home  /  tools  /  keypair-generator-rsa-ec

Generate RSA / EC Keypair

Generate cryptographic keypairs for SSH access, JWT signing, S/MIME, or general public-key crypto. MiniMax Converter creates RSA (2048, 3072, 4096 bits) or Elliptic Curve (P-256, P-384, Ed25519) keypairs, exports as OpenSSH or PEM, and optionally encrypts the private key with a passphrase. Cross-platform — same output format as ssh-keygen.

Which key type when

Ed25519 — the modern default for SSH keys. Tiny (256-bit), fast, very strong. Use unless you need to support old servers. RSA 4096 — universal compat. Use for older systems that don't support Ed25519, or for X.509 certificates. RSA 2048 — minimum acceptable in 2026. ECDSA P-256/P-384 — used for X.509 certs more than SSH; faster than RSA at the same security level.

How to use it

  1. Open Tools → Security & Cryptography → RSA / EC keypair generator.
  2. Pick the algorithm: Ed25519 (recommended for SSH), RSA 4096, or one of the ECDSA curves.
  3. Optional: enter a passphrase to encrypt the private key.
  4. Pick output format: OpenSSH (for SSH use, produces id_ed25519 + id_ed25519.pub) or PEM (for OpenSSL / libcrypto consumers).
  5. Click Generate. Save the two files. Install the public key on the target server's ~/.ssh/authorized_keys.

For SSH specifically

On Linux/macOS, save the private key to ~/.ssh/id_ed25519 (or whatever name you chose), set permissions chmod 600 ~/.ssh/id_ed25519 (SSH refuses to use world-readable keys). The public key (.pub) goes into ~/.ssh/authorized_keys on the server. On Windows: same files in %USERPROFILE%\.ssh\.

Questions and answers

Why prefer Ed25519 over RSA?

Smaller (~70 bytes vs ~3KB for RSA 4096), faster, very strong (no quantum threat advantage either way). Only downside: ancient systems may not support it. Modern OpenSSH (since 2014) does.

What's a "passphrase" and should I set one?

A passphrase encrypts the private key file on disk. If someone steals your laptop, they can't use the key without the passphrase. Highly recommended for anything sensitive. Use ssh-agent to cache the unlock so you only enter it once per session.

OpenSSH or PEM format?

OpenSSH for SSH use. PEM for OpenSSL, JWT signing, X.509 certificates, anything that expects standard PKCS#8.

Can I convert between formats later?

Yes — there's a separate Certificate convert tool that does PEM ↔ DER ↔ OpenSSH conversions.

Related tools

Get MiniMax Converter

Cross-platform desktop app. Linux free for non-commercial use; Windows & macOS one-time €20 license. No subscription, no telemetry, no account.

Download Buy license €20