|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(PowerBuilder) JWE Using General JWE JSON SerializationThis example duplicates the example A.4 in RFC 7516 for JSON Web Encryption (JWE). This example demonstrates the capability for encrypting the same plaintext to multiple recipients. Two recipients are present in this example. Note: This example requires Chilkat v9.5.0.66 or greater.
integer li_rc integer li_Success string ls_Plaintext oleobject loo_Jwe oleobject loo_JweProtHdr oleobject loo_JweRecipientHdr1 integer li_RecipientIndex oleobject loo_JweRecipientHdr2 oleobject loo_JweUnprotHdr oleobject loo_SbJwk oleobject loo_RsaPrivKey oleobject loo_RsaPubKey string ls_AesWrappingKey string ls_StrJwe oleobject loo_JsonTemp oleobject loo_Jwe2 integer li_CaseSensitive string ls_OriginalPlaintext oleobject loo_SbJwe // This requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // Note: This example requires Chilkat v9.5.0.66 or greater. ls_Plaintext = "Live long and prosper." loo_Jwe = create oleobject // Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 li_rc = loo_Jwe.ConnectToNewObject("Chilkat.Jwe") if li_rc < 0 then destroy loo_Jwe MessageBox("Error","Connecting to COM object failed") return end if // First build the JWE Protected Header: {"enc":"A128CBC-HS256"} loo_JweProtHdr = create oleobject // Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 li_rc = loo_JweProtHdr.ConnectToNewObject("Chilkat.JsonObject") loo_JweProtHdr.AppendString("enc","A128CBC-HS256") loo_Jwe.SetProtectedHeader(loo_JweProtHdr) // The first recipient uses the RSAES-PKCS1-v1_5 algorithm to encrypt // the CEK. The second uses AES Key Wrap to encrypt the CEK. Key ID // values are supplied for both keys. The two JWE Per-Recipient // Unprotected Header values used to represent these algorithms and key // IDs are: // // {"alg":"RSA1_5","kid":"2011-04-29"} // // and // // {"alg":"A128KW","kid":"7"} loo_JweRecipientHdr1 = create oleobject // Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 li_rc = loo_JweRecipientHdr1.ConnectToNewObject("Chilkat.JsonObject") loo_JweRecipientHdr1.AppendString("alg","RSA1_5") loo_JweRecipientHdr1.AppendString("kid","2011-04-29") li_RecipientIndex = 0 loo_Jwe.SetRecipientHeader(li_RecipientIndex,loo_JweRecipientHdr1) loo_JweRecipientHdr2 = create oleobject // Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 li_rc = loo_JweRecipientHdr2.ConnectToNewObject("Chilkat.JsonObject") loo_JweRecipientHdr2.AppendString("alg","A128KW") loo_JweRecipientHdr2.AppendString("kid","7") li_RecipientIndex = 1 loo_Jwe.SetRecipientHeader(li_RecipientIndex,loo_JweRecipientHdr2) // Set the Shared Unprotected Header: {"jku":"https://server.example.com/keys.jwks"} loo_JweUnprotHdr = create oleobject // Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 li_rc = loo_JweUnprotHdr.ConnectToNewObject("Chilkat.JsonObject") loo_JweUnprotHdr.AppendString("jku","https://server.example.com/keys.jwks") loo_Jwe.SetUnprotectedHeader(loo_JweUnprotHdr) // Note: The intent of specifying a "kid" (an acronym for "Key ID") is that // the software would somehow download the keys.jwks from https://server.example.com/keys.jwks, // and would select the key (whatever format it may be, such as RSA, or an AES key wrap key, etc.), // and then automatically use it. // This example keeps the "kid" and "jku" in their respective headers, but does not actually fetch // the keys from some URL. We'll just provide the keys directly.. // Recipient 0 uses this RSA key: loo_SbJwk = create oleobject // Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0 li_rc = loo_SbJwk.ConnectToNewObject("Chilkat.StringBuilder") loo_SbJwk.Append("{~"kty~":~"RSA~",") loo_SbJwk.Append("~"n~":~"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl") loo_SbJwk.Append("UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre") loo_SbJwk.Append("cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_") loo_SbJwk.Append("7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI") loo_SbJwk.Append("Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU") loo_SbJwk.Append("7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw~",") loo_SbJwk.Append("~"e~":~"AQAB~",") loo_SbJwk.Append("~"d~":~"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq") loo_SbJwk.Append("1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry") loo_SbJwk.Append("nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_") loo_SbJwk.Append("0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj") loo_SbJwk.Append("-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj") loo_SbJwk.Append("T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ~",") loo_SbJwk.Append("~"p~":~"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68") loo_SbJwk.Append("ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP") loo_SbJwk.Append("krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM~",") loo_SbJwk.Append("~"q~":~"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y") loo_SbJwk.Append("BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN") loo_SbJwk.Append("-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0~",") loo_SbJwk.Append("~"dp~":~"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv") loo_SbJwk.Append("ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra") loo_SbJwk.Append("Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs~",") loo_SbJwk.Append("~"dq~":~"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff") loo_SbJwk.Append("7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_") loo_SbJwk.Append("odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU~",") loo_SbJwk.Append("~"qi~":~"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC") loo_SbJwk.Append("tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ") loo_SbJwk.Append("B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo~"") loo_SbJwk.Append("}") // Load this JWK into a Chilkat private key object. loo_RsaPrivKey = create oleobject // Use "Chilkat_9_5_0.PrivateKey" for versions of Chilkat < 10.0.0 li_rc = loo_RsaPrivKey.ConnectToNewObject("Chilkat.PrivateKey") li_Success = loo_RsaPrivKey.LoadJwk(loo_SbJwk.GetAsString()) if li_Success <> 1 then Write-Debug loo_RsaPrivKey.LastErrorText destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey return end if // Get the public key for encryption. (The RSA private key is used for decryption.) loo_RsaPubKey = loo_RsaPrivKey.GetPublicKey() li_RecipientIndex = 0 loo_Jwe.SetPublicKey(li_RecipientIndex,loo_RsaPubKey) destroy loo_RsaPubKey // Recipient 1 uses AES Key Wrap ls_AesWrappingKey = "GawgguFyGrWKav7AX4VKUg" li_RecipientIndex = 1 loo_Jwe.SetWrappingKey(li_RecipientIndex,ls_AesWrappingKey,"base64url") // OK.. everything has been specified. // Now encrypt. Chilkat will use the general JSON serialization because it is only // possible serializationto use given there are multiple recipients. ls_StrJwe = loo_Jwe.Encrypt(ls_Plaintext,"utf-8") if loo_Jwe.LastMethodSuccess <> 1 then Write-Debug loo_Jwe.LastErrorText destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey return end if // The strJwe is in the most compact form possible (a single line). // Let's load it into a JSON object and examine in a non-compact pretty-printed format: loo_JsonTemp = create oleobject // Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 li_rc = loo_JsonTemp.ConnectToNewObject("Chilkat.JsonObject") loo_JsonTemp.Load(ls_StrJwe) loo_JsonTemp.EmitCompact = 0 Write-Debug loo_JsonTemp.Emit() // The JWE looks like this: // (Note: Because of random values used in the encryption process, your encrypted results will be different.) // { // "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", // "unprotected": { // "jku": "https://server.example.com/keys.jwks" // }, // "recipients": [ // { // "header": { // "alg": "RSA1_5", // "kid": "2011-04-29" // }, // "encrypted_key": "WlUggejR-vStJVNKgjG2mQrVv74aga1FFutT8E-n-yJEOTsOVnGjhj1NW_Snd9DqHAhFrc7NEvKCFplKWGnusBZxxjm1JpdUa0MIpkGmncJHQQdfm21vcbEUbDmfqVY79SnEis3tih1D3qmyp_Bxti4byDAHJIOJv_cj0Sx8oHZzgGtOLjtHsydyo1MtBIqI0w86i_uhUuraihZ3ngj67YZ6uqpR6lulkPIVohfF3oJ0D3Ay_XOCHWlHYkTg6VZsa0FDrPtfB2pG3TxTBPwI4IMj5uF_D3zrg51dCYKU1Gah71ujLaXRE5q9XF7oOknxiWQuWc7Ox8JP03lSx-DiVA" // }, // { // "header": { // "alg": "A128KW", // "kid": "7" // }, // "encrypted_key": "8diBP2aUUB_Jl5WxCuMJLN6HsppE3rhSjcecee0fBcwB31zbPAVejQ" // } // ], // "iv": "JqahFKx5Z8SFT_LnkfOq0Q", // "ciphertext": "YcSdjlszsaY1ADcs4Vw85H_WoAqnkDIJaJsTkmCj05s", // "tag": "G3KF2CZ-DMhm0cqUbhJKMA" // } // To decrypt, we don't need both recipient keys. We can decrypt with one key or the other. // The FindRecipient method can be used to find a particular recipient index. // First, load the JWE.. loo_Jwe2 = create oleobject // Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 li_rc = loo_Jwe2.ConnectToNewObject("Chilkat.Jwe") li_Success = loo_Jwe2.LoadJwe(ls_StrJwe) if li_Success <> 1 then Write-Debug loo_Jwe2.LastErrorText destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 return end if // Let's say we have the AES key wrap key, and we know the "kid" equals "7". li_CaseSensitive = 0 li_RecipientIndex = loo_Jwe2.FindRecipient("kid","7",li_CaseSensitive) if li_RecipientIndex < 0 then Write-Debug "Unable to find recipient with kid=7" destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 return end if // Set the AES wrap key for the recipient index. loo_Jwe2.SetWrappingKey(li_RecipientIndex,ls_AesWrappingKey,"base64url") // Decrypt ls_OriginalPlaintext = loo_Jwe2.Decrypt(li_RecipientIndex,"utf-8") if loo_Jwe2.LastMethodSuccess <> 1 then Write-Debug loo_Jwe2.LastErrorText destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 return end if Write-Debug "original text decrypted with AES key wrap key: " Write-Debug ls_OriginalPlaintext // Now, let's do the same with the RSA private key: li_RecipientIndex = loo_Jwe2.FindRecipient("kid","2011-04-29",li_CaseSensitive) if li_RecipientIndex < 0 then Write-Debug "Unable to find recipient with kid=2011-04-29" destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 return end if // Set the RSA private key for the recipient index. loo_Jwe2.SetPrivateKey(li_RecipientIndex,loo_RsaPrivKey) // Decrypt ls_OriginalPlaintext = loo_Jwe2.Decrypt(li_RecipientIndex,"utf-8") if loo_Jwe2.LastMethodSuccess <> 1 then Write-Debug loo_Jwe2.LastErrorText destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 return end if Write-Debug "original text decrypted with RSA private key: " Write-Debug ls_OriginalPlaintext // --------------------------------------------------------------------------------- // It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.4.7 // because it was produced using the same keys. loo_SbJwe = create oleobject // Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0 li_rc = loo_SbJwe.ConnectToNewObject("Chilkat.StringBuilder") loo_SbJwe.Append("{") loo_SbJwe.Append("~"protected~":") loo_SbJwe.Append("~"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0~",") loo_SbJwe.Append("~"unprotected~":") loo_SbJwe.Append("{~"jku~":~"https://server.example.com/keys.jwks~"},") loo_SbJwe.Append("~"recipients~":[") loo_SbJwe.Append("{~"header~":") loo_SbJwe.Append("{~"alg~":~"RSA1_5~",~"kid~":~"2011-04-29~"},") loo_SbJwe.Append("~"encrypted_key~":") loo_SbJwe.Append("~"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-") loo_SbJwe.Append("kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx") loo_SbJwe.Append("GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3") loo_SbJwe.Append("YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh") loo_SbJwe.Append("cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg") loo_SbJwe.Append("wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A~"},") loo_SbJwe.Append("{~"header~":") loo_SbJwe.Append("{~"alg~":~"A128KW~",~"kid~":~"7~"},") loo_SbJwe.Append("~"encrypted_key~":") loo_SbJwe.Append("~"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ~"}],") loo_SbJwe.Append("~"iv~":") loo_SbJwe.Append("~"AxY8DCtDaGlsbGljb3RoZQ~",") loo_SbJwe.Append("~"ciphertext~":") loo_SbJwe.Append("~"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY~",") loo_SbJwe.Append("~"tag~":") loo_SbJwe.Append("~"Mz-VPPyU4RlcuYv1IwIvzw~"") loo_SbJwe.Append("}") li_Success = loo_Jwe2.LoadJweSb(loo_SbJwe) if li_Success <> 1 then Write-Debug loo_Jwe2.LastErrorText destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 destroy loo_SbJwe return end if // We can decrypt with either key. Let's use the AES key wrap key... li_RecipientIndex = loo_Jwe2.FindRecipient("kid","7",li_CaseSensitive) if li_RecipientIndex < 0 then Write-Debug "Unable to find recipient with kid=7" destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 destroy loo_SbJwe return end if // Set the AES wrap key for the recipient index. loo_Jwe2.SetWrappingKey(li_RecipientIndex,ls_AesWrappingKey,"base64url") // Decrypt ls_OriginalPlaintext = loo_Jwe2.Decrypt(li_RecipientIndex,"utf-8") if loo_Jwe2.LastMethodSuccess <> 1 then Write-Debug loo_Jwe2.LastErrorText destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 destroy loo_SbJwe return end if Write-Debug "original text decrypted from published JWE, with AES key wrap key: " Write-Debug ls_OriginalPlaintext // The output: // original text decrypted with AES key wrap key: // Live long and prosper. // original text decrypted with RSA private key: // Live long and prosper. // original text decrypted from published JWE, with AES key wrap key: // Live long and prosper. destroy loo_Jwe destroy loo_JweProtHdr destroy loo_JweRecipientHdr1 destroy loo_JweRecipientHdr2 destroy loo_JweUnprotHdr destroy loo_SbJwk destroy loo_RsaPrivKey destroy loo_JsonTemp destroy loo_Jwe2 destroy loo_SbJwe |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.