Ed25519 Sign + Verify (Message Authentication)

Ed25519 is the modern default for digital signatures — used by OpenSSH, GitHub, signing for git commits, Tor onion v3 addresses, age encryption. This tool generates Ed25519 keypairs, signs messages with the private key, and verifies signatures with the public key. All browser-side.

How to use the Ed25519 Sign + Verify (Message Authentication)

Click Generate new keypair to get a fresh Ed25519 keypair. Type a message, click Sign to produce a signature. Anyone with the public key can use Verify to confirm the signature.

Ed25519: fast, modern signatures

Ed25519 is a digital signature scheme — the EdDSA algorithm applied to the Curve25519 elliptic curve. A signer holds a 32-byte private key and publishes the matching public key; signing a message produces a 64-byte signature that anyone with the public key can verify, but that nobody can forge without the private key. Unlike RSA it needs no parameter choices, and unlike older ECDSA curves it is deterministic, so the same message and key always yield the same signature.

It has become the default for new systems because it is fast, the keys and signatures are small, and the implementation resists the timing and bad-randomness pitfalls that broke earlier schemes. You will find it behind OpenSSH keys, signed Git commits, the age encryption tool, Tor v3 onion addresses, and many package-signing pipelines. This tool runs the same primitive through the browser WebCrypto API, so keys never leave your machine.

Common use cases

  • Learning the scheme — generate a keypair and watch how the public key verifies a signature the private key produced.
  • Testing a verifier — produce known-good signatures to feed into code that checks Ed25519 elsewhere.
  • Debugging signature mismatches — confirm whether a message, key, or signature is the part that is wrong.
  • Demonstrating tamper detection — change one character of a signed message and see verification fail.
  • Prototyping — sketch a signing flow before wiring it into a real key store.

Frequently asked questions

How is Ed25519 different from RSA signatures?

Ed25519 keys are tiny (32 bytes) and signing is fast, where RSA keys are thousands of bits and slower. Ed25519 also has no parameters to misconfigure, which removes a whole class of mistakes. RSA still appears where older systems or certificates require it.

Is the private key safe in this tool?

Keys are generated and used entirely in your browser through the WebCrypto API and are never sent anywhere. That said, treat any key you paste into a web page as a test key — generate production keys in your own secure environment.

Why does the same message always give the same signature?

Ed25519 is deterministic: it derives its internal nonce from the key and message rather than from a random number. That avoids the catastrophic key leak that happens when an ECDSA nonce is reused, and makes signatures reproducible.

What is the difference between Ed25519 and Curve25519?

Curve25519 is the underlying elliptic curve. The same curve is used for key exchange (X25519) and, in the Edwards form, for signatures (Ed25519). This tool does signatures, not key exchange.
Embed this tool on your site

Free to embed, no attribution required (but appreciated). Paste this where you want the tool to appear: