Client-Side SSL Key Pair Generator

Your Privacy Matters

All key generation and processing happens entirely in your browser (client-side). No generated keys or any other data are ever sent to or stored on any server.

1. Configure & Generate Key Pair

Select Algorithm:

RSA ECDSA

RSA Modulus Length (bits):

Determines the size (strength) of the RSA key. Larger keys are harder to break but require more processing power.

Hash Algorithm (for Signing):

Selects the hash function used internally by the RSA signing process.

Output Format:

Choose the format for displaying and saving the keys.

2. Generated Keys (PEM Format)

3. Quick Guide: Keys, Algorithms & Formats

What are Public & Private Keys?

This tool creates a **key pair** for secure communication. Think of it like a physical mailbox:

Public Key: Like your mailbox address & slot. Share it freely! Others use it to send you encrypted messages or check your digital signature.
Private Key: Like the unique key to *open* your mailbox. **Keep it secret and safe!** Only you should have it. It lets you read encrypted messages or create digital signatures.

Why Generate Keys? (SSL/TLS Context)

These keys are vital for secure websites (`https://`). They help:

**Prove Website Identity:** The website uses its private key (and a matching public key in an SSL/TLS certificate) to prove it's legitimate.
**Enable Secure Communication:** They allow your browser and the website to set up a temporary, secret code (session key) to encrypt all the information you exchange.

Key Algorithms (How Keys are Made)

Different math methods create key pairs:

RSA: A widely used, reliable standard. Security depends on key size (longer is stronger but slower).
ECDSA: A newer method using Elliptic Curves. Offers strong security with smaller, faster keys compared to RSA. Uses specific 'named curves' (like P-256).

Key Formats (How Keys are Stored/Shared)

The generated keys can be saved in different formats:

PEM: A common text format (starts with -----BEGIN...). Easy to copy/paste and used by many servers/apps. For private keys, this tool uses the modern **PKCS#8** standard format (header is -----BEGIN PRIVATE KEY-----). Older RSA keys might use a different format (PKCS#1) with a header like -----BEGIN RSA PRIVATE KEY-----.
JWK (JSON Web Key): A standard format using JSON, often used in web APIs and modern authentication systems.
DER: The raw binary data structure (based on ASN.1) that PEM is derived from. Needed for some specific systems or libraries that require binary input. For private keys, this is the binary **PKCS#8** data.

Important Security Reminder

Always protect your Private Key! Treat it like a master password. If someone gets it, they can potentially impersonate you or access your secured information.

[Placeholder for Advertisement]