diff --git a/tools/pom.xml b/tools/pom.xml
index 37fb3a6430da863a019b153dfc68897991279bdb..42ef6bb6295514129e373d82f84ac936173b9cfb 100644
--- a/tools/pom.xml
+++ b/tools/pom.xml
@@ -40,6 +40,11 @@
             <artifactId>hamcrest-all</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>dev.fitko.fitconnect.sdk</groupId>
+            <artifactId>core</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/tools/src/test/java/dev/fitko/fitconnect/sdk/tools/JWKGeneratorTest.java b/tools/src/test/java/dev/fitko/fitconnect/sdk/tools/JWKGeneratorTest.java
index d27e7c386d28a4bfdfb4e41ab0fad455abf8a786..681ee72c274622f606e2a8b6cebd04c89c22c44c 100644
--- a/tools/src/test/java/dev/fitko/fitconnect/sdk/tools/JWKGeneratorTest.java
+++ b/tools/src/test/java/dev/fitko/fitconnect/sdk/tools/JWKGeneratorTest.java
@@ -5,17 +5,23 @@ import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.KeyOperation;
 import com.nimbusds.jose.jwk.KeyType;
+import dev.fitko.fitconnect.core.crypto.JWECryptoService;
+import dev.fitko.fitconnect.jwkvalidator.JWKValidator;
+import dev.fitko.fitconnect.jwkvalidator.exceptions.LogLevel;
 import org.hamcrest.CoreMatchers;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
+import java.nio.charset.StandardCharsets;
 import java.util.Map;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.hasSize;
+import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.Matchers.nullValue;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 
 class JWKGeneratorTest {
 
@@ -82,6 +88,42 @@ class JWKGeneratorTest {
         assertThat(keyParams.get("qi"), CoreMatchers.is(CoreMatchers.notNullValue()));
     }
 
+    @Test
+    void testEncryptionAndDecryption() {
+
+        // Given
+        final JWKPair encryptionKeyPair = underTest.generateEncryptionKeyPair(4096);
+
+        final JWK publicKey = encryptionKeyPair.getPublicKey();
+        final JWK privateKey = encryptionKeyPair.getPrivateKey();
+
+        final var data = "test string to encrypt";
+
+        // When
+        final JWECryptoService cryptoService = new JWECryptoService(null);
+
+        final String encryptedData = cryptoService.encryptBytes(publicKey.toRSAKey(), data.getBytes(StandardCharsets.UTF_8));
+        final byte[] decryptedData = cryptoService.decryptToBytes(privateKey.toRSAKey(), encryptedData);
+
+        // Then
+        assertThat(data, is(new String(decryptedData)));
+    }
+
+    @Test
+    void testPublicEncryptionKeyValidationWithCorrectKeyLength() {
+
+        // Given
+        final JWKPair encryptionKeyPair = underTest.generateEncryptionKeyPair(4096);
+
+        final JWK publicKey = encryptionKeyPair.getPublicKey();
+
+        // Then
+        assertDoesNotThrow(() -> JWKValidator.withoutX5CValidation()
+                .withErrorLogLevel(LogLevel.ERROR)
+                .build()
+                .validate(publicKey.toRSAKey(), KeyOperation.WRAP_KEY));
+    }
+
     @Test
     void testPublicSignatureVerificationKey() {
 
@@ -105,6 +147,21 @@ class JWKGeneratorTest {
 
     }
 
+    @Test
+    void testPublicSignatureKeyValidation() {
+
+        // Given
+        final JWKPair signatureKeyPair = underTest.generateSignatureKeyPair(4096);
+
+        final JWK publicKey = signatureKeyPair.getPublicKey();
+
+        // Then
+        assertDoesNotThrow(() -> JWKValidator.withoutX5CValidation()
+                .withErrorLogLevel(LogLevel.ERROR)
+                .build()
+                .validate(publicKey.toRSAKey(), KeyOperation.VERIFY));
+    }
+
     @Test
     void testPrivateSigningKey() {