SSH Key Generator
Generate Ed25519, RSA or ECDSA SSH keypairs in your browser and download the public and private keys.
Keys are generated locally in your browser with the Web Crypto API and are never uploaded. Treat the private key as a secret and store it safely.
Need strong passwords too? Try the Password Generator.
About SSH Key Generator
This SSH key generator creates a public/private keypair entirely in your browser using the Web Crypto API, so the private key is generated on your device and never uploaded. Choose your algorithm — Ed25519 (modern and recommended), RSA 2048/4096, or ECDSA P-256/384/521 — add an optional comment like you@host, and pick a file name. The public key is produced in standard OpenSSH format, ready to paste into ~/.ssh/authorized_keys, and the private key is exported as a PKCS#8 PEM you can use with ssh -i. Copy either key or download both, named for you (for example id_ed25519 and id_ed25519.pub). It's a fast way to mint a fresh keypair without installing anything.
Features
- Ed25519, RSA 2048/4096, and ECDSA P-256/384/521
- Standard OpenSSH public key for authorized_keys
- PKCS#8 PEM private key usable with ssh -i
- Optional comment appended to the public key
- Choose the file name; download both keys (key and key.pub)
- Download both keys together as a single .zip
- Copy either key to the clipboard in one click
- Generated locally with the Web Crypto API
How to use the SSH Key Generator
- Choose a key type — Ed25519 is a good default.
- Add an optional comment (e.g. you@host) and a file name.
- Click Generate keypair.
- Copy or download the public (.pub) and private keys.
Example
Input
Type: Ed25519 · Comment: me@laptop
Output
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA… me@laptop
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEI…
-----END PRIVATE KEY-----
An OpenSSH public key and a PKCS#8 PEM private key.
Common errors & troubleshooting
- Generation fails when Ed25519 is selected. — Some older browsers don't support Ed25519 in the Web Crypto API yet. Choose RSA or ECDSA instead, or update to a current browser.
- A tool insists on an OpenSSH-format private key. — The private key here is PKCS#8 PEM, which OpenSSH reads with ssh -i. To convert it to OpenSSH's own format, run ssh-keygen -p -f your_key. For PuTTY, import it in PuTTYgen.
Frequently asked questions
- Are the keys generated safely?
- Yes. The keypair is generated locally in your browser with the Web Crypto API and is never uploaded. Still, only download and use private keys on a device you trust.
- Which key type should I choose?
- Ed25519 is the modern default — short, fast and secure. RSA 2048/4096 is the most widely compatible. ECDSA P-256/384/521 uses NIST curves; pick it if your environment requires it.
- Where do the keys go?
- Put the public key (the .pub line) in ~/.ssh/authorized_keys on the server. Keep the private key on your machine and reference it with ssh -i, after running chmod 600 on it.
- Can I add a passphrase to the private key?
- The downloaded private key is unencrypted PKCS#8. Add a passphrase locally with ssh-keygen -p -f your_key so the key on disk is protected.
- Is my private key sent anywhere?
- No. Everything happens in your browser; the private key never leaves your device unless you download or copy it yourself.
Related tools
- Password Generator — Generate strong, random passwords with a strength meter (crypto-secure).
- Hash Generator — SHA-256 / SHA-1 / SHA-384 / SHA-512 via the Web Crypto API.
- JWT Decoder — Decode JWT header & payload and inspect exp / iat (no verification).
- JWT Signer — Create and sign a JWT (HS256/384/512) from a payload and secret — Web Crypto.
- TOTP / 2FA Generator — Generate time-based one-time passwords (2FA codes) from a base32 secret.
- Base64 Encode / Decode — UTF-8 safe Base64 encoding and decoding.
All ArrayKit tools