Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. (#645)

* Add private key support for ECAlgorithm verify.

* Update CHANGELOG.

3 files changed, 10 insertions, 0 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index e67381f..9fb832f 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -18,6 +18,7 @@ Fixed
 - Remove padding from JWK test data. `#628 <https://github.com/jpadilla/pyjwt/pull/628>`__
 - Make `kty` mandatory in JWK to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
 - Allow JWK without `alg` to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
+- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#645 <https://github.com/jpadilla/pyjwt/pull/645>`__
 
 Added
 ~~~~~
diff --git a/jwt/algorithms.py b/jwt/algorithms.py
index 50719be..bed4033 100644
--- a/jwt/algorithms.py
+++ b/jwt/algorithms.py
@@ -427,6 +427,8 @@ if has_crypto:
                 return False
 
             try:
+                if isinstance(key, EllipticCurvePrivateKey):
+                    key = key.public_key()
                 key.verify(der_sig, msg, ec.ECDSA(self.hash_alg()))
                 return True
             except InvalidSignature:
diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py
index 2144d48..982a145 100644
--- a/tests/test_algorithms.py
+++ b/tests/test_algorithms.py
@@ -658,6 +658,13 @@ class TestAlgorithmsRFC7520:
         result = algo.verify(signing_input, key, signature)
         assert result
 
+        # private key can also be used.
+        with open(key_path("jwk_ec_key_P-521.json")) as keyfile:
+            private_key = algo.from_jwk(keyfile.read())
+
+        result = algo.verify(signing_input, private_key, signature)
+        assert result
+
 
 @crypto_required
 class TestEd25519Algorithms: