A small tool for generating Ed25519 SSH keys with a twist: every key comes with a 24-word backup phrase, the same kind hardware wallets use. Lose the key file, still have the words — run recover, get your key back. Same key, every time.

The idea

SSH keys are just random bytes. BIP39 is a standard for encoding random bytes as human-readable words. This tool generates 256 bits of entropy, turns it into both an SSH key and a mnemonic, and hands you both. Recovery is just the reverse — give back the 24 words, get back the exact same key pair.

Getting started

bash setup.sh

That's it. Creates a virtualenv and installs the two dependencies.

Generating a key

.venv/bin/python keygen.py generate

Saves the key to ~/.ssh/id_ed25519 by default, then prints your 24 words. Write them down somewhere offline. They're the only backup that matters.

A few useful flags:

# different output path
.venv/bin/python keygen.py generate -o ~/.ssh/id_ed25519_work

# add a comment to the public key (usually your email)
.venv/bin/python keygen.py generate -C you@example.com

# password-protect the key file on disk
.venv/bin/python keygen.py generate -p

Recovering a key

# pass the words directly
.venv/bin/python keygen.py recover word1 word2 ... word24

# or just run it and paste them when prompted
.venv/bin/python keygen.py recover

Same flags apply — -o to control where the files land, -p if you want a passphrase on the recovered key.

One thing to keep in mind

The mnemonic isn't a hint or a backup code — it literally encodes the private key. Anyone with those 24 words has your key. Store them accordingly.