Signature is different at each run

[collimarco]

If I run the same program multiple times, with the exact same header and payload, I get different signatures at each run. Is that an expected behavior?

Take for example this code:

http://blog.pushpad.xyz/2017/02/push-api-from-scratch-how-to-generate-the-vapid-headers-with-ruby/#more-101

and use the same key pair, replace Time.now with a fixed time and also fix an endpoint.

If you run it multiple times the header.payload part is always the same, but not the signature.

[excpt]

When using keys to sign tokens the outcome on each run is and has to be different.

When looking at the ruby-jwt test suite you'll see we test the results against certificates because there is no way that we will get the exact same result twice when signing with elliptic curve keys.

It's the correct behaviour.

Why this is that way you have to dive deeper into encryption and elliptic curve algos.

The actual signing magic happens inside OpenSSL.

[collimarco]

Thank you! I've have noticed that while I was trying to write tests... now, at least I know that it's not a bug. Sorry for my lacking knowledge about elliptic curve algorithms.

[excpt]

No problem at all. That's what a community is for. Sharing knowledge. :)