RSA Signature/Generation & Validation

Generate RSA Key Size 512 bit 1024 bit 2048 bit 4096 bit
Public Key Private Key
ClearText Message Signature Output
Provide Signature Value (Base64)
RSA Signature Algorithms

Your Support Matters!

Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency

The RSA Algorithm

The Rivest-Shamir-Adleman (RSA) algorithm is one of the most popular and secure public-key encryption methods. The algorithm capitalizes on the fact that there is no efficient way to factor very large (100-200 digit) numbers

There are two diffrent RSA signature schemes specified in the PKCS1

  • RSASSA-PKCS1-v1_5: old Signature Scheme with Appendix as first standardized in version 1.5 of PKCS #1.
  • RSASSA-PSS (RSASSA = RSA Signature Scheme with Appendix). : based on Probabilistic Signature Scheme (PSS) originally invented by Bellare and Rogaway.


PKCSV1_5 is deterministic PSS has a security proof and is more robust in theory than PKCSV1_5
Old Scheme New Scheme
Recommended For for compatibility with existing applications Recommended for eventual adoption in new applications

RSASSA-PSS parameters

  • Hash Algorithm. The default is SHA-1
  • Mask generation function (MGF). Currently always MGF1.
  • salt length Default is 20
  • Traiter field
The default parameters for RSASSA-PSS are:
> hashAlgorithm       sha1,
> maskGenAlgorithm    mgf1SHA1 (the function MGF1 with SHA-1)
> saltLength          20,
> trailerField        trailerFieldBC (the byte 0xbc)

RSA Signature Generation & Verification

  • The private key is the only one that can generate a signature that can be verified by the corresponding public key.
  • The RSA operation can't handle messages longer than the modulus size. That means that if you have a 2048 bit RSA key, you would be unable to directly sign any messages longer than 256 bytes long. So signing the hash is just as good as signing the original message, without the length restrictions we would have if we didn’t use a hash
  • RSASSA-PSS combines the RSASP1 and RSAVP1 primitives with the EMSA PSS encoding method.
  • RSASSA-PKCS1-v1_5 : combines the RSASP1 and RSAVP1 primitives with the EMSA-PKCS1-v1_5 encoding method.

How to perform RSA Sign/Verify in

Go Lang Python Web Crypto(Javascript)