As has been noted in the @web5/crypto package, support for low-s signatures is not guaranteed by major KMS providers. I have personally run into this issue when using Azure keys for signing. Requesting that the lowS flag be set to false by default for verification of secp256k1 signatures, as it is in @web5/crypto package.
jfyi, if you are not sure which type of signature you are being handed, and you require lower s, you can always normalize to lower s before calling verify.
As has been noted in the @web5/crypto package, support for low-s signatures is not guaranteed by major KMS providers. I have personally run into this issue when using Azure keys for signing. Requesting that the
lowS
flag be set tofalse
by default for verification of secp256k1 signatures, as it is in @web5/crypto package.