GENERATE
    curl k3y.sh/pw              strong password       (?len=20&symbols=false)
    curl k3y.sh/passphrase      diceware words        (?words=5)
    curl k3y.sh/ssh             SSH ed25519 keypair   (/rsa for RSA)
    curl k3y.sh/wg              WireGuard keypair
    curl k3y.sh/age             age keypair
    curl k3y.sh/tls?cn=foo.dev  self-signed cert+key
    curl k3y.sh/token           url-safe token        (/hex/32 /uuid /totp /jwt-secret)

  VERIFY  
    curl k3y.sh/hostkey/github.com     SSH host-key fingerprint
    curl k3y.sh/cert/example.com       TLS cert details
    curl --data-binary @k.pub k3y.sh/fp    fingerprint a public key
    curl --data-binary @t.jwt k3y.sh/jwt   decode a JWT

  CHECK    (your secret never leaves your machine)
    echo -n 'hunter2' | sha1sum            then:
    curl k3y.sh/pwned/           breach check via k-anonymity