logo
CONVERTOOL
Loading search...

RSA Sign Message Online

Need a key? Generate RSA Key Pair
Copy

Create a digital signature for any message using your RSA private key, directly in the browser. Supports both PKCS#1 v1.5 (widely compatible) and RSA-PSS (modern standard). Your private key never leaves your device.

How RSA Digital Signatures Work

Digital signatures provide two guarantees: authenticity (the message came from the key owner) and integrity (the message has not been altered). The process:

  1. The message is hashed (SHA-256 by default)
  2. The hash is padded and signed with the private key
  3. The signature is distributed alongside the message
  4. Anyone with the public key can verify the signature

PKCS#1 v1.5 vs RSA-PSS

  • PKCS#1 v1.5: Deterministic, widely supported, used in older TLS, JWT (RS256)
  • RSA-PSS: Probabilistic (random salt), provably secure, required by TLS 1.3, PS256 in JWT
  • Both are considered secure for current use — PSS is preferred for new systems

Common Use Cases

  • Signing JWT tokens (RS256 = PKCS#1 v1.5 + SHA-256)
  • Code signing — proving software came from a trusted publisher
  • Document signing — proving document authenticity
  • API request authentication
  • Certificate signing requests (CSRs)

Frequently Asked Questions

What is an RSA digital signature?

An RSA digital signature is a cryptographic proof that a message was created by the holder of a specific private key and has not been altered since signing. The signer uses their private key to sign the message. Anyone with the corresponding public key can verify the signature is authentic and the message is unchanged.

PKCS#1 v1.5 vs RSA-PSS — which should I use?

RSA-PSS is the modern, recommended standard. It is probabilistic (different signature each time), has a security proof, and is required by many newer standards (e.g., TLS 1.3, JOSE/JWK). PKCS#1 v1.5 is deterministic (same signature for same message+key) and is more widely compatible with legacy systems. Use RSA-PSS for new implementations; PKCS#1 v1.5 when compatibility with older systems is required.

Does signing the same message produce the same signature?

It depends on the algorithm. PKCS#1 v1.5 produces the same signature every time for the same message and key (deterministic). RSA-PSS produces a different signature each time due to its random salt — both signatures are valid. This is a security feature of RSA-PSS.

What hash algorithm should I use for signing?

SHA-256 is the standard recommendation and is suitable for virtually all applications. SHA-384 and SHA-512 provide larger hash outputs and are used in high-security environments. The verifier must use the same hash algorithm, so document your choice.

What does the private key sign — the message or its hash?

RSA signs the hash of the message, not the message itself. The message is first hashed (SHA-256 by default), then the hash is padded and RSA-encrypted with the private key to produce the signature. This allows signing arbitrarily large messages regardless of RSA key size.

Is the signature reversible? Can someone get my private key from the signature?

No. While the signature is mathematically derived from the private key and message hash, reversing this to recover the private key is computationally infeasible — it requires solving the RSA integer factorization problem, which is the security foundation of RSA.