Tuttilo

Key Pair Generator

Generate RSA or ECDSA cryptographic key pairs in PEM format

Related Tools

Base64 Encoder

Encode and decode text and files to Base64

Try now

Password Generator

Generate strong, secure passwords with customizable options

Try now

Hash Generator

Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes

Try now

UUID Generator

Generate random UUID v4 identifiers

Try now

Key Pair Generator - Generate RSA/ECDSA Keys Online

Generate cryptographic key pairs directly in your browser using the Web Crypto API. Choose between RSA (2048 or 4096 bit) and ECDSA (P-256 curve) algorithms.

Select your desired algorithm: RSA with 2048 or 4096-bit key size, or ECDSA with the P-256 elliptic curve. Click generate, and the tool creates a cryptographic key pair using your browser's Web Crypto API. The private key and public key are both displayed in PEM format, ready to copy or download. Private keys are generated using cryptographically secure random number generation. For RSA, the public exponent is 65537. For ECDSA, the NIST P-256 curve provides equivalent security to 3072-bit RSA. Store your private key securely—it never leaves your browser during generation.

Developers create key pairs for testing SSL/TLS implementations without exposing production keys. System administrators generate new keys for web servers, VPNs, or SSH access. Cryptocurrency enthusiasts experiment with public-key cryptography concepts. Security students learn about asymmetric encryption by generating and examining real key pairs. IoT developers create device-specific keys for mutual TLS authentication. Certificate authorities generate intermediate signing keys in air-gapped environments for maximum security.

Never generate production keys on a shared or untrusted computer—use a secure, offline machine for critical keys. RSA 4096-bit keys provide better future security but are slower for operations than 2048-bit keys; choose based on your security vs. performance needs. ECDSA keys are much smaller than equivalent RSA keys and faster to generate, making them ideal for IoT and mobile applications. Always store private keys encrypted at rest using strong passwords. For SSH, you'll need to convert the PEM format to OpenSSH format using ssh-keygen. Public keys can be freely shared, but treat private keys like passwords—never commit them to version control.

All processing happens directly in your browser. Your files never leave your device — no server uploads, no cloud storage, no data retention. The tool works offline once loaded, requires no registration, and is completely free with no usage limits.

Frequently Asked Questions

Is it safe to generate keys in the browser?

Yes, the Web Crypto API uses cryptographically secure random number generation. Keys are generated entirely in your browser and never leave your device.

What key size should I choose?

RSA 2048-bit is sufficient for most use cases. RSA 4096-bit provides extra security. ECDSA P-256 offers equivalent security to RSA 3072 with smaller keys.

What format are the keys in?

Public keys are in SPKI (SubjectPublicKeyInfo) PEM format. Private keys are in PKCS#8 PEM format. Both are widely supported.

Can I use these keys for SSL certificates?

The public key can be used as part of a CSR (Certificate Signing Request) process, but generating a full CSR requires additional tools like OpenSSL.