EncryptCodecencryptcodec
Tools/EC Key Generator

EC Key Generator

Generate elliptic curve key pairs (P-256, P-384, P-521) in PEM or JWK format using the Web Crypto API. Ideal for JWT ES256/ES384/ES512, TLS certificates, and ECDSA digital signatures.

Keys are generated locally — never transmitted anywhere
P-256Most widely supported. Use for JWT ES256, TLS 1.3, and general ECDSA.

EC vs RSA

Elliptic curve keys offer equivalent security at much smaller key sizes — a P-256 key provides ~128-bit security, comparable to a 3072-bit RSA key, but with faster key generation, smaller signatures, and lower CPU usage. PEM format works with OpenSSL, Node.js, and most TLS stacks. JWK format is preferred for JWT libraries and web APIs. Never use browser-generated keys in production — use a hardware HSM or KMS for production workloads.

How it works
Elliptic Curve Key Generation (ECDSA)
01Curve

Choose P-256, P-384, or P-521 — defines the finite field, equation, and base point G

02Private key k

Random integer k in [1, n−1] where n is the curve order — generated by the OS CSPRNG

03Public key Q

Q = k × G — scalar multiplication of k with the base point G (one-way: easy forward, hard to reverse)

04Export

Private key as PKCS#8 PEM or JWK (with 'd' field). Public key as SPKI PEM or JWK (with 'x', 'y' fields)

Spec: FIPS 186-4 (P-256/P-384/P-521), RFC 5915 (EC private key), RFC 5480 (EC public key)

EC security relies on the hardness of the elliptic curve discrete log problem. P-256 provides ~128-bit security — equivalent to RSA-3072 — at 1/25th the key size.

Frequently Asked Questions

Keep learning

Encryption Match
Symmetric vs asymmetric vs hashing
Game
EC Keys & ECDSA Guide
Complete guide to elliptic curve keys
Guide