diff --git a/package-lock.json b/package-lock.json
index f8a9df63f..6299abc20 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,10 +25,13 @@
       }
     },
     "asn1": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y=",
-      "dev": true
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "dev": true,
+      "requires": {
+        "safer-buffer": "2.1.2"
+      }
     },
     "assert-plus": {
       "version": "1.0.0",
@@ -590,15 +593,6 @@
         "brace-expansion": "1.1.11"
       }
     },
-    "node-rsa": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-0.4.2.tgz",
-      "integrity": "sha1-1jkXKewWqDDtWjgEKzFX0tXXJTA=",
-      "dev": true,
-      "requires": {
-        "asn1": "0.2.3"
-      }
-    },
     "oauth-sign": {
       "version": "0.9.0",
       "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
@@ -755,7 +749,7 @@
       "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==",
       "dev": true,
       "requires": {
-        "asn1": "0.2.3",
+        "asn1": "0.2.4",
         "assert-plus": "1.0.0",
         "bcrypt-pbkdf": "1.0.2",
         "dashdash": "1.14.1",
diff --git a/package.json b/package.json
index d0793b63d..87076441e 100644
--- a/package.json
+++ b/package.json
@@ -91,7 +91,6 @@
     "lodash.template": "^4.4.0",
     "markdown-it": "^8.4.2",
     "markdown-it-anchor": "^4.0.0",
-    "node-rsa": "^0.4.2",
     "request": "^2.88.0",
     "webstore-upload": "0.0.7"
   },
diff --git a/tools/sign.js b/tools/sign.js
deleted file mode 100644
index 8c09ed986..000000000
--- a/tools/sign.js
+++ /dev/null
@@ -1,24 +0,0 @@
-var fs = require('fs');
-var crypto = require('crypto');
-var RSA = require('node-rsa');
-
-var pkg = JSON.parse(fs.readFileSync('package.json', 'utf8'));
-var channel = process.argv[2] || '';
-
-var privateKey = fs.readFileSync(`../${pkg.meta.path}.keys/${pkg.name}.pem`);
-var archive = fs.readFileSync(`testbuilds/${pkg.name}${channel}.crx.zip`);
-
-// https://developer.chrome.com/extensions/crx
-
-var publicKey = new RSA(privateKey).exportKey('pkcs8-public-der');
-var signature = crypto.createSign('sha1').update(archive).sign(privateKey);
-
-var header = Buffer.alloc(16);
-header.write('Cr24');
-header.writeInt32LE(2, 4);
-header.writeInt32LE(publicKey.length, 8);
-header.writeInt32LE(signature.length, 12);
-
-var crx = Buffer.concat([header, publicKey, signature, archive]);
-
-fs.writeFileSync(`testbuilds/${pkg.name}${channel}.crx`, crx);