(PureBasic) JWE using AES Key Wrap and AES_128_CBC_HMAC_SHA_256

This example duplicates the example A.3 in RFC 7516 for JSON Web Encryption (JWE).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkStringBuilder.pb"
IncludeFile "CkJwe.pb"
IncludeFile "CkJsonObject.pb"

Procedure ChilkatExample()

    ; This requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; Note: This example requires Chilkat v9.5.0.66 or greater.

    success.i
    plaintext.s = "Live long and prosper."

    jwe.i = CkJwe::ckCreate()
    If jwe.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; First build the JWE Protected Header: {"alg":"A128KW","enc":"A128CBC-HS256"}
    jweProtHdr.i = CkJsonObject::ckCreate()
    If jweProtHdr.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkJsonObject::ckAppendString(jweProtHdr,"alg","A128KW")
    CkJsonObject::ckAppendString(jweProtHdr,"enc","A128CBC-HS256")
    CkJwe::ckSetProtectedHeader(jwe,jweProtHdr)

    Debug "JWE Protected Header: " + CkJsonObject::ckEmit(jweProtHdr)
    Debug "--"

    ; The example A.3 in RFC 7516 uses the following 128-bit AES key,
    ; specified in JWK (JSON Web Key) format:
    ;      {"kty":"oct",
    ;       "k":"GawgguFyGrWKav7AX4VKUg"
    ;      }
    ; This is just a way of saying: The key type ("kty") is 
    ; a bunch of octets ("k") in base64url encoding.
    ; We can simply set the AES wrapping key like this:
    aesWrappingKey.s = "GawgguFyGrWKav7AX4VKUg"
    CkJwe::ckSetWrappingKey(jwe,0,aesWrappingKey,"base64url")

    ; Encrypt and return the JWE:
    strJwe.s = CkJwe::ckEncrypt(jwe,plaintext,"utf-8")
    If CkJwe::ckLastMethodSuccess(jwe) <> 1
        Debug CkJwe::ckLastErrorText(jwe)
        CkJwe::ckDispose(jwe)
        CkJsonObject::ckDispose(jweProtHdr)
        ProcedureReturn
    EndIf

    ; Show the JWE we just created:
    Debug strJwe

    ; Decrypt the JWE that was just produced.
    ; 1) Load the JWE.
    ; 2) Set the AES wrapping key.
    ; 3) Decrypt.
    jwe2.i = CkJwe::ckCreate()
    If jwe2.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkJwe::ckLoadJwe(jwe2,strJwe)
    If success <> 1
        Debug CkJwe::ckLastErrorText(jwe2)
        CkJwe::ckDispose(jwe)
        CkJsonObject::ckDispose(jweProtHdr)
        CkJwe::ckDispose(jwe2)
        ProcedureReturn
    EndIf

    ; Set the AES wrap key.
    CkJwe::ckSetWrappingKey(jwe2,0,aesWrappingKey,"base64url")

    ; Decrypt.
    originalPlaintext.s = CkJwe::ckDecrypt(jwe2,0,"utf-8")
    If CkJwe::ckLastMethodSuccess(jwe2) <> 1
        Debug CkJwe::ckLastErrorText(jwe2)
        CkJwe::ckDispose(jwe)
        CkJsonObject::ckDispose(jweProtHdr)
        CkJwe::ckDispose(jwe2)
        ProcedureReturn
    EndIf

    Debug "original text: "
    Debug originalPlaintext

    ; ---------------------------------------------------------------------------------
    ; It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.3.7
    ; because it was produced using the same AES Wrap key.

    sbJwe.i = CkStringBuilder::ckCreate()
    If sbJwe.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkStringBuilder::ckAppend(sbJwe,"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.")
    CkStringBuilder::ckAppend(sbJwe,"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.")
    CkStringBuilder::ckAppend(sbJwe,"AxY8DCtDaGlsbGljb3RoZQ.")
    CkStringBuilder::ckAppend(sbJwe,"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.")
    CkStringBuilder::ckAppend(sbJwe,"U0m_YmjN04DJvceFICbCVQ")

    success = CkJwe::ckLoadJweSb(jwe2,sbJwe)
    If success <> 1
        Debug CkJwe::ckLastErrorText(jwe2)
        CkJwe::ckDispose(jwe)
        CkJsonObject::ckDispose(jweProtHdr)
        CkJwe::ckDispose(jwe2)
        CkStringBuilder::ckDispose(sbJwe)
        ProcedureReturn
    EndIf

    CkJwe::ckSetWrappingKey(jwe2,0,aesWrappingKey,"base64url")

    ; Decrypt.
    originalPlaintext = CkJwe::ckDecrypt(jwe2,0,"utf-8")
    If CkJwe::ckLastMethodSuccess(jwe2) <> 1
        Debug CkJwe::ckLastErrorText(jwe2)
        CkJwe::ckDispose(jwe)
        CkJsonObject::ckDispose(jweProtHdr)
        CkJwe::ckDispose(jwe2)
        CkStringBuilder::ckDispose(sbJwe)
        ProcedureReturn
    EndIf

    Debug originalPlaintext


    CkJwe::ckDispose(jwe)
    CkJsonObject::ckDispose(jweProtHdr)
    CkJwe::ckDispose(jwe2)
    CkStringBuilder::ckDispose(sbJwe)


    ProcedureReturn
EndProcedure