WithusToolsWithusTools

Ed25519 SSH Key Generator

security

Keys are never stored on the server. All generation runs in your browser.

Algorithm

Passphrase (optional)

Encrypts the private key. Leave empty to generate an unencrypted key.

1. How to Use

  1. Click 'Generate' to create an Ed25519 key pair. No key size or curve selection is needed.
  2. Optionally enter a passphrase to encrypt the private key. Store the passphrase securely.
  3. Copy the public key (starts with ssh-ed25519) and add it to your server's ~/.ssh/authorized_keys.
  4. Save the private key securely. Use it with ssh -i <private_key_file> or configure your SSH config.
  5. Never share your private key. The public key is safe to share with any server or service.

2. How It Works

Ed25519 is based on the Curve25519 elliptic curve and the EdDSA (Edwards-curve Digital Signature Algorithm). The curve equation is y² = x³ + 486662x² + x over the finite field F_p where p = 2²⁵⁵ - 19.

Private key: 32-byte (256-bit) cryptographically secure random scalar. Public key: A = a × B, where B is the standard base point on Curve25519 and a is the private scalar. The multiplication is elliptic curve scalar multiplication.

EdDSA signing: Compute h = H(a) (SHA-512 of private key), derive secret scalar from h. For message m: k = H(h₂₅₆||m) mod L, R = k × B, S = (k + H(R||A||m) · a) mod L. Signature = (R, S). Verification uses R, S, A, and m to check the equation.

Security: Equivalent to ~128-bit symmetric security. Resistant to side-channel attacks due to constant-time operations. No known practical attacks on full Ed25519.

3. About Ed25519

Ed25519 is the recommended algorithm for new SSH keys. It produces compact 256-bit keys, offers strong security, and is faster than RSA and ECDSA for both key generation and operations.

This Ed25519 SSH key generator creates OpenSSH-format keys in your browser. Ed25519 is supported by OpenSSH 6.5+, most modern servers, GitHub, GitLab, and cloud providers.

All key generation runs locally using the Web Crypto API. Your private key is never transmitted.

4. Advantages

  • Best security: 128-bit equivalent security with small keys and fast operations.
  • Smallest keys: 68-byte public key vs 392+ bytes for RSA-4096.
  • Fastest: Key generation and signing are significantly faster than RSA and ECDSA.
  • Modern standard: Recommended by OpenSSH, NIST, and many security guidelines.
  • Deterministic: No random k in signing (derived from message); avoids implementation pitfalls.

5. Real-World Use Cases

  • Default choice for new SSH keys: Use Ed25519 unless you need RSA compatibility.
  • GitHub/GitLab: Add your Ed25519 public key for secure git push and pull.
  • Servers and VPS: Add to authorized_keys for SSH login to Linux servers.
  • Docker and Kubernetes: Use for container registry authentication or cluster access.
  • CI/CD: Generate short-lived Ed25519 keys for pipelines.
← Back to SSH Key Generator← Back to home

More hash Tools

Hash Calculator
Base64 Encoder/Decoder
Password Generator
SSH Key Generator← All tools