ES256 is a JWT signing algorithm based on Elliptic Curve Cryptography (ECC).

Like RS256, it is an asymmetric algorithm that uses separate keys for signing and verification. However, instead of RSA, ES256 relies on elliptic curve mathematics, allowing it to provide equivalent security with significantly smaller keys and signatures.

Because of its efficiency, ES256 is widely used in mobile applications, cloud services, hardware security modules, and modern identity systems.


What Does ES256 Mean?

The name ES256 consists of two parts.

In practice:

ES256 = ECDSA + P-256 + SHA-256

Like RS256, ES256 uses two different keys.


Asymmetric Cryptography

ES256 follows the same signing model as RS256.

        Private Key
             │
          Sign JWT
             │
             ▼
     ─────────────────
             ▲
             │
        Verify JWT
             │
         Public Key

The private key signs.

The public key verifies.

The public key can safely be distributed to other services.


Why Elliptic Curves?