Sample code for 30+ languages & platforms
AutoIt

JWE using AES Key Wrap and AES_128_CBC_HMAC_SHA_256

See more JSON Web Encryption (JWE) Examples

This example duplicates the example A.3 in RFC 7516 for JSON Web Encryption (JWE).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; Note: This example requires Chilkat v9.5.0.66 or greater.

Local $sPlaintext = "Live long and prosper."

$oJwe = ObjCreate("Chilkat.Jwe")

; First build the JWE Protected Header: {"alg":"A128KW","enc":"A128CBC-HS256"}
$oJweProtHdr = ObjCreate("Chilkat.JsonObject")
$oJweProtHdr.AppendString("alg","A128KW")
$oJweProtHdr.AppendString("enc","A128CBC-HS256")
$oJwe.SetProtectedHeader($oJweProtHdr)

ConsoleWrite("JWE Protected Header: " & $oJweProtHdr.Emit() & @CRLF)
ConsoleWrite("--" & @CRLF)

; The example A.3 in RFC 7516 uses the following 128-bit AES key,
; specified in JWK (JSON Web Key) format:
;      {"kty":"oct",
;       "k":"GawgguFyGrWKav7AX4VKUg"
;      }
; This is just a way of saying: The key type ("kty") is 
; a bunch of octets ("k") in base64url encoding.
; We can simply set the AES wrapping key like this:
Local $sAesWrappingKey = "GawgguFyGrWKav7AX4VKUg"
$oJwe.SetWrappingKey(0,$sAesWrappingKey,"base64url")

; Encrypt and return the JWE:
Local $strJwe = $oJwe.Encrypt($sPlaintext,"utf-8")
If ($oJwe.LastMethodSuccess <> True) Then
    ConsoleWrite($oJwe.LastErrorText & @CRLF)
    Exit
EndIf

; Show the JWE we just created:
ConsoleWrite($strJwe & @CRLF)

; Decrypt the JWE that was just produced.
; 1) Load the JWE.
; 2) Set the AES wrapping key.
; 3) Decrypt.
$oJwe2 = ObjCreate("Chilkat.Jwe")
$bSuccess = $oJwe2.LoadJwe($strJwe)
If ($bSuccess <> True) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

; Set the AES wrap key.
$oJwe2.SetWrappingKey(0,$sAesWrappingKey,"base64url")

; Decrypt.
Local $sOriginalPlaintext = $oJwe2.Decrypt(0,"utf-8")
If ($oJwe2.LastMethodSuccess <> True) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("original text: " & @CRLF)
ConsoleWrite($sOriginalPlaintext & @CRLF)

; ---------------------------------------------------------------------------------
; It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.3.7
; because it was produced using the same AES Wrap key.

$oSbJwe = ObjCreate("Chilkat.StringBuilder")
$oSbJwe.Append("eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.")
$oSbJwe.Append("6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.")
$oSbJwe.Append("AxY8DCtDaGlsbGljb3RoZQ.")
$oSbJwe.Append("KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.")
$oSbJwe.Append("U0m_YmjN04DJvceFICbCVQ")

$bSuccess = $oJwe2.LoadJweSb($oSbJwe)
If ($bSuccess <> True) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

$oJwe2.SetWrappingKey(0,$sAesWrappingKey,"base64url")

; Decrypt.
$sOriginalPlaintext = $oJwe2.Decrypt(0,"utf-8")
If ($oJwe2.LastMethodSuccess <> True) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite($sOriginalPlaintext & @CRLF)