From e07c0f6d07aa4824a67dbae4fd63cbd26d77f2c5 Mon Sep 17 00:00:00 2001
From: Mane <mane@manesec.com>
Date: Thu, 28 Mar 2024 16:12:09 +0800
Subject: [PATCH] Update hacking-jwt-json-web-tokens.md

Reference https://asecuritysite.com/encryption/ecd5
---
 pentesting-web/hacking-jwt-json-web-tokens.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pentesting-web/hacking-jwt-json-web-tokens.md b/pentesting-web/hacking-jwt-json-web-tokens.md
index 7f023b24d..2616a889e 100644
--- a/pentesting-web/hacking-jwt-json-web-tokens.md
+++ b/pentesting-web/hacking-jwt-json-web-tokens.md
@@ -246,6 +246,12 @@ console.log('Parameter e: ', publicComponents.e.toString(16));
 
 Finally, using the public and private key and the new "n" and "e" values you can use [jwt.io](https://jwt.io) to forge a new valid JWT with any information.
 
+### ES256: Revealing the private key with same nonce 
+
+If some applications use ES256 and use the same nonce to generate two jwts, the private key can be restored.
+
+Here is a example: [ECDSA: Revealing the private key, if same nonce used (with SECP256k1)](https://asecuritysite.com/encryption/ecd5)
+
 ### JTI (JWT ID)
 
 The JTI (JWT ID) claim provides a unique identifier for a JWT Token. It can be used to prevent the token from being replayed.\