RSA / EC Key Pair Generator

Generate cryptographically secure signing key pairs for RS256/384/512 or ES256/384/512 algorithms. You can drop the generated public key straight into the JWT Validator.

RSASSA-PKCS1-v1_5, 2048-bit modulus, SHA-256

RSA & Elliptic Curve (EC) Key Pair Generator Online

Need to sign JSON Web Tokens (JWTs) or secure server communications? Our free online Cryptographic Key Generator creates mathematically secure RSA (RS256, RS384, RS512) and Elliptic Curve (ES256, ES384) public/private key pairs directly in your browser. Easily export them in both PEM and JWK (JSON Web Key) formats.

Zero-Trust Security: Private keys are generated using the Web Crypto API on your local machine. They are never sent over the network. Once generated, they exist only in your browser's memory until you copy or download them.

Core Features

  • RSA Key GenerationGenerate standard RSA key pairs with modulus lengths of 2048, 3072, or 4096 bits. Perfect for RS256 JWT signing and standard asymmetric encryption.
  • Elliptic Curve (ECDSA)Generate modern, highly efficient EC key pairs using P-256, P-384, or P-521 curves. EC keys offer the same security as RSA but with drastically smaller key sizes.
  • Dual Output FormatsInstantly view and copy your keys in both standard Base64-encoded PEM formats (for OpenSSL/backend configs) and raw JWK formats (for modern web/OIDC implementations).

Understanding PEM vs JWK

PEM Format (Public Key)
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAuW4wK+C+s...
... (Base64 Encoded Data) ...
...yQn7wida/O4mB8QIDAQAB
-----END PUBLIC KEY-----
Standard format used by OpenSSL, NGINX, and most traditional backend languages (Node, Python, Go).
JWK Format (Public Key)
{
  "kty": "RSA",
  "e": "AQAB",
  "n": "uW4wK-C-s...",
  "alg": "RS256",
  "use": "sig"
}
JSON Web Key format. Highly preferred for web apps, JWKS endpoints, and OIDC identity providers.

Frequently Asked Questions

Is it safe to generate private keys in a browser?
Yes, provided you trust the device you are using. This tool utilizes the browser's native window.crypto.subtle API, which relies on the operating system's secure random number generator. Keys are generated entirely client-side and never leave your machine.
Should I use RSA or Elliptic Curve (EC)?
For modern applications, Elliptic Curve (EC) is generally recommended. An EC key (like P-256) offers the same cryptographic strength as a 3072-bit RSA key, but creates significantly smaller signatures. This results in much smaller JWTs and faster network transmission. However, RSA is older and slightly more universally supported in legacy systems.