(Classic ASP) JWE using AES Key Wrap and AES_128_CBC_HMAC_SHA_256

This example duplicates the example A.3 in RFC 7516 for JSON Web Encryption (JWE).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
' This requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' Note: This example requires Chilkat v9.5.0.66 or greater.

plaintext = "Live long and prosper."

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Jwe")
set jwe = Server.CreateObject("Chilkat.Jwe")

' First build the JWE Protected Header: {"alg":"A128KW","enc":"A128CBC-HS256"}
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject")
set jweProtHdr = Server.CreateObject("Chilkat.JsonObject")
success = jweProtHdr.AppendString("alg","A128KW")
success = jweProtHdr.AppendString("enc","A128CBC-HS256")
success = jwe.SetProtectedHeader(jweProtHdr)

Response.Write "<pre>" & Server.HTMLEncode( "JWE Protected Header: " & jweProtHdr.Emit()) & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( "--") & "</pre>"

' The example A.3 in RFC 7516 uses the following 128-bit AES key,
' specified in JWK (JSON Web Key) format:
'      {"kty":"oct",
'       "k":"GawgguFyGrWKav7AX4VKUg"
'      }
' This is just a way of saying: The key type ("kty") is 
' a bunch of octets ("k") in base64url encoding.
' We can simply set the AES wrapping key like this:
aesWrappingKey = "GawgguFyGrWKav7AX4VKUg"
success = jwe.SetWrappingKey(0,aesWrappingKey,"base64url")

' Encrypt and return the JWE:
strJwe = jwe.Encrypt(plaintext,"utf-8")
If (jwe.LastMethodSuccess <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( jwe.LastErrorText) & "</pre>"
    Response.End
End If

' Show the JWE we just created:
Response.Write "<pre>" & Server.HTMLEncode( strJwe) & "</pre>"

' Decrypt the JWE that was just produced.
' 1) Load the JWE.
' 2) Set the AES wrapping key.
' 3) Decrypt.
' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Jwe")
set jwe2 = Server.CreateObject("Chilkat.Jwe")
success = jwe2.LoadJwe(strJwe)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>"
    Response.End
End If

' Set the AES wrap key.
success = jwe2.SetWrappingKey(0,aesWrappingKey,"base64url")

' Decrypt.
originalPlaintext = jwe2.Decrypt(0,"utf-8")
If (jwe2.LastMethodSuccess <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>"
    Response.End
End If

Response.Write "<pre>" & Server.HTMLEncode( "original text: ") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( originalPlaintext) & "</pre>"

' ---------------------------------------------------------------------------------
' It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.3.7
' because it was produced using the same AES Wrap key.

' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.StringBuilder")
set sbJwe = Server.CreateObject("Chilkat.StringBuilder")
success = sbJwe.Append("eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.")
success = sbJwe.Append("6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.")
success = sbJwe.Append("AxY8DCtDaGlsbGljb3RoZQ.")
success = sbJwe.Append("KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.")
success = sbJwe.Append("U0m_YmjN04DJvceFICbCVQ")

success = jwe2.LoadJweSb(sbJwe)
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>"
    Response.End
End If

success = jwe2.SetWrappingKey(0,aesWrappingKey,"base64url")

' Decrypt.
originalPlaintext = jwe2.Decrypt(0,"utf-8")
If (jwe2.LastMethodSuccess <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>"
    Response.End
End If

Response.Write "<pre>" & Server.HTMLEncode( originalPlaintext) & "</pre>"

%>
</body>
</html>