Signature verification for Elliptic Curve


Receiving a JWT, I try to implement Signature validation for ES256, ES384 and ES512. I did it successfully for RSA types based on public certificate sent as content in JWT. I try to do the same for ES algorithm, but It don’t work. Must I have other input parameters such couple (x,y) to do this validation ? I don’t think so, but …

I use io.jsonwebtoken Java library.

I don’t know how the debugger do it and need to have same behavior.

Can somebody have tips, or sample java code ?

Thanks for your help

Hi all,

In fact I produced Token signed with ES256, ES384 or ES512 containing public certificate in x5c key, but cannot understand how site validate (or not) such token …

I tried several methods with no success.

Can somebody help me ?
Thanks for your support

Current Validation Java code is (using

// send algorithm name
Signature signature = Signature.getInstance(algo.getJcaName());
// contains public X.509 certificate
// contains parts from token
// verification with signed part from token converted in Der format
verifiedToken = signature.verify(toDerSignature(signPart));
// >>> return true in all cases … :frowning:

private static byte[] toDerSignature(byte[] jwsSig) throws IOException {

    byte[] rBytes = Arrays.copyOfRange(jwsSig, 0, jwsSig.length/2);
    byte[] sBytes = Arrays.copyOfRange(jwsSig, jwsSig.length/2, jwsSig.length);

    BigInteger r = new BigInteger(1, rBytes);
    BigInteger s = new BigInteger(1, sBytes);

    DERSequence sequence = new DERSequence(new ASN1Encodable[]{
        new ASN1Integer(r),
        new ASN1Integer(s)
    return sequence.getEncoded();