WithusToolsWithusTools

ECDSA SSH Key Generator

security

Keys are never stored on the server. All generation runs in your browser.

Algorithm

Key Size

Passphrase (optional)

Encrypts the private key. Leave empty to generate an unencrypted key.

1. How to Use

  1. Select a curve: P-256 (fast, 128-bit security), P-384 (192-bit), or P-521 (256-bit).
  2. Click 'Generate' to create an ECDSA key pair.
  3. Optionally add a passphrase to encrypt the private key.
  4. Copy the public key (ecdsa-sha2-nistp256...) and add it to authorized_keys or your service.
  5. Use the private key with ssh -i or your SSH config.

2. How It Works

ECDSA uses elliptic curves over finite fields. For P-256 (secp256r1): curve equation y² = x³ - 3x + b over F_p with 256-bit prime p. The curve has order n (a large prime); the base point G has order n.

Private key: random integer d in [1, n-1]. Public key: Q = d × G (elliptic curve scalar multiplication).

Signing: Pick random k in [1, n-1]. Compute (x₁, y₁) = k × G. Let r = x₁ mod n; s = k⁻¹(H(m) + d·r) mod n. Signature = (r, s). If r or s is 0, repeat with new k.

Verification: w = s⁻¹ mod n; u₁ = H(m)·w mod n; u₂ = r·w mod n; (x₁, y₁) = u₁×G + u₂×Q. Accept if x₁ mod n = r.

3. About ECDSA

ECDSA provides security equivalent to RSA with much smaller keys. P-256 offers ~128-bit security with a 256-bit key, comparable to RSA-3072. Supported by OpenSSH and most modern servers and services.

This ECDSA SSH key generator creates keys for P-256, P-384, and P-521 (NIST curves). ECDSA offers a balance between Ed25519's efficiency and RSA's compatibility.

All key generation runs locally in your browser.

4. Advantages

  • Smaller keys: 256–521 bits vs 2048–4096 for RSA, with equivalent security.
  • Fast operations: Key generation and signing are faster than RSA.
  • Standard curves: NIST P-256, P-384, P-521 are widely supported.
  • Balance: Good compatibility with reasonable key sizes.

5. Real-World Use Cases

  • When Ed25519 is not supported: Some older systems support ECDSA but not Ed25519.
  • Regulatory: NIST curves may be required in certain environments.
  • Middle ground: Smaller keys than RSA, broader support than Ed25519 in some ecosystems.
  • TLS and PKI: ECDSA is used in certificates; SSH ECDSA keys follow similar standards.
← Back to SSH Key Generator← Back to home

More hash Tools

Hash Calculator
Base64 Encoder/Decoder
Password Generator
SSH Key Generator← All tools