(Delphi DLL) JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256

This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Jwe, StringBuilder, PrivateKey, PublicKey, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
plaintext: PWideChar;
jweProtHdr: HCkJsonObject;
sbJwk: HCkStringBuilder;
rsaPrivKey: HCkPrivateKey;
rsaPubKey: HCkPublicKey;
jwe: HCkJwe;
strJwe: PWideChar;
jwe2: HCkJwe;
originalPlaintext: PWideChar;
sbJwe: HCkStringBuilder;

begin
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Note: This example requires Chilkat v9.5.0.66 or greater.

plaintext := 'Live long and prosper.';

// First build the JWE Protected Header.
// We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
jweProtHdr := CkJsonObject_Create();
CkJsonObject_AppendString(jweProtHdr,'alg','RSA1_5');
CkJsonObject_AppendString(jweProtHdr,'enc','A128CBC-HS256');
Memo1.Lines.Add('JWE Protected Header: ' + CkJsonObject__emit(jweProtHdr));
Memo1.Lines.Add('--');

// The specific RSA key used in the A.2 example is the following JWK:
sbJwk := CkStringBuilder_Create();
CkStringBuilder_Append(sbJwk,'{"kty":"RSA",');
CkStringBuilder_Append(sbJwk,'"n":"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl');
CkStringBuilder_Append(sbJwk,'UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre');
CkStringBuilder_Append(sbJwk,'cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_');
CkStringBuilder_Append(sbJwk,'7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI');
CkStringBuilder_Append(sbJwk,'Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU');
CkStringBuilder_Append(sbJwk,'7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw",');
CkStringBuilder_Append(sbJwk,'"e":"AQAB",');
CkStringBuilder_Append(sbJwk,'"d":"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq');
CkStringBuilder_Append(sbJwk,'1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry');
CkStringBuilder_Append(sbJwk,'nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_');
CkStringBuilder_Append(sbJwk,'0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj');
CkStringBuilder_Append(sbJwk,'-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj');
CkStringBuilder_Append(sbJwk,'T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ",');
CkStringBuilder_Append(sbJwk,'"p":"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68');
CkStringBuilder_Append(sbJwk,'ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP');
CkStringBuilder_Append(sbJwk,'krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM",');
CkStringBuilder_Append(sbJwk,'"q":"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y');
CkStringBuilder_Append(sbJwk,'BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN');
CkStringBuilder_Append(sbJwk,'-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0",');
CkStringBuilder_Append(sbJwk,'"dp":"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv');
CkStringBuilder_Append(sbJwk,'ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra');
CkStringBuilder_Append(sbJwk,'Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs",');
CkStringBuilder_Append(sbJwk,'"dq":"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff');
CkStringBuilder_Append(sbJwk,'7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_');
CkStringBuilder_Append(sbJwk,'odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU",');
CkStringBuilder_Append(sbJwk,'"qi":"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC');
CkStringBuilder_Append(sbJwk,'tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ');
CkStringBuilder_Append(sbJwk,'B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo"');
CkStringBuilder_Append(sbJwk,'}');

// Load this JWK into a Chilkat private key object.
rsaPrivKey := CkPrivateKey_Create();
success := CkPrivateKey_LoadJwk(rsaPrivKey,CkStringBuilder__getAsString(sbJwk));
if (success <> True) then
  begin
    Memo1.Lines.Add(CkPrivateKey__lastErrorText(rsaPrivKey));
    Exit;
  end;

// The public key is used to encrypt (i.e. create the JWE), 
// and the private key is used to decrypt.
// The RSA public key is simply a subset of the private key.  The RSA public key
// is composed of the "n" and "e" members shown above.  These are also known as the
// modulus and exponent.
// We can simply get the public key object from the private key object
rsaPubKey := CkPrivateKey_GetPublicKey(rsaPrivKey);

// Create the JWE...
jwe := CkJwe_Create();
CkJwe_SetProtectedHeader(jwe,jweProtHdr);
CkJwe_SetPublicKey(jwe,0,rsaPubKey);
CkPublicKey_Dispose(rsaPubKey);

strJwe := CkJwe__encrypt(jwe,plaintext,'utf-8');
if (CkJwe_getLastMethodSuccess(jwe) <> True) then
  begin
    Memo1.Lines.Add(CkJwe__lastErrorText(jwe));
    Exit;
  end;

// Show the JWE we just created:
Memo1.Lines.Add(strJwe);

// Note: The RSA PKCS1_V1_5 padding uses random value, and the results
// will be different each time.  However, each result should be successfully
// decrypting if using the correct RSA private key.

// Let's decrypt the JWE that was just produced.
// Do the following to decrypt a JWE:
// 1) Load the JWE.
// 2) Set the private key for decryption.
// 3) Decrypt.
jwe2 := CkJwe_Create();
success := CkJwe_LoadJwe(jwe2,strJwe);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJwe__lastErrorText(jwe2));
    Exit;
  end;

// Provide the RSA private key for decryption.
// (The JWE was encrypted for a single recipient at index 0.)
CkJwe_SetPrivateKey(jwe2,0,rsaPrivKey);

// Decrypt.
originalPlaintext := CkJwe__decrypt(jwe2,0,'utf-8');
if (CkJwe_getLastMethodSuccess(jwe2) <> True) then
  begin
    Memo1.Lines.Add(CkJwe__lastErrorText(jwe2));
    Exit;
  end;

Memo1.Lines.Add('original text: ');
Memo1.Lines.Add(originalPlaintext);

// ---------------------------------------------------------------------------------
// It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
// because it was produced using the same RSA key.

sbJwe := CkStringBuilder_Create();
CkStringBuilder_Append(sbJwe,'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.');
CkStringBuilder_Append(sbJwe,'UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm');
CkStringBuilder_Append(sbJwe,'1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc');
CkStringBuilder_Append(sbJwe,'HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF');
CkStringBuilder_Append(sbJwe,'NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8');
CkStringBuilder_Append(sbJwe,'rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv');
CkStringBuilder_Append(sbJwe,'-B3oWh2TbqmScqXMR4gp_A.');
CkStringBuilder_Append(sbJwe,'AxY8DCtDaGlsbGljb3RoZQ.');
CkStringBuilder_Append(sbJwe,'KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.');
CkStringBuilder_Append(sbJwe,'9hH0vgRfYgPnAHOd8stkvw');

success := CkJwe_LoadJweSb(jwe2,sbJwe);
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJwe__lastErrorText(jwe2));
    Exit;
  end;

// Provide the RSA private key for decryption.
CkJwe_SetPrivateKey(jwe2,0,rsaPrivKey);

// Decrypt.
originalPlaintext := CkJwe__decrypt(jwe2,0,'utf-8');
if (CkJwe_getLastMethodSuccess(jwe2) <> True) then
  begin
    Memo1.Lines.Add(CkJwe__lastErrorText(jwe2));
    Exit;
  end;

Memo1.Lines.Add(originalPlaintext);

CkJsonObject_Dispose(jweProtHdr);
CkStringBuilder_Dispose(sbJwk);
CkPrivateKey_Dispose(rsaPrivKey);
CkJwe_Dispose(jwe);
CkJwe_Dispose(jwe2);
CkStringBuilder_Dispose(sbJwe);

end;