JWT Token Generation Using ECDSA Algorithm

Introduction

Elliptic curve based JSON Web Signatures (JWS) provide integrity, authenticity and non-reputation to JSON Web Tokens (JWT).

The EC keys should be of sufficient length to match the required level of security. Note that while EC signatures are shorter than an RSA signature of equivalent strength, they may take more CPU time to verify.

We are Using Nimbus JOSE+JWT and JJWT library which supports all standard EC digital signature algorithms:

The example uses the key ID ("kid") parameter of the JWS header to indicate the signing key and simplify key roll-over. The exact method by which the recipient establishes the public EC key candidate(s) to check the signature must be specified by the application's security protocol.

The JWT includes a set of claims or assertions, packaged in a JSON object. The claims, which treatment is application specific, must therefore be subsequently checked by your application code. "kty": "EC", "d": "w3pw3qD59SNcXvsp6aIg6qRkWWBZd--jZ1lYnlr_3DSFJT1zYAtJL_M62a051-OW", "crv": "P-384", "x": "0H9XpQcS5NWaxkgTdnNaWSgMp_NFYTYGCPMYsasHvyN1CRa9Tj1deD_ORA75I_5K", "y": "x_xCR-W5rd6nwtUgDrGWClfpUrtNZmEHaasgL2skMVOCUxG9ABjN9-vOrV0N226U"

ES256 "keys": [{ "kty": "EC", "d": "l8JrXagEZUbRd908vDnTjKPdYPrr3V8ZQ8EtzieUxt8", "crv": "P-256", "x": "6PzW5LsKpsgbq568WqKmQ6bthPknDBZG7SinCv-Ic44", "y": "Ac3ZZAhAr8z0Bl_6C2pNh7Vg6Tc3OfeYsdIefBTClH8"

ES512 "keys": [{ "kty": "EC", "d": "AV_MObVspsAewu0Ur8aWpjdOMOkP5Es-DSGly5HRSLg7vPnWOhmLNQIOAYIRM-tT3wZWGeDjZQb6PkFkUhSachR3", "crv": "P-521", "x": "AJOrCxwYoUJMVueAE1S3JQP4GRm7euFHGwUWWmdBHHTXuWo9H8mo3ypRQfRlL4ans2UmrnrX2d6fLa45oiIspPDH", "y": "AV9BpqlOej4-MnkeRjJwAhhr7_UESJbiwe8fXOwptxQRkpxmlYO--HwAkS3Q2rZ6Ad5kvxcDnvvXOUvzDHYv4Rjf"

ES384

ES256

ES512