Overview#ES256 (SHA256withECDSA 1.2.840.10045.4.3.2) is an Asymmetric Key Cryptography algorithm Elliptic Curve Digital Signature Algorithm using P-256 and SHA-256
RFC 7518 defines the use of ECDSA with the P-256 curve and the SHA-256 Cryptographic Hash Function, ECDSA with the P-384 curve and the SHA-384 Cryptographic Hash Function, and ECDSA with the P-521 curve and the SHA-512 Cryptographic Hash Function. The ECDSA P-256 SHA-256 digital signature is generated as follows:
- Generate a Digital Signature of the JSON Web Signature (JWS) Signing Input using ECDSA P-256 SHA-256 with the desired Private Key. The output will be the pair (R, S), where R and S are 256-bit unsigned integers.
- Turn R and S into octet sequences in Big-Endian order, with each array being be 32 Octet long. The octet sequence representations MUST NOT be shortened to omit any leading zero octets contained in the values.
- Concatenate the two octet sequences in the order R and then S. (Note that many ECDSA implementations will directly produce this concatenation as their output.)
- The resulting 64-octet sequence is the JWS Signature value.