🔑

Generate Keypair

Generate RSA or EC asymmetric keypairs in PEM format.

POST 1 credit /v1/auth/generate-keypair

curl -X POST "https://auth.toolkitapi.io/v1/auth/generate-keypair" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "algorithm": "EC",
    "curve": "P-256"
  }'

import httpx

resp = httpx.post(
    "https://auth.toolkitapi.io/v1/auth/generate-keypair",
    json={
    "algorithm": "EC",
    "curve": "P-256"
  },
)
print(resp.json())

const resp = await fetch("https://auth.toolkitapi.io/v1/auth/generate-keypair", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "algorithm": "EC",
    "curve": "P-256"
  }),
});
const data = await resp.json();
console.log(data);

# See curl example

Response 200 OK

{
  "public_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...\n-----END PUBLIC KEY-----\n",
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEH...\n-----END PRIVATE KEY-----\n",
  "algorithm": "EC",
  "key_size": null,
  "curve": "P-256"
}

Try It Live

Description

Generate RSA or EC asymmetric keypairs in PEM format.

How to Use

1

1. Set the `algorithm` to `RSA` or `EC`.

2

2. For RSA, optionally set `key_size` to `2048` or `4096` (default: 2048). For EC, optionally set `curve` to `P-256`, `P-384`, or `P-521` (default: P-256).

3

3. Send a POST request. The response contains PEM-encoded `public_key` and `private_key`.

4

4. Use the private key for signing (e.g., JWT generation with RS256/ES256) and the public key for verification.

About This Tool

The Generate Keypair endpoint creates asymmetric key pairs for RSA or Elliptic Curve (EC) cryptography. The keys are returned in PEM format (PKCS#8 for private keys, SubjectPublicKeyInfo for public keys), ready for use with JWT signing, TLS certificates, SSH, or any PKI workflow.

RSA keys are available in 2048-bit and 4096-bit sizes. EC keys support the P-256, P-384, and P-521 curves. EC keys are significantly smaller and faster than equivalent RSA keys while providing comparable security.

The private key is returned without encryption — store it securely. The public key can be distributed freely to verification parties.

Why Use This Tool

JWT signing infrastructure — Generate keypairs for RS256/ES256 token signing
TLS/SSL certificates — Create key pairs for certificate signing requests (CSRs)
SSH key generation — Generate keys for SSH authentication (convert PEM to OpenSSH format as needed)
Code signing — Sign artifacts with the private key, verify with the public key
End-to-end encryption — Exchange public keys and encrypt messages asymmetrically

Frequently Asked Questions

Should I choose RSA or EC?

EC (Elliptic Curve) keys are recommended for new projects — they're smaller, faster, and provide equivalent security with shorter keys. Use RSA when compatibility with older systems is required.

What curve should I use for EC?

P-256 is the most widely supported and is recommended for most use cases. P-384 and P-521 provide higher security margins but are less commonly used.

Is the private key encrypted?

No, the private key is returned in plaintext PEM format. Encrypt it before storing — your application should treat private keys with the same sensitivity as passwords.

Can I use these keys with the JWT endpoints?

Yes. Use the private key as the `secret` in jwt-generate with RS256/ES256, and the public key as the `secret` in jwt-verify.

Start using Generate Keypair now

Get your free API key and make your first request in under a minute.

Get Free API Key View Docs