RSA / ECDSA Key Generator

Security

Generate RSA, RSA-PSS and ECDSA public/private key pairs in PEM format entirely in your browser. Supports RS256/384/512, PS256/384/512, ES256/384/512. Keys never leave your device.

Key generation happens entirely in your browser via the WebCrypto API — keys never leave your device.

Key size

Public Key

Public key will appear here

Private Key

Private key will appear here

About RSA / ECDSA Key Generator

Generate RSA, RSA-PSS and ECDSA public/private key pairs directly in your browser using the native WebCrypto API. Supports all nine JWT asymmetric algorithms — RS256/384/512, PS256/384/512, ES256/384/512 — with configurable RSA key sizes (2048 or 4096-bit) and automatic ECDSA curve selection (P-256, P-384, P-521). Keys are output in standard PKCS8/SPKI PEM format, ready to copy or download. Nothing is ever sent to a server.

Features

✓All 9 asymmetric JWT algorithms: RS256/384/512, PS256/384/512, ES256/384/512
✓RSA and RSA-PSS keys at 2048 or 4096-bit modulus length
✓ECDSA keys on P-256, P-384 and P-521 curves (auto-selected per algorithm)
✓Standard PEM output — PKCS8 (private) and SPKI (public)
✓One-click copy and direct download (.pem) for each key
✓Private-key warning banner displayed immediately after generation
✓100% client-side via WebCrypto API — keys never leave your browser

Common Use Cases

Generating RS256/RS512 signing keys for JWT authentication flows
Creating ECDSA key pairs for compact ES256 JWTs in mobile and IoT contexts
Producing RSA-PSS keys for standards-compliant PS256/PS512 JWT signing
Bootstrapping local PKI environments and self-signed certificate material
Teaching asymmetric cryptography and WebCrypto API usage in workshops

Frequently Asked Questions

QWhich algorithm should I use for JWTs?

ES256 (ECDSA P-256) is recommended for new projects — compact signatures, fast verification. RS256 is the most widely supported legacy choice. PS256 (RSA-PSS) is required by some strict FAPI/OpenBanking profiles.

QIs my private key safe?

Yes. All key generation happens entirely in your browser via the WebCrypto API. The private key is never transmitted anywhere and exists only in your current browser session.

QWhat RSA key size should I use?

2048-bit is the current minimum for production use. 4096-bit provides a higher security margin for long-lived or high-value keys.

QWhat is the difference between this tool and the SSH Key Generator?

This tool generates keys for JWT signing and verification. Keys are exported in PKCS8/SPKI PEM format — the format expected by JWT libraries (e.g. jsonwebtoken, jose, PyJWT) and OpenSSL. The SSH Key Generator produces keys for server authentication: public keys in authorized_keys wire format and private keys in the OpenSSH container format. Although both may use RSA or ECDSA internally, the output formats and intended use cases are different and not interchangeable.

QCan I use these keys with OpenSSL or Node.js?

Yes. The PKCS8/SPKI PEM format is standard and works directly with OpenSSL, Node.js crypto, Java, Python (cryptography library) and most JWT libraries.

RSA / ECDSA Key Generator

Security

Generate RSA, RSA-PSS and ECDSA public/private key pairs in PEM format entirely in your browser. Supports RS256/384/512, PS256/384/512, ES256/384/512. Keys never leave your device.

Key generation happens entirely in your browser via the WebCrypto API — keys never leave your device.

Key size

Public Key

Public key will appear here

Private Key

Private key will appear here

About RSA / ECDSA Key Generator

Features

✓All 9 asymmetric JWT algorithms: RS256/384/512, PS256/384/512, ES256/384/512
✓RSA and RSA-PSS keys at 2048 or 4096-bit modulus length
✓ECDSA keys on P-256, P-384 and P-521 curves (auto-selected per algorithm)
✓Standard PEM output — PKCS8 (private) and SPKI (public)
✓One-click copy and direct download (.pem) for each key
✓Private-key warning banner displayed immediately after generation
✓100% client-side via WebCrypto API — keys never leave your browser

Common Use Cases

Generating RS256/RS512 signing keys for JWT authentication flows
Creating ECDSA key pairs for compact ES256 JWTs in mobile and IoT contexts
Producing RSA-PSS keys for standards-compliant PS256/PS512 JWT signing
Bootstrapping local PKI environments and self-signed certificate material
Teaching asymmetric cryptography and WebCrypto API usage in workshops

Frequently Asked Questions

QWhich algorithm should I use for JWTs?

QIs my private key safe?

Yes. All key generation happens entirely in your browser via the WebCrypto API. The private key is never transmitted anywhere and exists only in your current browser session.

QWhat RSA key size should I use?

2048-bit is the current minimum for production use. 4096-bit provides a higher security margin for long-lived or high-value keys.

QWhat is the difference between this tool and the SSH Key Generator?

QCan I use these keys with OpenSSL or Node.js?

Yes. The PKCS8/SPKI PEM format is standard and works directly with OpenSSL, Node.js crypto, Java, Python (cryptography library) and most JWT libraries.

RSA / ECDSA Key Generator

Related Tools

About RSA / ECDSA Key Generator

Features

Common Use Cases

Frequently Asked Questions

See Also

RSA / ECDSA Key Generator

Related Tools

About RSA / ECDSA Key Generator

Features

Common Use Cases

Frequently Asked Questions

See Also