TecnoCrypter Logo

Key Generator

RSA and ECDSA in your browser

Generador de Claves Criptográficas
Genera pares de claves RSA y ECDSA directamente en tu navegador usando Web Crypto API.

RSA: Estándar para cifrado y firmas. 2048-bit mínimo, 4096-bit para máxima seguridad.

ECDSA: Curvas elípticas. Claves más cortas con seguridad equivalente. P-256 ≈ RSA 3072-bit.

Cryptographic Key Generator: RSA, AES, ECDSA

Cryptographic keys are the foundation of digital security: TLS/HTTPS, SSH, JWT signing, encrypted email (PGP), Bitcoin. Our generator creates keys of adjustable length for RSA (2048/3072/4096), AES (128/192/256), ECDSA (P-256/P-384/P-521), and HMAC.

All keys are generated with crypto.subtle.generateKey (Web Crypto API), which uses your OS's cryptographic entropy. The same primitives that Firefox and Chrome use for TLS. Exportable in PEM, JWK, and raw hex formats.

IMPORTANT: for production, generate keys on the machine that will use them. This tool is for learning, testing, or dev use — never share real production private keys with any online tool.

How does it work?

  1. 1
    Select algorithm and length

    RSA-2048 (compatibility), RSA-4096 (higher security), ECDSA-P-256 (modern, small), AES-256 (symmetric).

  2. 2
    Generate the key

    Click generate. The key appears in PEM, JWK, and hex formats.

  3. 3
    Copy or download

    Export as file (.pem, .jwk, .txt) or copy to clipboard. Store securely.

Frequently Asked Questions

RSA-2048 or RSA-4096?

RSA-2048 is secure until at least 2030 according to NIST. RSA-4096 offers greater long-term margin but is 8x slower to generate and 3-5x slower to sign. For most applications, 2048 is sufficient. For very sensitive data (health, defense), use 4096.

Should I use RSA or ECDSA?

ECDSA (elliptic curves) offers similar security with much smaller keys: ECDSA-P-256 (256 bits) ≈ RSA-3072 in security. Preferred for TLS, JWT, and cryptocurrencies. RSA is still widely used for compatibility.

How do I protect a private key?

Never store it in plaintext. Encrypt it with a strong password (openssl uses AES-256-CBC). Restrict filesystem permissions (chmod 600). Never commit it to git. Consider hardware modules (YubiKey, HSM) for critical keys.