These exceptions are pretty unlikely.

core/src/main/java/jenkins/security/RSADigitalSignatureConfidentialKey.java

 package jenkins.security;
 
-import hudson.remoting.Base64;
-
-import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;
 import java.security.Signature;
 import java.security.interfaces.RSAPrivateKey;
@@ -24,12 +22,18 @@ public class RSADigitalSignatureConfidentialKey extends RSAConfidentialKey {
     /**
      * Sign a message and base64 encode the signature.
      */
-    public String sign(String msg) throws GeneralSecurityException, IOException {
-        RSAPrivateKey key = getPrivateKey();
-        Signature sig = Signature.getInstance(SIGNING_ALGORITHM + "with" + key.getAlgorithm());
-        sig.initSign(key);
-        sig.update(msg.getBytes("UTF8"));
-        return Base64.encode(sig.sign());
+    public String sign(String msg) {
+        try {
+            RSAPrivateKey key = getPrivateKey();
+            Signature sig = Signature.getInstance(SIGNING_ALGORITHM + "with" + key.getAlgorithm());
+            sig.initSign(key);
+            sig.update(msg.getBytes("UTF-8"));
+            return hudson.remoting.Base64.encode(sig.sign());
+        } catch (GeneralSecurityException e) {
+            throw new SecurityException(e);
+        } catch (UnsupportedEncodingException e) {
+            throw new AssertionError(e);    // UTF-8 is mandatory
+        }
     }
 
     static final String SIGNING_ALGORITHM = "SHA256";