diff --git a/Gemfile b/Gemfile
index a403e96..1c2f63a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -6,6 +6,7 @@ platforms :ruby do
     gem 'pry-doc'
     # gem 'redcarpet'
     gem 'yard'
+    gem 'openssl', '~> 3.1'
   end
 end
 
diff --git a/jose.gemspec b/jose.gemspec
index b35bab5..10a75bd 100644
--- a/jose.gemspec
+++ b/jose.gemspec
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "hamster"
 
-  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "bundler", "~> 2.2"
   spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "minitest"
   spec.add_development_dependency "json"
diff --git a/lib/jose/jwk/kty_ec.rb b/lib/jose/jwk/kty_ec.rb
index 27fb0df..76b360b 100644
--- a/lib/jose/jwk/kty_ec.rb
+++ b/lib/jose/jwk/kty_ec.rb
@@ -14,13 +14,24 @@ def self.from_map(fields)
       else
         raise ArgumentError, "invalid 'EC' JWK"
       end
-      ec = OpenSSL::PKey::EC.new(crv)
       x = JOSE.urlsafe_decode64(fields['x'])
       y = JOSE.urlsafe_decode64(fields['y'])
-      ec.public_key = OpenSSL::PKey::EC::Point.new(
-        OpenSSL::PKey::EC::Group.new(crv),
-        OpenSSL::BN.new([0x04, x, y].pack('Ca*a*'), 2)
+
+      group    = OpenSSL::PKey::EC::Group.new(crv)
+      bn       = OpenSSL::BN.new([0x04, x, y].pack('Ca*a*'), 2)
+      point    = OpenSSL::PKey::EC::Point.new group, bn
+      sequence = OpenSSL::ASN1::Sequence(
+        [
+          OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+              OpenSSL::ASN1::ObjectId(crv)
+            ]
+          ),
+          OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+        ]
       )
+      ec = OpenSSL::PKey::EC.new sequence.to_der
       if fields['d'].is_a?(String)
         ec.private_key = OpenSSL::BN.new(JOSE.urlsafe_decode64(fields['d']), 2)
       end