|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) JWE using AES Key Wrap and AES_128_CBC_HMAC_SHA_256This example duplicates the example A.3 in RFC 7516 for JSON Web Encryption (JWE). Note: This example requires Chilkat v9.5.0.66 or greater.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- Note: This example requires Chilkat v9.5.0.66 or greater. DECLARE @success int DECLARE @plaintext nvarchar(4000) SELECT @plaintext = 'Live long and prosper.' DECLARE @jwe int -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- First build the JWE Protected Header: {"alg":"A128KW","enc":"A128CBC-HS256"} DECLARE @jweProtHdr int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweProtHdr OUT EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'alg', 'A128KW' EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'enc', 'A128CBC-HS256' EXEC sp_OAMethod @jwe, 'SetProtectedHeader', @success OUT, @jweProtHdr EXEC sp_OAMethod @jweProtHdr, 'Emit', @sTmp0 OUT PRINT 'JWE Protected Header: ' + @sTmp0 PRINT '--' -- The example A.3 in RFC 7516 uses the following 128-bit AES key, -- specified in JWK (JSON Web Key) format: -- {"kty":"oct", -- "k":"GawgguFyGrWKav7AX4VKUg" -- } -- This is just a way of saying: The key type ("kty") is -- a bunch of octets ("k") in base64url encoding. -- We can simply set the AES wrapping key like this: DECLARE @aesWrappingKey nvarchar(4000) SELECT @aesWrappingKey = 'GawgguFyGrWKav7AX4VKUg' EXEC sp_OAMethod @jwe, 'SetWrappingKey', @success OUT, 0, @aesWrappingKey, 'base64url' -- Encrypt and return the JWE: DECLARE @strJwe nvarchar(4000) EXEC sp_OAMethod @jwe, 'Encrypt', @strJwe OUT, @plaintext, 'utf-8' EXEC sp_OAGetProperty @jwe, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr RETURN END -- Show the JWE we just created: PRINT @strJwe -- Decrypt the JWE that was just produced. -- 1) Load the JWE. -- 2) Set the AES wrapping key. -- 3) Decrypt. DECLARE @jwe2 int -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe2 OUT EXEC sp_OAMethod @jwe2, 'LoadJwe', @success OUT, @strJwe IF @success <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jwe2 RETURN END -- Set the AES wrap key. EXEC sp_OAMethod @jwe2, 'SetWrappingKey', @success OUT, 0, @aesWrappingKey, 'base64url' -- Decrypt. DECLARE @originalPlaintext nvarchar(4000) EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, 0, 'utf-8' EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jwe2 RETURN END PRINT 'original text: ' PRINT @originalPlaintext -- --------------------------------------------------------------------------------- -- It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.3.7 -- because it was produced using the same AES Wrap key. DECLARE @sbJwe int -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwe OUT EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ.' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'AxY8DCtDaGlsbGljb3RoZQ.' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'U0m_YmjN04DJvceFICbCVQ' EXEC sp_OAMethod @jwe2, 'LoadJweSb', @success OUT, @sbJwe IF @success <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe RETURN END EXEC sp_OAMethod @jwe2, 'SetWrappingKey', @success OUT, 0, @aesWrappingKey, 'base64url' -- Decrypt. EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, 0, 'utf-8' EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe RETURN END PRINT @originalPlaintext EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.