Sample code for 30+ languages & platforms
CkPython

JWE using A256GCMKW

See more JSON Web Encryption (JWE) Examples

This example demonstrates creating a JCE with AES GCM key wrap.

Chilkat CkPython Downloads

CkPython
import sys
import chilkat

success = False

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

plaintext = "My text to enrypt"

jwe = chilkat.CkJwe()

# First build the JWE Protected Header: 

#         {
#             "alg": "A256GCMKW",
#             "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
#             "tag": "kfPduVQ3T3H6vnewt--ksw",
#             "iv": "KkYT0GX_2jHlfqN_",
#             "enc": "A128CBC-HS256"
#         }

jweProtHdr = chilkat.CkJsonObject()
jweProtHdr.AppendString("alg","A256GCMKW")
# kid is optional
jweProtHdr.AppendString("kid","18ec08e1-bfa9-4d95-b205-2b4dd1d4321d")
# tag is optional
jweProtHdr.AppendString("tag","kfPduVQ3T3H6vnewt--ksw")
jweProtHdr.AppendString("enc","A256GCM")
# the iv should be 16 random chars.
prng = chilkat.CkPrng()
jweProtHdr.AppendString("iv",prng.randomString(16,True,True,True))
jwe.SetProtectedHeader(jweProtHdr)

print("JWE Protected Header: " + jweProtHdr.emit())
print("--")

# Given that we have 256-bit AES, our key should be 32 bytes.
# The ascii string here is 32 bytes, therefore the 2nd arg is "ascii" to use these
# ascii chars directly as the key.
aesWrappingKey = "2baf4f730f5e4542b428593ef9cceb0e"
jwe.SetWrappingKey(0,aesWrappingKey,"ascii")

# Encrypt and return the JWE:
strJwe = jwe.encrypt(plaintext,"utf-8")
if (jwe.get_LastMethodSuccess() != True):
    print(jwe.lastErrorText())
    sys.exit()

# Show the JWE we just created:
print(strJwe)

# Decrypt the JWE that was just produced.
# 1) Load the JWE.
# 2) Set the AES wrapping key.
# 3) Decrypt.
jwe2 = chilkat.CkJwe()
success = jwe2.LoadJwe(strJwe)
if (success != True):
    print(jwe2.lastErrorText())
    sys.exit()

# Set the AES wrap key.  Important to use "ascii"
jwe2.SetWrappingKey(0,aesWrappingKey,"ascii")

# Decrypt.
originalPlaintext = jwe2.decrypt(0,"utf-8")
if (jwe2.get_LastMethodSuccess() != True):
    print(jwe2.lastErrorText())
    sys.exit()

print("original text: ")
print(originalPlaintext)