liminfo

SSH Key Generator

Free web tool: SSH Key Generator

Key Type Selection

Generation Command
ssh-keygen -t ed25519 -C "user@host"

Public Key Parser

Related Tools

Password GeneratorHash GeneratorCertificate DecoderTOTP GeneratorTLS Reference

About SSH Key Generator

The SSH Key Parser is a free browser-based tool that decodes and inspects SSH public keys without sending them to any server. Paste a public key in the standard OpenSSH format (e.g., "ssh-rsa AAAA... user@host" or "ssh-ed25519 AAAA... comment") into the text area, click Parse Key, and the tool immediately displays the key algorithm, key length in bits, SHA-256 fingerprint, and comment field. It supports all three major SSH key types: RSA, Ed25519, and ECDSA (P-256, P-384, P-521).

This tool is designed for system administrators, DevOps engineers, and security professionals who need to quickly inspect SSH keys during infrastructure setup, security audits, or access management workflows. When adding a new server or reviewing authorized_keys files, being able to verify the key type, length, and fingerprint at a glance helps catch misconfigured or weak keys before they become a security risk.

Technically, the tool decodes the Base64 payload of the public key and parses its binary structure following the SSH protocol specification. For RSA keys, it reads the modulus field and calculates the key length in bits. For Ed25519, the key length is fixed at 256 bits. For ECDSA keys, it reads the curve identifier (nistp256, nistp384, nistp521) and maps it to the corresponding bit length. The SHA-256 fingerprint is computed using the browser's native Web Crypto API (crypto.subtle.digest) over the raw decoded bytes, formatted in the standard 'SHA256:base64' notation used by OpenSSH.

Key Features

  • Parses RSA, Ed25519, and ECDSA (P-256, P-384, P-521) SSH public keys
  • Displays key algorithm name as reported in the key binary structure
  • Calculates RSA key length by reading the modulus field bit count
  • Shows SHA-256 fingerprint in standard OpenSSH SHA256:base64 format
  • Extracts the comment field from the end of the public key string
  • Uses Web Crypto API (crypto.subtle) for fingerprint computation — no external libraries
  • 100% client-side parsing — your SSH keys never leave your browser
  • No sign-up, no download, completely free with no usage limits

Frequently Asked Questions

What information does the SSH key parser extract?

The parser extracts four pieces of information: the key type (algorithm name such as ssh-rsa, ssh-ed25519, or ecdsa-sha2-nistp256), the key length in bits, the SHA-256 fingerprint in the format used by OpenSSH (SHA256: followed by base64), and the comment string (typically user@hostname) from the end of the public key line.

What SSH key formats are supported?

The tool supports all standard OpenSSH public key formats: RSA (ssh-rsa), Ed25519 (ssh-ed25519), and ECDSA on the three NIST curves — P-256 (ecdsa-sha2-nistp256), P-384 (ecdsa-sha2-nistp384), and P-521 (ecdsa-sha2-nistp521). The key must be in the standard single-line format with algorithm, base64 data, and optional comment separated by spaces.

What is the SHA-256 fingerprint and why does it matter?

The SHA-256 fingerprint is a compact, human-verifiable identifier derived from the public key's raw bytes. It is the default fingerprint format used by modern OpenSSH (since version 6.8). You use fingerprints to verify a server's host key during SSH connection setup, to identify which public key corresponds to an authorized_keys entry, and to confirm that a key was transferred correctly without corruption.

How is the fingerprint calculated?

The tool decodes the Base64 section of the public key to raw bytes, then feeds those bytes into SHA-256 via the browser Web Crypto API (crypto.subtle.digest). The resulting 32-byte hash is Base64-encoded (without padding) and prefixed with "SHA256:" to match the format OpenSSH uses when displaying fingerprints with ssh-keygen -lf.

Why is RSA 2048-bit considered minimum for modern use?

NIST guidelines recommend RSA keys of at least 2048 bits for security through 2030. Keys smaller than 2048 bits (such as 1024-bit) are considered weak and can be factored with current computing resources. For new deployments, Ed25519 is preferred over RSA because it provides equivalent security with much shorter keys and faster operations.

Can I parse a private key with this tool?

No. The tool only parses SSH public keys (the .pub file or the single-line format). Private keys have a different format (PEM header like "-----BEGIN OPENSSH PRIVATE KEY-----") and should never be pasted into any online tool. Only your public key is safe to share and analyze online.

Why does the tool show "—" for Ed25519 key length?

Actually, the tool correctly shows "256 bits" for Ed25519 keys because Ed25519 always uses a fixed 256-bit key on the Edwards curve Curve25519. Unlike RSA where key length is variable, Ed25519 keys are always 32 bytes (256 bits) regardless of how they were generated.

Is it safe to paste my SSH public key into this tool?

Yes. SSH public keys are designed to be shared freely — they are the non-secret half of your key pair. Sharing a public key cannot compromise your private key or your servers. The tool also processes everything locally in your browser, so the key is never transmitted anywhere.