diff --git a/bindings/wasm/Cargo.toml b/bindings/wasm/Cargo.toml
index 1acaf0ce96..b3017d8dc8 100644
--- a/bindings/wasm/Cargo.toml
+++ b/bindings/wasm/Cargo.toml
@@ -20,6 +20,7 @@ async-trait = { version = "0.1", default-features = false }
 bls12_381_plus = "0.8.17"
 console_error_panic_hook = { version = "0.1" }
 futures = { version = "0.3" }
+identity_ecdsa_verifier = { path = "../../identity_ecdsa_verifier", default-features = false, features = ["es256", "es256k"] }
 identity_eddsa_verifier = { path = "../../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }
 js-sys = { version = "0.3.61" }
 json-proof-token = "0.3.4"
diff --git a/bindings/wasm/docs/api-reference.md b/bindings/wasm/docs/api-reference.md
index 6dd0837a69..25fdf6ba04 100644
--- a/bindings/wasm/docs/api-reference.md
+++ b/bindings/wasm/docs/api-reference.md
@@ -55,6 +55,10 @@ See: <a href="https://identity.foundation/.well-known/resources/did-configuratio
 <dt><a href="#Duration">Duration</a></dt>
 <dd><p>A span of time.</p>
 </dd>
+<dt><a href="#EcDSAJwsVerifier">EcDSAJwsVerifier</a></dt>
+<dd><p>An implementor of <code>IJwsVerifier</code> that can handle the
+<code>EcDSA</code> algorithm.</p>
+</dd>
 <dt><a href="#EdDSAJwsVerifier">EdDSAJwsVerifier</a></dt>
 <dd><p>An implementor of <code>IJwsVerifier</code> that can handle the
 <code>EdDSA</code> algorithm.</p>
@@ -255,8 +259,23 @@ working with storage backed DID documents.</p>
 ## Members
 
 <dl>
-<dt><a href="#PresentationProofAlgorithm">PresentationProofAlgorithm</a></dt>
-<dd></dd>
+<dt><a href="#StatusCheck">StatusCheck</a></dt>
+<dd><p>Controls validation behaviour when checking whether or not a credential has been revoked by its
+<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a>.</p>
+</dd>
+<dt><a href="#Strict">Strict</a></dt>
+<dd><p>Validate the status if supported, reject any unsupported
+<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
+<p>Only <code>RevocationBitmap2022</code> is currently supported.</p>
+<p>This is the default.</p>
+</dd>
+<dt><a href="#SkipUnsupported">SkipUnsupported</a></dt>
+<dd><p>Validate the status if supported, skip any unsupported
+<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
+</dd>
+<dt><a href="#SkipAll">SkipAll</a></dt>
+<dd><p>Skip all status checks.</p>
+</dd>
 <dt><a href="#SubjectHolderRelationship">SubjectHolderRelationship</a></dt>
 <dd><p>Declares how credential subjects must relate to the presentation holder.</p>
 <p>See also the <a href="https://www.w3.org/TR/vc-data-model/#subject-holder-relationships">Subject-Holder Relationship</a> section of the specification.</p>
@@ -271,9 +290,14 @@ This variant is the default.</p>
 <dt><a href="#Any">Any</a></dt>
 <dd><p>The holder is not required to have any kind of relationship to any credential subject.</p>
 </dd>
+<dt><a href="#PresentationProofAlgorithm">PresentationProofAlgorithm</a></dt>
+<dd></dd>
+<dt><a href="#StatusPurpose">StatusPurpose</a></dt>
+<dd><p>Purpose of a <a href="#StatusList2021">StatusList2021</a>.</p>
+</dd>
 <dt><a href="#ProofAlgorithm">ProofAlgorithm</a></dt>
 <dd></dd>
-<dt><a href="#StateMetadataEncoding">StateMetadataEncoding</a></dt>
+<dt><a href="#CredentialStatus">CredentialStatus</a></dt>
 <dd></dd>
 <dt><a href="#FailFast">FailFast</a></dt>
 <dd><p>Declares when validation should return if an error occurs.</p>
@@ -284,34 +308,14 @@ This variant is the default.</p>
 <dt><a href="#FirstError">FirstError</a></dt>
 <dd><p>Return after the first error occurs.</p>
 </dd>
-<dt><a href="#StatusCheck">StatusCheck</a></dt>
-<dd><p>Controls validation behaviour when checking whether or not a credential has been revoked by its
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a>.</p>
-</dd>
-<dt><a href="#Strict">Strict</a></dt>
-<dd><p>Validate the status if supported, reject any unsupported
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
-<p>Only <code>RevocationBitmap2022</code> is currently supported.</p>
-<p>This is the default.</p>
-</dd>
-<dt><a href="#SkipUnsupported">SkipUnsupported</a></dt>
-<dd><p>Validate the status if supported, skip any unsupported
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
-</dd>
-<dt><a href="#SkipAll">SkipAll</a></dt>
-<dd><p>Skip all status checks.</p>
-</dd>
+<dt><a href="#StateMetadataEncoding">StateMetadataEncoding</a></dt>
+<dd></dd>
 <dt><a href="#SerializationType">SerializationType</a></dt>
 <dd></dd>
 <dt><a href="#PayloadType">PayloadType</a></dt>
 <dd></dd>
-<dt><a href="#StatusPurpose">StatusPurpose</a></dt>
-<dd><p>Purpose of a <a href="#StatusList2021">StatusList2021</a>.</p>
-</dd>
 <dt><a href="#MethodRelationship">MethodRelationship</a></dt>
 <dd></dd>
-<dt><a href="#CredentialStatus">CredentialStatus</a></dt>
-<dd></dd>
 </dl>
 
 ## Functions
@@ -334,6 +338,12 @@ prior to calling the function.</p>
 <dt><a href="#start">start()</a></dt>
 <dd><p>Initializes the console error panic hook for better error messages</p>
 </dd>
+<dt><a href="#encodeB64">encodeB64(data)</a> ⇒ <code>string</code></dt>
+<dd><p>Encode the given bytes in url-safe base64.</p>
+</dd>
+<dt><a href="#decodeB64">decodeB64(data)</a> ⇒ <code>Uint8Array</code></dt>
+<dd><p>Decode the given url-safe base64-encoded slice into its raw bytes.</p>
+</dd>
 </dl>
 
 <a name="CoreDID"></a>
@@ -557,7 +567,7 @@ if the object is being concurrently modified.
         * [.resolveMethod(query, [scope])](#CoreDocument+resolveMethod) ⇒ [<code>VerificationMethod</code>](#VerificationMethod) \| <code>undefined</code>
         * [.attachMethodRelationship(didUrl, relationship)](#CoreDocument+attachMethodRelationship) ⇒ <code>boolean</code>
         * [.detachMethodRelationship(didUrl, relationship)](#CoreDocument+detachMethodRelationship) ⇒ <code>boolean</code>
-        * [.verifyJws(jws, options, signatureVerifier, [detachedPayload])](#CoreDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+        * [.verifyJws(jws, options, [signatureVerifier], [detachedPayload])](#CoreDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
         * [.revokeCredentials(serviceQuery, indices)](#CoreDocument+revokeCredentials)
         * [.unrevokeCredentials(serviceQuery, indices)](#CoreDocument+unrevokeCredentials)
         * [.clone()](#CoreDocument+clone) ⇒ [<code>CoreDocument</code>](#CoreDocument)
@@ -832,7 +842,7 @@ Detaches the given relationship from the given method, if the method exists.
 
 <a name="CoreDocument+verifyJws"></a>
 
-### coreDocument.verifyJws(jws, options, signatureVerifier, [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+### coreDocument.verifyJws(jws, options, [signatureVerifier], [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
 Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
 verifying EdDSA signatures.
@@ -849,7 +859,7 @@ or set explicitly in the `options`.
 | --- | --- |
 | jws | [<code>Jws</code>](#Jws) | 
 | options | [<code>JwsVerificationOptions</code>](#JwsVerificationOptions) | 
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 | [detachedPayload] | <code>string</code> \| <code>undefined</code> | 
 
 <a name="CoreDocument+revokeCredentials"></a>
@@ -2034,6 +2044,43 @@ Deserializes an instance from a JSON object.
 | --- | --- |
 | json | <code>any</code> | 
 
+<a name="EcDSAJwsVerifier"></a>
+
+## EcDSAJwsVerifier
+An implementor of `IJwsVerifier` that can handle the
+`EcDSA` algorithm.
+
+**Kind**: global class  
+
+* [EcDSAJwsVerifier](#EcDSAJwsVerifier)
+    * [new EcDSAJwsVerifier()](#new_EcDSAJwsVerifier_new)
+    * [.verify(alg, signingInput, decodedSignature, publicKey)](#EcDSAJwsVerifier+verify)
+
+<a name="new_EcDSAJwsVerifier_new"></a>
+
+### new EcDSAJwsVerifier()
+Constructs an EcDSAJwsVerifier.
+
+<a name="EcDSAJwsVerifier+verify"></a>
+
+### ecDSAJwsVerifier.verify(alg, signingInput, decodedSignature, publicKey)
+Verify a JWS signature secured with the `EcDSA` algorithm.
+Only the `ES256` and `ES256K` curves are supported for now.
+
+# Warning
+
+This function does not check the `alg` property in the protected header. Callers are expected to assert this
+prior to calling the function.
+
+**Kind**: instance method of [<code>EcDSAJwsVerifier</code>](#EcDSAJwsVerifier)  
+
+| Param | Type |
+| --- | --- |
+| alg | <code>JwsAlgorithm</code> | 
+| signingInput | <code>Uint8Array</code> | 
+| decodedSignature | <code>Uint8Array</code> | 
+| publicKey | [<code>Jwk</code>](#Jwk) | 
+
 <a name="EdDSAJwsVerifier"></a>
 
 ## EdDSAJwsVerifier
@@ -2315,7 +2362,7 @@ if the object is being concurrently modified.
         * [.resolveMethod(query, [scope])](#IotaDocument+resolveMethod) ⇒ [<code>VerificationMethod</code>](#VerificationMethod) \| <code>undefined</code>
         * [.attachMethodRelationship(didUrl, relationship)](#IotaDocument+attachMethodRelationship) ⇒ <code>boolean</code>
         * [.detachMethodRelationship(didUrl, relationship)](#IotaDocument+detachMethodRelationship) ⇒ <code>boolean</code>
-        * [.verifyJws(jws, options, signatureVerifier, [detachedPayload])](#IotaDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+        * [.verifyJws(jws, options, [signatureVerifier], [detachedPayload])](#IotaDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
         * [.pack()](#IotaDocument+pack) ⇒ <code>Uint8Array</code>
         * [.packWithEncoding(encoding)](#IotaDocument+packWithEncoding) ⇒ <code>Uint8Array</code>
         * [.metadata()](#IotaDocument+metadata) ⇒ [<code>IotaDocumentMetadata</code>](#IotaDocumentMetadata)
@@ -2556,7 +2603,7 @@ Detaches the given relationship from the given method, if the method exists.
 
 <a name="IotaDocument+verifyJws"></a>
 
-### iotaDocument.verifyJws(jws, options, signatureVerifier, [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+### iotaDocument.verifyJws(jws, options, [signatureVerifier], [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
 Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
 verifying EdDSA signatures.
@@ -2572,7 +2619,7 @@ take place.
 | --- | --- |
 | jws | [<code>Jws</code>](#Jws) | 
 | options | [<code>JwsVerificationOptions</code>](#JwsVerificationOptions) | 
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 | [detachedPayload] | <code>string</code> \| <code>undefined</code> | 
 
 <a name="IotaDocument+pack"></a>
@@ -4653,7 +4700,7 @@ A type for decoding and validating [Credential](#Credential).
 **Kind**: global class  
 
 * [JwtCredentialValidator](#JwtCredentialValidator)
-    * [new JwtCredentialValidator(signatureVerifier)](#new_JwtCredentialValidator_new)
+    * [new JwtCredentialValidator([signatureVerifier])](#new_JwtCredentialValidator_new)
     * _instance_
         * [.validate(credential_jwt, issuer, options, fail_fast)](#JwtCredentialValidator+validate) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
         * [.verifySignature(credential, trustedIssuers, options)](#JwtCredentialValidator+verifySignature) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
@@ -4668,7 +4715,7 @@ A type for decoding and validating [Credential](#Credential).
 
 <a name="new_JwtCredentialValidator_new"></a>
 
-### new JwtCredentialValidator(signatureVerifier)
+### new JwtCredentialValidator([signatureVerifier])
 Creates a new [JwtCredentialValidator](#JwtCredentialValidator). If a `signatureVerifier` is provided it will be used when
 verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
 algorithm will be used.
@@ -4676,7 +4723,7 @@ algorithm will be used.
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="JwtCredentialValidator+validate"></a>
 
@@ -4847,21 +4894,21 @@ A validator for a Domain Linkage Configuration and Credentials.
 **Kind**: global class  
 
 * [JwtDomainLinkageValidator](#JwtDomainLinkageValidator)
-    * [new JwtDomainLinkageValidator(signatureVerifier)](#new_JwtDomainLinkageValidator_new)
+    * [new JwtDomainLinkageValidator([signatureVerifier])](#new_JwtDomainLinkageValidator_new)
     * [.validateLinkage(issuer, configuration, domain, options)](#JwtDomainLinkageValidator+validateLinkage)
     * [.validateCredential(issuer, credentialJwt, domain, options)](#JwtDomainLinkageValidator+validateCredential)
 
 <a name="new_JwtDomainLinkageValidator_new"></a>
 
-### new JwtDomainLinkageValidator(signatureVerifier)
+### new JwtDomainLinkageValidator([signatureVerifier])
 Creates a new [JwtDomainLinkageValidator](#JwtDomainLinkageValidator). If a `signatureVerifier` is provided it will be used when
-verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-algorithm will be used.
+verifying decoded JWS signatures, otherwise the default which is capable of handling the `EdDSA`, `ES256`, `ES256K`
+algorithms will be used.
 
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="JwtDomainLinkageValidator+validateLinkage"></a>
 
@@ -5011,7 +5058,7 @@ Deserializes an instance from a JSON object.
 **Kind**: global class  
 
 * [JwtPresentationValidator](#JwtPresentationValidator)
-    * [new JwtPresentationValidator(signatureVerifier)](#new_JwtPresentationValidator_new)
+    * [new JwtPresentationValidator([signatureVerifier])](#new_JwtPresentationValidator_new)
     * _instance_
         * [.validate(presentationJwt, holder, validation_options)](#JwtPresentationValidator+validate) ⇒ [<code>DecodedJwtPresentation</code>](#DecodedJwtPresentation)
     * _static_
@@ -5020,7 +5067,7 @@ Deserializes an instance from a JSON object.
 
 <a name="new_JwtPresentationValidator_new"></a>
 
-### new JwtPresentationValidator(signatureVerifier)
+### new JwtPresentationValidator([signatureVerifier])
 Creates a new [JwtPresentationValidator](#JwtPresentationValidator). If a `signatureVerifier` is provided it will be used when
 verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
 algorithm will be used.
@@ -5028,7 +5075,7 @@ algorithm will be used.
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="JwtPresentationValidator+validate"></a>
 
@@ -6536,14 +6583,14 @@ A type for decoding and validating [Credential](#Credential).
 **Kind**: global class  
 
 * [SdJwtCredentialValidator](#SdJwtCredentialValidator)
-    * [new SdJwtCredentialValidator(signatureVerifier)](#new_SdJwtCredentialValidator_new)
+    * [new SdJwtCredentialValidator([signatureVerifier])](#new_SdJwtCredentialValidator_new)
     * [.validateCredential(sd_jwt, issuer, options, fail_fast)](#SdJwtCredentialValidator+validateCredential) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
     * [.verifySignature(credential, trustedIssuers, options)](#SdJwtCredentialValidator+verifySignature) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
     * [.validateKeyBindingJwt(sdJwt, holder, options)](#SdJwtCredentialValidator+validateKeyBindingJwt) ⇒ [<code>KeyBindingJwtClaims</code>](#KeyBindingJwtClaims)
 
 <a name="new_SdJwtCredentialValidator_new"></a>
 
-### new SdJwtCredentialValidator(signatureVerifier)
+### new SdJwtCredentialValidator([signatureVerifier])
 Creates a new `SdJwtCredentialValidator`. If a `signatureVerifier` is provided it will be used when
 verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
 algorithm will be used.
@@ -6551,7 +6598,7 @@ algorithm will be used.
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="SdJwtCredentialValidator+validateCredential"></a>
 
@@ -7657,9 +7704,36 @@ Deserializes an instance from a JSON object.
 | --- | --- |
 | json | <code>any</code> | 
 
-<a name="PresentationProofAlgorithm"></a>
+<a name="StatusCheck"></a>
+
+## StatusCheck
+Controls validation behaviour when checking whether or not a credential has been revoked by its
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
+
+**Kind**: global variable  
+<a name="Strict"></a>
+
+## Strict
+Validate the status if supported, reject any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+Only `RevocationBitmap2022` is currently supported.
+
+This is the default.
+
+**Kind**: global variable  
+<a name="SkipUnsupported"></a>
+
+## SkipUnsupported
+Validate the status if supported, skip any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+**Kind**: global variable  
+<a name="SkipAll"></a>
+
+## SkipAll
+Skip all status checks.
 
-## PresentationProofAlgorithm
 **Kind**: global variable  
 <a name="SubjectHolderRelationship"></a>
 
@@ -7668,33 +7742,42 @@ Declares how credential subjects must relate to the presentation holder.
 
 See also the [Subject-Holder Relationship](https://www.w3.org/TR/vc-data-model/#subject-holder-relationships) section of the specification.
 
+## CredentialStatus
 **Kind**: global variable  
-<a name="AlwaysSubject"></a>
+<a name="encodeB64"></a>
 
-## AlwaysSubject
-The holder must always match the subject on all credentials, regardless of their [`nonTransferable`](https://www.w3.org/TR/vc-data-model/#nontransferable-property) property.
-This variant is the default.
+## encodeB64(data) ⇒ <code>string</code>
+Encode the given bytes in url-safe base64.
 
-**Kind**: global variable  
-<a name="SubjectOnNonTransferable"></a>
+**Kind**: global function  
+
+| Param | Type |
+| --- | --- |
+| data | <code>Uint8Array</code> | 
+
+<a name="decodeB64"></a>
+
+## decodeB64(data) ⇒ <code>Uint8Array</code>
+Decode the given url-safe base64-encoded slice into its raw bytes.
 
-## SubjectOnNonTransferable
-The holder must match the subject only for credentials where the [`nonTransferable`](https://www.w3.org/TR/vc-data-model/#nontransferable-property) property is `true`.
+**Kind**: global variable  
+<a name="PresentationProofAlgorithm"></a>
 
+## PresentationProofAlgorithm
 **Kind**: global variable  
-<a name="Any"></a>
+<a name="StatusPurpose"></a>
 
-## Any
-The holder is not required to have any kind of relationship to any credential subject.
+## StatusPurpose
+Purpose of a [StatusList2021](#StatusList2021).
 
 **Kind**: global variable  
 <a name="ProofAlgorithm"></a>
 
 ## ProofAlgorithm
 **Kind**: global variable  
-<a name="StateMetadataEncoding"></a>
+<a name="CredentialStatus"></a>
 
-## StateMetadataEncoding
+## CredentialStatus
 **Kind**: global variable  
 <a name="FailFast"></a>
 
@@ -7714,36 +7797,9 @@ Return all errors that occur during validation.
 Return after the first error occurs.
 
 **Kind**: global variable  
-<a name="StatusCheck"></a>
-
-## StatusCheck
-Controls validation behaviour when checking whether or not a credential has been revoked by its
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
-
-**Kind**: global variable  
-<a name="Strict"></a>
-
-## Strict
-Validate the status if supported, reject any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
-
-Only `RevocationBitmap2022` is currently supported.
-
-This is the default.
-
-**Kind**: global variable  
-<a name="SkipUnsupported"></a>
-
-## SkipUnsupported
-Validate the status if supported, skip any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
-
-**Kind**: global variable  
-<a name="SkipAll"></a>
-
-## SkipAll
-Skip all status checks.
+<a name="StateMetadataEncoding"></a>
 
+## StateMetadataEncoding
 **Kind**: global variable  
 <a name="SerializationType"></a>
 
@@ -7752,43 +7808,11 @@ Skip all status checks.
 <a name="PayloadType"></a>
 
 ## PayloadType
-**Kind**: global variable  
-<a name="StatusPurpose"></a>
-
-## StatusPurpose
-Purpose of a [StatusList2021](#StatusList2021).
-
 **Kind**: global variable  
 <a name="MethodRelationship"></a>
 
 ## MethodRelationship
 **Kind**: global variable  
-<a name="CredentialStatus"></a>
-
-## CredentialStatus
-**Kind**: global variable  
-<a name="encodeB64"></a>
-
-## encodeB64(data) ⇒ <code>string</code>
-Encode the given bytes in url-safe base64.
-
-**Kind**: global function  
-
-| Param | Type |
-| --- | --- |
-| data | <code>Uint8Array</code> | 
-
-<a name="decodeB64"></a>
-
-## decodeB64(data) ⇒ <code>Uint8Array</code>
-Decode the given url-safe base64-encoded slice into its raw bytes.
-
-**Kind**: global function  
-
-| Param | Type |
-| --- | --- |
-| data | <code>Uint8Array</code> | 
-
 <a name="verifyEd25519"></a>
 
 ## verifyEd25519(alg, signingInput, decodedSignature, publicKey)
@@ -7817,3 +7841,25 @@ prior to calling the function.
 Initializes the console error panic hook for better error messages
 
 **Kind**: global function  
+<a name="encodeB64"></a>
+
+## encodeB64(data) ⇒ <code>string</code>
+Encode the given bytes in url-safe base64.
+
+**Kind**: global function  
+
+| Param | Type |
+| --- | --- |
+| data | <code>Uint8Array</code> | 
+
+<a name="decodeB64"></a>
+
+## decodeB64(data) ⇒ <code>Uint8Array</code>
+Decode the given url-safe base64-encoded slice into its raw bytes.
+
+**Kind**: global function  
+
+| Param | Type |
+| --- | --- |
+| data | <code>Uint8Array</code> | 
+
diff --git a/bindings/wasm/src/credential/domain_linkage_validator.rs b/bindings/wasm/src/credential/domain_linkage_validator.rs
index a38639d853..37674e21b7 100644
--- a/bindings/wasm/src/credential/domain_linkage_validator.rs
+++ b/bindings/wasm/src/credential/domain_linkage_validator.rs
@@ -24,11 +24,11 @@ pub struct WasmJwtDomainLinkageValidator {
 #[wasm_bindgen(js_class = JwtDomainLinkageValidator)]
 impl WasmJwtDomainLinkageValidator {
   /// Creates a new {@link JwtDomainLinkageValidator}. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmJwtDomainLinkageValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtDomainLinkageValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmJwtDomainLinkageValidator {
       validator: JwtDomainLinkageValidator::with_signature_verifier(signature_verifier),
diff --git a/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs b/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
index 9434a6d521..b6a26c35d5 100644
--- a/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
+++ b/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
@@ -37,11 +37,11 @@ pub struct WasmJwtCredentialValidator(JwtCredentialValidator<WasmJwsVerifier>);
 #[wasm_bindgen(js_class = JwtCredentialValidator)]
 impl WasmJwtCredentialValidator {
   /// Creates a new {@link JwtCredentialValidator}. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmJwtCredentialValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtCredentialValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmJwtCredentialValidator(JwtCredentialValidator::with_signature_verifier(signature_verifier))
   }
diff --git a/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs b/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
index 812b25414b..a8342c9aec 100644
--- a/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
+++ b/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
@@ -29,11 +29,11 @@ pub struct WasmSdJwtCredentialValidator(SdJwtCredentialValidator<WasmJwsVerifier
 #[wasm_bindgen(js_class = SdJwtCredentialValidator)]
 impl WasmSdJwtCredentialValidator {
   /// Creates a new `SdJwtCredentialValidator`. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmSdJwtCredentialValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmSdJwtCredentialValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmSdJwtCredentialValidator(SdJwtCredentialValidator::with_signature_verifier(
       signature_verifier,
diff --git a/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs b/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
index 40a44f916b..640f96c2ef 100644
--- a/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
+++ b/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
@@ -23,11 +23,11 @@ pub struct WasmJwtPresentationValidator(JwtPresentationValidator<WasmJwsVerifier
 #[wasm_bindgen(js_class = JwtPresentationValidator)]
 impl WasmJwtPresentationValidator {
   /// Creates a new {@link JwtPresentationValidator}. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmJwtPresentationValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtPresentationValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmJwtPresentationValidator(JwtPresentationValidator::with_signature_verifier(signature_verifier))
   }
diff --git a/bindings/wasm/src/did/wasm_core_document.rs b/bindings/wasm/src/did/wasm_core_document.rs
index 2a7d896ac8..fd66c4e7ca 100644
--- a/bindings/wasm/src/did/wasm_core_document.rs
+++ b/bindings/wasm/src/did/wasm_core_document.rs
@@ -495,8 +495,9 @@ impl WasmCoreDocument {
   // ===========================================================================
 
   /// Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
-  ///  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
-  /// verifying EdDSA signatures.
+  /// If a `signatureVerifier` is provided it will be used when
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   ///
   /// Regardless of which options are passed the following conditions must be met in order for a verification attempt to
   /// take place.
@@ -509,7 +510,7 @@ impl WasmCoreDocument {
     &self,
     jws: &WasmJws,
     options: &WasmJwsVerificationOptions,
-    signatureVerifier: IJwsVerifier,
+    signatureVerifier: Option<IJwsVerifier>,
     detachedPayload: Option<String>,
   ) -> Result<WasmDecodedJws> {
     let jws_verifier = WasmJwsVerifier::new(signatureVerifier);
diff --git a/bindings/wasm/src/iota/iota_document.rs b/bindings/wasm/src/iota/iota_document.rs
index 777a00e679..1747f82e6e 100644
--- a/bindings/wasm/src/iota/iota_document.rs
+++ b/bindings/wasm/src/iota/iota_document.rs
@@ -384,8 +384,9 @@ impl WasmIotaDocument {
   // ===========================================================================
 
   /// Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
-  ///  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
-  /// verifying EdDSA signatures.
+  /// If a `signatureVerifier` is provided it will be used when
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   ///
   /// Regardless of which options are passed the following conditions must be met in order for a verification attempt to
   /// take place.
@@ -397,7 +398,7 @@ impl WasmIotaDocument {
     &self,
     jws: &WasmJws,
     options: &WasmJwsVerificationOptions,
-    signatureVerifier: IJwsVerifier,
+    signatureVerifier: Option<IJwsVerifier>,
     detachedPayload: Option<String>,
   ) -> Result<WasmDecodedJws> {
     let jws_verifier = WasmJwsVerifier::new(signatureVerifier);
diff --git a/bindings/wasm/src/verification/custom_verification.rs b/bindings/wasm/src/verification/custom_verification.rs
index 4c82d8dcfe..9fe2f9e8b7 100644
--- a/bindings/wasm/src/verification/custom_verification.rs
+++ b/bindings/wasm/src/verification/custom_verification.rs
@@ -1,6 +1,9 @@
 // Copyright 2020-2023 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+use identity_ecdsa_verifier::EcDSAJwsVerifier;
+use identity_eddsa_verifier::EdDSAJwsVerifier;
+use identity_iota::verification::jws::JwsAlgorithm;
 use identity_iota::verification::jws::JwsVerifier;
 use identity_iota::verification::jws::SignatureVerificationError;
 use identity_iota::verification::jws::SignatureVerificationErrorKind;
@@ -10,12 +13,12 @@ use wasm_bindgen::prelude::*;
 use crate::jose::WasmJwk;
 
 /// Wrapper that enables custom TS JWS signature verification plugins to be used where the
-/// JwsVerifier trait is required. Falls back to the default implementation if a custom
-/// implementation was not passed.
-pub(crate) struct WasmJwsVerifier(IJwsVerifier);
+/// JwsVerifier trait is required. Falls back to the default implementation capable of handling
+/// EdDSA (ED25519), ES256, ES256K if a custom implementation is not passed.
+pub(crate) struct WasmJwsVerifier(Option<IJwsVerifier>);
 
 impl WasmJwsVerifier {
-  pub(crate) fn new(verifier: IJwsVerifier) -> Self {
+  pub(crate) fn new(verifier: Option<IJwsVerifier>) -> Self {
     Self(verifier)
   }
 }
@@ -26,22 +29,30 @@ impl JwsVerifier for WasmJwsVerifier {
     input: identity_iota::verification::jws::VerificationInput,
     public_key: &identity_iota::verification::jwk::Jwk,
   ) -> Result<(), identity_iota::verification::jws::SignatureVerificationError> {
-    let VerificationInput {
-      alg,
-      signing_input,
-      decoded_signature,
-    } = input;
-    let verification_result = IJwsVerifier::verify(
-      &self.0,
-      alg.name().to_owned(),
-      signing_input.into(),
-      decoded_signature.into(),
-      WasmJwk(public_key.to_owned()),
-    );
-    // Convert error
-    crate::error::stringify_js_error(verification_result).map_err(|error_string| {
-      SignatureVerificationError::new(SignatureVerificationErrorKind::Unspecified).with_custom_message(error_string)
-    })
+    if let Some(verifier) = &self.0 {
+      let VerificationInput {
+        alg,
+        signing_input,
+        decoded_signature,
+      } = input;
+      let verification_result = IJwsVerifier::verify(
+        verifier,
+        alg.name().to_owned(),
+        signing_input.into(),
+        decoded_signature.into(),
+        WasmJwk(public_key.to_owned()),
+      );
+      // Convert error
+      crate::error::stringify_js_error(verification_result).map_err(|error_string| {
+        SignatureVerificationError::new(SignatureVerificationErrorKind::Unspecified).with_custom_message(error_string)
+      })
+    } else {
+      match input.alg {
+        JwsAlgorithm::EdDSA => EdDSAJwsVerifier::default().verify(input, public_key),
+        JwsAlgorithm::ES256 | JwsAlgorithm::ES256K => EcDSAJwsVerifier::default().verify(input, public_key),
+        _ => Err(identity_iota::verification::jws::SignatureVerificationErrorKind::UnsupportedAlg.into()),
+      }
+    }
   }
 }
 #[wasm_bindgen(typescript_custom_section)]
diff --git a/bindings/wasm/src/verification/jws_verifier.rs b/bindings/wasm/src/verification/jws_verifier.rs
index 6113674828..bd016910c8 100644
--- a/bindings/wasm/src/verification/jws_verifier.rs
+++ b/bindings/wasm/src/verification/jws_verifier.rs
@@ -1,6 +1,7 @@
 // Copyright 2020-2023 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+use identity_ecdsa_verifier::EcDSAJwsVerifier;
 use identity_eddsa_verifier::Ed25519Verifier;
 use identity_eddsa_verifier::EdDSAJwsVerifier;
 use identity_iota::verification::jws::JwsAlgorithm;
@@ -80,3 +81,43 @@ impl WasmEdDSAJwsVerifier {
     EdDSAJwsVerifier::default().verify(input, &publicKey.0).wasm_result()
   }
 }
+
+/// An implementor of `IJwsVerifier` that can handle the
+/// `EcDSA` algorithm.
+#[wasm_bindgen(js_name = EcDSAJwsVerifier)]
+pub struct WasmEcDSAJwsVerifier();
+
+#[wasm_bindgen(js_class = EcDSAJwsVerifier)]
+#[allow(clippy::new_without_default)]
+impl WasmEcDSAJwsVerifier {
+  /// Constructs an EcDSAJwsVerifier.
+  #[wasm_bindgen(constructor)]
+  pub fn new() -> Self {
+    Self()
+  }
+
+  /// Verify a JWS signature secured with the `EcDSA` algorithm.
+  /// Only the `ES256` and `ES256K` curves are supported for now.
+  ///
+  /// # Warning
+  ///
+  /// This function does not check the `alg` property in the protected header. Callers are expected to assert this
+  /// prior to calling the function.
+  #[wasm_bindgen]
+  #[allow(non_snake_case)]
+  pub fn verify(
+    &self,
+    alg: WasmJwsAlgorithm,
+    signingInput: &[u8],
+    decodedSignature: &[u8],
+    publicKey: &WasmJwk,
+  ) -> Result<(), JsValue> {
+    let alg: JwsAlgorithm = JwsAlgorithm::try_from(alg)?;
+    let input: VerificationInput = VerificationInput {
+      alg,
+      signing_input: signingInput.into(),
+      decoded_signature: decodedSignature.into(),
+    };
+    EcDSAJwsVerifier::default().verify(input, &publicKey.0).wasm_result()
+  }
+}