(DataFlex) How to Generate a JSON Web Key (JWK)

Demonstrates how to generate the following types of JSON Web Keys:

• RSA key pair
• EC key pair
• Octet sequence key (HMAC-256)
• 192-bit AES GCM key

Note: This example requires Chilkat v9.5.0.66 or later.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-9.5.0-win32.pkg

Procedure Test
    Handle hoRsa
    Boolean iSuccess
    Variant vRsaKey
    Handle hoRsaKey
    String sRsaJwkStr
    Handle hoJson
    Variant vPrng
    Handle hoPrng
    Handle hoEcc
    Variant vEcKey
    Handle hoEcKey
    String sEcJwkStr
    Handle hoCrypt
    Handle hoJwkHmac
    Handle hoJwkAes
    String sTemp1
    Boolean bTemp1

    //  This requires the Chilkat API to have been previously unlocked.
    //  See Global Unlock Sample for sample code.

    //  ----------------------------------------------
    //  Generate an RSA key pair in JWK format.
    //  (Examples for generating other key types are shown below...)
    Get Create (RefClass(cComChilkatRsa)) To hoRsa
    If (Not(IsComObjectCreated(hoRsa))) Begin
        Send CreateComObject of hoRsa
    End
    Get ComGenerateKey Of hoRsa 2048 To iSuccess
    Get ComExportPrivateKeyObj Of hoRsa To vRsaKey
    If (IsComObject(vRsaKey)) Begin
        Get Create (RefClass(cComChilkatPrivateKey)) To hoRsaKey
        Set pvComObject Of hoRsaKey To vRsaKey
    End
    Get ComGetJwk Of hoRsaKey To sRsaJwkStr

    //  The string returned is the most compact possible, and therefore it is not
    //  very readable.  To pretty-print, load into a JSON object and emit..
    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Set ComEmitCompact Of hoJson To False
    Get ComLoad Of hoJson sRsaJwkStr To iSuccess
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    Send Destroy of hoRsaKey

    //  Sample RSA JWK:

    //  {
    //    "kty": "RSA",
    //    "n": "6w1Xpof7gKmytJ3yc_yjI5_K3MvVXnBYBDy5Oh2W6Xqu_fOl3W18SjS2AU5xJrTHlB_j84yQjPyXJh_ixjACK4K4dCSYqlLmn3R7QJ84vnHLIEkqwUICqOHdCBjK5xhMrdZxIhuNlJzbARY-3u9RqjsT3HYTjA6JNHUWTYBBRou4gYGm4cJgvX4uexdikqxnze014RmZMaOV_4MR--WL4G8QfNJ2pRBEXQeKyije89H6M5oTSK7KZqFTIqu9hwNtx2oGpGAIcS0Jv5xVl-hDtwXZNwQJaOxMzLw1nwnb2kMliJa67EabQFrQY_xthQNsfzcHJJlpqYiMprW8wRkzmQ",
    //    "e": "AQAB",
    //    "d": "1_bnXMw-SeYhmxAwb19lqVqtMpdaES5ZwHLmoT4EpbsiQ5T1BfENrMSnoaWoEy8w3Kk8cU7qlY-TdOUBIKWFqOKvhY8GciA_Y6zLfgGNSnYVczGmxfBXr0HvKvxUmWZbNbH9OqBkQnKoSmRdGcp7l1Q2mG4o4ZuNdxRJjKXV0_DTrNLUJzst0hsfoZ6mWUrQcn39XGvvLjz9ySS-DYGI1vli3ayx8jVNuw0rU8UXVs9WmPQLvZO_ZDMhoLEeKsdejnNkUNPAUjqxcSOZRojt4BfCmbt-_1slFb0NsoaqnDVZGezd9J9ocxGuyIWHAJu9GGZEcdaFyiDDs_WA1IS_fQ",
    //    "p": "9dU8f6yOklRcpV6ayVMKpyQ6AMuBTF3rZmB498eAvvTkVG1-upm8IkikTVNpPjEalc82Sxuq8oF4N5x1-F33sgVEoCZG-1WFZTn-rnPnXSALES9hqSaVYEwnh61EiY8ckjBVr9jD2nL1JKdbfgVVeo69-9PdjnKYYDVL8eLNPwM",
    //    "q": "9MX2sW0GyaOsZ86AYe3eG2ZgcgKHvhJa573gih5Jvi2e-Nv-L0EVK29_DA7n0Pjm-gl9zVAsGsMMkphJyEF9QgyUlJ-59XLqWnECS5gO6WZdtHrJxVvcO-_AOrLIxeYnYcwhmaVaxs_UEpqGzupKHCWgf4cfXe49lrIsqGKH4jM",
    //    "dp": "IQgj9uvSxGq9gCL0HXUhC1Bc0tqFZyN_i-QOnQybig0R2R5VVvFtTBYCrbk1fPvQHK0ZGIKBN9CZvK8zUsodjDgU_ofmJcNaBz4BsKM2RVcW5Zo-PyJGFAhnj12CxhEKv8Hq4ZP4zROBSQmLy6Uf1TX05S-Up51SSCshJ0FYXs0",
    //    "dq": "RijsMiUfGfL5OvP85pUI4e-xW1yQThHyzpQlZVGTL5jiBVEBhcfw6ndWAj3Pgp2ljyvjTFNboPwhgW93Tpg-8AytFgDGi605sVzNHJ_kPlBiMZY0eYaAFQn-npSaaecziJu7UdAMugneLsruMycCwRij7Ynsmr7sFmLR3B4J9vM",
    //    "qi": "jZE-a1pa8YjflpCSH5oqp1f6f6I6-hpZcLdamLCoAcjVSIPk86gtXtOFES4411-DqYzYIZM6B_g_SRYY6JpKAOuZ40mmMTlnIEoVf8BHiGl3g6bBAiN1yQGXrwXJsg2OYnocyRA-xWNdcMSSFA52SwEdar2Mmw29qVzxtC1QbpA"
    //  }

    //  ----------------------------------------------
    //  Generate an EC P-256 key pair in JWK format

    Get Create (RefClass(cComChilkatPrng)) To hoPrng
    If (Not(IsComObjectCreated(hoPrng))) Begin
        Send CreateComObject of hoPrng
    End
    Get Create (RefClass(cComChilkatEcc)) To hoEcc
    If (Not(IsComObjectCreated(hoEcc))) Begin
        Send CreateComObject of hoEcc
    End
    Get pvComObject of hoPrng to vPrng
    Get ComGenEccKey Of hoEcc "P-256" vPrng To vEcKey
    If (IsComObject(vEcKey)) Begin
        Get Create (RefClass(cComChilkatPrivateKey)) To hoEcKey
        Set pvComObject Of hoEcKey To vEcKey
    End
    Get ComLastMethodSuccess Of hoEcc To bTemp1
    If (bTemp1 <> True) Begin
        Get ComLastErrorText Of hoEcc To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComGetJwk Of hoEcKey To sEcJwkStr
    Get ComLoad Of hoJson sEcJwkStr To iSuccess
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1

    Send Destroy of hoEcKey

    //  Sample EC JWK Key:
    //  {
    //    "kty": "EC",
    //    "crv": "P-256",
    //    "x": "tDeeYABgKEAbWicYPCEEI8sP4SRIhHKcHDW7VqrB4LA",
    //    "y": "J08HOoIZ0rX2Me3bNFZUltfxIk1Hrc8FsLu8VaSxsMI",
    //    "d": "-bqt1T0wNAN8sP5ruycQZRVlMlt3V_dSwlJ60xAX5io"
    //  }

    //  ----------------------------------------------
    //  Octet sequence keys are intended for representing secret keys, such as HMAC keys and AES keys.

    //  We'll use crypt to generate a random UUID..
    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    //  AES and HMAC keys are simply random arrays of bytes
    //  For these, we can just build the JSON directly,
    //  with the help of the PRNG object.

    Get Create (RefClass(cComChilkatJsonObject)) To hoJwkHmac
    If (Not(IsComObjectCreated(hoJwkHmac))) Begin
        Send CreateComObject of hoJwkHmac
    End
    Set ComEmitCompact Of hoJwkHmac To False

    //  Generate a 256-bit HMAK key (32 bytes)
    Get ComAppendString Of hoJwkHmac "kty" "oct" To iSuccess
    //  Give the key an optional ID, which can be anything, even strings as simple as "1", "2", etc.
    Get ComGenerateUuid Of hoCrypt To sTemp1
    Get ComAppendString Of hoJwkHmac "kid" sTemp1 To iSuccess
    //  Indicate the intended key alg (optional)
    Get ComAppendString Of hoJwkHmac "alg" "HS256" To iSuccess
    //  Generate the actual key bytes
    Get ComGenRandom Of hoPrng 32 "base64url" To sTemp1
    Get ComAppendString Of hoJwkHmac "k" sTemp1 To iSuccess

    Get ComEmit Of hoJwkHmac To sTemp1
    Showln sTemp1

    //  Sample HMAC-256 JWK:

    //  {
    //    "kty": "oct",
    //    "kid": "06c2515d-41fb-e436-e405-3abb361f5f7a",
    //    "alg": "HS256",
    //    "k": "wR32w7yiMe5Lhb1vkW2koBpoMxpXTFYuxOYCCIEKjdE"
    //  }

    //  ----------------------------------------------
    //  Now generate a 192-bit (24 byte) key that could be used with AES192GCM

    Get Create (RefClass(cComChilkatJsonObject)) To hoJwkAes
    If (Not(IsComObjectCreated(hoJwkAes))) Begin
        Send CreateComObject of hoJwkAes
    End
    Set ComEmitCompact Of hoJwkAes To False

    Get ComAppendString Of hoJwkAes "kty" "oct" To iSuccess
    Get ComAppendString Of hoJwkAes "kid" "2" To iSuccess
    Get ComGenRandom Of hoPrng 24 "base64url" To sTemp1
    Get ComAppendString Of hoJwkAes "k" sTemp1 To iSuccess

    Get ComEmit Of hoJwkAes To sTemp1
    Showln sTemp1

    //  Sample AES key:
    //  {
    //    "kty": "oct",
    //    "kid": "2",
    //    "k": "akAkq-L_ZTZ6-tEIhDUMtU2ENhsEgL-p"
    //  }


End_Procedure