ECDSA & Ed25519 Key Generator

What is ECDSA & Ed25519 Key Generator?

The ECDSA & Ed25519 Key Generator is a free in-browser tool for producing elliptic-curve key pairs and exercising digital signatures. Developers, security engineers, and students use it to test signing and verification flows, generate keys for JWTs or SSH-style workflows, and learn how ECDSA and EdDSA differ without installing OpenSSL. Choose a curve from the Curve menu, click Generate to mint a fresh key pair, and copy the public and private keys in PEM or JWK form. Then type a message, click Sign to produce a Base64 signature, and the tool verifies it against the public key automatically, showing whether the signature is valid. P-256 and P-384 are handled by the browser's native Web Crypto ECDSA, while Ed25519 is computed by the @noble/curves library loaded only when you pick it.

How to use ECDSA & Ed25519 Key Generator

1. Choose a curve from the Curve menu: P-256 or P-384 (ECDSA via Web Crypto) or Ed25519 (EdDSA).
2. Pick PEM or JWK as the export format for the keys.
3. Click Generate keys to mint a fresh random key pair; the public and private keys appear below.
4. Copy the public or private key with the copy button to use it elsewhere.
5. Type a message and click Sign to produce a Base64 signature.
6. Read the verification result: the tool checks the signature against the public key on its own and tells you if it is valid.

Examples

Curve: P-256, Format: PEM, click Generate keys

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD...
-----END PUBLIC KEY-----

Curve: Ed25519, message: "hello noble", click Sign

Signature (Base64): 3Lq8...== — verification result: Signature is valid.

Curve: Ed25519, Format: JWK

{ "kty": "OKP", "crv": "Ed25519", "x": "11qYAYK..." }

Frequently asked questions

Are the private keys sent anywhere?

No. Key generation, signing, and verification all run locally in your browser using the Web Crypto API (for P-256/P-384) and the @noble/curves library (for Ed25519). The private key is held only in memory on this page, is never uploaded, and disappears when you close the tab, so the tool works offline.

What is the difference between ECDSA and Ed25519?

ECDSA over P-256/P-384 is the long-established NIST standard used by TLS certificates and many JWTs. Ed25519 is a modern EdDSA scheme that is faster, has fixed-size signatures, and avoids several footguns of ECDSA. Pick whichever your target system requires.

What do PEM and JWK mean?

PEM wraps the binary key in a Base64 text block with BEGIN/END headers, the form OpenSSL and most servers expect. JWK is a JSON object describing the key, common in web and OAuth/JWT contexts. Switch the format before generating to get the encoding you need.

How is the signature encoded?

The signature is shown as Base64. For ECDSA it is the raw r||s value produced by Web Crypto; for Ed25519 it is the 64-byte EdDSA signature. You can paste a Base64 signature back into the field to verify it against the generated public key.

Can I verify a signature I created elsewhere?

You can verify against the key pair generated here: paste your message and a Base64 signature, and the tool checks it with the matching public key. Importing an external key pair is not supported in this tool.