Sample code for 30+ languages & platforms
AutoIt

JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256

See more JSON Web Encryption (JWE) Examples

This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).

Chilkat AutoIt Downloads

AutoIt
Local $bSuccess = False

; This requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.

; Note: This example requires Chilkat v9.5.0.66 or greater.

Local $sPlaintext = "Live long and prosper."

; First build the JWE Protected Header.
; We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
$oJweProtHdr = ObjCreate("Chilkat.JsonObject")
$oJweProtHdr.AppendString("alg","RSA1_5")
$oJweProtHdr.AppendString("enc","A128CBC-HS256")
ConsoleWrite("JWE Protected Header: " & $oJweProtHdr.Emit() & @CRLF)
ConsoleWrite("--" & @CRLF)

; The specific RSA key used in the A.2 example is the following JWK:
$oSbJwk = ObjCreate("Chilkat.StringBuilder")
$oSbJwk.Append("{""kty"":""RSA"",")
$oSbJwk.Append("""n"":""sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl")
$oSbJwk.Append("UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre")
$oSbJwk.Append("cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_")
$oSbJwk.Append("7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI")
$oSbJwk.Append("Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU")
$oSbJwk.Append("7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw"",")
$oSbJwk.Append("""e"":""AQAB"",")
$oSbJwk.Append("""d"":""VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq")
$oSbJwk.Append("1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry")
$oSbJwk.Append("nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_")
$oSbJwk.Append("0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj")
$oSbJwk.Append("-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj")
$oSbJwk.Append("T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ"",")
$oSbJwk.Append("""p"":""9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68")
$oSbJwk.Append("ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP")
$oSbJwk.Append("krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM"",")
$oSbJwk.Append("""q"":""uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y")
$oSbJwk.Append("BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN")
$oSbJwk.Append("-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0"",")
$oSbJwk.Append("""dp"":""w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv")
$oSbJwk.Append("ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra")
$oSbJwk.Append("Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs"",")
$oSbJwk.Append("""dq"":""o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff")
$oSbJwk.Append("7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_")
$oSbJwk.Append("odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU"",")
$oSbJwk.Append("""qi"":""eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC")
$oSbJwk.Append("tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ")
$oSbJwk.Append("B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo""")
$oSbJwk.Append("}")

; Load this JWK into a Chilkat private key object.
$oRsaPrivKey = ObjCreate("Chilkat.PrivateKey")
$bSuccess = $oRsaPrivKey.LoadJwk($oSbJwk.GetAsString())
If ($bSuccess = False) Then
    ConsoleWrite($oRsaPrivKey.LastErrorText & @CRLF)
    Exit
EndIf

; The public key is used to encrypt (i.e. create the JWE), 
; and the private key is used to decrypt.
; The RSA public key is simply a subset of the private key.  The RSA public key
; is composed of the "n" and "e" members shown above.  These are also known as the
; modulus and exponent.
; We can simply get the public key object from the private key object
$oRsaPubKey = ObjCreate("Chilkat.PublicKey")
$oRsaPrivKey.ToPublicKey($oRsaPubKey)

; Create the JWE...
$oJwe = ObjCreate("Chilkat.Jwe")
$oJwe.SetProtectedHeader($oJweProtHdr)
$oJwe.SetPublicKey(0,$oRsaPubKey)

Local $strJwe = $oJwe.Encrypt($sPlaintext,"utf-8")
If ($oJwe.LastMethodSuccess = False) Then
    ConsoleWrite($oJwe.LastErrorText & @CRLF)
    Exit
EndIf

; Show the JWE we just created:
ConsoleWrite($strJwe & @CRLF)

; Note: The RSA PKCS1_V1_5 padding uses random value, and the results
; will be different each time.  However, each result should be successfully
; decrypting if using the correct RSA private key.

; Let's decrypt the JWE that was just produced.
; Do the following to decrypt a JWE:
; 1) Load the JWE.
; 2) Set the private key for decryption.
; 3) Decrypt.
$oJwe2 = ObjCreate("Chilkat.Jwe")
$bSuccess = $oJwe2.LoadJwe($strJwe)
If ($bSuccess = False) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

; Provide the RSA private key for decryption.
; (The JWE was encrypted for a single recipient at index 0.)
$oJwe2.SetPrivateKey(0,$oRsaPrivKey)

; Decrypt.
Local $sOriginalPlaintext = $oJwe2.Decrypt(0,"utf-8")
If ($oJwe2.LastMethodSuccess = False) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite("original text: " & @CRLF)
ConsoleWrite($sOriginalPlaintext & @CRLF)

; ---------------------------------------------------------------------------------
; It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
; because it was produced using the same RSA key.

$oSbJwe = ObjCreate("Chilkat.StringBuilder")
$oSbJwe.Append("eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.")
$oSbJwe.Append("UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm")
$oSbJwe.Append("1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc")
$oSbJwe.Append("HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF")
$oSbJwe.Append("NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8")
$oSbJwe.Append("rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv")
$oSbJwe.Append("-B3oWh2TbqmScqXMR4gp_A.")
$oSbJwe.Append("AxY8DCtDaGlsbGljb3RoZQ.")
$oSbJwe.Append("KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.")
$oSbJwe.Append("9hH0vgRfYgPnAHOd8stkvw")

$bSuccess = $oJwe2.LoadJweSb($oSbJwe)
If ($bSuccess = False) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

; Provide the RSA private key for decryption.
$oJwe2.SetPrivateKey(0,$oRsaPrivKey)

; Decrypt.
$sOriginalPlaintext = $oJwe2.Decrypt(0,"utf-8")
If ($oJwe2.LastMethodSuccess = False) Then
    ConsoleWrite($oJwe2.LastErrorText & @CRLF)
    Exit
EndIf

ConsoleWrite($sOriginalPlaintext & @CRLF)