----` (PKCS#8) PEM blocks, ready to copy.

Features

  • RSA (2048 / 3072 / 4096), ECDSA (P-256 / P-384 / P-521), and Ed25519
  • Choose RSA usage: signing (RSASSA-PKCS1-v1_5) or encryption (RSA-OAEP)
  • Standard SPKI public + PKCS#8 private PEM output with one-click copy
  • Generated locally via the Web Crypto API — keys never leave your device

How to use

  1. Pick an algorithm: RSA, ECDSA, or Ed25519.
  2. Choose the key size (RSA) or curve (ECDSA); Ed25519 needs no extra option.
  3. Press Generate and wait — RSA-4096 takes a few seconds.
  4. Copy the public and private PEM blocks from their cards.

Frequently asked questions

Which algorithm should I choose?

Ed25519 is the modern default: small, fast, and secure. ECDSA (P-256) is widely supported and a good general choice. RSA is the most compatible with older systems — use 2048-bit at minimum, or 3072/4096 for longer-term security.

Are the keys generated securely and privately?

Yes. Keys are generated in your browser by the Web Crypto API using cryptographically strong randomness. The private key is created on your device and is never transmitted — generation works fully offline.

Why is RSA-4096 so slow?

RSA key generation must find large random primes, and the cost grows sharply with key size. RSA-4096 can take several seconds even on fast hardware. ECDSA and Ed25519 are near-instant.

What PEM format are the keys in?

The public key is exported as SPKI (-----BEGIN PUBLIC KEY-----) and the private key as PKCS#8 (-----BEGIN PRIVATE KEY-----). These are the standard, unencrypted PEM formats accepted by OpenSSL, Node.js, and most libraries.

Can I use these keys for SSH?

These are PEM-encoded SPKI/PKCS#8 keys, not the OpenSSH key format. You can convert them with ssh-keygen or openssl if needed, but for SSH it is usually simpler to generate keys directly with ssh-keygen.

Related tools

Hash Generator — SHA-256, SHA-1 & SHA-512 Online SHA-1, SHA-256 and SHA-512 digests AES Encryption – Encrypt & Decrypt Online Password-based AES-GCM encryption in your browser. HMAC Generator Online — SHA-256, SHA-512 & SHA-1 Generate keyed-hash MACs locally. JWT Decoder — Inspect JSON Web Tokens Online Decode and inspect JSON Web Tokens

Everything runs locally in your browser — your input is never uploaded.