Ed25519 Keypair Generator

Generate an Ed25519 keypair in your browser. Ed25519 is the modern default for SSH, signing JWTs with EdDSA, and an option in OpenPGP — smaller keys, faster signing/verification, and resistant to several attacks that historically threatened other curves. Generation uses native WebCrypto where available.

Output format Comment (for SSH)

Public key

Private key

How to use the Ed25519 Keypair Generator

Pick output format. OpenSSH format (the default) gives you a public key suitable for pasting into ~/.ssh/authorized_keys and a corresponding private key in OpenSSH's preferred format. PEM gives standard PKCS#8 private and SPKI public for use with most non-SSH libraries. Raw hex shows the underlying 32-byte private + 32-byte public for educational or low-level use.

About Ed25519 Keypair Generator

Ed25519 is an elliptic-curve signature scheme designed by Daniel J. Bernstein in 2011. Compared to RSA: keys are 32 bytes instead of 256+ bytes; signature operations are roughly 100x faster; the implementation is simpler and avoids several historical pitfalls (no need for cryptographic random numbers during signing, no malleable signatures, side-channel-resistant by construction). All modern protocols that need signing have adopted it: SSH, JWT EdDSA, modern OpenPGP, Signal, Tor, etc.

The trade-off versus RSA is interoperability with legacy systems. Older SSH servers, older TLS implementations, and older JWT libraries may not support Ed25519. For any new system you control end-to-end, Ed25519 is the right choice. For SSH specifically, GitHub, GitLab, and all major cloud providers accept Ed25519 keys.

Common use cases

SSH keys — replace older RSA keys with Ed25519 for faster, smaller, more secure auth.
JWT EdDSA tokens — modern alternative to RS256 with smaller token size.
Git commit signing — modern OpenPGP supports Ed25519.
Application-level signatures — sign API responses, audit logs, configuration manifests.

Frequently asked questions

Why does my older SSH server reject the key?

OpenSSH 6.5+ supports Ed25519 (released 2014). Anything older needs to be upgraded \xE2\x80\x94 or use RSA for that specific server.

Is Ed25519 quantum-safe?

No — like RSA and other current public-key systems, Ed25519 would be broken by a sufficiently large quantum computer. Post-quantum signatures (Dilithium, etc.) are still being standardised.

Why is the OpenSSH private key longer than the raw 32 bytes?

OpenSSH private keys include the public key, the comment, optional passphrase encryption, and OpenSSH metadata. The raw cryptographic private key is still 32 bytes; the rest is OpenSSH's container.