# GenerateSignature()

Creates a digital signature using a private key.

A signature proves that data came from the key holder and hasn't been tampered with. Verify with VerifySignature().

**Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D)

```
GenerateSignature( data=any, privateKey=any, algorithm=string );
```

**Returns:** string

# Arguments

| Argument | Type | Required | Description | Default |
|----------|------|----------|-------------|---------|
| data | any | Yes | Data to sign (string or binary) |  |
| privateKey | any | Yes | Private key (PEM string or Java object) |  |
| algorithm | string | No | Signature algorithm (e.g., SHA256withRSA, SHA256withECDSA, Ed25519). Auto-detected if omitted. |  |

# Usage Notes

The signature algorithm is auto-detected from the key type. For example, an RSA key uses SHA256withRSA, a P-256 key uses SHA256withECDSA, and an Ed25519 key uses EdDSA.

**Post-quantum signatures:** Dilithium signatures are significantly larger than classical signatures (approximately 2.4 KB for Dilithium3 vs 256 bytes for RSA-2048). Consider this if bandwidth or storage is a concern.

Digital signatures provide authentication (proof of who signed) and integrity (proof the data wasn't modified). They do not provide confidentiality — use encryption for that.

# Examples

```cfml
// Digital signatures prove that data came from the key holder and hasn't been tampered with
// Sign with the private key, verify with the public key

// RSA signature
keyPair = GenerateKeyPair( "RSA-2048" );
signature = GenerateSignature( "Data to sign", keyPair.private );
isValid = VerifySignature( "Data to sign", signature, keyPair.public ); // true

// EC signature (smaller and faster than RSA)
keyPair = GenerateKeyPair( "P-256" );
signature = GenerateSignature( "Data to sign", keyPair.private );
isValid = VerifySignature( "Data to sign", signature, keyPair.public ); // true

// Ed25519 signature (modern, fast, compact)
keyPair = GenerateKeyPair( "Ed25519" );
signature = GenerateSignature( "Data to sign", keyPair.private );
isValid = VerifySignature( "Data to sign", signature, keyPair.public ); // true

// Post-quantum signatures with Dilithium (quantum-computer resistant)
// Available variants: Dilithium2, Dilithium3, Dilithium5
keyPair = GenerateKeyPair( "Dilithium3" );
signature = GenerateSignature( "Quantum-safe data", keyPair.private );
isValid = VerifySignature( "Quantum-safe data", signature, keyPair.public ); // true
```







# Categories

[Cryptography](../../categories/crypto.md)

# See Also

[GenerateKeyPair()](generatekeypair.md), [VerifySignature()](verifysignature.md)