diff --git a/spring-turbo-module-jwt/src/main/java/spring/turbo/module/jwt/JwtServiceImpl.java b/spring-turbo-module-jwt/src/main/java/spring/turbo/module/jwt/JwtServiceImpl.java
index 6c2d5a85..ff650409 100644
--- a/spring-turbo-module-jwt/src/main/java/spring/turbo/module/jwt/JwtServiceImpl.java
+++ b/spring-turbo-module-jwt/src/main/java/spring/turbo/module/jwt/JwtServiceImpl.java
@@ -70,7 +70,7 @@ public ValidatingResult validateToken(String token) {
 
     private Key getSignerKey() {
         if (signer instanceof KeyPairJwtSigner keyPairJwtSigner) {
-            return keyPairJwtSigner.keyPair().getPrivate();
+            return keyPairJwtSigner.keyPair().getPrivate();     // 签名用私钥，验证用公钥
         }
 
         if (signer instanceof SecretKeyJwtSigner secretKeyJwtSigner) {
diff --git a/spring-turbo-module-jwt/src/test/java/spring/turbo/module/jwt/JwtServiceTest.java b/spring-turbo-module-jwt/src/test/java/spring/turbo/module/jwt/JwtServiceTest.java
index 65395201..3c53acd3 100644
--- a/spring-turbo-module-jwt/src/test/java/spring/turbo/module/jwt/JwtServiceTest.java
+++ b/spring-turbo-module-jwt/src/test/java/spring/turbo/module/jwt/JwtServiceTest.java
@@ -1,5 +1,6 @@
 package spring.turbo.module.jwt;
 
+import io.jsonwebtoken.security.Jwks;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import spring.turbo.module.jwt.alg.JwtSignerFactories;
@@ -22,4 +23,15 @@ void test0() {
         Assertions.assertEquals(ValidatingResult.OK, result);
     }
 
+    @Test
+    void test1() {
+        var o = JwtSignerFactories.createFromBase64EncodedString("3mDk7egxOtYe3oDEiZAhdZ2+ZdfPu8zsYtSl500l004=");
+        var sk = o.secretKey();
+
+        var jwk = Jwks.builder().key(sk) // (1) and (2)
+                .id("default")            // (3)
+                .build();
+
+        System.out.println(jwk.thumbprint().toString());
+    }
 }