What this tool is good for
RSA signing and verification provide authenticity, integrity, and non-repudiation. A private key creates the signature, and the matching public key verifies it.
This page is useful when debugging API signatures, validating interoperability between systems, or checking whether a PEM key pair is wired correctly.
How signing and verification work
- Signing hashes the input content and signs the digest with a private key.
- Verification hashes the same content again and checks whether the signature is valid under the public key.
- If that check succeeds, the signature is valid and the content has not been changed.
Practical notes
- Encrypted private keys require the correct password before signing can proceed.
- The digest algorithm must match on both the signing side and the verification side.
- Signatures on this page are encoded as Base64 for easier transport and comparison.
FAQ
What is RSA signing used for?
RSA signatures are used to prove message integrity and authenticity. They are common in documents, API callbacks, license files, certificates, and systems that need public-key verification.
Is RSA signing the same as RSA encryption?
No. Signing uses a private key to create a signature that others verify with the public key. Encryption protects message confidentiality and follows a different workflow.
Why does RSA signature verification fail?
Verification fails if the message changes, the wrong hash algorithm or padding mode is selected, the public key does not match the private key, or the signature has been copied incorrectly.
Related tools
- RSA Encryption & Decryption:Encrypt and decrypt short text with RSA in your browser
- RSA Key Pair Generator:Generate RSA public and private key pairs in PEM format