I couldn't find an information about in in Google. We are generating PGP key pairs using Bouncy Castle library and implementing our own "web of trust". I wonder if it is possible to use these keys for JWT also, or I need to use a PKI X509 certificates? Thanks
The signature and encryption algorithms officially supported are listed here. No signature or encryption algorithm using PGP is listed.
But nothing prevent you from implementing a new signature/encryption algorithm used by your server and clients. AFAIK, there is no implementation at the moment that uses GPG.
From my point of view, you have to create a new key type (e.g. JWK with kty=PGP) and new alg (e.g. alg=PGP).