Currently, you can use the ES256 and RS256 algorithms to sign JSON web tokens (JWT). However, you can only use the ES256 signing algorithm with ECDSA P-256 keys using the secp256k1 curve. These keys use a SECG curve over a 256 bit prime field that is also known as Koblitz curve.


We don't support the use of the ES256 signing algorithm with ECDSA keys using the random curve, also known as secp256r1 or prime256v1, at this moment.

This procedure guides you through the processes of generating keys and signing and verifying your JWTs.


All openssl commands executed in this guide are run with the OpenSSL 3.0.7 version and this build number of macOS:

ProductName: macOS
ProductVersion: 12.6.2
BuildVersion: 18G95

To check the version and build number of your macOS, use the sw_vers command.