Issue
Sign In
StepCodex FeaturedStepCodex Reviews
Notion Docs

Sign text with RSA keys. Free online tool, no login, no sign-up.

LocalPersonal data security

Loading Tool Engine

Usage Guide & Tech FAQ

Usage Guide

  1. Paste PEM/PKCS#8 keys; confirm whether the UI requires exact `BEGIN` lines and newline preservation.
  2. Choose encrypt/decrypt or sign/verify per spec—confirm PSS, OAEP, or PKCS#1 v1.5 requirements.
  3. Know whether the message is raw bytes, UTF-8 text, or a pre-hashed digest—layer mistakes break verification forever.
  4. Signature outputs may be raw, DER, or base64—don’t mix encodings between systems.
  5. Verification needs the original message (or digest), signature, public key, and parameters.
  6. Key length and exponent affect performance vs security—tiny keys are for demos only.
  7. In multi-cert setups, match `kid` or fingerprints to the right public key.
  8. Mail clients may wrap lines—repair PEM formatting before import.
  9. Align with known test vectors before debugging production payloads.
  10. Never commit private keys or share them in chat; remove them from inputs after use.
  11. Read the title and description first to confirm this utility matches your task (avoid using the wrong tool and misinterpreting output).
  12. Paste or type input in the editor; if a sample/template is provided, load it first to learn the expected output shape.

Related Tech Knowledge

  • RSA security rests on factoring difficulty; follow organizational minimums (often ≥2048-bit keys).
  • Padding schemes matter: OAEP/PSS are modern defaults; PKCS#1 v1.5 still appears but needs careful handling.
  • Signing and encryption differ: private key signs, public verifies; public encrypts, private decrypts.
  • Hybrid systems usually RSA-encrypt a random symmetric key and AES-encrypt the payload.
  • Exponent 65537 is standard; tiny exponents have known attacks—libraries pick safe values.
  • Compared to ECC, RSA signatures are larger/slower but widely documented for legacy interop.
  • WebCrypto import failures usually mean wrong format/spki/pkcs8 or mismatched key usages.
  • Private operations should run in constant-time hardware/software in production.
  • Record key provenance, rotation, and algorithm parameters for audits.
  • This page is for debugging—not a certified cryptographic appliance.
  • Core parsing and computation run in your browser; by default your raw business payload is not persisted to this site’s servers (see on-page privacy notes).
  • The pipeline is typically: read input → parse (lexical/syntactic/structured) → transform → render; failures aim to be diagnosable.