Sample code for 30+ languages & platforms
C

JWE using ECDH-ES+A256KW

See more JSON Web Encryption (JWE) Examples

Create a JWE with the following public/private key pair:
{
    "kty": "EC",
    "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
    "use": "enc",
    "crv": "P-256",
    "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
    "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
    "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
    "alg": "ECDH-ES+A256KW"
}

Also shows how to decrypt.

Chilkat C Downloads

C
#include <C_CkJsonObject.h>
#include <C_CkPublicKey.h>
#include <C_CkJwt.h>
#include <C_CkJwe.h>
#include <C_CkPrivateKey.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkJsonObject json;
    HCkPublicKey pubkey;
    HCkJwt jwt;
    HCkJsonObject jweProtHdr;
    HCkJwe jwe;
    const char *plainText;
    const char *strJwe;
    HCkPrivateKey privkey;
    HCkJwe jwe2;
    const char *decryptedText;

    success = FALSE;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Create the following JSON:
    // {
    //     "kty": "EC",
    //     "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
    //     "use": "enc",
    //     "crv": "P-256",
    //     "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
    //     "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
    //     "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
    //     "alg": "ECDH-ES+A256KW"
    // }

    json = CkJsonObject_Create();
    CkJsonObject_UpdateString(json,"kty","EC");
    CkJsonObject_UpdateString(json,"d","jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c");
    CkJsonObject_UpdateString(json,"use","enc");
    CkJsonObject_UpdateString(json,"crv","P-256");
    CkJsonObject_UpdateString(json,"kid","evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs");
    CkJsonObject_UpdateString(json,"x","LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM");
    CkJsonObject_UpdateString(json,"y","voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4");
    CkJsonObject_UpdateString(json,"alg","ECDH-ES+A256KW");

    pubkey = CkPublicKey_Create();

    success = CkPublicKey_LoadFromString(pubkey,CkJsonObject_emit(json));
    if (success == FALSE) {
        printf("%s\n",CkPublicKey_lastErrorText(pubkey));
        CkJsonObject_Dispose(json);
        CkPublicKey_Dispose(pubkey);
        return;
    }

    // Build our protected header:

    // 	{
    // 	  "alg": "ECDH-ES+A256KW",
    // 	  "enc": "A256GCM",
    // 	  "exp": 1621957030,
    // 	  "cty": "NJWT",
    // 	  "epk": {
    // 	    "kty": "EC",
    // 	    "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
    // 	    "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
    // 	    "crv": "BP-256"
    // 	  }
    // 	}

    // Use jwt only for getting the current date/time + 3600 seconds.
    jwt = CkJwt_Create();

    jweProtHdr = CkJsonObject_Create();
    CkJsonObject_UpdateString(jweProtHdr,"alg","ECDH-ES+A256KW");
    CkJsonObject_UpdateString(jweProtHdr,"enc","A256GCM");
    CkJsonObject_UpdateInt(jweProtHdr,"exp",CkJwt_GenNumericDate(jwt,3600));
    CkJsonObject_UpdateString(jweProtHdr,"cty","NJWT");
    CkJsonObject_UpdateString(jweProtHdr,"epk.kty","EC");
    CkJsonObject_UpdateString(jweProtHdr,"epk.x","LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM");
    CkJsonObject_UpdateString(jweProtHdr,"epk.y","voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4");
    CkJsonObject_UpdateString(jweProtHdr,"epk.crv","P-256");

    jwe = CkJwe_Create();
    CkJwe_SetProtectedHeader(jwe,jweProtHdr);
    CkJwe_SetPublicKey(jwe,0,pubkey);

    plainText = "This is the text to be encrypted.";
    strJwe = CkJwe_encrypt(jwe,plainText,"utf-8");
    if (CkJwe_getLastMethodSuccess(jwe) != TRUE) {
        printf("%s\n",CkJwe_lastErrorText(jwe));
        CkJsonObject_Dispose(json);
        CkPublicKey_Dispose(pubkey);
        CkJwt_Dispose(jwt);
        CkJsonObject_Dispose(jweProtHdr);
        CkJwe_Dispose(jwe);
        return;
    }

    printf("%s\n",strJwe);

    // Let's decrypt...
    privkey = CkPrivateKey_Create();

    success = CkPrivateKey_LoadJwk(privkey,CkJsonObject_emit(json));
    if (success == FALSE) {
        printf("%s\n",CkPrivateKey_lastErrorText(privkey));
        CkJsonObject_Dispose(json);
        CkPublicKey_Dispose(pubkey);
        CkJwt_Dispose(jwt);
        CkJsonObject_Dispose(jweProtHdr);
        CkJwe_Dispose(jwe);
        CkPrivateKey_Dispose(privkey);
        return;
    }

    jwe2 = CkJwe_Create();
    success = CkJwe_LoadJwe(jwe2,strJwe);
    if (success == FALSE) {
        printf("%s\n",CkJwe_lastErrorText(jwe2));
        CkJsonObject_Dispose(json);
        CkPublicKey_Dispose(pubkey);
        CkJwt_Dispose(jwt);
        CkJsonObject_Dispose(jweProtHdr);
        CkJwe_Dispose(jwe);
        CkPrivateKey_Dispose(privkey);
        CkJwe_Dispose(jwe2);
        return;
    }

    CkJwe_SetPrivateKey(jwe2,0,privkey);

    //  Decrypt.
    decryptedText = CkJwe_decrypt(jwe2,0,"utf-8");
    if (CkJwe_getLastMethodSuccess(jwe2) != TRUE) {
        printf("%s\n",CkJwe_lastErrorText(jwe2));
        CkJsonObject_Dispose(json);
        CkPublicKey_Dispose(pubkey);
        CkJwt_Dispose(jwt);
        CkJsonObject_Dispose(jweProtHdr);
        CkJwe_Dispose(jwe);
        CkPrivateKey_Dispose(privkey);
        CkJwe_Dispose(jwe2);
        return;
    }

    printf("%s\n",decryptedText);


    CkJsonObject_Dispose(json);
    CkPublicKey_Dispose(pubkey);
    CkJwt_Dispose(jwt);
    CkJsonObject_Dispose(jweProtHdr);
    CkJwe_Dispose(jwe);
    CkPrivateKey_Dispose(privkey);
    CkJwe_Dispose(jwe2);

    }