SSH Key Generator — Ed25519
A ready-to-use Ed25519 key pair in OpenSSH format, generated locally.
$ ssh-keygen -t ed25519
Why Ed25519?
Ed25519 has been the recommended SSH key type for years: keys are tiny (a 68-character public key line), signing is fast, and the algorithm has none of RSA's parameter pitfalls — no key-size decisions, no padding oracles. It's supported by OpenSSH since 6.5 (2014), by GitHub, GitLab and every modern server. Unless a legacy system forces RSA on you, Ed25519 is the right default.
Using the generated key
Save the private key to ~/.ssh/id_ed25519 and the public key to ~/.ssh/id_ed25519.pub, then tighten permissions and load it:
chmod 600 ~/.ssh/id_ed25519 && ssh-add ~/.ssh/id_ed25519
Add the public key line to ~/.ssh/authorized_keys on servers, or paste it into GitHub/GitLab. The optional comment is embedded in both halves so you can recognize the key later.
Is generating SSH keys in a browser safe?
The key pair is created by your own browser's crypto.subtle.generateKey() — audited native code, not JavaScript math — and the private key is displayed without ever being transmitted or stored; you can verify in the network tab that nothing leaves the page. That said, for high-value production keys the gold standard remains generating them yourself with ssh-keygen -t ed25519, so the private key never touches a rendered web page at all. This tool is ideal for test environments, CI sandboxes, containers and short-lived machines.
Nothing leaves your browser
- Every value comes from
crypto.getRandomValues()— the CSPRNG built into your browser, neverMath.random(). - Generated secrets are never transmitted, logged or stored: no server-side generation, no cookies, no localStorage.
- Verify it yourself in the network tab: after loading, the page only talks to our self-hosted, cookie-less analytics — which counts page views and which generator type gets copied, never any value.
- Strict Content-Security-Policy; no third-party script origins.