|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Perl) JWE using RSAES-OAEP and AES GCMThis example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE). Note: This example requires Chilkat v9.5.0.66 or greater.
use chilkat(); # This requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. # Note: This example requires Chilkat v9.5.0.66 or greater. $plaintext = "The true sign of intelligence is not knowledge but imagination."; # --------------------------------- # A.1.1 JOSE Header # First build the JWE Protected Header. # We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"} $jweProtHdr = chilkat::CkJsonObject->new(); $jweProtHdr->AppendString("alg","RSA-OAEP"); $jweProtHdr->AppendString("enc","A256GCM"); print "JWE Protected Header: " . $jweProtHdr->emit() . "\r\n"; print "--" . "\r\n"; # --------------------------------- # A.1.2 Content Encryption Key # Note: Chilkat automatically generates the random CEK internally. # The application does not need to explicitly take this step. # --------------------------------- # A.1.3. Key Encryption # The application should load an RSA private key from any format. # However, the application does not need to explicitly construct the JWE Encrypted Key. # Chilkat automatically does it internally. # The design of the Chilkat JWE API is to allow the application to create the JWE # after specifying the inputs. (This is in contrast to forcing the application developer # to painstakingly go through each step of the JWE construction process.) # The specific RSA key used in the A.1 example is the following JWK: $sbJwk = chilkat::CkStringBuilder->new(); $sbJwk->Append("{\"kty\": \"RSA\","); $sbJwk->Append("\"n\": \"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW"); $sbJwk->Append("cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S"); $sbJwk->Append("psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a"); $sbJwk->Append("sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS"); $sbJwk->Append("tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj"); $sbJwk->Append("YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\","); $sbJwk->Append("\"e\": \"AQAB\","); $sbJwk->Append("\"d\": \"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N"); $sbJwk->Append("WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9"); $sbJwk->Append("3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk"); $sbJwk->Append("qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl"); $sbJwk->Append("t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd"); $sbJwk->Append("VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\","); $sbJwk->Append("\"p\": \"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-"); $sbJwk->Append("SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf"); $sbJwk->Append("fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\","); $sbJwk->Append("\"q\": \"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm"); $sbJwk->Append("UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX"); $sbJwk->Append("IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\","); $sbJwk->Append("\"dp\": \"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL"); $sbJwk->Append("hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827"); $sbJwk->Append("rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\","); $sbJwk->Append("\"dq\": \"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj"); $sbJwk->Append("ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB"); $sbJwk->Append("UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\","); $sbJwk->Append("\"qi\": \"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7"); $sbJwk->Append("AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3"); $sbJwk->Append("eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\"}"); # Load this JWK into a Chilkat private key object. $rsaPrivKey = chilkat::CkPrivateKey->new(); $success = $rsaPrivKey->LoadJwk($sbJwk->getAsString()); if ($success != 1) { print $rsaPrivKey->lastErrorText() . "\r\n"; exit; } # The public key is used to encrypt (i.e. create the JWE), # and the private key is used to decrypt. # The RSA public key is simply a subset of the private key. The RSA public key # is composed of the "n" and "e" members shown above. These are also known as the # modulus and exponent. # We can simply get the public key object from the private key object # rsaPubKey is a PublicKey $rsaPubKey = $rsaPrivKey->GetPublicKey(); # --------------------------------- # A.1.4. Initialization Vector # Chilkat automatically generates the necessary random IV internally. # The application does not need to do this explicitly. # --------------------------------- # A.1.5. Additional Authenticated Data # The Additional Authenticated Data encryption parameter is # ASCII(BASE64URL(UTF8(JWE Protected Header))). # Again, Chilkat automatically takes care of this internally. # The application does not need to explicitly take this step. # --------------------------------- # A.1.6. Content Encryption # Again... this step is handled by Chilkat internally. # --------------------------------- # A.1.7. Complete Representation # The application need only call the Encrypt, EncryptSb, or EncryptBd method # return the fully assembled JWE. # The final representation in the Compact Serialization # is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || # BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization # Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE # Authentication Tag). $jwe = chilkat::CkJwe->new(); $jwe->SetProtectedHeader($jweProtHdr); $jwe->SetPublicKey(0,$rsaPubKey); $strJwe = $jwe->encrypt($plaintext,"utf-8"); if ($jwe->get_LastMethodSuccess() != 1) { print $jwe->lastErrorText() . "\r\n"; exit; } # Note: The RSA OAEP algorithm uses random padding bytes internally. # Therefore, the results will appear different each time -- even if the # identical plaintext is encrypted with the identical RSA key. # (Do not expect the appearance of the results to be the same as what # is published in the RFC. However, what is published in the RFC *should* # be decryptable using the code that follows.) print $strJwe . "\r\n"; # Let's decrypt the JWE that was just produced. # Do the following to decrypt a JWE: # 1) Load the JWE. # 2) Set the private key for decryption. # 3) Decrypt. $jwe2 = chilkat::CkJwe->new(); $success = $jwe2->LoadJwe($strJwe); if ($success != 1) { print $jwe2->lastErrorText() . "\r\n"; exit; } # Provide the RSA private key for decryption. # (The JWE was encrypted for a single recipient at index 0.) $jwe2->SetPrivateKey(0,$rsaPrivKey); # Decrypt. $originalPlaintext = $jwe2->decrypt(0,"utf-8"); if ($jwe2->get_LastMethodSuccess() != 1) { print $jwe2->lastErrorText() . "\r\n"; exit; } print "original text: " . "\r\n"; print $originalPlaintext . "\r\n"; # --------------------------------------------------------------------------------- # It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7 # because it was produced using the same RSA key. $sbJwe = chilkat::CkStringBuilder->new(); $sbJwe->Append("eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ."); $sbJwe->Append("OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe"); $sbJwe->Append("ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb"); $sbJwe->Append("Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV"); $sbJwe->Append("mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8"); $sbJwe->Append("1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi"); $sbJwe->Append("6UklfCpIMfIjf7iGdXKHzg."); $sbJwe->Append("48V1_ALb6US04U3b."); $sbJwe->Append("5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji"); $sbJwe->Append("SdiwkIr3ajwQzaBtQD_A."); $sbJwe->Append("XFBoMYUZodetZdvTiFvSkQ"); $success = $jwe2->LoadJweSb($sbJwe); if ($success != 1) { print $jwe2->lastErrorText() . "\r\n"; exit; } # Provide the RSA private key for decryption. $jwe2->SetPrivateKey(0,$rsaPrivKey); # Decrypt. $originalPlaintext = $jwe2->decrypt(0,"utf-8"); if ($jwe2->get_LastMethodSuccess() != 1) { print $jwe2->lastErrorText() . "\r\n"; exit; } print $originalPlaintext . "\r\n"; |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.