diff --git a/data/types.go b/data/types.go
index ff231e80..b76f3807 100644
--- a/data/types.go
+++ b/data/types.go
@@ -14,11 +14,13 @@ import (
 )
 
 const (
-	KeyIDLength              = sha256.Size * 2
-	KeyTypeEd25519           = "ed25519"
-	KeyTypeECDSA_SHA2_P256   = "ecdsa-sha2-nistp256"
-	KeySchemeEd25519         = "ed25519"
-	KeySchemeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256"
+	KeyIDLength                = sha256.Size * 2
+	KeyTypeRSASSA_PSS_SHA256   = "rsassa-pss-sha256"
+	KeyTypeEd25519             = "ed25519"
+	KeyTypeECDSA_SHA2_P256     = "ecdsa-sha2-nistp256"
+	KeySchemeRSASSA_PSS_SHA256 = "rsassa-pss-sha256"
+	KeySchemeEd25519           = "ed25519"
+	KeySchemeECDSA_SHA2_P256   = "ecdsa-sha2-nistp256"
 )
 
 var (
diff --git a/verify/verifiers.go b/verify/verifiers.go
index 8a80aa27..5dfeb470 100644
--- a/verify/verifiers.go
+++ b/verify/verifiers.go
@@ -1,9 +1,12 @@
 package verify
 
 import (
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/rsa"
 	"crypto/sha256"
+	"crypto/x509"
 	"encoding/asn1"
 	"math/big"
 
@@ -25,8 +28,9 @@ type Verifier interface {
 
 // Verifiers is used to map key types to Verifier instances.
 var Verifiers = map[string]Verifier{
-	data.KeySchemeEd25519:         ed25519Verifier{},
-	data.KeySchemeECDSA_SHA2_P256: p256Verifier{},
+	data.KeySchemeEd25519:           ed25519Verifier{},
+	data.KeySchemeECDSA_SHA2_P256:   p256Verifier{},
+	data.KeySchemeRSASSA_PSS_SHA256: rsaVerifier{},
 }
 
 type ed25519Verifier struct{}
@@ -73,3 +77,35 @@ func (p256Verifier) ValidKey(k []byte) bool {
 	x, _ := elliptic.Unmarshal(elliptic.P256(), k)
 	return x != nil
 }
+
+type rsaVerifier struct{}
+
+func (v rsaVerifier) Verify(key, msg, sig []byte) error {
+	digest := sha256.Sum256(msg)
+	pub, err := x509.ParsePKIXPublicKey(key)
+	if err != nil {
+		return ErrInvalid
+	}
+
+	rsaPub, ok := pub.(*rsa.PublicKey)
+	if !ok {
+		return ErrInvalid
+	}
+
+	if err = rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, digest[:], sig); err != nil {
+		return ErrInvalid
+	}
+	return nil
+}
+
+func (rsaVerifier) ValidKey(k []byte) bool {
+	pub, err := x509.ParsePKIXPublicKey(k)
+	if err != nil {
+		return false
+	}
+
+	if _, ok := pub.(*rsa.PublicKey); !ok {
+		return false
+	}
+	return true
+}