diff --git a/acme_common/src/crypto/openssl_keys.rs b/acme_common/src/crypto/openssl_keys.rs
index d70eba4..2194c67 100644
--- a/acme_common/src/crypto/openssl_keys.rs
+++ b/acme_common/src/crypto/openssl_keys.rs
@@ -67,23 +67,33 @@ impl KeyPair {
     pub fn sign(&self, data: &[u8]) -> Result<Vec<u8>, Error> {
         match self.key_type {
             KeyType::Curve25519 => Err("Curve25519 signatures are not implemented yet".into()),
-            KeyType::EcdsaP256 | KeyType::EcdsaP384 => {
-                let signature = EcdsaSig::sign(data, self.inner_key.ec_key()?.as_ref())?;
-                let r = signature.r().to_vec();
-                let mut s = signature.s().to_vec();
-                let mut signature = r;
-                signature.append(&mut s);
-                Ok(signature)
-            }
-            KeyType::Rsa2048 | KeyType::Rsa4096 => {
-                let mut signer = Signer::new(MessageDigest::sha256(), &self.inner_key)?;
-                signer.update(data)?;
-                let signature = signer.sign_to_vec()?;
-                Ok(signature)
-            }
+            KeyType::EcdsaP256 => self.sign_ecdsa(&crate::crypto::sha256, data),
+            KeyType::EcdsaP384 => self.sign_ecdsa(&crate::crypto::sha384, data),
+            KeyType::Rsa2048 | KeyType::Rsa4096 => self.sign_rsa(&MessageDigest::sha256(), data),
         }
     }
 
+    fn sign_rsa(&self, hash_func: &MessageDigest, data: &[u8]) -> Result<Vec<u8>, Error> {
+        let mut signer = Signer::new(*hash_func, &self.inner_key)?;
+        signer.update(data)?;
+        let signature = signer.sign_to_vec()?;
+        Ok(signature)
+    }
+
+    fn sign_ecdsa(
+        &self,
+        hash_func: &dyn Fn(&[u8]) -> Vec<u8>,
+        data: &[u8],
+    ) -> Result<Vec<u8>, Error> {
+        let fingerprint = hash_func(data);
+        let signature = EcdsaSig::sign(&fingerprint, self.inner_key.ec_key()?.as_ref())?;
+        let r = signature.r().to_vec();
+        let mut s = signature.s().to_vec();
+        let mut signature = r;
+        signature.append(&mut s);
+        Ok(signature)
+    }
+
     pub fn jwk_public_key(&self) -> Result<Value, Error> {
         self.get_jwk_public_key(false)
     }
diff --git a/acmed/src/jws.rs b/acmed/src/jws.rs
index 1129486..8b4ef5b 100644
--- a/acmed/src/jws.rs
+++ b/acmed/src/jws.rs
@@ -1,6 +1,6 @@
 use crate::jws::algorithms::SignatureAlgorithm;
 use acme_common::b64_encode;
-use acme_common::crypto::{sha256, sha384, KeyPair, KeyType};
+use acme_common::crypto::KeyPair;
 use acme_common::error::Error;
 use serde::Serialize;
 use serde_json::value::Value;
@@ -34,13 +34,7 @@ fn get_data(key_pair: &KeyPair, protected: &str, payload: &[u8]) -> Result<Strin
     let protected = b64_encode(protected);
     let payload = b64_encode(payload);
     let signing_input = format!("{}.{}", protected, payload);
-    let hash_func = match key_pair.key_type {
-        KeyType::EcdsaP256 => sha256,
-        KeyType::EcdsaP384 => sha384,
-        KeyType::Rsa2048 | KeyType::Rsa4096 | KeyType::Curve25519 => |d: &[u8]| d.to_vec(),
-    };
-    let fingerprint = hash_func(signing_input.as_bytes());
-    let signature = key_pair.sign(&fingerprint)?;
+    let signature = key_pair.sign(signing_input.as_bytes())?;
     let signature = b64_encode(&signature);
     let data = JwsData {
         protected,