Features
Format options
PEM format- Standard for SSL/TLS certificates and web servers
- Includes both private and public keys in PEM-encoded format
- Suitable for use with OpenSSL and most certificate authorities
- Single-line public key format for SSH authentication
- Private key remains in PEM format
- Ready to add to
~/.ssh/authorized_keys
Algorithm options
RSA- Most widely supported algorithm
- Key sizes: 1024, 2048, 3072, or 4096 bits
- Recommended: 2048 bits minimum, 4096 bits for high security
- Uses RSASSA-PKCS1-v1.5 with SHA-256
1024-bit RSA keys are considered insecure by modern standards. Use 2048 bits or higher.
- More efficient than RSA with equivalent security
- Supported curves:
- P-256 (secp256r1) - Widely supported, good balance
- P-384 (secp384r1) - Higher security
- P-521 (secp521r1) - Maximum security
- Smaller key sizes than RSA for equivalent security
- Modern elliptic curve algorithm
- Not supported in all browsers’ Web Crypto API
- If available, offers excellent security and performance
Optional comments
Add a comment or email address to your keys for identification. The comment appears:- In PEM format: As a header comment
- In SSH format: At the end of the public key line
Generated keys
After generation, you’ll see:- Private key - Keep this secure and never share it
- Public key - Safe to distribute for verification
- Algorithm details - Shows the algorithm, key size (RSA), or curve (ECDSA)
- Comment - If you added one
Download keys
Click the download button next to each key to save it:- Private keys:
private_key_rsa.pem(or.keyfor ECDSA) - Public keys:
public_key_rsa.pub(SSH) or.pem
Copy keys
Click the copy button to copy the entire key (including headers and footers) to your clipboard.Keyboard shortcuts
- Cmd/Ctrl + Enter - Generate key pair
- Cmd/Ctrl + Shift + Backspace - Clear all
Use cases
SSH authentication
- Select “SSH” format
- Choose RSA (4096 bits) or ECDSA (P-256)
- Add your email as a comment
- Generate the key pair
- Copy the public key to your server’s
~/.ssh/authorized_keys - Save the private key securely (usually in
~/.ssh/id_rsaor~/.ssh/id_ecdsa)
SSL/TLS certificates
- Select “PEM” format
- Choose RSA (2048 or 4096 bits)
- Generate the key pair
- Use the private key to create a Certificate Signing Request (CSR)
- Submit the CSR to a certificate authority
Code signing
- Select “PEM” format
- Choose RSA (4096 bits) or ECDSA (P-384 or P-521)
- Generate the key pair
- Use the private key to sign your code or releases
- Distribute the public key for verification
API authentication
- Generate an RSA or ECDSA key pair
- Register the public key with the API provider
- Use the private key to sign API requests
Keys are generated using your browser’s Web Crypto API, which uses cryptographically secure random number generation. Your keys never leave your device.
Security best practices
- Protect your private key - Store it in a secure location with restricted permissions (chmod 600 on Unix systems)
- Use strong key sizes - At least 2048 bits for RSA, P-256 or higher for ECDSA
- Add passphrases - After downloading, encrypt your private key with a passphrase using
ssh-keygenor OpenSSL - Rotate keys regularly - Generate new keys periodically, especially for critical systems
- Never share private keys - Only distribute public keys
- Backup securely - Keep encrypted backups of your private keys in a secure location