{"id":21239253,"url":"https://github.com/tinacious/poc-jwt-ecdsa","last_synced_at":"2025-10-10T13:08:07.787Z","repository":{"id":39340737,"uuid":"196664762","full_name":"tinacious/poc-jwt-ecdsa","owner":"tinacious","description":"🔐 Proof of concept of asymmetrical signing using the ECDSA algorithm for JWT tokens","archived":false,"fork":false,"pushed_at":"2022-12-22T12:50:55.000Z","size":1084,"stargazers_count":2,"open_issues_count":42,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-10-10T13:08:07.443Z","etag":null,"topics":["ecdsa","jwt","security"],"latest_commit_sha":null,"homepage":"https://jwt-ecdsa-poc.herokuapp.com","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tinacious.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-07-13T01:27:57.000Z","updated_at":"2023-10-27T10:15:37.000Z","dependencies_parsed_at":"2023-01-30T09:15:22.087Z","dependency_job_id":null,"html_url":"https://github.com/tinacious/poc-jwt-ecdsa","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/tinacious/poc-jwt-ecdsa","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinacious%2Fpoc-jwt-ecdsa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinacious%2Fpoc-jwt-ecdsa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinacious%2Fpoc-jwt-ecdsa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinacious%2Fpoc-jwt-ecdsa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tinacious","download_url":"https://codeload.github.com/tinacious/poc-jwt-ecdsa/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tinacious%2Fpoc-jwt-ecdsa/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279004008,"owners_count":26083662,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ecdsa","jwt","security"],"created_at":"2024-11-21T00:42:37.354Z","updated_at":"2025-10-10T13:08:07.768Z","avatar_url":"https://github.com/tinacious.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JWT using ECDSA\n\nProof of concept script to demonstrate asymmetric signing using Elliptic Curve Digital Signature Algorithm (ECDSA).\n\nCheck out the [working demo](https://jwt-ecdsa-poc.herokuapp.com/)! 👯\n\n\n## Overview\n\n1. Generate a private-public key pair signed using elliptic curve cryptography (ECC) algorithm ECDSA\n2. Use the private key on the back-end to sign your token\n3. Use the public key on the front-end to verify your token and read the data\n\n\n## Generating keys\n\nRun the following commands in a Unix shell to generate your private and public key pairs:\n\n    openssl ecparam -name prime256v1 -genkey -out keys/private.key\n    openssl ec -in keys/private.key -pubout -out keys/public.key\n\nThese commands are also in the executable file named `./generate_keys.sh`.\n\nThe keys will be generated in the `./keys` directory.\n\n![](screenshot-output.png)\n\n\n## Usage\n\nRun the script which will output information into the console (`node index.js`):\n\n    yarn example\n\nThis should print output in the console with your asymmetrically signed JWT and public key.\n\nTo see how it works, check out this file `./index.js`.\n\n\n## Development\n\nThere are a few parts to this project:\n\n- `index.js` will have the entire process outlined in a simplified way\n- `demo`\n    - `./server` has the server-side implementation\n    - `./client` has the client-side implementation. The client app is a nested repository (Vue.js app)\n\n\n## Deployment\n\nDeployed to Heroku:\n\n    git push heroku master\n\n\n## Further reading\n\n- [ECDSA: The digital signature algorithm of a better internet](https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/) by Cloudflare\n- [Seriously, stop using RSA](https://blog.trailofbits.com/2019/07/08/fuck-rsa/) by Trail of Bits\n- [Bitcoin uses ECDSA](https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm) to ensure funds can only be spent by their rightful owner\n- [Comparing ECDSA vs. RSA](https://www.ssl.com/article/comparing-ecdsa-vs-rsa/) by SSL.com\n- [Elliptic Curve Digital Signature Algorithm](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) on Wikipedia\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinacious%2Fpoc-jwt-ecdsa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftinacious%2Fpoc-jwt-ecdsa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinacious%2Fpoc-jwt-ecdsa/lists"}