Security
100% browser-sideSFTP / SSH key strength checker
Paste an SSH public key. Get the algorithm, key length, and a verdict against the latest NIST recommendations. Nothing is uploaded. The parser runs in your browser.
OpenSSH single-line format (ssh-rsa, ssh-ed25519, ecdsa-sha2-...) or PEM -----BEGIN PUBLIC KEY-----.
Paste a public key above to see the verdict. The form does not contact any server.
Stop. You pasted a private key.
Close this tab, rotate the key, and never share private keys with web tools. This page does no network calls, but you should still rotate. Treat any private key that has touched a clipboard, screen-share, or browser form as compromised.
A public key starts with ssh-rsa, ssh-ed25519, ecdsa-sha2-..., or -----BEGIN PUBLIC KEY-----. A private key starts with -----BEGIN OPENSSH PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY-----.
Cannot parse this input
Verdict
- Algorithm
- Key size
- Comment
What to do
Verdict reference
| Algorithm | Verdict | Why |
|---|---|---|
| ed25519 | Recommended | Modern curve, fast, small. Default for new keys. |
| RSA 4096 | Recommended | Strong, slower than ed25519. |
| RSA 3072 | Acceptable | Meets the NIST 128-bit security target. |
| RSA 2048 | Acceptable today, weak by 2030 | NIST allows it through 2030. Plan rotation now. |
| RSA 1024 or smaller | Banned | Cryptographically broken. Rotate immediately. |
| ecdsa-nistp256 | Acceptable | NIST P curves carry seed-selection concerns. Prefer ed25519. |
| ecdsa-nistp384 / 521 | Acceptable | Strong but uncommon in SSH practice. |
| DSA / ssh-dss | Banned | Deprecated. OpenSSH 7.0+ disabled it by default. |
Sources: NIST SP 800-57 Part 1 Rev 5 (key length recommendations), NIST SP 800-131A (transitions), OpenSSH release notes.
FAQ
What is the strongest SSH key type today?
ed25519 is the default for new keys. It uses a modern curve, runs faster than RSA, and produces tiny keys that are easy to store and copy. RSA-4096 is also strong, just slower. Anything below RSA-3072 should be on a rotation plan.
Can I keep using RSA-2048?
NIST SP 800-57 allows RSA-2048 through 2030, then it drops below the 128-bit security floor. If you are issuing new keys today, go to RSA-3072 or ed25519. If you have a fleet of RSA-2048 keys in production, plan a rotation now rather than in 2029.
Is ECDSA safe?
ecdsa-sha2-nistp256 is acceptable for SSH and meets the 128-bit security target. It is not the first choice, because the NIST P-curves carry questions about how the curve seeds were chosen, and ECDSA needs a high-quality random nonce on every signature. ed25519 sidesteps both issues and runs faster. nistp384 and nistp521 are stronger but uncommon in SSH practice.
Why does this run in the browser?
Public keys are not secret. The comment field still carries your username, hostname, or email. Pasting them into a server-side tool leaks that metadata to a third party with no upside. Everything here happens locally with WebCrypto and a hand-written wire-format parser. Open DevTools and watch the network tab. Nothing leaves your machine.
Related free tools
More from the xevolve tools shelf, no signup required.
SFTP to S3 cost calculator
AWS Transfer Family + S3 + egress cost vs flat-fee MFT.
MFT 3-year TCO calculator
Build your own SFTP, buy a vendor, or run xEvolve. Compare.
MFT compliance framework map
Pick the frameworks you need and see which controls satisfy each.
File transfer protocol picker
Five questions, one verdict across SFTP, AS2, FTPS, HTTPS API.
Rotating keys across a partner fleet?
xevolve issues, rotates, and revokes SFTP keys per partner without breaking running jobs. Audit trail included. Talk to us if your current rotation involves a spreadsheet and a Friday afternoon.
Talk to xevolve