RSA/ECDSA Key Generator
Generate cryptographically secure RSA or ECDSA public/private key pairs using your browser's Web Crypto API. Choose from multiple key sizes and export formats. All keys are generated locally on your device for maximum security and privacy.
Generate cryptographically secure RSA or ECDSA public/private key pairs using your browser's native Web Crypto API. All keys are generated locally on your device and never transmitted over the network.
Click "Generate Key Pair" to create a new cryptographically secure key pair using your browser's Web Crypto API.
Instant Key Generation
Generate cryptographically secure RSA or ECDSA key pairs in milliseconds using your browser's native Web Crypto API. No waiting, no server processing, just instant results.
Maximum Security & Privacy
All key generation happens locally in your browser. Your private keys never leave your device and are never transmitted over the network, ensuring complete privacy and security.
Multiple Formats & Algorithms
Choose between RSA (2048/3072/4096-bit) and ECDSA (P-256/P-384/P-521) algorithms. Export keys in PEM, JWK, PKCS#8, or SPKI formats for maximum compatibility.
100% Free Forever
Generate unlimited key pairs at no cost. No subscriptions, no usage limits, no hidden fees. No account or signup required to use this tool.
SSH Authentication
Generate RSA or ECDSA keys for passwordless SSH authentication to servers and cloud instances. Add the public key to authorized_keys and use the private key for secure remote access without passwords.
JWT Token Signing
Create ECDSA key pairs in JWK format for signing and verifying JSON Web Tokens in modern web applications. Use the private key to sign tokens and distribute the public key for verification.
SSL/TLS Certificates
Generate RSA keys for creating self-signed SSL certificates for development environments or certificate signing requests (CSRs) for production certificates from certificate authorities.
Code Signing
Create key pairs for signing software packages, container images, or Git commits. Verify the authenticity and integrity of code by checking signatures against the public key.
API Authentication
Implement secure API authentication using public key cryptography. Clients sign requests with their private key, and servers verify signatures using the corresponding public key.
Blockchain & Crypto
Generate ECDSA key pairs for blockchain applications, cryptocurrency wallets, or smart contract interactions. The private key controls assets while the public key serves as an address.
The RSA/ECDSA Key Generator creates cryptographically secure public/private key pairs entirely in your browser using the Web Crypto API. These keys are suitable for digital signatures, secure authentication, and establishing encrypted communication channels. All key generation happens locally on your device, ensuring your private keys never leave your computer.
RSA Key Generation
RSA (Rivest-Shamir-Adleman) is a widely-used asymmetric encryption algorithm that relies on the mathematical difficulty of factoring large prime numbers. This generator supports 2048-bit keys for standard security, 3072-bit keys for high security applications, and 4096-bit keys for maximum security. RSA keys are commonly used for SSL/TLS certificates, SSH authentication, code signing, and email encryption with PGP or S/MIME.
ECDSA Key Generation
ECDSA (Elliptic Curve Digital Signature Algorithm) provides equivalent security to RSA with significantly smaller key sizes, resulting in faster operations and reduced storage requirements. The generator supports three NIST-standardized curves: P-256 for standard security (equivalent to 3072-bit RSA), P-384 for high security (equivalent to 7680-bit RSA), and P-521 for maximum security (equivalent to 15360-bit RSA). ECDSA is widely used in modern cryptographic protocols including JWT tokens, blockchain applications, and mobile device authentication.
Output Formats
Keys can be exported in multiple standard formats. PEM (Privacy Enhanced Mail) format is the most common, using Base64 encoding with header and footer markers, compatible with OpenSSL, SSH, and most certificate authorities. JWK (JSON Web Key) format represents keys as JSON objects, ideal for web applications and JWT implementations. PKCS#8 and SPKI formats provide Base64-encoded keys without PEM headers, useful for programmatic key handling and custom implementations.
Security Considerations
The Web Crypto API uses your browser's native cryptographic libraries, which are regularly audited and maintained by browser vendors. Keys are generated using cryptographically secure random number generators that meet industry standards. However, you should always store private keys securely, never transmit them over insecure channels, and use appropriate key sizes for your security requirements. For production systems handling sensitive data, consider using hardware security modules (HSMs) or dedicated key management services.
Common Use Cases
Generated keys can be used for SSH authentication by converting the public key to OpenSSH format, creating self-signed SSL certificates for development environments, implementing JWT-based authentication systems, signing software packages and container images, establishing secure API authentication, and encrypting sensitive data at rest. The private key should always be kept secret and protected with strong access controls, while the public key can be freely distributed to anyone who needs to verify your signatures or send you encrypted messages.
Related Tools
Cryptographically Secure Password Generator
Generate high-entropy passwords with browser cryptographic randomness and policy controls - Free secure password generator
UUID / GUID Batch Generator
Generate batches of up to 10,000 cryptographically secure UUID v4 (random) or UUID v7 (time-ordered) identifiers in your browser - Free online UUID generator
AES File Encryptor/Decryptor
Encrypt and decrypt files locally using AES-256-GCM with PBKDF2 passphrase-based key derivation - Free online AES file encryptor
JWT Debugger & Signature Verifier
Decode JWT claims and verify HS/RS/ES signatures in-browser with shared-secret and public-key workflows - Free online JWT debugger
Frequently Asked Questions About RSA/ECDSA Key Generator
RSA uses large prime number factorization for security, requiring larger key sizes (2048-4096 bits). ECDSA uses elliptic curve mathematics, providing equivalent security with much smaller keys (256-521 bits). ECDSA keys are faster to generate and use less storage, making them ideal for modern applications.
For RSA, 2048-bit keys provide standard security suitable for most applications. Use 3072-bit for high-security requirements or 4096-bit for maximum security. For ECDSA, P-256 offers standard security, P-384 provides high security, and P-521 delivers maximum security. ECDSA P-256 is roughly equivalent to RSA 3072-bit.
Yes, keys are generated using the Web Crypto API, which uses cryptographically secure random number generators built into your browser. These implementations are regularly audited and meet industry security standards. However, always store private keys securely and never share them.
PEM format is most common and compatible with OpenSSL, SSH, and certificate authorities. JWK format is ideal for web applications and JWT implementations. PKCS#8 and SPKI formats provide Base64-encoded keys without headers, useful for programmatic handling. Choose based on your specific use case and compatibility requirements.
Yes, the generated keys are cryptographically secure and suitable for production use. However, for high-security production systems handling sensitive data, consider using hardware security modules (HSMs) or dedicated key management services that provide additional physical security and audit capabilities.
Download both keys and store the private key securely with restricted access permissions. The public key can be freely shared. For SSH, add the public key to authorized_keys. For JWT, import the JWK into your application. For SSL, use the private key to create a certificate signing request.
Absolutely. All key generation happens entirely in your browser using the Web Crypto API. Your private key never leaves your device and is never transmitted over the network. Once you close the page, the keys are gone unless you've downloaded them. Always store downloaded private keys securely.