Should I pick RSA or ECDSA?

For new applications, ECDSA on P-256 is the modern preference: smaller keys, faster signing, equivalent security. RSA remains common for compatibility with legacy systems and certificate authorities.

What does the PEM format actually contain?

A Base64-encoded ASN.1 DER structure. The PEM headers (BEGIN PRIVATE KEY) are markers; the body between them is the same binary data any TLS or SSH library expects.

Is the private key safe to generate in a browser?

The Web Crypto API uses the OS secure random source for key generation, so the entropy is the same quality as openssl on a server. The key never leaves your tab — but you should still treat it like any other secret.

Can I use the keys for SSH?

The keys are PKCS#8 PEM format. Tools like ssh-keygen accept this format directly; some older OpenSSH versions may need a one-line conversion.

Why is RSA-4096 generation slow?

Generating a 4096-bit RSA key requires finding two large random primes, which can take several seconds even with native crypto. Most users do not need a key this large.

Asymmetric Key Generator | free cool tools online

How It Works

The Asymmetric Key Generator creates RSA or elliptic-curve key pairs entirely in your browser using the Web Crypto API. Choose RSA with a key size of 2048, 3072, or 4096 bits, or ECDSA on the standard NIST curves (P-256, P-384, P-521), and the tool generates a fresh public/private pair, exporting both in PEM format with the canonical headers (-----BEGIN PUBLIC KEY-----, -----BEGIN PRIVATE KEY-----). RSA-2048 is the modern minimum for general use; RSA-3072 matches the security level recommended by NIST for new systems; RSA-4096 is overkill for most cases and noticeably slower. ECDSA on P-256 gives equivalent security to RSA-3072 at a fraction of the key size and signing cost, and is the preferred choice for new TLS, JWT, and signed-token applications. The private key never leaves your device — it is generated by the browser’s secure random source and rendered into the page, ready for you to copy or save. The accompanying public key can be shared freely; the private key must stay secret.

Use Cases

Generating key pairs for TLS certificate signing requests
Creating SSH key material for learning purposes
Producing test keys for JWT RS256 or ES256 signing
Demonstrating asymmetric cryptography concepts

Frequently Asked Questions

Should I pick RSA or ECDSA?: For new applications, ECDSA on P-256 is the modern preference: smaller keys, faster signing, equivalent security. RSA remains common for compatibility with legacy systems and certificate authorities.
What does the PEM format actually contain?: A Base64-encoded ASN.1 DER structure. The PEM headers (BEGIN PRIVATE KEY) are markers; the body between them is the same binary data any TLS or SSH library expects.
Is the private key safe to generate in a browser?: The Web Crypto API uses the OS secure random source for key generation, so the entropy is the same quality as openssl on a server. The key never leaves your tab — but you should still treat it like any other secret.
Can I use the keys for SSH?: The keys are PKCS#8 PEM format. Tools like ssh-keygen accept this format directly; some older OpenSSH versions may need a one-line conversion.
Why is RSA-4096 generation slow?: Generating a 4096-bit RSA key requires finding two large random primes, which can take several seconds even with native crypto. Most users do not need a key this large.

How It Works

Use Cases

Frequently Asked Questions

Related Tools