Library produces (and incorrectly validates) invalid ECDSA signatures

[jefferai]

When signing and verifying with ECDSA, this library will take the resulting R and S values and asn1.Marshal them. While the correct behavior for general ECDSA signing (for instance, this is how openssl does it in the general case), for JWS it's actually invalid. See https://tools.ietf.org/html/rfc7515#page-45

The result is that signatures produced on JWTs via this library cannot be validated elsewhere, and signatures produced elsewhere cannot be validated here.

For an example of how other libraries do it, see https://github.com/square/go-jose/blob/16bf7df8a3277fab10a591bc75b9fa0d24e7dab6/asymmetric.go#L511