Ed25519 Signature Verifier
client-side · zero network calls · no telemetry · no login
// verify signature
How to confirm nothing leaves your browser
Open DevTools (F12 or Cmd+Option+I), click the Network tab. After the page finishes loading its fonts and CSS, paste your inputs and click "Verify signature." Watch the Network tab — zero new requests fire. The crypto.subtle.importKey() and crypto.subtle.verify() calls execute entirely inside the browser's built-in WebCrypto engine.
crypto module with the same API.
Ed25519 vs ECDSA vs RSA
All three produce digital signatures. They differ in key size, performance, and security assumptions. For new systems, the choice is usually clear.
| Algorithm | Key size | Signature size | Use when |
|---|---|---|---|
| Ed25519 | 32 bytes public | 64 bytes | New systems. Default for SSH, age, Signal, Nostr. Deterministic signatures (no random nonce = no Sony PS3 class of bugs). |
| ECDSA (P-256) | 32-33 bytes public | 64-72 bytes (DER) | Target runtime supports P-256 but not Ed25519 (many HSMs, older TLS stacks). JWTs with ES256. |
| RSA-PKCS1 | 256-512 bytes (2048-4096 bit) | 256-512 bytes | Legacy systems requiring RSA. JWTs with RS256. TLS certificates (ECDSA preferred now). |
| RSA-PSS | Same as RSA-PKCS1 | Same | RSA with probabilistic padding required. JWTs with PS256. More secure padding than PKCS1. |
If you are designing a new system with no external constraint forcing another choice — use Ed25519. Smaller keys, smaller signatures, faster operations, deterministic, and no elliptic curve parameter choices that could be subverted.
Septim Vault stores API keys, tokens, and .env values encrypted in-browser with AES-256-GCM — the same care we apply to cryptographic verification, applied to your dev secrets. Your vault data never leaves your device. $29 once, you keep it.
Septim Vault — $29 once →