Abusing JWT public keys without the public key

This blog post is dedicated to those to brave souls that dare to roll their own crypto  The RSA Textbook of Horrors This story begins with an old project of ours, where we were tasked to verify (among other things) how a business application handles digital signatures of transactions, to comply with four-eyes principles and … Continued