C
C
JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256
See more JSON Web Encryption (JWE) Examples
This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).Chilkat C Downloads
#include <C_CkJsonObject.h>
#include <C_CkStringBuilder.h>
#include <C_CkPrivateKey.h>
#include <C_CkPublicKey.h>
#include <C_CkJwe.h>
void ChilkatSample(void)
{
BOOL success;
const char *plaintext;
HCkJsonObject jweProtHdr;
HCkStringBuilder sbJwk;
HCkPrivateKey rsaPrivKey;
HCkPublicKey rsaPubKey;
HCkJwe jwe;
const char *strJwe;
HCkJwe jwe2;
const char *originalPlaintext;
HCkStringBuilder sbJwe;
success = FALSE;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: This example requires Chilkat v9.5.0.66 or greater.
plaintext = "Live long and prosper.";
// First build the JWE Protected Header.
// We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
jweProtHdr = CkJsonObject_Create();
CkJsonObject_AppendString(jweProtHdr,"alg","RSA1_5");
CkJsonObject_AppendString(jweProtHdr,"enc","A128CBC-HS256");
printf("JWE Protected Header: %s\n",CkJsonObject_emit(jweProtHdr));
printf("--\n");
// The specific RSA key used in the A.2 example is the following JWK:
sbJwk = CkStringBuilder_Create();
CkStringBuilder_Append(sbJwk,"{\"kty\":\"RSA\",");
CkStringBuilder_Append(sbJwk,"\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl");
CkStringBuilder_Append(sbJwk,"UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre");
CkStringBuilder_Append(sbJwk,"cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_");
CkStringBuilder_Append(sbJwk,"7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI");
CkStringBuilder_Append(sbJwk,"Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU");
CkStringBuilder_Append(sbJwk,"7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\",");
CkStringBuilder_Append(sbJwk,"\"e\":\"AQAB\",");
CkStringBuilder_Append(sbJwk,"\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq");
CkStringBuilder_Append(sbJwk,"1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry");
CkStringBuilder_Append(sbJwk,"nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_");
CkStringBuilder_Append(sbJwk,"0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj");
CkStringBuilder_Append(sbJwk,"-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj");
CkStringBuilder_Append(sbJwk,"T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\",");
CkStringBuilder_Append(sbJwk,"\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68");
CkStringBuilder_Append(sbJwk,"ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP");
CkStringBuilder_Append(sbJwk,"krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\",");
CkStringBuilder_Append(sbJwk,"\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y");
CkStringBuilder_Append(sbJwk,"BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN");
CkStringBuilder_Append(sbJwk,"-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\",");
CkStringBuilder_Append(sbJwk,"\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv");
CkStringBuilder_Append(sbJwk,"ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra");
CkStringBuilder_Append(sbJwk,"Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\",");
CkStringBuilder_Append(sbJwk,"\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff");
CkStringBuilder_Append(sbJwk,"7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_");
CkStringBuilder_Append(sbJwk,"odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\",");
CkStringBuilder_Append(sbJwk,"\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC");
CkStringBuilder_Append(sbJwk,"tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ");
CkStringBuilder_Append(sbJwk,"B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\"");
CkStringBuilder_Append(sbJwk,"}");
// Load this JWK into a Chilkat private key object.
rsaPrivKey = CkPrivateKey_Create();
success = CkPrivateKey_LoadJwk(rsaPrivKey,CkStringBuilder_getAsString(sbJwk));
if (success == FALSE) {
printf("%s\n",CkPrivateKey_lastErrorText(rsaPrivKey));
CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
return;
}
// The public key is used to encrypt (i.e. create the JWE),
// and the private key is used to decrypt.
// The RSA public key is simply a subset of the private key. The RSA public key
// is composed of the "n" and "e" members shown above. These are also known as the
// modulus and exponent.
// We can simply get the public key object from the private key object
rsaPubKey = CkPublicKey_Create();
CkPrivateKey_ToPublicKey(rsaPrivKey,rsaPubKey);
// Create the JWE...
jwe = CkJwe_Create();
CkJwe_SetProtectedHeader(jwe,jweProtHdr);
CkJwe_SetPublicKey(jwe,0,rsaPubKey);
strJwe = CkJwe_encrypt(jwe,plaintext,"utf-8");
if (CkJwe_getLastMethodSuccess(jwe) == FALSE) {
printf("%s\n",CkJwe_lastErrorText(jwe));
CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
CkPublicKey_Dispose(rsaPubKey);
CkJwe_Dispose(jwe);
return;
}
// Show the JWE we just created:
printf("%s\n",strJwe);
// Note: The RSA PKCS1_V1_5 padding uses random value, and the results
// will be different each time. However, each result should be successfully
// decrypting if using the correct RSA private key.
// Let's decrypt the JWE that was just produced.
// Do the following to decrypt a JWE:
// 1) Load the JWE.
// 2) Set the private key for decryption.
// 3) Decrypt.
jwe2 = CkJwe_Create();
success = CkJwe_LoadJwe(jwe2,strJwe);
if (success == FALSE) {
printf("%s\n",CkJwe_lastErrorText(jwe2));
CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
CkPublicKey_Dispose(rsaPubKey);
CkJwe_Dispose(jwe);
CkJwe_Dispose(jwe2);
return;
}
// Provide the RSA private key for decryption.
// (The JWE was encrypted for a single recipient at index 0.)
CkJwe_SetPrivateKey(jwe2,0,rsaPrivKey);
// Decrypt.
originalPlaintext = CkJwe_decrypt(jwe2,0,"utf-8");
if (CkJwe_getLastMethodSuccess(jwe2) == FALSE) {
printf("%s\n",CkJwe_lastErrorText(jwe2));
CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
CkPublicKey_Dispose(rsaPubKey);
CkJwe_Dispose(jwe);
CkJwe_Dispose(jwe2);
return;
}
printf("original text: \n");
printf("%s\n",originalPlaintext);
// ---------------------------------------------------------------------------------
// It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
// because it was produced using the same RSA key.
sbJwe = CkStringBuilder_Create();
CkStringBuilder_Append(sbJwe,"eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.");
CkStringBuilder_Append(sbJwe,"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm");
CkStringBuilder_Append(sbJwe,"1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc");
CkStringBuilder_Append(sbJwe,"HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF");
CkStringBuilder_Append(sbJwe,"NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8");
CkStringBuilder_Append(sbJwe,"rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv");
CkStringBuilder_Append(sbJwe,"-B3oWh2TbqmScqXMR4gp_A.");
CkStringBuilder_Append(sbJwe,"AxY8DCtDaGlsbGljb3RoZQ.");
CkStringBuilder_Append(sbJwe,"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.");
CkStringBuilder_Append(sbJwe,"9hH0vgRfYgPnAHOd8stkvw");
success = CkJwe_LoadJweSb(jwe2,sbJwe);
if (success == FALSE) {
printf("%s\n",CkJwe_lastErrorText(jwe2));
CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
CkPublicKey_Dispose(rsaPubKey);
CkJwe_Dispose(jwe);
CkJwe_Dispose(jwe2);
CkStringBuilder_Dispose(sbJwe);
return;
}
// Provide the RSA private key for decryption.
CkJwe_SetPrivateKey(jwe2,0,rsaPrivKey);
// Decrypt.
originalPlaintext = CkJwe_decrypt(jwe2,0,"utf-8");
if (CkJwe_getLastMethodSuccess(jwe2) == FALSE) {
printf("%s\n",CkJwe_lastErrorText(jwe2));
CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
CkPublicKey_Dispose(rsaPubKey);
CkJwe_Dispose(jwe);
CkJwe_Dispose(jwe2);
CkStringBuilder_Dispose(sbJwe);
return;
}
printf("%s\n",originalPlaintext);
CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
CkPublicKey_Dispose(rsaPubKey);
CkJwe_Dispose(jwe);
CkJwe_Dispose(jwe2);
CkStringBuilder_Dispose(sbJwe);
}