PureBasic
PureBasic
JWE using AES Key Wrap and AES_128_CBC_HMAC_SHA_256
See more JSON Web Encryption (JWE) Examples
This example duplicates the example A.3 in RFC 7516 for JSON Web Encryption (JWE).Note: This example requires Chilkat v9.5.0.66 or greater.
Chilkat PureBasic Downloads
IncludeFile "CkStringBuilder.pb"
IncludeFile "CkJwe.pb"
IncludeFile "CkJsonObject.pb"
Procedure ChilkatExample()
success.i = 0
; This requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; Note: This example requires Chilkat v9.5.0.66 or greater.
plaintext.s = "Live long and prosper."
jwe.i = CkJwe::ckCreate()
If jwe.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; First build the JWE Protected Header: {"alg":"A128KW","enc":"A128CBC-HS256"}
jweProtHdr.i = CkJsonObject::ckCreate()
If jweProtHdr.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckAppendString(jweProtHdr,"alg","A128KW")
CkJsonObject::ckAppendString(jweProtHdr,"enc","A128CBC-HS256")
CkJwe::ckSetProtectedHeader(jwe,jweProtHdr)
Debug "JWE Protected Header: " + CkJsonObject::ckEmit(jweProtHdr)
Debug "--"
; The example A.3 in RFC 7516 uses the following 128-bit AES key,
; specified in JWK (JSON Web Key) format:
; {"kty":"oct",
; "k":"GawgguFyGrWKav7AX4VKUg"
; }
; This is just a way of saying: The key type ("kty") is
; a bunch of octets ("k") in base64url encoding.
; We can simply set the AES wrapping key like this:
aesWrappingKey.s = "GawgguFyGrWKav7AX4VKUg"
CkJwe::ckSetWrappingKey(jwe,0,aesWrappingKey,"base64url")
; Encrypt and return the JWE:
strJwe.s = CkJwe::ckEncrypt(jwe,plaintext,"utf-8")
If CkJwe::ckLastMethodSuccess(jwe) <> 1
Debug CkJwe::ckLastErrorText(jwe)
CkJwe::ckDispose(jwe)
CkJsonObject::ckDispose(jweProtHdr)
ProcedureReturn
EndIf
; Show the JWE we just created:
Debug strJwe
; Decrypt the JWE that was just produced.
; 1) Load the JWE.
; 2) Set the AES wrapping key.
; 3) Decrypt.
jwe2.i = CkJwe::ckCreate()
If jwe2.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkJwe::ckLoadJwe(jwe2,strJwe)
If success <> 1
Debug CkJwe::ckLastErrorText(jwe2)
CkJwe::ckDispose(jwe)
CkJsonObject::ckDispose(jweProtHdr)
CkJwe::ckDispose(jwe2)
ProcedureReturn
EndIf
; Set the AES wrap key.
CkJwe::ckSetWrappingKey(jwe2,0,aesWrappingKey,"base64url")
; Decrypt.
originalPlaintext.s = CkJwe::ckDecrypt(jwe2,0,"utf-8")
If CkJwe::ckLastMethodSuccess(jwe2) <> 1
Debug CkJwe::ckLastErrorText(jwe2)
CkJwe::ckDispose(jwe)
CkJsonObject::ckDispose(jweProtHdr)
CkJwe::ckDispose(jwe2)
ProcedureReturn
EndIf
Debug "original text: "
Debug originalPlaintext
; ---------------------------------------------------------------------------------
; It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.3.7
; because it was produced using the same AES Wrap key.
sbJwe.i = CkStringBuilder::ckCreate()
If sbJwe.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkStringBuilder::ckAppend(sbJwe,"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.")
CkStringBuilder::ckAppend(sbJwe,"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.")
CkStringBuilder::ckAppend(sbJwe,"AxY8DCtDaGlsbGljb3RoZQ.")
CkStringBuilder::ckAppend(sbJwe,"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.")
CkStringBuilder::ckAppend(sbJwe,"U0m_YmjN04DJvceFICbCVQ")
success = CkJwe::ckLoadJweSb(jwe2,sbJwe)
If success <> 1
Debug CkJwe::ckLastErrorText(jwe2)
CkJwe::ckDispose(jwe)
CkJsonObject::ckDispose(jweProtHdr)
CkJwe::ckDispose(jwe2)
CkStringBuilder::ckDispose(sbJwe)
ProcedureReturn
EndIf
CkJwe::ckSetWrappingKey(jwe2,0,aesWrappingKey,"base64url")
; Decrypt.
originalPlaintext = CkJwe::ckDecrypt(jwe2,0,"utf-8")
If CkJwe::ckLastMethodSuccess(jwe2) <> 1
Debug CkJwe::ckLastErrorText(jwe2)
CkJwe::ckDispose(jwe)
CkJsonObject::ckDispose(jweProtHdr)
CkJwe::ckDispose(jwe2)
CkStringBuilder::ckDispose(sbJwe)
ProcedureReturn
EndIf
Debug originalPlaintext
CkJwe::ckDispose(jwe)
CkJsonObject::ckDispose(jweProtHdr)
CkJwe::ckDispose(jwe2)
CkStringBuilder::ckDispose(sbJwe)
ProcedureReturn
EndProcedure