SSH Key Generator Guide: Create and Install an Ed25519 Key
How SSH keys work, why Ed25519 is the modern default, and how to generate, protect and install a key pair — all without trusting a server with your private key.
Open the SSH Key Generator →What this tool does
The SSH Key Generator creates a public/private key pair in the OpenSSH format your SSH client and Git host expect. It runs the key generation in your browser with the Web Crypto API, so the private key — the secret half — is created on your machine and never sent anywhere. The output is byte-for-byte the same format as ssh-keygen.
How SSH keys work
An SSH key pair is asymmetric: the private key stays on your computer, and the matching public key is placed on the server. When you connect, the server challenges you to prove you hold the private key, without it ever crossing the network. That is why key auth is stronger than a password — there is no shared secret to steal in transit, and the private key can (and should) be protected with a passphrase.
Ed25519 or RSA?
Choose Ed25519. It produces small, fast keys with excellent security and is supported by every current system, including GitHub and GitLab. RSA is only for legacy hosts that lack Ed25519 support; if you need it, use 4096 bits. Older DSA and ECDSA-with-weak-curves keys are best avoided entirely.
Installing the key
Save the private key and install the public key where you want to log in:
# save the private key and lock it down
mv id_ed25519 ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
# add a passphrase (recommended)
ssh-keygen -p -f ~/.ssh/id_ed25519
# a server: append the PUBLIC key to authorized_keys
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@host
# a Git host: paste the PUBLIC key into Settings → SSH keys
Only ever share the .pub file. The private key is a credential — treat it like a password.
Protecting the private key
This tool outputs an unencrypted private key so it works in any browser without extra dependencies. Add a passphrase immediately with ssh-keygen -p as shown above; that encrypts the on-disk key so a stolen laptop does not hand over your access. Combined with an SSH agent, you type the passphrase once per session, not per connection.
Privacy
Everything happens in your browser. The private key is generated locally and is never transmitted — you can disconnect from the network after the page loads and generation still works. Generating keys on a remote server, by contrast, requires trusting that server with the one secret you should never share.
Ready to try it? Open the SSH Key Generator →