Which SSH key algorithm should I use?

Ed25519 is the current best choice: fast, short signatures, and resistant to implementation errors. RSA-4096 is a safe alternative for compatibility with older SSH servers. Avoid RSA-1024 and DSA — both are deprecated.

Is it safe to convert keys in a web tool?

Only if the tool processes keys client-side without server transmission. Private key material should never leave your machine. Verify the tool's security model before pasting private keys.

DevTools Surf

SSH Key Converter

This tool is not yet implemented.

About SSH Key Converter

SSH Key Converter preview - Security / Crypto tool

Convert between SSH key formats (OpenSSH, PEM, PuTTY) with validation. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

Use Cases

Convert an RSA PEM key to OpenSSH format for use with a modern server configuration.
Convert a PuTTY .ppk key to OpenSSH format when switching from Windows to Linux/macOS.
Extract the public key from a private key file to add to authorized_keys on a remote server.
Convert between encrypted and unencrypted key formats for automation contexts where passphrase entry is impractical.

Tips

Convert PEM private keys to OpenSSH format for modern SSH clients — OpenSSH format (OPENSSH PRIVATE KEY) uses bcrypt-based encryption, which is more resistant to offline brute force than the legacy PEM format.
Verify the converted key by extracting the public key from both formats and comparing fingerprints — matching fingerprints confirm the conversion preserved the key.
PuTTY (.ppk) format is only needed on Windows with PuTTY clients; OpenSSH format works on Linux, macOS, and modern Windows using the built-in OpenSSH client.

Fun Facts

SSH (Secure Shell) was created by Tatu Ylönen in 1995 after a password-sniffing attack on his university network. He open-sourced the protocol specification, which led to the SSH-2 standard (RFC 4251) in 2006.
OpenSSH, the dominant SSH implementation, ships with every major Linux distribution, macOS, and Windows 10+ by default. It is maintained by the OpenBSD project and handles an estimated 80%+ of all SSH connections globally.
Ed25519 keys (introduced in OpenSSH 6.5 in 2014) are preferred over RSA-4096 for new keys: they are faster to generate, produce shorter signatures, and are resistant to side-channel attacks that affect RSA.

FAQ

Which SSH key algorithm should I use?: Ed25519 is the current best choice: fast, short signatures, and resistant to implementation errors. RSA-4096 is a safe alternative for compatibility with older SSH servers. Avoid RSA-1024 and DSA — both are deprecated.
Is it safe to convert keys in a web tool?: Only if the tool processes keys client-side without server transmission. Private key material should never leave your machine. Verify the tool's security model before pasting private keys.

Related Security / Crypto Tools

Hash Generator v2 HMAC Generator v2 JWT Encoder Bcrypt Hash Tester HMAC Generator Password Strength Analyzer TOTP / 2FA Generator SAML Response Decoder

DevTools Surf