What is a digital signature?
A digital signature is a cryptographic mechanism that proves a message was created by a specific sender and has not been altered. It provides authenticity, integrity, and non-repudiation.
The signer uses their private key to create the signature. Anyone with the corresponding public key can verify it — which is what this tool does.
Supported algorithms
| Algorithm | Key type | Hash | Use case | Status |
|---|---|---|---|---|
| SHA256withRSA | RSA | SHA-256 | TLS certificates, code signing, JWT HS256 | Recommended |
| SHA256withRSA-PSS | RSA | SHA-256 | Modern RSA signing — more secure than PKCS1v15 | Preferred |
| SHA256withECDSA | EC P-256 | SHA-256 | TLS, JWT ES256, code signing | Recommended |
| SHA384withECDSA | EC P-384 | SHA-384 | High-security, FIPS compliant | Recommended |
| Ed25519 | Ed25519 | SHA-512 | SSH, TLS 1.3, OpenPGP modern | Recommended |
| SHA1withRSA | RSA | SHA-1 | Legacy systems only | Legacy |
RSA-PKCS1v15 vs RSA-PSS
PKCS#1 v1.5 (SHA256withRSA) is the older standard, still widely used but has known theoretical weaknesses. PSS (Probabilistic Signature Scheme) is the modern, provably secure RSA signature scheme. NIST recommends PSS for new applications.
How to verify using OpenSSL
# Verify RSA SHA256 signature
openssl dgst -sha256 -verify public.pem -signature sig.bin message.txt
# Verify ECDSA SHA256 signature
openssl dgst -sha256 -verify ec-public.pem -signature sig.der message.txt
# Verify Ed25519 signature
openssl pkeyutl -verify -inkey public.pem -pubin -sigfile sig.bin -in message.txt