What is RSA?
RSA signing creates a digital signature using your private key, proving that a message came from you and was not altered. Anyone with your public key can verify it. The message is first hashed, then the hash is padded and signed. RSA signatures secure software updates, certificates and tokens (for example JWT RS256). Signing runs entirely in your browser, so your private key never leaves your device.
Authenticity & integrity: a signature proves who sent a message and that it was not changed. Verify it with the RSA Verify tool. Runs locally.
How RSA works
RSA signing combines a hash with the private key:
- The message is hashed (for example with SHA-256).
- The hash is padded (PKCS#1 v1.5 or the stronger PSS scheme).
- The padded hash is raised to the private exponent d, modulo n, producing the signature.
How to use
- Paste your message and your RSA private key.
- Choose the algorithm options.
- The signature is produced in your browser.
Options explained
- Hash algorithm — Choose the digest used before signing (SHA-256 and others).
- Padding — PKCS#1 v1.5 or PSS (PSS is recommended for new systems).
- Private key — Paste your RSA private key (PEM).
Common uses
- Signing software releases and updates.
- JWT signing with RS256.
- Document and certificate signing.
Frequently asked questions
What does a signature prove?
That the message came from the private-key holder and was not modified.
Which padding should I use?
PSS for new systems; PKCS#1 v1.5 for compatibility.
How do I verify a signature?
Use the RSA Verify tool with the signer's public key.