SSH key generator
ClientEd25519 or RSA 2048 key pairs as PEM, generated locally. Inspect certificates with PEM / X.509 viewer.
About SSH key generator
Generate Ed25519 or RSA 2048 key pairs as PEM in the browser—optional OpenSSH public line for Ed25519. The interactive transform on this page runs in your browser tab—Toolcore does not need your paste for the core operation described above.
How to use this page
Paste or type in the main workspace, run the primary action from the toolbar, then copy or download the result. Use Load example when the page offers it, or URL prefill (?q= / ?qb=) so agents and tickets open the same input.
Limits and safety
Utilities here are for development and inspection—do not paste live production keys, PANs, or recovery codes into any browser tab you do not control.
Generate key pair
?
Keys are created in your browser. PKCS#8 / SPKI PEM format; Ed25519 also shows an OpenSSH single-line public key. Not a replacement for production key ceremony.
Nearby workflows on Toolcore
- PEM / X.509 viewer — Decode PEM certificates in the browser—subject, issuer, validity; paste only what you trust. before you trust a token, digest, or key material in production.
- OAuth PKCE generator — RFC 7636 code_verifier plus S256 code_challenge (SHA-256, base64url)—Web Crypto in your tab, no upload. before you trust a token, digest, or key material in production.
- JWT sign & verify — Sign HS256/384/512 JWTs or verify HMAC signatures in the browser—pair with JWT decode for claims. before you trust a token, digest, or key material in production.
- JWT decode — Inspect JWT header and payload as JSON in browser; signature not verified. before you trust a token, digest, or key material in production.
Common use cases
- Create throwaway keys for lab VMs or CI sandboxes before installing ssh-keygen.
- Copy an OpenSSH-format Ed25519 public line for authorized_keys drafts.
- Compare PEM output with your platform’s ssh-keygen for learning.
Common mistakes to avoid
Using browser keys in production without ceremony
Generate production keys on a trusted host with proper storage and rotation.
Expecting OpenSSH private key format for RSA
RSA output is PKCS#8 PEM—convert with ssh-keygen if your workflow requires legacy OpenSSH private keys.
FAQ
Are private keys sent to Toolcore?
No. Keys are generated with Web Crypto in your tab.
Which algorithm should I pick?
Ed25519 is modern and compact for SSH. RSA 2048 remains common for older systems.
More tools
Related utilities you can open in another tab—mostly client-side.
PEM / X.509 viewer
ClientDecode PEM certificates in the browser—subject, issuer, validity; paste only what you trust.
OAuth PKCE generator
ClientRFC 7636 code_verifier plus S256 code_challenge (SHA-256, base64url)—Web Crypto in your tab, no upload.
JWT sign & verify
ClientSign HS256/384/512 JWTs or verify HMAC signatures in the browser—pair with JWT decode for claims.
JWT decode
ClientInspect JWT header and payload as JSON in browser; signature not verified.