|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) JWE Using Flattened JWE JSON SerializationThis example duplicates the example A.5 in RFC 7516 for JSON Web Encryption (JWE). This example demonstrates using the flattened JWE JSON Serialization syntax. This example demonstrates the capability for encrypting the plaintext to a single recipient in a flattened JSON structure. Note: This example requires Chilkat v9.5.0.66 or greater.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- Note: This example requires Chilkat v9.5.0.66 or greater. DECLARE @success int DECLARE @plaintext nvarchar(4000) SELECT @plaintext = 'Live long and prosper.' DECLARE @jwe int -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- First build the JWE Protected Header: {"enc":"A128CBC-HS256"} DECLARE @jweProtHdr int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweProtHdr OUT EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'enc', 'A128CBC-HS256' EXEC sp_OAMethod @jwe, 'SetProtectedHeader', @success OUT, @jweProtHdr -- We have a single recipient that uses AES Key Wrap to encrypt the CEK. -- -- {"alg":"A128KW","kid":"7"} DECLARE @jweRecipientHdr int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweRecipientHdr OUT EXEC sp_OAMethod @jweRecipientHdr, 'AppendString', @success OUT, 'alg', 'A128KW' EXEC sp_OAMethod @jweRecipientHdr, 'AppendString', @success OUT, 'kid', '7' DECLARE @recipientIndex int SELECT @recipientIndex = 0 EXEC sp_OAMethod @jwe, 'SetRecipientHeader', @success OUT, @recipientIndex, @jweRecipientHdr -- Set the Shared Unprotected Header: {"jku":"https://server.example.com/keys.jwks"} DECLARE @jweUnprotHdr int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweUnprotHdr OUT EXEC sp_OAMethod @jweUnprotHdr, 'AppendString', @success OUT, 'jku', 'https://server.example.com/keys.jwks' EXEC sp_OAMethod @jwe, 'SetUnprotectedHeader', @success OUT, @jweUnprotHdr -- Set the AES key wrapping key. DECLARE @aesWrappingKey nvarchar(4000) SELECT @aesWrappingKey = 'GawgguFyGrWKav7AX4VKUg' SELECT @recipientIndex = 0 EXEC sp_OAMethod @jwe, 'SetWrappingKey', @success OUT, @recipientIndex, @aesWrappingKey, 'base64url' -- OK.. everything has been specified. -- Now encrypt. -- Indicate that we prefer the flattened JSON serialization. EXEC sp_OASetProperty @jwe, 'PreferFlattened', 1 DECLARE @strJwe nvarchar(4000) EXEC sp_OAMethod @jwe, 'Encrypt', @strJwe OUT, @plaintext, 'utf-8' EXEC sp_OAGetProperty @jwe, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr EXEC @hr = sp_OADestroy @jweUnprotHdr RETURN END -- The JWE is produced in the most compact form possible (a single line). -- Let's load it into a JSON object and examine in a non-compact pretty-printed format: DECLARE @jsonTemp int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonTemp OUT EXEC sp_OAMethod @jsonTemp, 'Load', @success OUT, @strJwe EXEC sp_OASetProperty @jsonTemp, 'EmitCompact', 0 EXEC sp_OAMethod @jsonTemp, 'Emit', @sTmp0 OUT PRINT @sTmp0 -- The JWE looks like this: -- (Note: Because of random values used in the encryption process, your encrypted results will be different.) -- { -- "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", -- "unprotected": { -- "jku": "https://server.example.com/keys.jwks" -- }, -- "header": { -- "alg": "A128KW", -- "kid": "7" -- }, -- "encrypted_key": "FW7z9VxOvnF2ClicvUT4HTeqcdyh90C6qytfEFJsOb77FOwTfYrc3w", -- "iv": "O6Ly5-eML3zTs-_fNX3D5Q", -- "ciphertext": "Q8NLmeac9JhLh0CQPuG_7D9wVDb55eToCh0g5-FQ4M0", -- "tag": "slzlo6-J9C7wSDF4dh_kBg" -- } -- Now decrypt...................................... -- First, load the JWE.. DECLARE @jwe2 int -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe2 OUT EXEC sp_OAMethod @jwe2, 'LoadJwe', @success OUT, @strJwe IF @success <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 RETURN END -- Set the AES wrap key.. SELECT @recipientIndex = 0 EXEC sp_OAMethod @jwe2, 'SetWrappingKey', @success OUT, @recipientIndex, @aesWrappingKey, 'base64url' -- Decrypt DECLARE @originalPlaintext nvarchar(4000) EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, @recipientIndex, 'utf-8' EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 RETURN END PRINT 'original text decrypted with AES key wrap key: ' PRINT @originalPlaintext -- --------------------------------------------------------------------------------- -- It should also be possible to decrypt the flattened JWE as shown in RFC 7516, Appendix A.5 -- because it was produced using the same key. DECLARE @sbJwe int -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwe OUT EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"protected":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"unprotected":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{"jku":"https://server.example.com/keys.jwks"},' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"header":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{"alg":"A128KW","kid":"7"},' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"encrypted_key":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ",' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"iv":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"AxY8DCtDaGlsbGljb3RoZQ",' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"ciphertext":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY",' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"tag":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"Mz-VPPyU4RlcuYv1IwIvzw"' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '}' EXEC sp_OAMethod @jwe2, 'LoadJweSb', @success OUT, @sbJwe IF @success <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe RETURN END SELECT @recipientIndex = 0 EXEC sp_OAMethod @jwe2, 'SetWrappingKey', @success OUT, @recipientIndex, @aesWrappingKey, 'base64url' EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, @recipientIndex, 'utf-8' EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe RETURN END PRINT 'original text decrypted from published flattened JWE: ' PRINT @originalPlaintext -- The output: -- original text decrypted with AES key wrap key: -- Live long and prosper. -- original text decrypted from published flattened JWE: -- Live long and prosper. EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.