AutoIt
AutoIt
JWE using RSAES-OAEP and AES GCM
See more JSON Web Encryption (JWE) Examples
This example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE).Chilkat AutoIt Downloads
Local $bSuccess = False
; This requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; Note: This example requires Chilkat v9.5.0.66 or greater.
Local $sPlaintext = "The true sign of intelligence is not knowledge but imagination."
; ---------------------------------
; A.1.1 JOSE Header
; First build the JWE Protected Header.
; We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"}
$oJweProtHdr = ObjCreate("Chilkat.JsonObject")
$oJweProtHdr.AppendString("alg","RSA-OAEP")
$oJweProtHdr.AppendString("enc","A256GCM")
ConsoleWrite("JWE Protected Header: " & $oJweProtHdr.Emit() & @CRLF)
ConsoleWrite("--" & @CRLF)
; ---------------------------------
; A.1.2 Content Encryption Key
; Note: Chilkat automatically generates the random CEK internally.
; The application does not need to explicitly take this step.
; ---------------------------------
; A.1.3. Key Encryption
; The application should load an RSA private key from any format.
; However, the application does not need to explicitly construct the JWE Encrypted Key.
; Chilkat automatically does it internally.
; The design of the Chilkat JWE API is to allow the application to create the JWE
; after specifying the inputs. (This is in contrast to forcing the application developer
; to painstakingly go through each step of the JWE construction process.)
; The specific RSA key used in the A.1 example is the following JWK:
$oSbJwk = ObjCreate("Chilkat.StringBuilder")
$oSbJwk.Append("{""kty"": ""RSA"",")
$oSbJwk.Append("""n"": ""oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW")
$oSbJwk.Append("cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S")
$oSbJwk.Append("psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a")
$oSbJwk.Append("sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS")
$oSbJwk.Append("tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj")
$oSbJwk.Append("YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"",")
$oSbJwk.Append("""e"": ""AQAB"",")
$oSbJwk.Append("""d"": ""kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N")
$oSbJwk.Append("WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9")
$oSbJwk.Append("3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk")
$oSbJwk.Append("qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl")
$oSbJwk.Append("t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd")
$oSbJwk.Append("VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"",")
$oSbJwk.Append("""p"": ""1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-")
$oSbJwk.Append("SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf")
$oSbJwk.Append("fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0"",")
$oSbJwk.Append("""q"": ""wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm")
$oSbJwk.Append("UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX")
$oSbJwk.Append("IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc"",")
$oSbJwk.Append("""dp"": ""ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL")
$oSbJwk.Append("hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827")
$oSbJwk.Append("rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE"",")
$oSbJwk.Append("""dq"": ""Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj")
$oSbJwk.Append("ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB")
$oSbJwk.Append("UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis"",")
$oSbJwk.Append("""qi"": ""VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7")
$oSbJwk.Append("AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3")
$oSbJwk.Append("eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY""}")
; Load this JWK into a Chilkat private key object.
$oRsaPrivKey = ObjCreate("Chilkat.PrivateKey")
$bSuccess = $oRsaPrivKey.LoadJwk($oSbJwk.GetAsString())
If ($bSuccess = False) Then
ConsoleWrite($oRsaPrivKey.LastErrorText & @CRLF)
Exit
EndIf
; The public key is used to encrypt (i.e. create the JWE),
; and the private key is used to decrypt.
; The RSA public key is simply a subset of the private key. The RSA public key
; is composed of the "n" and "e" members shown above. These are also known as the
; modulus and exponent.
; We can simply get the public key object from the private key object
$oRsaPubKey = ObjCreate("Chilkat.PublicKey")
$oRsaPrivKey.ToPublicKey($oRsaPubKey)
; ---------------------------------
; A.1.4. Initialization Vector
; Chilkat automatically generates the necessary random IV internally.
; The application does not need to do this explicitly.
; ---------------------------------
; A.1.5. Additional Authenticated Data
; The Additional Authenticated Data encryption parameter is
; ASCII(BASE64URL(UTF8(JWE Protected Header))).
; Again, Chilkat automatically takes care of this internally.
; The application does not need to explicitly take this step.
; ---------------------------------
; A.1.6. Content Encryption
; Again... this step is handled by Chilkat internally.
; ---------------------------------
; A.1.7. Complete Representation
; The application need only call the Encrypt, EncryptSb, or EncryptBd method
; return the fully assembled JWE.
; The final representation in the Compact Serialization
; is the string BASE64URL(UTF8(JWE Protected Header)) || '.' ||
; BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization
; Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE
; Authentication Tag).
$oJwe = ObjCreate("Chilkat.Jwe")
$oJwe.SetProtectedHeader($oJweProtHdr)
$oJwe.SetPublicKey(0,$oRsaPubKey)
Local $strJwe = $oJwe.Encrypt($sPlaintext,"utf-8")
If ($oJwe.LastMethodSuccess = False) Then
ConsoleWrite($oJwe.LastErrorText & @CRLF)
Exit
EndIf
; Note: The RSA OAEP algorithm uses random padding bytes internally.
; Therefore, the results will appear different each time -- even if the
; identical plaintext is encrypted with the identical RSA key.
; (Do not expect the appearance of the results to be the same as what
; is published in the RFC. However, what is published in the RFC *should*
; be decryptable using the code that follows.)
ConsoleWrite($strJwe & @CRLF)
; Let's decrypt the JWE that was just produced.
; Do the following to decrypt a JWE:
; 1) Load the JWE.
; 2) Set the private key for decryption.
; 3) Decrypt.
$oJwe2 = ObjCreate("Chilkat.Jwe")
$bSuccess = $oJwe2.LoadJwe($strJwe)
If ($bSuccess = False) Then
ConsoleWrite($oJwe2.LastErrorText & @CRLF)
Exit
EndIf
; Provide the RSA private key for decryption.
; (The JWE was encrypted for a single recipient at index 0.)
$oJwe2.SetPrivateKey(0,$oRsaPrivKey)
; Decrypt.
Local $sOriginalPlaintext = $oJwe2.Decrypt(0,"utf-8")
If ($oJwe2.LastMethodSuccess = False) Then
ConsoleWrite($oJwe2.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite("original text: " & @CRLF)
ConsoleWrite($sOriginalPlaintext & @CRLF)
; ---------------------------------------------------------------------------------
; It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7
; because it was produced using the same RSA key.
$oSbJwe = ObjCreate("Chilkat.StringBuilder")
$oSbJwe.Append("eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.")
$oSbJwe.Append("OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe")
$oSbJwe.Append("ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb")
$oSbJwe.Append("Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV")
$oSbJwe.Append("mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8")
$oSbJwe.Append("1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi")
$oSbJwe.Append("6UklfCpIMfIjf7iGdXKHzg.")
$oSbJwe.Append("48V1_ALb6US04U3b.")
$oSbJwe.Append("5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji")
$oSbJwe.Append("SdiwkIr3ajwQzaBtQD_A.")
$oSbJwe.Append("XFBoMYUZodetZdvTiFvSkQ")
$bSuccess = $oJwe2.LoadJweSb($oSbJwe)
If ($bSuccess = False) Then
ConsoleWrite($oJwe2.LastErrorText & @CRLF)
Exit
EndIf
; Provide the RSA private key for decryption.
$oJwe2.SetPrivateKey(0,$oRsaPrivKey)
; Decrypt.
$sOriginalPlaintext = $oJwe2.Decrypt(0,"utf-8")
If ($oJwe2.LastMethodSuccess = False) Then
ConsoleWrite($oJwe2.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite($sOriginalPlaintext & @CRLF)