(Java) JWE using RSAES-OAEP and AES GCM

This example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat Java Downloads Java Libs for Windows, MacOS, Linux, Alpine Linux, Solaris Java Libs for Android

import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: This example requires Chilkat v9.5.0.66 or greater.

    boolean success;
    String plaintext = "The true sign of intelligence is not knowledge but imagination.";

    // ---------------------------------
    // A.1.1 JOSE Header
    // First build the JWE Protected Header.
    // We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"}
    CkJsonObject jweProtHdr = new CkJsonObject();
    jweProtHdr.AppendString("alg","RSA-OAEP");
    jweProtHdr.AppendString("enc","A256GCM");
    System.out.println("JWE Protected Header: " + jweProtHdr.emit());
    System.out.println("--");

    // ---------------------------------
    // A.1.2 Content Encryption Key
    // Note: Chilkat automatically generates the random CEK internally.
    // The application does not need to explicitly take this step.

    // ---------------------------------
    // A.1.3.  Key Encryption
    // The application should load an RSA private key from any format.
    // However, the application does not need to explicitly construct the JWE Encrypted Key.
    // Chilkat automatically does it internally.
    // The design of the Chilkat JWE API is to allow the application to create the JWE
    // after specifying the inputs.  (This is in contrast to forcing the application developer
    // to painstakingly go through each step of the JWE construction process.)

    // The specific RSA key used in the A.1 example is the following JWK:
    CkStringBuilder sbJwk = new CkStringBuilder();
    sbJwk.Append("{\"kty\": \"RSA\",");
    sbJwk.Append("\"n\": \"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW");
    sbJwk.Append("cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S");
    sbJwk.Append("psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a");
    sbJwk.Append("sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS");
    sbJwk.Append("tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj");
    sbJwk.Append("YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\",");
    sbJwk.Append("\"e\": \"AQAB\",");
    sbJwk.Append("\"d\": \"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N");
    sbJwk.Append("WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9");
    sbJwk.Append("3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk");
    sbJwk.Append("qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl");
    sbJwk.Append("t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd");
    sbJwk.Append("VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\",");
    sbJwk.Append("\"p\": \"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-");
    sbJwk.Append("SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf");
    sbJwk.Append("fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\",");
    sbJwk.Append("\"q\": \"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm");
    sbJwk.Append("UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX");
    sbJwk.Append("IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\",");
    sbJwk.Append("\"dp\": \"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL");
    sbJwk.Append("hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827");
    sbJwk.Append("rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\",");
    sbJwk.Append("\"dq\": \"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj");
    sbJwk.Append("ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB");
    sbJwk.Append("UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\",");
    sbJwk.Append("\"qi\": \"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7");
    sbJwk.Append("AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3");
    sbJwk.Append("eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\"}");

    // Load this JWK into a Chilkat private key object.
    CkPrivateKey rsaPrivKey = new CkPrivateKey();
    success = rsaPrivKey.LoadJwk(sbJwk.getAsString());
    if (success != true) {
        System.out.println(rsaPrivKey.lastErrorText());
        return;
        }

    // The public key is used to encrypt (i.e. create the JWE), 
    // and the private key is used to decrypt.
    // The RSA public key is simply a subset of the private key.  The RSA public key
    // is composed of the "n" and "e" members shown above.  These are also known as the
    // modulus and exponent.
    // We can simply get the public key object from the private key object
    CkPublicKey rsaPubKey = rsaPrivKey.GetPublicKey();

    // ---------------------------------
    // A.1.4.  Initialization Vector
    // Chilkat automatically generates the necessary random IV internally.  
    // The application does not need to do this explicitly.

    // ---------------------------------
    // A.1.5.  Additional Authenticated Data
    // The Additional Authenticated Data encryption parameter is
    // ASCII(BASE64URL(UTF8(JWE Protected Header))).
    // Again, Chilkat automatically takes care of this internally.
    // The application does not need to explicitly take this step.

    // ---------------------------------
    // A.1.6.  Content Encryption
    // Again... this step is handled by Chilkat internally.

    // ---------------------------------
    // A.1.7.  Complete Representation
    // The application need only call the Encrypt, EncryptSb, or EncryptBd method
    // return the fully assembled JWE.  
    // The final representation in the Compact Serialization 
    // is the string BASE64URL(UTF8(JWE Protected Header)) || '.' ||
    // BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization
    // Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE
    // Authentication Tag).

    CkJwe jwe = new CkJwe();
    jwe.SetProtectedHeader(jweProtHdr);
    jwe.SetPublicKey(0,rsaPubKey);

    String strJwe = jwe.encrypt(plaintext,"utf-8");
    if (jwe.get_LastMethodSuccess() != true) {
        System.out.println(jwe.lastErrorText());
        return;
        }

    // Note: The RSA OAEP algorithm uses random padding bytes internally.
    // Therefore, the results will appear different each time -- even if the
    // identical plaintext is encrypted with the identical RSA key. 
    // (Do not expect the appearance of the results to be the same as what
    // is published in the RFC.  However, what is published in the RFC *should*
    // be decryptable using the code that follows.)
    System.out.println(strJwe);

    // Let's decrypt the JWE that was just produced.
    // Do the following to decrypt a JWE:
    // 1) Load the JWE.
    // 2) Set the private key for decryption.
    // 3) Decrypt.
    CkJwe jwe2 = new CkJwe();
    success = jwe2.LoadJwe(strJwe);
    if (success != true) {
        System.out.println(jwe2.lastErrorText());
        return;
        }

    // Provide the RSA private key for decryption.
    // (The JWE was encrypted for a single recipient at index 0.)
    jwe2.SetPrivateKey(0,rsaPrivKey);

    // Decrypt.
    String originalPlaintext = jwe2.decrypt(0,"utf-8");
    if (jwe2.get_LastMethodSuccess() != true) {
        System.out.println(jwe2.lastErrorText());
        return;
        }

    System.out.println("original text: ");
    System.out.println(originalPlaintext);

    // ---------------------------------------------------------------------------------
    // It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7
    // because it was produced using the same RSA key.

    CkStringBuilder sbJwe = new CkStringBuilder();
    sbJwe.Append("eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.");
    sbJwe.Append("OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe");
    sbJwe.Append("ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb");
    sbJwe.Append("Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV");
    sbJwe.Append("mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8");
    sbJwe.Append("1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi");
    sbJwe.Append("6UklfCpIMfIjf7iGdXKHzg.");
    sbJwe.Append("48V1_ALb6US04U3b.");
    sbJwe.Append("5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji");
    sbJwe.Append("SdiwkIr3ajwQzaBtQD_A.");
    sbJwe.Append("XFBoMYUZodetZdvTiFvSkQ");

    success = jwe2.LoadJweSb(sbJwe);
    if (success != true) {
        System.out.println(jwe2.lastErrorText());
        return;
        }

    // Provide the RSA private key for decryption.
    jwe2.SetPrivateKey(0,rsaPrivKey);

    // Decrypt.
    originalPlaintext = jwe2.decrypt(0,"utf-8");
    if (jwe2.get_LastMethodSuccess() != true) {
        System.out.println(jwe2.lastErrorText());
        return;
        }

    System.out.println(originalPlaintext);
  }
}