SQL Server
SQL Server
JWE using RSAES-OAEP and AES GCM
See more JSON Web Encryption (JWE) Examples
This example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE).Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
DECLARE @iTmp0 int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
-- Note: This example requires Chilkat v9.5.0.66 or greater.
DECLARE @plaintext nvarchar(4000)
SELECT @plaintext = 'The true sign of intelligence is not knowledge but imagination.'
-- ---------------------------------
-- A.1.1 JOSE Header
-- First build the JWE Protected Header.
-- We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"}
DECLARE @jweProtHdr int
EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweProtHdr OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'alg', 'RSA-OAEP'
EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'enc', 'A256GCM'
EXEC sp_OAMethod @jweProtHdr, 'Emit', @sTmp0 OUT
PRINT 'JWE Protected Header: ' + @sTmp0
PRINT '--'
-- ---------------------------------
-- A.1.2 Content Encryption Key
-- Note: Chilkat automatically generates the random CEK internally.
-- The application does not need to explicitly take this step.
-- ---------------------------------
-- A.1.3. Key Encryption
-- The application should load an RSA private key from any format.
-- However, the application does not need to explicitly construct the JWE Encrypted Key.
-- Chilkat automatically does it internally.
-- The design of the Chilkat JWE API is to allow the application to create the JWE
-- after specifying the inputs. (This is in contrast to forcing the application developer
-- to painstakingly go through each step of the JWE construction process.)
-- The specific RSA key used in the A.1 example is the following JWK:
DECLARE @sbJwk int
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwk OUT
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '{"kty": "RSA",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"n": "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"e": "AQAB",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"d": "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 't3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"p": "1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"q": "wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"dp": "ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"dq": "Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis",'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"qi": "VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3'
EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY"}'
-- Load this JWK into a Chilkat private key object.
DECLARE @rsaPrivKey int
EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @rsaPrivKey OUT
EXEC sp_OAMethod @sbJwk, 'GetAsString', @sTmp0 OUT
EXEC sp_OAMethod @rsaPrivKey, 'LoadJwk', @success OUT, @sTmp0
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @rsaPrivKey, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jweProtHdr
EXEC @hr = sp_OADestroy @sbJwk
EXEC @hr = sp_OADestroy @rsaPrivKey
RETURN
END
-- The public key is used to encrypt (i.e. create the JWE),
-- and the private key is used to decrypt.
-- The RSA public key is simply a subset of the private key. The RSA public key
-- is composed of the "n" and "e" members shown above. These are also known as the
-- modulus and exponent.
-- We can simply get the public key object from the private key object
DECLARE @rsaPubKey int
EXEC @hr = sp_OACreate 'Chilkat.PublicKey', @rsaPubKey OUT
EXEC sp_OAMethod @rsaPrivKey, 'ToPublicKey', @success OUT, @rsaPubKey
-- ---------------------------------
-- A.1.4. Initialization Vector
-- Chilkat automatically generates the necessary random IV internally.
-- The application does not need to do this explicitly.
-- ---------------------------------
-- A.1.5. Additional Authenticated Data
-- The Additional Authenticated Data encryption parameter is
-- ASCII(BASE64URL(UTF8(JWE Protected Header))).
-- Again, Chilkat automatically takes care of this internally.
-- The application does not need to explicitly take this step.
-- ---------------------------------
-- A.1.6. Content Encryption
-- Again... this step is handled by Chilkat internally.
-- ---------------------------------
-- A.1.7. Complete Representation
-- The application need only call the Encrypt, EncryptSb, or EncryptBd method
-- return the fully assembled JWE.
-- The final representation in the Compact Serialization
-- is the string BASE64URL(UTF8(JWE Protected Header)) || '.' ||
-- BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization
-- Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE
-- Authentication Tag).
DECLARE @jwe int
EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe OUT
EXEC sp_OAMethod @jwe, 'SetProtectedHeader', @success OUT, @jweProtHdr
EXEC sp_OAMethod @jwe, 'SetPublicKey', @success OUT, 0, @rsaPubKey
DECLARE @strJwe nvarchar(4000)
EXEC sp_OAMethod @jwe, 'Encrypt', @strJwe OUT, @plaintext, 'utf-8'
EXEC sp_OAGetProperty @jwe, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 = 0
BEGIN
EXEC sp_OAGetProperty @jwe, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jweProtHdr
EXEC @hr = sp_OADestroy @sbJwk
EXEC @hr = sp_OADestroy @rsaPrivKey
EXEC @hr = sp_OADestroy @rsaPubKey
EXEC @hr = sp_OADestroy @jwe
RETURN
END
-- Note: The RSA OAEP algorithm uses random padding bytes internally.
-- Therefore, the results will appear different each time -- even if the
-- identical plaintext is encrypted with the identical RSA key.
-- (Do not expect the appearance of the results to be the same as what
-- is published in the RFC. However, what is published in the RFC *should*
-- be decryptable using the code that follows.)
PRINT @strJwe
-- Let's decrypt the JWE that was just produced.
-- Do the following to decrypt a JWE:
-- 1) Load the JWE.
-- 2) Set the private key for decryption.
-- 3) Decrypt.
DECLARE @jwe2 int
EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe2 OUT
EXEC sp_OAMethod @jwe2, 'LoadJwe', @success OUT, @strJwe
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jweProtHdr
EXEC @hr = sp_OADestroy @sbJwk
EXEC @hr = sp_OADestroy @rsaPrivKey
EXEC @hr = sp_OADestroy @rsaPubKey
EXEC @hr = sp_OADestroy @jwe
EXEC @hr = sp_OADestroy @jwe2
RETURN
END
-- Provide the RSA private key for decryption.
-- (The JWE was encrypted for a single recipient at index 0.)
EXEC sp_OAMethod @jwe2, 'SetPrivateKey', @success OUT, 0, @rsaPrivKey
-- Decrypt.
DECLARE @originalPlaintext nvarchar(4000)
EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, 0, 'utf-8'
EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 = 0
BEGIN
EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jweProtHdr
EXEC @hr = sp_OADestroy @sbJwk
EXEC @hr = sp_OADestroy @rsaPrivKey
EXEC @hr = sp_OADestroy @rsaPubKey
EXEC @hr = sp_OADestroy @jwe
EXEC @hr = sp_OADestroy @jwe2
RETURN
END
PRINT 'original text: '
PRINT @originalPlaintext
-- ---------------------------------------------------------------------------------
-- It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7
-- because it was produced using the same RSA key.
DECLARE @sbJwe int
EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwe OUT
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '6UklfCpIMfIjf7iGdXKHzg.'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '48V1_ALb6US04U3b.'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'SdiwkIr3ajwQzaBtQD_A.'
EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'XFBoMYUZodetZdvTiFvSkQ'
EXEC sp_OAMethod @jwe2, 'LoadJweSb', @success OUT, @sbJwe
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jweProtHdr
EXEC @hr = sp_OADestroy @sbJwk
EXEC @hr = sp_OADestroy @rsaPrivKey
EXEC @hr = sp_OADestroy @rsaPubKey
EXEC @hr = sp_OADestroy @jwe
EXEC @hr = sp_OADestroy @jwe2
EXEC @hr = sp_OADestroy @sbJwe
RETURN
END
-- Provide the RSA private key for decryption.
EXEC sp_OAMethod @jwe2, 'SetPrivateKey', @success OUT, 0, @rsaPrivKey
-- Decrypt.
EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, 0, 'utf-8'
EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT
IF @iTmp0 = 0
BEGIN
EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jweProtHdr
EXEC @hr = sp_OADestroy @sbJwk
EXEC @hr = sp_OADestroy @rsaPrivKey
EXEC @hr = sp_OADestroy @rsaPubKey
EXEC @hr = sp_OADestroy @jwe
EXEC @hr = sp_OADestroy @jwe2
EXEC @hr = sp_OADestroy @sbJwe
RETURN
END
PRINT @originalPlaintext
EXEC @hr = sp_OADestroy @jweProtHdr
EXEC @hr = sp_OADestroy @sbJwk
EXEC @hr = sp_OADestroy @rsaPrivKey
EXEC @hr = sp_OADestroy @rsaPubKey
EXEC @hr = sp_OADestroy @jwe
EXEC @hr = sp_OADestroy @jwe2
EXEC @hr = sp_OADestroy @sbJwe
END
GO