SSH Key Generator

You need an SSH keypair for server access, Git authentication, or CI/CD pipelines. This tool generates RSA or ECDSA SSH keys entirely in your browser using the Web Crypto API — private keys are never transmitted over the network.

Key Types

RSA 2048: The minimum recommended key size. Compatible with all SSH servers and clients. Good for general use.

RSA 4096: Double the key size of RSA 2048. Provides a larger security margin. Slightly slower for authentication but the difference is negligible in practice.

ECDSA P-256: Elliptic curve key using the NIST P-256 curve. Shorter key (256 bits provides equivalent security to RSA 3072). Faster key generation and authentication.

ECDSA P-384: Uses the P-384 curve. Provides equivalent security to RSA 7680. Recommended when higher security margins are needed.

Output Formats

• Public key: OpenSSH format (ssh-rsa AAAA... comment or ecdsa-sha2-nistp256 AAAA... comment)
• Private key: PKCS#8 PEM format (compatible with OpenSSH 7.8+ and most SSH clients)
• Fingerprint: SHA-256 hash of the public key

Usage

After downloading the keys:

# Set correct permissions
chmod 600 ~/.ssh/id_rsa

# Copy public key to server
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

# Or manually add to ~/.ssh/authorized_keys on the server

Frequently Asked Questions

Are the keys truly generated in my browser? Yes. The Web Crypto API (crypto.subtle.generateKey) runs natively in your browser. No server-side code is involved.

Why no Ed25519 option? Ed25519 support in the Web Crypto API is still limited across browsers. Once browser support improves, it will be added. For Ed25519 keys, use ssh-keygen -t ed25519 on the command line.

Can I add a passphrase? Passphrase-encrypting PKCS#8 keys in the browser requires additional ASN.1 encoding that is not yet implemented. For passphrase protection, import the key with ssh-keygen -p -f keyfile.