What is RSA?
RSA signature verification checks that a signature was produced by the holder of the private key for a given message, using the signer's public key. If verification passes, the message is authentic and unchanged. You must use the same hash algorithm and padding that were used to sign. Verification runs entirely in your browser.
Trust check: verification confirms a message is authentic and unaltered, using the signer's public key. Runs locally in your browser.
How RSA works
Verification reverses the signing math with the public key:
- The signature is raised to the public exponent e, modulo n, to recover the padded hash.
- The message is hashed with the same algorithm.
- If the recovered hash matches the freshly computed hash, the signature is valid.
How to use
- Paste the message, the signature, and the signer's public key.
- Run verification locally in your browser.
- A valid result means the message is authentic.
Options explained
- Public key — Paste the signer's RSA public key (PEM).
- Hash algorithm — Must match the one used to sign.
- Padding — Must match (PKCS#1 v1.5 or PSS).
Common uses
- Verifying signed software and updates.
- Validating JWT RS256 tokens.
- Confirming document authenticity.
Frequently asked questions
What does a failed verification mean?
The message changed, the signature is wrong, or it was signed by a different key.
Do I need the private key to verify?
No. Verification uses only the public key.
How do I sign instead?
Use the RSA Sign tool with your private key.