Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(Delphi ActiveX) JWE using RSAES-OAEP and AES GCMThis example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE). Note: This example requires Chilkat v9.5.0.66 or greater.
uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB; ... procedure TForm1.Button1Click(Sender: TObject); var success: Integer; plaintext: WideString; jweProtHdr: TChilkatJsonObject; sbJwk: TChilkatStringBuilder; rsaPrivKey: TPrivateKey; rsaPubKey: IPublicKey; jwe: TChilkatJwe; strJwe: WideString; jwe2: TChilkatJwe; originalPlaintext: WideString; sbJwe: TChilkatStringBuilder; begin // This requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Note: This example requires Chilkat v9.5.0.66 or greater. plaintext := 'The true sign of intelligence is not knowledge but imagination.'; // --------------------------------- // A.1.1 JOSE Header // First build the JWE Protected Header. // We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"} jweProtHdr := TChilkatJsonObject.Create(Self); jweProtHdr.AppendString('alg','RSA-OAEP'); jweProtHdr.AppendString('enc','A256GCM'); Memo1.Lines.Add('JWE Protected Header: ' + jweProtHdr.Emit()); Memo1.Lines.Add('--'); // --------------------------------- // A.1.2 Content Encryption Key // Note: Chilkat automatically generates the random CEK internally. // The application does not need to explicitly take this step. // --------------------------------- // A.1.3. Key Encryption // The application should load an RSA private key from any format. // However, the application does not need to explicitly construct the JWE Encrypted Key. // Chilkat automatically does it internally. // The design of the Chilkat JWE API is to allow the application to create the JWE // after specifying the inputs. (This is in contrast to forcing the application developer // to painstakingly go through each step of the JWE construction process.) // The specific RSA key used in the A.1 example is the following JWK: sbJwk := TChilkatStringBuilder.Create(Self); sbJwk.Append('{"kty": "RSA",'); sbJwk.Append('"n": "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW'); sbJwk.Append('cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S'); sbJwk.Append('psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a'); sbJwk.Append('sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS'); sbJwk.Append('tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj'); sbJwk.Append('YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw",'); sbJwk.Append('"e": "AQAB",'); sbJwk.Append('"d": "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N'); sbJwk.Append('WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9'); sbJwk.Append('3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk'); sbJwk.Append('qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl'); sbJwk.Append('t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd'); sbJwk.Append('VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ",'); sbJwk.Append('"p": "1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-'); sbJwk.Append('SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf'); sbJwk.Append('fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0",'); sbJwk.Append('"q": "wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm'); sbJwk.Append('UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX'); sbJwk.Append('IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc",'); sbJwk.Append('"dp": "ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL'); sbJwk.Append('hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827'); sbJwk.Append('rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE",'); sbJwk.Append('"dq": "Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj'); sbJwk.Append('ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB'); sbJwk.Append('UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis",'); sbJwk.Append('"qi": "VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7'); sbJwk.Append('AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3'); sbJwk.Append('eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY"}'); // Load this JWK into a Chilkat private key object. rsaPrivKey := TPrivateKey.Create(Self); success := rsaPrivKey.LoadJwk(sbJwk.GetAsString()); if (success <> 1) then begin Memo1.Lines.Add(rsaPrivKey.LastErrorText); Exit; end; // The public key is used to encrypt (i.e. create the JWE), // and the private key is used to decrypt. // The RSA public key is simply a subset of the private key. The RSA public key // is composed of the "n" and "e" members shown above. These are also known as the // modulus and exponent. // We can simply get the public key object from the private key object rsaPubKey := rsaPrivKey.GetPublicKey(); // --------------------------------- // A.1.4. Initialization Vector // Chilkat automatically generates the necessary random IV internally. // The application does not need to do this explicitly. // --------------------------------- // A.1.5. Additional Authenticated Data // The Additional Authenticated Data encryption parameter is // ASCII(BASE64URL(UTF8(JWE Protected Header))). // Again, Chilkat automatically takes care of this internally. // The application does not need to explicitly take this step. // --------------------------------- // A.1.6. Content Encryption // Again... this step is handled by Chilkat internally. // --------------------------------- // A.1.7. Complete Representation // The application need only call the Encrypt, EncryptSb, or EncryptBd method // return the fully assembled JWE. // The final representation in the Compact Serialization // is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || // BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization // Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE // Authentication Tag). jwe := TChilkatJwe.Create(Self); jwe.SetProtectedHeader(jweProtHdr.ControlInterface); jwe.SetPublicKey(0,rsaPubKey); strJwe := jwe.Encrypt(plaintext,'utf-8'); if (jwe.LastMethodSuccess <> 1) then begin Memo1.Lines.Add(jwe.LastErrorText); Exit; end; // Note: The RSA OAEP algorithm uses random padding bytes internally. // Therefore, the results will appear different each time -- even if the // identical plaintext is encrypted with the identical RSA key. // (Do not expect the appearance of the results to be the same as what // is published in the RFC. However, what is published in the RFC *should* // be decryptable using the code that follows.) Memo1.Lines.Add(strJwe); // Let's decrypt the JWE that was just produced. // Do the following to decrypt a JWE: // 1) Load the JWE. // 2) Set the private key for decryption. // 3) Decrypt. jwe2 := TChilkatJwe.Create(Self); success := jwe2.LoadJwe(strJwe); if (success <> 1) then begin Memo1.Lines.Add(jwe2.LastErrorText); Exit; end; // Provide the RSA private key for decryption. // (The JWE was encrypted for a single recipient at index 0.) jwe2.SetPrivateKey(0,rsaPrivKey.ControlInterface); // Decrypt. originalPlaintext := jwe2.Decrypt(0,'utf-8'); if (jwe2.LastMethodSuccess <> 1) then begin Memo1.Lines.Add(jwe2.LastErrorText); Exit; end; Memo1.Lines.Add('original text: '); Memo1.Lines.Add(originalPlaintext); // --------------------------------------------------------------------------------- // It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7 // because it was produced using the same RSA key. sbJwe := TChilkatStringBuilder.Create(Self); sbJwe.Append('eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.'); sbJwe.Append('OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe'); sbJwe.Append('ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb'); sbJwe.Append('Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV'); sbJwe.Append('mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8'); sbJwe.Append('1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi'); sbJwe.Append('6UklfCpIMfIjf7iGdXKHzg.'); sbJwe.Append('48V1_ALb6US04U3b.'); sbJwe.Append('5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji'); sbJwe.Append('SdiwkIr3ajwQzaBtQD_A.'); sbJwe.Append('XFBoMYUZodetZdvTiFvSkQ'); success := jwe2.LoadJweSb(sbJwe.ControlInterface); if (success <> 1) then begin Memo1.Lines.Add(jwe2.LastErrorText); Exit; end; // Provide the RSA private key for decryption. jwe2.SetPrivateKey(0,rsaPrivKey.ControlInterface); // Decrypt. originalPlaintext := jwe2.Decrypt(0,'utf-8'); if (jwe2.LastMethodSuccess <> 1) then begin Memo1.Lines.Add(jwe2.LastErrorText); Exit; end; Memo1.Lines.Add(originalPlaintext); end; |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.