Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Classic ASP) JWE using RSAES-OAEP and AES GCMThis example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE). Note: This example requires Chilkat v9.5.0.66 or greater.
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <% ' This requires the Chilkat API to have been previously unlocked. ' See Global Unlock Sample for sample code. ' Note: This example requires Chilkat v9.5.0.66 or greater. plaintext = "The true sign of intelligence is not knowledge but imagination." ' --------------------------------- ' A.1.1 JOSE Header ' First build the JWE Protected Header. ' We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"} ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.JsonObject") set jweProtHdr = Server.CreateObject("Chilkat.JsonObject") success = jweProtHdr.AppendString("alg","RSA-OAEP") success = jweProtHdr.AppendString("enc","A256GCM") Response.Write "<pre>" & Server.HTMLEncode( "JWE Protected Header: " & jweProtHdr.Emit()) & "</pre>" Response.Write "<pre>" & Server.HTMLEncode( "--") & "</pre>" ' --------------------------------- ' A.1.2 Content Encryption Key ' Note: Chilkat automatically generates the random CEK internally. ' The application does not need to explicitly take this step. ' --------------------------------- ' A.1.3. Key Encryption ' The application should load an RSA private key from any format. ' However, the application does not need to explicitly construct the JWE Encrypted Key. ' Chilkat automatically does it internally. ' The design of the Chilkat JWE API is to allow the application to create the JWE ' after specifying the inputs. (This is in contrast to forcing the application developer ' to painstakingly go through each step of the JWE construction process.) ' The specific RSA key used in the A.1 example is the following JWK: ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.StringBuilder") set sbJwk = Server.CreateObject("Chilkat.StringBuilder") success = sbJwk.Append("{""kty"": ""RSA"",") success = sbJwk.Append("""n"": ""oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW") success = sbJwk.Append("cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S") success = sbJwk.Append("psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a") success = sbJwk.Append("sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS") success = sbJwk.Append("tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj") success = sbJwk.Append("YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"",") success = sbJwk.Append("""e"": ""AQAB"",") success = sbJwk.Append("""d"": ""kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N") success = sbJwk.Append("WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9") success = sbJwk.Append("3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk") success = sbJwk.Append("qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl") success = sbJwk.Append("t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd") success = sbJwk.Append("VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"",") success = sbJwk.Append("""p"": ""1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-") success = sbJwk.Append("SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf") success = sbJwk.Append("fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0"",") success = sbJwk.Append("""q"": ""wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm") success = sbJwk.Append("UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX") success = sbJwk.Append("IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc"",") success = sbJwk.Append("""dp"": ""ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL") success = sbJwk.Append("hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827") success = sbJwk.Append("rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE"",") success = sbJwk.Append("""dq"": ""Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj") success = sbJwk.Append("ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB") success = sbJwk.Append("UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis"",") success = sbJwk.Append("""qi"": ""VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7") success = sbJwk.Append("AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3") success = sbJwk.Append("eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY""}") ' Load this JWK into a Chilkat private key object. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.PrivateKey") set rsaPrivKey = Server.CreateObject("Chilkat.PrivateKey") success = rsaPrivKey.LoadJwk(sbJwk.GetAsString()) If (success <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( rsaPrivKey.LastErrorText) & "</pre>" Response.End End If ' The public key is used to encrypt (i.e. create the JWE), ' and the private key is used to decrypt. ' The RSA public key is simply a subset of the private key. The RSA public key ' is composed of the "n" and "e" members shown above. These are also known as the ' modulus and exponent. ' We can simply get the public key object from the private key object ' rsaPubKey is a Chilkat.PublicKey Set rsaPubKey = rsaPrivKey.GetPublicKey() ' --------------------------------- ' A.1.4. Initialization Vector ' Chilkat automatically generates the necessary random IV internally. ' The application does not need to do this explicitly. ' --------------------------------- ' A.1.5. Additional Authenticated Data ' The Additional Authenticated Data encryption parameter is ' ASCII(BASE64URL(UTF8(JWE Protected Header))). ' Again, Chilkat automatically takes care of this internally. ' The application does not need to explicitly take this step. ' --------------------------------- ' A.1.6. Content Encryption ' Again... this step is handled by Chilkat internally. ' --------------------------------- ' A.1.7. Complete Representation ' The application need only call the Encrypt, EncryptSb, or EncryptBd method ' return the fully assembled JWE. ' The final representation in the Compact Serialization ' is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || ' BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization ' Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE ' Authentication Tag). ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Jwe") set jwe = Server.CreateObject("Chilkat.Jwe") success = jwe.SetProtectedHeader(jweProtHdr) success = jwe.SetPublicKey(0,rsaPubKey) strJwe = jwe.Encrypt(plaintext,"utf-8") If (jwe.LastMethodSuccess <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( jwe.LastErrorText) & "</pre>" Response.End End If ' Note: The RSA OAEP algorithm uses random padding bytes internally. ' Therefore, the results will appear different each time -- even if the ' identical plaintext is encrypted with the identical RSA key. ' (Do not expect the appearance of the results to be the same as what ' is published in the RFC. However, what is published in the RFC *should* ' be decryptable using the code that follows.) Response.Write "<pre>" & Server.HTMLEncode( strJwe) & "</pre>" ' Let's decrypt the JWE that was just produced. ' Do the following to decrypt a JWE: ' 1) Load the JWE. ' 2) Set the private key for decryption. ' 3) Decrypt. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.Jwe") set jwe2 = Server.CreateObject("Chilkat.Jwe") success = jwe2.LoadJwe(strJwe) If (success <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>" Response.End End If ' Provide the RSA private key for decryption. ' (The JWE was encrypted for a single recipient at index 0.) success = jwe2.SetPrivateKey(0,rsaPrivKey) ' Decrypt. originalPlaintext = jwe2.Decrypt(0,"utf-8") If (jwe2.LastMethodSuccess <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>" Response.End End If Response.Write "<pre>" & Server.HTMLEncode( "original text: ") & "</pre>" Response.Write "<pre>" & Server.HTMLEncode( originalPlaintext) & "</pre>" ' --------------------------------------------------------------------------------- ' It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7 ' because it was produced using the same RSA key. ' For versions of Chilkat < 10.0.0, use CreateObject("Chilkat_9_5_0.StringBuilder") set sbJwe = Server.CreateObject("Chilkat.StringBuilder") success = sbJwe.Append("eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.") success = sbJwe.Append("OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe") success = sbJwe.Append("ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb") success = sbJwe.Append("Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV") success = sbJwe.Append("mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8") success = sbJwe.Append("1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi") success = sbJwe.Append("6UklfCpIMfIjf7iGdXKHzg.") success = sbJwe.Append("48V1_ALb6US04U3b.") success = sbJwe.Append("5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji") success = sbJwe.Append("SdiwkIr3ajwQzaBtQD_A.") success = sbJwe.Append("XFBoMYUZodetZdvTiFvSkQ") success = jwe2.LoadJweSb(sbJwe) If (success <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>" Response.End End If ' Provide the RSA private key for decryption. success = jwe2.SetPrivateKey(0,rsaPrivKey) ' Decrypt. originalPlaintext = jwe2.Decrypt(0,"utf-8") If (jwe2.LastMethodSuccess <> 1) Then Response.Write "<pre>" & Server.HTMLEncode( jwe2.LastErrorText) & "</pre>" Response.End End If Response.Write "<pre>" & Server.HTMLEncode( originalPlaintext) & "</pre>" %> </body> </html> |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.