Does this skill support both ECC and RSA algorithms?

Yes, it dynamically reads the algorithm from the JWKS metadata, providing full support for both ES256 (ECC P-256) and RS256 (RSA) signatures.

How does it handle certificate discovery and validation?

It follows a strict priority order: first checking the thumbprint cache (x5t#S256), then searching for embedded chains (x5c), and finally fetching via JWKS URLs (jku).

What are the specific freshness requirements for X9.150 JWS?

The skill enforces that the 'iat' (issued at) time is not in the future (allowing 60s skew) and not older than 8 minutes, while also validating the 'ttl' (milliseconds) field.

How is non-repudiation managed in this implementation?

It validates that the correlationId in the response header matches the original request's correlationId, protecting against replay and MITM attacks.

X9.150 JWS Security Implementation

Name: X9.150 JWS Security Implementation
Author: carlosnetto

bycarlosnetto

0•

Security & Testing

Implements and validates JWS security layers for X9.150 payment standards using expert signing and verification patterns.

This skill serves as an expert guide for developers implementing the JSON Web Signature (JWS) security layer required by the X9.150 standard. It provides deep technical insights into protected header construction, algorithm selection between ECC and RSA, and complex certificate discovery workflows involving thumbprint caching and JWKS fetching. By referencing canonical Python implementations, it helps developers ensure payment request freshness, enforce critical headers, and maintain non-repudiation through correlation ID management, making it essential for building secure financial message exchange systems.

Key Features

01Automated JWS header construction including iat, ttl, and correlationId fields

02Non-repudiation enforcement via correlation ID request/response mapping

03Algorithm-agnostic support for both ECC (ES256) and RSA (RS256) signatures

04Strict freshness validation and clock-skew management (8-minute threshold)

05Multi-tier certificate discovery (Thumbprint, Embedded Chain, or JWKS URL)

060 GitHub stars

Use Cases

01Implementing secure payment request and response cycles for financial APIs

02Debugging and testing signature verification failures in X9.150 compliant systems

03Automating certificate caching and validation logic for high-performance security layers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add carlosnetto/x9.150-py x9-jws

For use in Claude.ai and ChatGPT