Objective-C
Objective-C
JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256
See more JSON Web Encryption (JWE) Examples
This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).Chilkat Objective-C Downloads
#import <NSString.h>
#import <CkoJsonObject.h>
#import <CkoStringBuilder.h>
#import <CkoPrivateKey.h>
#import <CkoPublicKey.h>
#import <CkoJwe.h>
BOOL success = NO;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: This example requires Chilkat v9.5.0.66 or greater.
NSString *plaintext = @"Live long and prosper.";
// First build the JWE Protected Header.
// We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
CkoJsonObject *jweProtHdr = [[CkoJsonObject alloc] init];
[jweProtHdr AppendString: @"alg" value: @"RSA1_5"];
[jweProtHdr AppendString: @"enc" value: @"A128CBC-HS256"];
NSLog(@"%@%@",@"JWE Protected Header: ",[jweProtHdr Emit]);
NSLog(@"%@",@"--");
// The specific RSA key used in the A.2 example is the following JWK:
CkoStringBuilder *sbJwk = [[CkoStringBuilder alloc] init];
[sbJwk Append: @"{\"kty\":\"RSA\","];
[sbJwk Append: @"\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl"];
[sbJwk Append: @"UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre"];
[sbJwk Append: @"cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_"];
[sbJwk Append: @"7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI"];
[sbJwk Append: @"Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU"];
[sbJwk Append: @"7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\","];
[sbJwk Append: @"\"e\":\"AQAB\","];
[sbJwk Append: @"\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq"];
[sbJwk Append: @"1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry"];
[sbJwk Append: @"nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_"];
[sbJwk Append: @"0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj"];
[sbJwk Append: @"-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj"];
[sbJwk Append: @"T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\","];
[sbJwk Append: @"\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68"];
[sbJwk Append: @"ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP"];
[sbJwk Append: @"krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\","];
[sbJwk Append: @"\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y"];
[sbJwk Append: @"BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN"];
[sbJwk Append: @"-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\","];
[sbJwk Append: @"\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv"];
[sbJwk Append: @"ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra"];
[sbJwk Append: @"Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\","];
[sbJwk Append: @"\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff"];
[sbJwk Append: @"7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_"];
[sbJwk Append: @"odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\","];
[sbJwk Append: @"\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC"];
[sbJwk Append: @"tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ"];
[sbJwk Append: @"B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\""];
[sbJwk Append: @"}"];
// Load this JWK into a Chilkat private key object.
CkoPrivateKey *rsaPrivKey = [[CkoPrivateKey alloc] init];
success = [rsaPrivKey LoadJwk: [sbJwk GetAsString]];
if (success == NO) {
NSLog(@"%@",rsaPrivKey.LastErrorText);
return;
}
// The public key is used to encrypt (i.e. create the JWE),
// and the private key is used to decrypt.
// The RSA public key is simply a subset of the private key. The RSA public key
// is composed of the "n" and "e" members shown above. These are also known as the
// modulus and exponent.
// We can simply get the public key object from the private key object
CkoPublicKey *rsaPubKey = [[CkoPublicKey alloc] init];
[rsaPrivKey ToPublicKey: rsaPubKey];
// Create the JWE...
CkoJwe *jwe = [[CkoJwe alloc] init];
[jwe SetProtectedHeader: jweProtHdr];
[jwe SetPublicKey: [NSNumber numberWithInt: 0] pubKey: rsaPubKey];
NSString *strJwe = [jwe Encrypt: plaintext charset: @"utf-8"];
if (jwe.LastMethodSuccess == NO) {
NSLog(@"%@",jwe.LastErrorText);
return;
}
// Show the JWE we just created:
NSLog(@"%@",strJwe);
// Note: The RSA PKCS1_V1_5 padding uses random value, and the results
// will be different each time. However, each result should be successfully
// decrypting if using the correct RSA private key.
// Let's decrypt the JWE that was just produced.
// Do the following to decrypt a JWE:
// 1) Load the JWE.
// 2) Set the private key for decryption.
// 3) Decrypt.
CkoJwe *jwe2 = [[CkoJwe alloc] init];
success = [jwe2 LoadJwe: strJwe];
if (success == NO) {
NSLog(@"%@",jwe2.LastErrorText);
return;
}
// Provide the RSA private key for decryption.
// (The JWE was encrypted for a single recipient at index 0.)
[jwe2 SetPrivateKey: [NSNumber numberWithInt: 0] privKey: rsaPrivKey];
// Decrypt.
NSString *originalPlaintext = [jwe2 Decrypt: [NSNumber numberWithInt: 0] charset: @"utf-8"];
if (jwe2.LastMethodSuccess == NO) {
NSLog(@"%@",jwe2.LastErrorText);
return;
}
NSLog(@"%@",@"original text: ");
NSLog(@"%@",originalPlaintext);
// ---------------------------------------------------------------------------------
// It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
// because it was produced using the same RSA key.
CkoStringBuilder *sbJwe = [[CkoStringBuilder alloc] init];
[sbJwe Append: @"eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0."];
[sbJwe Append: @"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm"];
[sbJwe Append: @"1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc"];
[sbJwe Append: @"HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF"];
[sbJwe Append: @"NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8"];
[sbJwe Append: @"rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv"];
[sbJwe Append: @"-B3oWh2TbqmScqXMR4gp_A."];
[sbJwe Append: @"AxY8DCtDaGlsbGljb3RoZQ."];
[sbJwe Append: @"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY."];
[sbJwe Append: @"9hH0vgRfYgPnAHOd8stkvw"];
success = [jwe2 LoadJweSb: sbJwe];
if (success == NO) {
NSLog(@"%@",jwe2.LastErrorText);
return;
}
// Provide the RSA private key for decryption.
[jwe2 SetPrivateKey: [NSNumber numberWithInt: 0] privKey: rsaPrivKey];
// Decrypt.
originalPlaintext = [jwe2 Decrypt: [NSNumber numberWithInt: 0] charset: @"utf-8"];
if (jwe2.LastMethodSuccess == NO) {
NSLog(@"%@",jwe2.LastErrorText);
return;
}
NSLog(@"%@",originalPlaintext);