Don't like ads? Go Ad-Free Today 

ECDSA / Ed25519 Key Generator

DeveloperSecurity

ADVERTISEMENT · REMOVE?

INPUT

OUTPUT

Client Side

Private Key

Public Key

ADVERTISEMENT · REMOVE?

Guide

ECDSA / Ed25519 Key Generator

Generate cryptographically secure elliptic-curve key pairs in your browser using the Web Crypto API. Pick Ed25519, ECDSA P-256, or ECDSA P-384, and export in PEM (PKCS8/SPKI), JWK, or raw hex format. Useful for JWT signing (ES256, EdDSA), Signal-style protocols, libsodium interop, and any general-purpose elliptic-curve cryptography that is not OpenSSH-flavored.

How to Use

Pick the algorithm: Ed25519 for modern signature schemes, ECDSA P-256 for ES256 JWTs, ECDSA P-384 for ES384 JWTs.
Pick an output format: PEM for OpenSSL/Node/Python, JWK for jose / jsonwebtoken libraries, Raw Hex for low-level use.
Click Generate Key Pair. Both keys appear instantly.
Copy or download each key. The JWK Thumbprint (RFC 7638) is shown for use as a JWT kid header.

Features

100% client-side – Keys are generated by window.crypto.subtle.generateKey(); nothing is uploaded.
Three curves – Ed25519 (EdDSA), ECDSA P-256 (ES256), ECDSA P-384 (ES384).
Three output formats – PEM (PKCS8 private, SPKI public), JWK, and raw hex.
JWK Thumbprint – Auto-computed SHA-256 thumbprint per RFC 7638, perfect for the kid claim.
One-click copy and download – Files are named per algorithm with the right extension.
No telemetry – No analytics, no logging, no key escrow.

 FAQ

What is the difference between Ed25519 and ECDSA?

Ed25519 is an EdDSA scheme over the twisted Edwards curve Curve25519. It uses deterministic signatures, has a fixed key size (32 bytes), and is faster and harder to misuse than ECDSA. ECDSA over NIST curves like P-256 / P-384 predates Ed25519, requires a fresh secure random nonce per signature (a reused nonce leaks the private key), and is the format mandated by many older standards (TLS, JWT ES256/ES384, certificates).
What is PKCS8 versus SPKI?

PKCS8 (PrivateKeyInfo) is the standard ASN.1 / DER container for a private key, identifying the algorithm and wrapping the key material. SPKI (SubjectPublicKeyInfo) is the matching container for a public key, used inside X.509 certificates. PEM-encoded PKCS8 starts with -----BEGIN PRIVATE KEY----- and SPKI with -----BEGIN PUBLIC KEY-----.
What is a JWK Thumbprint and when do I use it?

RFC 7638 defines a JWK Thumbprint as a base64url-encoded SHA-256 hash of a canonicalized JSON Web Key. It is a stable, key-derived identifier you can put in the JWT kid header so the verifier can locate the right public key in a JWKS without leaking the key material. Two parties that exchange the same key will compute the same thumbprint.
Why use the Web Crypto API instead of a JavaScript library?

window.crypto.subtle calls the browser's native, audited cryptographic primitives, which back onto the operating system's CSPRNG. Pure JavaScript libraries depend on the JavaScript engine's Math.random or polyfilled randomness, are easier to backdoor via supply-chain attacks, and run slower because they cannot use CPU AES-NI / SHA extensions.
Are these keys safe to use in production?

The randomness is as strong as the browser's CSPRNG, which on modern operating systems is suitable for production keys. The risk is the runtime environment: a compromised device, a malicious browser extension, or a phishing page that loads its own version of the page can exfiltrate keys. For the highest-value secrets generate keys offline (openssl genpkey, hardware tokens, HSMs) or inside an air-gapped environment.