Can I use these keys for TLS?

They are valid PEMs but TLS additionally needs a certificate. For TLS you typically generate the keypair and a CSR with the same algorithm, then send the CSR to a CA.

Keypair Generator — Ed25519, ECDSA, RSA (PEM)

Asymmetric Keypair Generator

Private by design — runs entirely in your browser

Generate Ed25519, ECDSA P-256 or RSA 2048 keypairs entirely in your browser. The private key is exported as PKCS#8 PEM, the public key as SPKI PEM.

Which algorithms are available

Ed25519, ECDSA P-256 and RSA-PSS 2048. All three use the browser’s built-in Web Crypto. Each returns a private key in PKCS#8 PEM and a public key in SubjectPublicKeyInfo PEM.

Why is Ed25519 the default

It is small, fast and modern. Signatures are 64 bytes, keys are 32 bytes, and the algorithm has no parameter choices to get wrong. ECDSA and RSA stay around for interop.

Is the private key ever uploaded

No. crypto.subtle.generateKey runs on the device. The key material exists in browser memory and the page only writes it to a clipboard slot when you press Copy.

Frequently Asked Questions

Which algorithms are available?: Ed25519, ECDSA P-256 and RSA-PSS 2048. All three use the browser’s built-in Web Crypto. Each returns a private key in PKCS#8 PEM and a public key in SubjectPublicKeyInfo PEM.
Why is Ed25519 the default?: It is small, fast and modern. Signatures are 64 bytes, keys are 32 bytes, and the algorithm has no parameter choices to get wrong. ECDSA and RSA stay around for interop.
Is the private key ever uploaded?: No. crypto.subtle.generateKey runs on the device. The key material exists in browser memory and the page only writes it to a clipboard slot when you press Copy.
Can I use these keys for TLS?: They are valid PEMs but TLS additionally needs a certificate. For TLS you typically generate the keypair and a CSR with the same algorithm, then send the CSR to a CA.