It is pretty simple really. Given an RSA keypair, anything encrypted with one key can be decrypted with the other. When you use RSA for regular encrypt/decrypt , you encrypt a random session key with the public key and then it is decrypted with the private key. When you use 'plain RSA' for signatures, you encrypt the message with the private key, and it is verified by being decrypted with the public key. However, using plain RSA for signatures is weak to all kinds of attacks. Instead you need to use the hash of the message, padding, and all kinds of other things need to be taken into consideration. But at a fundamental level, RSA sign/verify is the same thing as RSA encrypt/decrypt , but with the private key used for encryption and the public key used for decryption.