Key pairs (RSA / EC)
Public and Private Key Generator
Runs in your browser using WebCrypto — no network requests.
Local only Key pair
Options
Choose a key type that matches how you’ll use it (signing vs encryption).
PurposeEC
CurveP-256 default
Quick mapping
- ECDSA P-256 → common for JWT ES256.
- ECDH is for deriving shared secrets (not signing).
Exportformat
FingerprintSHA-256 (public)
Tip: share public keys; keep private keys secret.
Output
Generate keys, then copy or download.
Public key fingerprint (SHA-256)
—
Private key (PEM / PKCS#8)
—Public key (PEM)
—What you’re generating
A public key can be shared to verify signatures or encrypt data to you. A private key must stay secret — it can sign or decrypt.
PEM vs JWK
- PEM is common for servers, CLIs, TLS, and OpenSSL workflows.
- JWK is common for JSON APIs (OAuth/OIDC, JWT key sets).
- For OIDC discovery, you typically publish public JWKs only.
Safety notes
- Prefer generating keys on a secure machine for production use.
- Store private keys in a secret manager / HSM when possible.
- Rotate keys and keep old public keys available during rollout.