SSH Key Generator
Generate an Ed25519 or RSA 4096 SSH key pair in the standard OpenSSH format — created entirely in your browser with the Web Crypto API. The private key never leaves your device, which is exactly why you should generate keys yourself rather than on a server.
New to this? Read the SSH key generator guide →
Keys are generated entirely in your browser with the Web Crypto API and encoded to the OpenSSH format locally. Nothing is uploaded — the private key never leaves this page, which is the whole point of generating it yourself rather than on someone else's server.
How to use the SSH key generator
- Pick a key type — Ed25519 is the modern default; RSA 4096 is for older systems that need it. Add a comment (usually your email) to label the key.
- Press Generate. Save the private key to ~/.ssh/id_ed25519 and add a passphrase, and add the public key to your server's authorized_keys or your Git host (GitHub, GitLab, etc.).
- Set permissions with chmod 600 ~/.ssh/id_ed25519, then test with ssh -T git@github.com.
Ed25519 vs RSA
Ed25519 keys are short, fast and secure, and are the recommended choice everywhere that supports them (all modern OpenSSH, GitHub, GitLab). RSA is only worth choosing for legacy systems that predate Ed25519 support — and if you do, use 4096 bits. There is no security reason to prefer RSA on a current system.
Why generate keys locally
A private key is a credential: anyone who has it can log in as you. Generating one on a remote website means trusting that site never to keep a copy — a bad idea by design. This tool runs the key generation in your own browser with the built-in Web Crypto API, so the private key is created on your machine and never transmitted. You can verify that by turning off your network after the page loads: generation still works.
Frequently asked questions
Is it safe to generate an SSH key in a browser?
With this tool, yes. The key pair is generated locally with the Web Crypto API and the private key is never uploaded — you can even disconnect from the network after the page loads and it still works. Generating a key on a remote server, by contrast, means trusting that server with your private key.
Should I choose Ed25519 or RSA?
Ed25519 for anything modern — it is smaller, faster and secure, and is supported by all current systems including GitHub and GitLab. Choose RSA 4096 only for legacy hosts that lack Ed25519 support.
How do I install the key?
Save the private key to ~/.ssh/id_ed25519 and run chmod 600 on it, then add the public key to authorized_keys on the server (or use ssh-copy-id) or paste it into the SSH settings of your Git host. Only ever share the .pub file.
Why is the private key not passphrase-protected?
It is generated unencrypted so it works in any browser. Add a passphrase immediately after saving it with ssh-keygen -p -f ~/.ssh/id_ed25519, which encrypts the on-disk key so a stolen device does not expose your access.