diff --git a/Cargo.lock b/Cargo.lock
index c6665beed..865fcdbbf 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1108,7 +1108,7 @@ version = "1.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "91cff35c70bba8a626e3185d8cd48cc11b5437e1a5bcd15b9b5fa3c64b6dfee7"
 dependencies = [
- "signature",
+ "signature 1.6.4",
 ]
 
 [[package]]
@@ -2716,9 +2716,9 @@ dependencies = [
 
 [[package]]
 name = "rsa"
-version = "0.7.2"
+version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
+checksum = "b5f00ae0c56ed2d34b86fc8f1c02e809dd455382de72e1dd08f7d1ced356bf59"
 dependencies = [
  "byteorder",
  "digest 0.10.6",
@@ -2729,8 +2729,7 @@ dependencies = [
  "pkcs1",
  "pkcs8",
  "rand_core 0.6.4",
- "signature",
- "smallvec",
+ "signature 2.0.0",
  "subtle",
  "zeroize",
 ]
@@ -3115,6 +3114,12 @@ name = "signature"
 version = "1.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
+
+[[package]]
+name = "signature"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d"
 dependencies = [
  "digest 0.10.6",
  "rand_core 0.6.4",
@@ -3549,7 +3554,7 @@ dependencies = [
  "generic-array",
  "getrandom 0.2.8",
  "hex-literal",
- "signature",
+ "signature 1.6.4",
  "thiserror",
  "tor-error",
  "tor-llcrypto",
@@ -3590,7 +3595,7 @@ dependencies = [
  "hex-literal",
  "humantime 2.1.0",
  "rand 0.8.5",
- "signature",
+ "signature 1.6.4",
  "thiserror",
  "tor-bytes",
  "tor-checkable",
@@ -3636,7 +3641,7 @@ name = "tor-checkable"
 version = "0.4.0"
 dependencies = [
  "humantime 2.1.0",
- "signature",
+ "signature 1.6.4",
  "thiserror",
  "tor-llcrypto",
 ]
@@ -3788,7 +3793,7 @@ dependencies = [
  "safelog",
  "scopeguard",
  "serde",
- "signature",
+ "signature 1.6.4",
  "strum",
  "tempfile",
  "thiserror",
@@ -3939,7 +3944,7 @@ dependencies = [
  "sha1",
  "sha2 0.10.6",
  "sha3",
- "signature",
+ "signature 1.6.4",
  "simple_asn1",
  "subtle",
  "thiserror",
@@ -3963,7 +3968,7 @@ dependencies = [
  "rand 0.8.5",
  "rand_chacha 0.3.1",
  "serde",
- "signature",
+ "signature 1.6.4",
  "static_assertions",
  "strum",
  "thiserror",
@@ -3999,7 +4004,7 @@ dependencies = [
  "serde",
  "serde_json",
  "serde_with",
- "signature",
+ "signature 1.6.4",
  "thiserror",
  "time",
  "tinystr",
@@ -4316,9 +4321,9 @@ checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642"
 
 [[package]]
 name = "typenum"
-version = "1.15.0"
+version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987"
+checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
 
 [[package]]
 name = "unicode-bidi"
@@ -4806,9 +4811,9 @@ dependencies = [
 
 [[package]]
 name = "zeroize_derive"
-version = "1.3.2"
+version = "1.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f8f187641dad4f680d25c4bfc4225b418165984179f26ca76ec4fb6441d3a17"
+checksum = "44bf07cb3e50ea2003396695d58bf46bc9887a1f362260446fad6bc4e79bd36c"
 dependencies = [
  "proc-macro2",
  "quote",
diff --git a/crates/tor-llcrypto/Cargo.toml b/crates/tor-llcrypto/Cargo.toml
index adc2dcb44..897221c0e 100644
--- a/crates/tor-llcrypto/Cargo.toml
+++ b/crates/tor-llcrypto/Cargo.toml
@@ -37,7 +37,7 @@ hex = "0.4"
 old_rand_core = { package = "rand_core", version = "0.5.1" }
 openssl = { version = "0.10.30", optional = true }
 rand_core = "0.6.2"
-rsa = "0.7.1"
+rsa = "0.8.0"
 safelog = { version = "0.2.0", path = "../safelog" }
 serde = "1.0.103"
 sha1 = "0.10.0"
diff --git a/crates/tor-llcrypto/src/pk/rsa.rs b/crates/tor-llcrypto/src/pk/rsa.rs
index 62958e6f4..ac61e575a 100644
--- a/crates/tor-llcrypto/src/pk/rsa.rs
+++ b/crates/tor-llcrypto/src/pk/rsa.rs
@@ -232,7 +232,7 @@ impl PublicKey {
     /// omitted.
     pub fn verify(&self, hashed: &[u8], sig: &[u8]) -> Result<(), signature::Error> {
         use rsa::PublicKey;
-        let padding = rsa::PaddingScheme::new_pkcs1v15_sign_raw();
+        let padding = rsa::pkcs1v15::Pkcs1v15Sign::new_raw();
         self.0
             .verify(padding, hashed, sig)
             .map_err(|_| signature::Error::new())