Sample code for 30+ languages & platforms
Perl

JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256

See more JSON Web Encryption (JWE) Examples

This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).

Chilkat Perl Downloads

Perl
use chilkat();

$success = 0;

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Note: This example requires Chilkat v9.5.0.66 or greater.

$plaintext = "Live long and prosper.";

# First build the JWE Protected Header.
# We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
$jweProtHdr = chilkat::CkJsonObject->new();
$jweProtHdr->AppendString("alg","RSA1_5");
$jweProtHdr->AppendString("enc","A128CBC-HS256");
print "JWE Protected Header: " . $jweProtHdr->emit() . "\r\n";
print "--" . "\r\n";

# The specific RSA key used in the A.2 example is the following JWK:
$sbJwk = chilkat::CkStringBuilder->new();
$sbJwk->Append("{\"kty\":\"RSA\",");
$sbJwk->Append("\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl");
$sbJwk->Append("UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre");
$sbJwk->Append("cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_");
$sbJwk->Append("7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI");
$sbJwk->Append("Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU");
$sbJwk->Append("7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\",");
$sbJwk->Append("\"e\":\"AQAB\",");
$sbJwk->Append("\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq");
$sbJwk->Append("1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry");
$sbJwk->Append("nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_");
$sbJwk->Append("0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj");
$sbJwk->Append("-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj");
$sbJwk->Append("T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\",");
$sbJwk->Append("\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68");
$sbJwk->Append("ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP");
$sbJwk->Append("krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\",");
$sbJwk->Append("\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y");
$sbJwk->Append("BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN");
$sbJwk->Append("-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\",");
$sbJwk->Append("\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv");
$sbJwk->Append("ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra");
$sbJwk->Append("Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\",");
$sbJwk->Append("\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff");
$sbJwk->Append("7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_");
$sbJwk->Append("odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\",");
$sbJwk->Append("\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC");
$sbJwk->Append("tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ");
$sbJwk->Append("B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\"");
$sbJwk->Append("}");

# Load this JWK into a Chilkat private key object.
$rsaPrivKey = chilkat::CkPrivateKey->new();
$success = $rsaPrivKey->LoadJwk($sbJwk->getAsString());
if ($success == 0) {
    print $rsaPrivKey->lastErrorText() . "\r\n";
    exit;
}

# The public key is used to encrypt (i.e. create the JWE), 
# and the private key is used to decrypt.
# The RSA public key is simply a subset of the private key.  The RSA public key
# is composed of the "n" and "e" members shown above.  These are also known as the
# modulus and exponent.
# We can simply get the public key object from the private key object
$rsaPubKey = chilkat::CkPublicKey->new();
$rsaPrivKey->ToPublicKey($rsaPubKey);

# Create the JWE...
$jwe = chilkat::CkJwe->new();
$jwe->SetProtectedHeader($jweProtHdr);
$jwe->SetPublicKey(0,$rsaPubKey);

$strJwe = $jwe->encrypt($plaintext,"utf-8");
if ($jwe->get_LastMethodSuccess() == 0) {
    print $jwe->lastErrorText() . "\r\n";
    exit;
}

# Show the JWE we just created:
print $strJwe . "\r\n";

# Note: The RSA PKCS1_V1_5 padding uses random value, and the results
# will be different each time.  However, each result should be successfully
# decrypting if using the correct RSA private key.

# Let's decrypt the JWE that was just produced.
# Do the following to decrypt a JWE:
# 1) Load the JWE.
# 2) Set the private key for decryption.
# 3) Decrypt.
$jwe2 = chilkat::CkJwe->new();
$success = $jwe2->LoadJwe($strJwe);
if ($success == 0) {
    print $jwe2->lastErrorText() . "\r\n";
    exit;
}

# Provide the RSA private key for decryption.
# (The JWE was encrypted for a single recipient at index 0.)
$jwe2->SetPrivateKey(0,$rsaPrivKey);

# Decrypt.
$originalPlaintext = $jwe2->decrypt(0,"utf-8");
if ($jwe2->get_LastMethodSuccess() == 0) {
    print $jwe2->lastErrorText() . "\r\n";
    exit;
}

print "original text: " . "\r\n";
print $originalPlaintext . "\r\n";

# ---------------------------------------------------------------------------------
# It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
# because it was produced using the same RSA key.

$sbJwe = chilkat::CkStringBuilder->new();
$sbJwe->Append("eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.");
$sbJwe->Append("UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm");
$sbJwe->Append("1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc");
$sbJwe->Append("HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF");
$sbJwe->Append("NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8");
$sbJwe->Append("rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv");
$sbJwe->Append("-B3oWh2TbqmScqXMR4gp_A.");
$sbJwe->Append("AxY8DCtDaGlsbGljb3RoZQ.");
$sbJwe->Append("KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.");
$sbJwe->Append("9hH0vgRfYgPnAHOd8stkvw");

$success = $jwe2->LoadJweSb($sbJwe);
if ($success == 0) {
    print $jwe2->lastErrorText() . "\r\n";
    exit;
}

# Provide the RSA private key for decryption.
$jwe2->SetPrivateKey(0,$rsaPrivKey);

# Decrypt.
$originalPlaintext = $jwe2->decrypt(0,"utf-8");
if ($jwe2->get_LastMethodSuccess() == 0) {
    print $jwe2->lastErrorText() . "\r\n";
    exit;
}

print $originalPlaintext . "\r\n";