JWK is not verified in debugger

Hi, I am quite new in this topic, so I just might miss a main thing that is easy to solve.
I generated a JWT, private_key.pem, public_key.pem and a JWKS.
I used the debugger on jwt.io to verify my components.

When I use Encoded JWT with private_key.pem and public_key.pem, signature is verified.
When I use Encoded JWT with private_key.pem and JWK, signature is NOT verified

My JWK contains the public_key.pem as x5c value. This might be the problem, but I am not sure about this. Here are the components I used in the debugger:

Encoded JWT:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJteV9qd3RfaWQiLCJpYXQiOjE2NjY3NzEyNDZ9.w31MBueBSGxkemCU5_lnPwvD-SFY-h0TW664hWvjN7Doho2fAK5Fs8QtjaPDvnNVosttT401G4ZRbbC9ReLJmDulIpp-b0oFj7TQAkU3O6YZyADJL0rW7FuFv3ZXkGwI1FRpH1rhi9TS1qO1wpoeIZeVxYEqrDHRt5AWKrQhrn6wcy__ZVr5HPjZDsdbA5QDXuZnBhNX4SzvSUFuM9qRFjS97WOs-9gfgS56b09EsWoX89Krq1FhN2HUOrB85i__K2QEAylJshEjzYaNyJb8wqMQPA3J9kaqsLLCnydIxhocgJcBYhr-CJQIoTggZdZNyJWIRcsruz5w8xb43FItDg

private_key.pem

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD1IwqVvaO59bOK
x0OzVIZoeUN03kFVbsaOngHwb7l7frG0zNKfaTVFcinx02tHL41YCrVXNCNBZsw2
Gg4TVTLgULSV996/mAp66uCq7DgO73VfEEtcyXShVDWiPk1lK4LvFFzHiFXNUIwR
Fb9UPBvGL5R4KvddcCMA5P1bENDbj7IfOvKsFZ2r2yF2fFmd7U2Ft8Cgj/3lLTuH
fo3n2uOywBJCkyfIu2YJ2BW6eA5ajM8Qv45GTlIINumr1TlO7Ts4bXWS/Y8sTp50
o2uwAyzVJ3vr6HoCbXrhCg/UOpXrIkQ4gEM8TaAber1ddIs6hDo5bWondeTXUwDG
wPCtJkxPAgMBAAECggEANViY1xlb5f4YQl022HHOhjHNgkNTyHnA8Axms6I8pSlf
Fs90DojgtOoxQpUVxXoNslkyOXX5LiRm0Gc/JOnnlnU5t2Ensl4t+a3fkpKxaF6o
FjX/kIOuw+UFfvc79IZRiiHORwXeVj3vHVC0QGqMSMbV8oi3KDhdBbbPg9/W89CW
k/wx3iOu+GJxf6JA5+Zj1WhDGdLPyFb3ob8h9bbzz8hNLSqS9f779NtsdLYTpXjo
PS7A0//7HHSLuKHpw4cyEFlLJrLEqPcdCH5hU43TQ7IGGH/okKLi7y63hCEsreqZ
8zUcvCgSlL2o2Y1FCs8VBcNDxGrDPVH907+dV1RkcQKBgQD8DNsJx8T8JMPHHC7A
RQI8+NI+4CORBfZBT+cSd+6VG9cIFjXmVzDBU/rMPoDR6MxhVZhf7QzOEeKY3m8v
sqV2FiLrG5SJg3/IjYZlkaGbE3KuPbGnc9yPjLlvNIT8yvxmO0Re2S28MLfjNfJx
L1i80XHIQyiRrEkKomcSX82RcwKBgQD4+nOfClc3cXRMkN/85OdDmm3O+FtO6Tef
xfSuy1fMgxd6ApTl0UlqKTiOX4YS/Qg7pkcPSDBoRptkxvqnnVcSEzBhCdicDC6d
nojw+ZlqGKHHyJmrvVplPj4yyrRmIOorJA7pNfv6O2MmtNe/XB8JJewrCLHZkyAp
qZ7P2oIytQKBgBUmEv74Fyw8/Xxoffe+EpkBG8sQzYsun+INDUt8arVyN5HDI1Sn
fjzKiiG3IOH8EaIdJ4LtBgUIdSX0jAnJiJ6m7tkhYE5FjWRLk7pUBOZZNGcwYAa3
7wrQeQK+umXntlPxpyP6Px8qS1OyRByBJ4X4YP63u+C1Pw+4XsOo7DvHAoGBALd/
dql3aJI/NtSbTcnINr23WkjY+AqvjcRelBgjW8EpuKq+rli2p6HrYXhk5J6oCGJW
CTc1ICAqMarTj7brGloC9HwAUrmnrM+UIR9hBfWQ0+M3cDKH6tCFUDgE93HxvkQv
XiH5HI3vKQNE82FglqsaXPXWgaV2bpTmI1rTk3OlAoGBAIjJt9yUou53LcEuLUkr
s+OeskK2EZbHC7r32GNKrUhcbcQkUJAeLhMfyMV8DdA1xntzle+eTEJ58ZovMMvG
3FYxTnM8idXWMHyFBAMNTj07eC+JHJl17XdEN4XvBiXgGSfY4pNL+LIWiyLepVbU
OFqSNolJg1PkiR3hulkeYMRV
-----END PRIVATE KEY-----

public_key.pem

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SG
aHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy
4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwb
xi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rj
ssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs
1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZM
TwIDAQAB
-----END PUBLIC KEY-----

JWK String:

    {
      "kty": "RSA",
      "use": "sig",
      "kid": "my_jwt_id",
      "x5c": [ 
       "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SGaHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwbxi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rjssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZMTwIDAQAB"
      ]
    }

I think I might be missing something between the relationship between private_key.pem and x5c

Hi @jlaudenbach,

Have you seen this FAQ on the subject?

A very important note at the bottom that might help clarify:

You’ll notice the x5c claim in the first key in the JWKS matches the body of the PEM certificate!

Hi @dan.woda,

thank you for your reply.
Yes i know the post you mentioned. Actually this was my blueprint for my own JWK.
And as in your post, I chose x5c exactly the same as the public_key.pem string.
I am still not sure, why it is not working, but I use now onlyn and e parameter for my JWK and this works fine.

Can you post an example of the public key you are trying to use?

You will find all above at the beginning of the Post: JWT, private.pem, public.pem and JWK String.
Maybe you have an idea, why public.pem is working but not JWK String.

Are you adding the header and footer to the x5c?

You mean -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- string?
No I haven’t add this to the x5c.

Yep, try adding those and see if it works correctly.

I tried

    {
      "kty": "RSA",
      "use": "sig",
      "kid": "my_jwt_id",
      "x5c": [ 
       "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SG
aHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy
4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwb
xi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rj
ssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs
1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZM
TwIDAQAB
-----END PUBLIC KEY-----"
      ]
    }

with no success.
This looks version looks quite strange for me

Try this:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SMKlb2jufWzisdDs1SG
aHlDdN5BVW7Gjp4B8G+5e36xtMzSn2k1RXIp8dNrRy+NWAq1VzQjQWbMNhoOE1Uy
4FC0lffev5gKeurgquw4Du91XxBLXMl0oVQ1oj5NZSuC7xRcx4hVzVCMERW/VDwb
xi+UeCr3XXAjAOT9WxDQ24+yHzryrBWdq9shdnxZne1NhbfAoI/95S07h36N59rj
ssASQpMnyLtmCdgVungOWozPEL+ORk5SCDbpq9U5Tu07OG11kv2PLE6edKNrsAMs
1Sd76+h6Am164QoP1DqV6yJEOIBDPE2gG3q9XXSLOoQ6OW1qJ3Xk11MAxsDwrSZM
TwIDAQAB
-----END PUBLIC KEY-----