Key Pair Generator

Online tool generating encryption key pairs supporting multiple mainstream key formats and encodings. Quickly generates security-standard-compliant public and private keys suitable for SSH login, data encryption, and digital signatures.

Supported Key Types

RSA

Most widely used asymmetric encryption algorithm suitable for various encryption and signing scenarios.

• 512-bit: Testing only, not recommended for production
• 1024-bit: Lower security, no longer recommended
• 2048-bit: Standard security for most applications (recommended)
• 4096-bit: High security for extreme security requirements

ED25519

Modern elliptic curve encryption with high security and excellent performance, fixed 256-bit key length.

• Shorter keys with security equivalent to 3072-bit RSA
• Fast generation, efficient signing and verification
• Suitable for modern applications and high-performance scenarios

PKCS#8

Public-Key Cryptography Standard #8, universal private key format with good compatibility.

• Supports multiple encryption algorithms
• Readable by most crypto libraries
• Suitable for cross-platform and cross-language use

OpenSSH

SSH connection-specific key format directly used for SSH server configuration and client authentication.

• Compatible with OpenSSH services
• Directly usable on Linux/Unix systems
• Suitable for server remote login

Encoding Formats

Base64

Encodes binary data as ASCII characters, most common encoding format. Includes PEM format header/footer markers (BEGIN/END), directly usable in config files and command-line tools with best compatibility.

Hexadecimal

Encodes binary data as hex strings convenient for program processing. No format markers, just raw key data, suitable for programming debugging and data analysis.

How to Use

1. Select key type (RSA, ED25519, PKCS#8, OpenSSH)
2. Select encoding format (Base64 or hexadecimal)
3. Set key length (RSA, PKCS#8, OpenSSH only), recommend 2048-bit or higher
4. Page auto-generates key pair; click key area to copy
5. Click regenerate button for new key pair

Application Scenarios

• SSH remote login (OpenSSH format, add public key to server authorized_keys, save private key locally)
• HTTPS certificate application (RSA/PKCS#8 format for CSR generation)
• API interface signing (ED25519 for request signing and verification)
• Data encryption transmission (RSA key pairs for asymmetric encryption)
• Git commit signing (ED25519/RSA to prove committer identity)

Security Recommendations

• Safeguard private keys: Store securely, don't transmit over network or share
• Public keys can be public: Safely share with those needing to encrypt or verify signatures
• Rotate regularly: Recommend changing key pairs every 1-2 years
• Use sufficient key length: RSA minimum 2048-bit, 4096-bit more secure
• Choose appropriate algorithm: New projects recommend ED25519; legacy systems use RSA
• Don't reuse: Different services and purposes should use different key pairs

Important Notes

• All key generation completes locally in browser without uploading to servers
• Generated key pairs only display on current page; will be lost after refresh
• Must immediately copy and securely save generated keys, especially private keys
• 512-bit and 1024-bit RSA keys no longer secure, for testing only
• ED25519 key length fixed, no bit selection needed