ECDSA Key Generator
Use these keys with ECDSA Sign and ECDSA Verify. Remember the curve and hash used.
Generate an ECDSA (Elliptic Curve Digital Signature Algorithm) key pair in your browser. Choose from NIST curves P-256, P-384, or P-521. Keys are generated using the Web Crypto API — nothing is sent to any server. Use the generated keys with the ECDSA Sign and ECDSA Verify tools.
ECDSA vs RSA
| Property | ECDSA | RSA |
|---|---|---|
| Key size for 128-bit security | 256 bits (P-256) | 3072 bits |
| Signature size | ~64 bytes (P-256) | ~384 bytes (3072-bit) |
| Key generation speed | Very fast | Slower (large primes) |
| Encryption support | No (signing only) | Yes (RSA-OAEP) |
| Adoption | TLS 1.3, Bitcoin, JWT ES256 | TLS 1.2, legacy PKI |
Curve Overview
- P-256 (secp256r1): 128-bit security — standard for TLS, JWT ES256, SSH. Most compatible choice
- P-384 (secp384r1): 192-bit security — used in NSA Suite B, some government standards
- P-521 (secp521r1): 256-bit security — maximum NIST curve strength; less widely supported
JWT Algorithm Mapping
- ES256 = P-256 + SHA-256
- ES384 = P-384 + SHA-384
- ES512 = P-521 + SHA-512
Frequently Asked Questions
What is ECDSA?
ECDSA (Elliptic Curve Digital Signature Algorithm) is a digital signature algorithm based on elliptic curve cryptography. It is used to sign data (prove authenticity and integrity) but cannot encrypt data — for encryption, use RSA or ECDH. ECDSA is the signature algorithm used in Bitcoin and Ethereum (secp256k1), TLS certificates (P-256), and SSH keys (ecdsa-sha2-nistp256).
ECDSA vs RSA — which is better for signing?
ECDSA produces much smaller keys and signatures for equivalent security: a 256-bit ECDSA key provides the same security as a 3072-bit RSA key. ECDSA is faster for both key generation and signing. RSA is more widely deployed in legacy systems. For new systems, ECDSA (or EdDSA/Ed25519) is generally preferred. Both are considered secure for current use.
Which curve should I choose?
P-256 (secp256r1) is the most widely supported curve — it is required by TLS 1.3, used in most JWT implementations (ES256), and supported by virtually all cryptographic libraries. P-384 and P-521 offer larger security margins but are less commonly supported. Use P-256 unless you have a specific compliance requirement for a larger curve.
Which hash should I use with each curve?
NIST recommends matching the hash security level to the curve: P-256 with SHA-256 (both 128-bit security), P-384 with SHA-384 (192-bit), P-521 with SHA-512 (256-bit). The tool auto-selects the recommended hash when you change the curve. Using a weaker hash than the curve (e.g. SHA-256 with P-384) is wasteful but not insecure.
What format are the generated keys in?
Public keys are in SPKI PEM format (-----BEGIN PUBLIC KEY-----). Private keys are in PKCS#8 PEM format (-----BEGIN PRIVATE KEY-----). These are the standard formats compatible with OpenSSL, Node.js, Python cryptography, Java, and most TLS/JWT libraries.
Can I use these keys with JWT (ES256, ES384, ES512)?
Yes. ES256 (JWT) uses P-256 + SHA-256, ES384 uses P-384 + SHA-384, ES512 uses P-521 + SHA-512. Generate the corresponding key pair, then use the private key in your JWT library for signing and share the public key for verification. Most JWT libraries (jsonwebtoken, jose, python-jose) accept PKCS#8/SPKI PEM keys directly.
Does ECDSA support encryption?
No. ECDSA is a signature-only algorithm. It cannot encrypt data. For elliptic curve encryption, use ECDH (Elliptic Curve Diffie-Hellman) to establish a shared secret, then encrypt with AES. For public-key encryption, use RSA-OAEP.