SSH Key Generator

Generate RSA and Ed25519 SSH key pairs entirely in your browser. Keys are never sent to any server.

Never share your private key. Keep it secure and never upload it to any website, including this one. Only share your public key.

Key Type

Comment (optional label, e.g. your email)

Which key type should I use?

Ed25519 — Recommended. Smaller keys, faster, more secure against certain attacks. Use this unless you need legacy compatibility.
RSA-2048 — Supported everywhere. Good for older systems or services that don't support Ed25519.
RSA-4096 — Maximum RSA security, slower to generate and use. Only needed for very high-security environments.

How to use your SSH keys

1 Download both files to ~/.ssh/
2 Set permissions: chmod 600 ~/.ssh/id_ed25519
3 Copy your public key to the server's ~/.ssh/authorized_keys
4 Connect: ssh -i ~/.ssh/id_ed25519 user@host

100% client-side — your keys never leave this device.

Key generation uses the browser's built-in window.crypto.subtle API. No data is sent to any server, no analytics are collected for key operations, and nothing is stored after you close the page.

Frequently Asked Questions

Is it safe to generate SSH keys in a browser?

Yes — as long as you trust the page's code. This tool uses the Web Crypto API, which performs all operations locally. Keys are never transmitted anywhere.

What is the comment field for?

The comment is a human-readable label appended to the public key. Typically your email or user@hostname. It doesn't affect the key's cryptographic properties.

What is the fingerprint?

The fingerprint is a short SHA-256 hash of the public key. Servers display it when you first connect so you can verify you're connecting to the right host. You can compare it with ssh-keygen -l -f id_ed25519.pub.

Can I add a passphrase to the private key?

Not in this tool — it generates unencrypted private keys. To add a passphrase after downloading, run: ssh-keygen -p -f ~/.ssh/id_ed25519