SSH Key Generator
Generate Ed25519 or RSA SSH key pairs for secure server authentication. Keys are created in your browser and never leave your device.
Ed25519 vs RSA for SSH
Ed25519 is the modern choice for SSH keys. It uses Curve25519 — an elliptic curve designed for speed and resistance to implementation errors. Ed25519 keys are only 68 characters (public key), sign in microseconds, and are not vulnerable to poor random number generation unlike ECDSA (which leaks the private key if the same nonce is reused).
RSA remains the most widely supported option and is necessary for older servers and legacy systems that don't support Ed25519. RSA-4096 provides a higher security margin than RSA-2048 but is slower — RSA-2048 is still considered secure for most use cases. If your server supports Ed25519, always prefer it over RSA.
Security tip: Always protect your private key with a passphrase in production. Use ssh-keygen -p -f ~/.ssh/id_ed25519 to add a passphrase to an existing key. Store private keys only on trusted machines — never in version control or shared storage.
Ed25519: scalar multiplication on Curve25519. RSA: large prime generation and modular arithmetic.
Ed25519: 32-byte private scalar + 32-byte public point. RSA: primes, modulus, public and private exponents.
Magic bytes ('openssh-key-v1\0') + cipher/kdf fields + key type string + length-prefixed key material
The binary wire format Base64-encoded and line-wrapped at 70 characters
Public key: 'ssh-ed25519 BASE64 comment' — paste into ~/.ssh/authorized_keys to grant access
Spec: RFC 8709 (Ed25519 SSH), RFC 4253 (SSH Transport), RFC 4716 (SSH public key)