|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) JWE Using General JWE JSON SerializationThis example duplicates the example A.4 in RFC 7516 for JSON Web Encryption (JWE). This example demonstrates the capability for encrypting the same plaintext to multiple recipients. Two recipients are present in this example. Note: This example requires Chilkat v9.5.0.66 or greater.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int DECLARE @iTmp0 int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- Note: This example requires Chilkat v9.5.0.66 or greater. DECLARE @success int DECLARE @plaintext nvarchar(4000) SELECT @plaintext = 'Live long and prosper.' DECLARE @jwe int -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- First build the JWE Protected Header: {"enc":"A128CBC-HS256"} DECLARE @jweProtHdr int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweProtHdr OUT EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'enc', 'A128CBC-HS256' EXEC sp_OAMethod @jwe, 'SetProtectedHeader', @success OUT, @jweProtHdr -- The first recipient uses the RSAES-PKCS1-v1_5 algorithm to encrypt -- the CEK. The second uses AES Key Wrap to encrypt the CEK. Key ID -- values are supplied for both keys. The two JWE Per-Recipient -- Unprotected Header values used to represent these algorithms and key -- IDs are: -- -- {"alg":"RSA1_5","kid":"2011-04-29"} -- -- and -- -- {"alg":"A128KW","kid":"7"} DECLARE @jweRecipientHdr1 int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweRecipientHdr1 OUT EXEC sp_OAMethod @jweRecipientHdr1, 'AppendString', @success OUT, 'alg', 'RSA1_5' EXEC sp_OAMethod @jweRecipientHdr1, 'AppendString', @success OUT, 'kid', '2011-04-29' DECLARE @recipientIndex int SELECT @recipientIndex = 0 EXEC sp_OAMethod @jwe, 'SetRecipientHeader', @success OUT, @recipientIndex, @jweRecipientHdr1 DECLARE @jweRecipientHdr2 int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweRecipientHdr2 OUT EXEC sp_OAMethod @jweRecipientHdr2, 'AppendString', @success OUT, 'alg', 'A128KW' EXEC sp_OAMethod @jweRecipientHdr2, 'AppendString', @success OUT, 'kid', '7' SELECT @recipientIndex = 1 EXEC sp_OAMethod @jwe, 'SetRecipientHeader', @success OUT, @recipientIndex, @jweRecipientHdr2 -- Set the Shared Unprotected Header: {"jku":"https://server.example.com/keys.jwks"} DECLARE @jweUnprotHdr int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweUnprotHdr OUT EXEC sp_OAMethod @jweUnprotHdr, 'AppendString', @success OUT, 'jku', 'https://server.example.com/keys.jwks' EXEC sp_OAMethod @jwe, 'SetUnprotectedHeader', @success OUT, @jweUnprotHdr -- Note: The intent of specifying a "kid" (an acronym for "Key ID") is that -- the software would somehow download the keys.jwks from https://server.example.com/keys.jwks, -- and would select the key (whatever format it may be, such as RSA, or an AES key wrap key, etc.), -- and then automatically use it. -- This example keeps the "kid" and "jku" in their respective headers, but does not actually fetch -- the keys from some URL. We'll just provide the keys directly.. -- Recipient 0 uses this RSA key: DECLARE @sbJwk int -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwk OUT EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '{"kty":"RSA",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"n":"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"e":"AQAB",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"d":"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"p":"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"q":"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"dp":"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"dq":"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU",' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"qi":"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo"' EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '}' -- Load this JWK into a Chilkat private key object. DECLARE @rsaPrivKey int -- Use "Chilkat_9_5_0.PrivateKey" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @rsaPrivKey OUT EXEC sp_OAMethod @sbJwk, 'GetAsString', @sTmp0 OUT EXEC sp_OAMethod @rsaPrivKey, 'LoadJwk', @success OUT, @sTmp0 IF @success <> 1 BEGIN EXEC sp_OAGetProperty @rsaPrivKey, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey RETURN END -- Get the public key for encryption. (The RSA private key is used for decryption.) DECLARE @rsaPubKey int EXEC sp_OAMethod @rsaPrivKey, 'GetPublicKey', @rsaPubKey OUT SELECT @recipientIndex = 0 EXEC sp_OAMethod @jwe, 'SetPublicKey', @success OUT, @recipientIndex, @rsaPubKey EXEC @hr = sp_OADestroy @rsaPubKey -- Recipient 1 uses AES Key Wrap DECLARE @aesWrappingKey nvarchar(4000) SELECT @aesWrappingKey = 'GawgguFyGrWKav7AX4VKUg' SELECT @recipientIndex = 1 EXEC sp_OAMethod @jwe, 'SetWrappingKey', @success OUT, @recipientIndex, @aesWrappingKey, 'base64url' -- OK.. everything has been specified. -- Now encrypt. Chilkat will use the general JSON serialization because it is only -- possible serializationto use given there are multiple recipients. DECLARE @strJwe nvarchar(4000) EXEC sp_OAMethod @jwe, 'Encrypt', @strJwe OUT, @plaintext, 'utf-8' EXEC sp_OAGetProperty @jwe, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey RETURN END -- The strJwe is in the most compact form possible (a single line). -- Let's load it into a JSON object and examine in a non-compact pretty-printed format: DECLARE @jsonTemp int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonTemp OUT EXEC sp_OAMethod @jsonTemp, 'Load', @success OUT, @strJwe EXEC sp_OASetProperty @jsonTemp, 'EmitCompact', 0 EXEC sp_OAMethod @jsonTemp, 'Emit', @sTmp0 OUT PRINT @sTmp0 -- The JWE looks like this: -- (Note: Because of random values used in the encryption process, your encrypted results will be different.) -- { -- "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", -- "unprotected": { -- "jku": "https://server.example.com/keys.jwks" -- }, -- "recipients": [ -- { -- "header": { -- "alg": "RSA1_5", -- "kid": "2011-04-29" -- }, -- "encrypted_key": "WlUggejR-vStJVNKgjG2mQrVv74aga1FFutT8E-n-yJEOTsOVnGjhj1NW_Snd9DqHAhFrc7NEvKCFplKWGnusBZxxjm1JpdUa0MIpkGmncJHQQdfm21vcbEUbDmfqVY79SnEis3tih1D3qmyp_Bxti4byDAHJIOJv_cj0Sx8oHZzgGtOLjtHsydyo1MtBIqI0w86i_uhUuraihZ3ngj67YZ6uqpR6lulkPIVohfF3oJ0D3Ay_XOCHWlHYkTg6VZsa0FDrPtfB2pG3TxTBPwI4IMj5uF_D3zrg51dCYKU1Gah71ujLaXRE5q9XF7oOknxiWQuWc7Ox8JP03lSx-DiVA" -- }, -- { -- "header": { -- "alg": "A128KW", -- "kid": "7" -- }, -- "encrypted_key": "8diBP2aUUB_Jl5WxCuMJLN6HsppE3rhSjcecee0fBcwB31zbPAVejQ" -- } -- ], -- "iv": "JqahFKx5Z8SFT_LnkfOq0Q", -- "ciphertext": "YcSdjlszsaY1ADcs4Vw85H_WoAqnkDIJaJsTkmCj05s", -- "tag": "G3KF2CZ-DMhm0cqUbhJKMA" -- } -- To decrypt, we don't need both recipient keys. We can decrypt with one key or the other. -- The FindRecipient method can be used to find a particular recipient index. -- First, load the JWE.. DECLARE @jwe2 int -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe2 OUT EXEC sp_OAMethod @jwe2, 'LoadJwe', @success OUT, @strJwe IF @success <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 RETURN END -- Let's say we have the AES key wrap key, and we know the "kid" equals "7". DECLARE @caseSensitive int SELECT @caseSensitive = 0 EXEC sp_OAMethod @jwe2, 'FindRecipient', @recipientIndex OUT, 'kid', '7', @caseSensitive IF @recipientIndex < 0 BEGIN PRINT 'Unable to find recipient with kid=7' EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 RETURN END -- Set the AES wrap key for the recipient index. EXEC sp_OAMethod @jwe2, 'SetWrappingKey', @success OUT, @recipientIndex, @aesWrappingKey, 'base64url' -- Decrypt DECLARE @originalPlaintext nvarchar(4000) EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, @recipientIndex, 'utf-8' EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 RETURN END PRINT 'original text decrypted with AES key wrap key: ' PRINT @originalPlaintext -- Now, let's do the same with the RSA private key: EXEC sp_OAMethod @jwe2, 'FindRecipient', @recipientIndex OUT, 'kid', '2011-04-29', @caseSensitive IF @recipientIndex < 0 BEGIN PRINT 'Unable to find recipient with kid=2011-04-29' EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 RETURN END -- Set the RSA private key for the recipient index. EXEC sp_OAMethod @jwe2, 'SetPrivateKey', @success OUT, @recipientIndex, @rsaPrivKey -- Decrypt EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, @recipientIndex, 'utf-8' EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 RETURN END PRINT 'original text decrypted with RSA private key: ' PRINT @originalPlaintext -- --------------------------------------------------------------------------------- -- It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.4.7 -- because it was produced using the same keys. DECLARE @sbJwe int -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwe OUT EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"protected":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0",' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"unprotected":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{"jku":"https://server.example.com/keys.jwks"},' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"recipients":[' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{"header":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{"alg":"RSA1_5","kid":"2011-04-29"},' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"encrypted_key":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"},' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{"header":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '{"alg":"A128KW","kid":"7"},' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"encrypted_key":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"}],' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"iv":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"AxY8DCtDaGlsbGljb3RoZQ",' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"ciphertext":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY",' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"tag":' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '"Mz-VPPyU4RlcuYv1IwIvzw"' EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '}' EXEC sp_OAMethod @jwe2, 'LoadJweSb', @success OUT, @sbJwe IF @success <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe RETURN END -- We can decrypt with either key. Let's use the AES key wrap key... EXEC sp_OAMethod @jwe2, 'FindRecipient', @recipientIndex OUT, 'kid', '7', @caseSensitive IF @recipientIndex < 0 BEGIN PRINT 'Unable to find recipient with kid=7' EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe RETURN END -- Set the AES wrap key for the recipient index. EXEC sp_OAMethod @jwe2, 'SetWrappingKey', @success OUT, @recipientIndex, @aesWrappingKey, 'base64url' -- Decrypt EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, @recipientIndex, 'utf-8' EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT IF @iTmp0 <> 1 BEGIN EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe RETURN END PRINT 'original text decrypted from published JWE, with AES key wrap key: ' PRINT @originalPlaintext -- The output: -- original text decrypted with AES key wrap key: -- Live long and prosper. -- original text decrypted with RSA private key: -- Live long and prosper. -- original text decrypted from published JWE, with AES key wrap key: -- Live long and prosper. EXEC @hr = sp_OADestroy @jwe EXEC @hr = sp_OADestroy @jweProtHdr EXEC @hr = sp_OADestroy @jweRecipientHdr1 EXEC @hr = sp_OADestroy @jweRecipientHdr2 EXEC @hr = sp_OADestroy @jweUnprotHdr EXEC @hr = sp_OADestroy @sbJwk EXEC @hr = sp_OADestroy @rsaPrivKey EXEC @hr = sp_OADestroy @jsonTemp EXEC @hr = sp_OADestroy @jwe2 EXEC @hr = sp_OADestroy @sbJwe END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.