RSA Key Pair Generator - RSA & Ed25519 Online
Generate RSA (2048/4096-bit) and Ed25519 key pairs in your browser. Export as PEM or JWK format — 100% client-side, no server involved.
Frequently Asked Questions
What is an RSA Key Pair Generator?
An RSA Key Pair Generator creates a mathematically linked pair of cryptographic keys — a public key and a private key — using the RSA algorithm. The public key encrypts data or verifies signatures, while the private key decrypts data or creates signatures. This tool uses the browser's native Web Crypto API to generate keys securely without sending any data to a server.
How do I use this tool?
Select your algorithm (RSA-2048, RSA-4096, or Ed25519), choose your output format (PEM or JWK), and click 'Generate Key Pair'. The tool generates both keys instantly in your browser. Copy either key using the copy button, or download as a .pem file. Store your private key securely and never share it.
Is my key data safe? Does it get sent to a server?
Your key data is 100% safe and never leaves your browser. This tool uses the Web Crypto API (crypto.subtle.generateKey) to generate keys entirely on your device — the same cryptographic engine used for HTTPS/TLS connections. No key material is transmitted to any server, no analytics track your keys, and no data is stored beyond your browser tab's memory.
What is the difference between RSA and Ed25519?
RSA is a widely used algorithm supporting both encryption and signing with key sizes of 2048-4096 bits. Ed25519 is a modern elliptic curve algorithm that only supports signing/verification but offers smaller keys (256 bits), faster operations, and equivalent security to RSA-3072. Ed25519 is recommended by GitHub and GitLab for SSH authentication. Use RSA for JWT signing and general encryption, Ed25519 for SSH keys.
What are PEM and JWK formats?
PEM (Privacy-Enhanced Mail) is a text-based format wrapping Base64-encoded key data between header/footer markers like '-----BEGIN PRIVATE KEY-----'. It's the standard for SSH, OpenSSL, and TLS certificates. JWK (JSON Web Key) is a JSON-based format defined in RFC 7517, commonly used in web applications, JWT libraries, and OAuth/OIDC providers. PEM is best for server configuration, JWK for web APIs.
Can I use the generated keys for SSH authentication?
Yes, with some caveats. This tool generates keys in PKCS#8/SPKI PEM format. Modern OpenSSH supports PKCS#8 PEM directly — save the private key to a file with chmod 600 permissions and use 'ssh -i key.pem user@host'. To convert to OpenSSH native format, use 'ssh-keygen -p -m pem -f key.pem'. For the best SSH experience, we recommend ssh-keygen on the command line.
Code Examples
// RSA-2048 Key Pair Generation (Web Crypto API)
async function generateRSAKeyPair(bits = 2048) {
const keyPair = await crypto.subtle.generateKey(
{
name: 'RSA-OAEP',
modulusLength: bits,
publicExponent: new Uint8Array([1, 0, 1]),
hash: 'SHA-256',
},
true,
['encrypt', 'decrypt']
);
const privDer = await crypto.subtle.exportKey('pkcs8', keyPair.privateKey);
const pubDer = await crypto.subtle.exportKey('spki', keyPair.publicKey);
const toPem = (der, label) => {
const b64 = btoa(String.fromCharCode(...new Uint8Array(der)));
const lines = b64.match(/.{1,64}/g).join('\n');
return `-----BEGIN ${label}-----\n${lines}\n-----END ${label}-----`;
};
console.log(toPem(privDer, 'PRIVATE KEY'));
console.log(toPem(pubDer, 'PUBLIC KEY'));
}
generateRSAKeyPair();