This tool performs asymmetric digital signatures — the cryptography behind code signing, software provenance (Sigstore/SLSA), document signing, and authenticated APIs.
Two modes:
- Sign: paste a message and a PEM private key, get back a base64 signature.
- Verify: paste a message, a PEM public key, and a base64 signature, get VALID/INVALID.
Three algorithms (chosen to match the key type you paste):
- RSA-PSS (SHA-256) — the modern RSA signature scheme (probabilistic, salted). Preferred over the older PKCS#1 v1.5. Requires an RSA private/public key.
- ECDSA (P-256, SHA-256) — elliptic-curve signatures; shorter keys than RSA for equivalent security. Uses the IEEE P1363 (
r‖s) encoding for deterministic, fixed-width output. Requires an EC P-256 (prime256v1) key.
- Ed25519 — fast, deterministic EdDSA over Curve25519; one signature length (64 bytes), no parameter selection. Requires an Ed25519 key.
How to use. First generate a key pair with the RSA Key Generator or SSH Key Generator (this tool intentionally does not generate keys). Then:
- Sign a message with the private key → copy the base64 signature.
- Hand the recipient the message + signature + your public key.
- They paste all three here, select the matching algorithm, and verify.
Key/algorithm matching. The algorithm must match the key type: an RSA key only works with RSA-PSS, an EC P-256 key with ECDSA, an Ed25519 key with Ed25519. A mismatch yields a verification error.
Security. All signing happens locally in your browser via Node's crypto module — the private key never leaves your device. Signatures are non-repudiable: only the holder of the private key could have produced a signature that the public key verifies.