(SQL Server) JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256

This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- Note: This example requires Chilkat v9.5.0.66 or greater.

    DECLARE @success int

    DECLARE @plaintext nvarchar(4000)
    SELECT @plaintext = 'Live long and prosper.'

    -- First build the JWE Protected Header.
    -- We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
    DECLARE @jweProtHdr int
    -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jweProtHdr OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'alg', 'RSA1_5'
    EXEC sp_OAMethod @jweProtHdr, 'AppendString', @success OUT, 'enc', 'A128CBC-HS256'

    EXEC sp_OAMethod @jweProtHdr, 'Emit', @sTmp0 OUT
    PRINT 'JWE Protected Header: ' + @sTmp0

    PRINT '--'

    -- The specific RSA key used in the A.2 example is the following JWK:
    DECLARE @sbJwk int
    -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwk OUT

    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '{"kty":"RSA",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"n":"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"e":"AQAB",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"d":"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"p":"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"q":"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"dp":"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"dq":"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU",'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '"qi":"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, 'B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo"'
    EXEC sp_OAMethod @sbJwk, 'Append', @success OUT, '}'

    -- Load this JWK into a Chilkat private key object.
    DECLARE @rsaPrivKey int
    -- Use "Chilkat_9_5_0.PrivateKey" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @rsaPrivKey OUT

    EXEC sp_OAMethod @sbJwk, 'GetAsString', @sTmp0 OUT
    EXEC sp_OAMethod @rsaPrivKey, 'LoadJwk', @success OUT, @sTmp0
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @rsaPrivKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jweProtHdr
        EXEC @hr = sp_OADestroy @sbJwk
        EXEC @hr = sp_OADestroy @rsaPrivKey
        RETURN
      END

    -- The public key is used to encrypt (i.e. create the JWE), 
    -- and the private key is used to decrypt.
    -- The RSA public key is simply a subset of the private key.  The RSA public key
    -- is composed of the "n" and "e" members shown above.  These are also known as the
    -- modulus and exponent.
    -- We can simply get the public key object from the private key object
    DECLARE @rsaPubKey int
    EXEC sp_OAMethod @rsaPrivKey, 'GetPublicKey', @rsaPubKey OUT

    -- Create the JWE...
    DECLARE @jwe int
    -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe OUT

    EXEC sp_OAMethod @jwe, 'SetProtectedHeader', @success OUT, @jweProtHdr
    EXEC sp_OAMethod @jwe, 'SetPublicKey', @success OUT, 0, @rsaPubKey
    EXEC @hr = sp_OADestroy @rsaPubKey

    DECLARE @strJwe nvarchar(4000)
    EXEC sp_OAMethod @jwe, 'Encrypt', @strJwe OUT, @plaintext, 'utf-8'
    EXEC sp_OAGetProperty @jwe, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN
        EXEC sp_OAGetProperty @jwe, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jweProtHdr
        EXEC @hr = sp_OADestroy @sbJwk
        EXEC @hr = sp_OADestroy @rsaPrivKey
        EXEC @hr = sp_OADestroy @jwe
        RETURN
      END

    -- Show the JWE we just created:

    PRINT @strJwe

    -- Note: The RSA PKCS1_V1_5 padding uses random value, and the results
    -- will be different each time.  However, each result should be successfully
    -- decrypting if using the correct RSA private key.

    -- Let's decrypt the JWE that was just produced.
    -- Do the following to decrypt a JWE:
    -- 1) Load the JWE.
    -- 2) Set the private key for decryption.
    -- 3) Decrypt.
    DECLARE @jwe2 int
    -- Use "Chilkat_9_5_0.Jwe" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Jwe', @jwe2 OUT

    EXEC sp_OAMethod @jwe2, 'LoadJwe', @success OUT, @strJwe
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jweProtHdr
        EXEC @hr = sp_OADestroy @sbJwk
        EXEC @hr = sp_OADestroy @rsaPrivKey
        EXEC @hr = sp_OADestroy @jwe
        EXEC @hr = sp_OADestroy @jwe2
        RETURN
      END

    -- Provide the RSA private key for decryption.
    -- (The JWE was encrypted for a single recipient at index 0.)
    EXEC sp_OAMethod @jwe2, 'SetPrivateKey', @success OUT, 0, @rsaPrivKey

    -- Decrypt.
    DECLARE @originalPlaintext nvarchar(4000)
    EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, 0, 'utf-8'
    EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN
        EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jweProtHdr
        EXEC @hr = sp_OADestroy @sbJwk
        EXEC @hr = sp_OADestroy @rsaPrivKey
        EXEC @hr = sp_OADestroy @jwe
        EXEC @hr = sp_OADestroy @jwe2
        RETURN
      END


    PRINT 'original text: '

    PRINT @originalPlaintext

    -- ---------------------------------------------------------------------------------
    -- It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
    -- because it was produced using the same RSA key.

    DECLARE @sbJwe int
    -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJwe OUT

    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '-B3oWh2TbqmScqXMR4gp_A.'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'AxY8DCtDaGlsbGljb3RoZQ.'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, 'KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.'
    EXEC sp_OAMethod @sbJwe, 'Append', @success OUT, '9hH0vgRfYgPnAHOd8stkvw'

    EXEC sp_OAMethod @jwe2, 'LoadJweSb', @success OUT, @sbJwe
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jweProtHdr
        EXEC @hr = sp_OADestroy @sbJwk
        EXEC @hr = sp_OADestroy @rsaPrivKey
        EXEC @hr = sp_OADestroy @jwe
        EXEC @hr = sp_OADestroy @jwe2
        EXEC @hr = sp_OADestroy @sbJwe
        RETURN
      END

    -- Provide the RSA private key for decryption.
    EXEC sp_OAMethod @jwe2, 'SetPrivateKey', @success OUT, 0, @rsaPrivKey

    -- Decrypt.
    EXEC sp_OAMethod @jwe2, 'Decrypt', @originalPlaintext OUT, 0, 'utf-8'
    EXEC sp_OAGetProperty @jwe2, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN
        EXEC sp_OAGetProperty @jwe2, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jweProtHdr
        EXEC @hr = sp_OADestroy @sbJwk
        EXEC @hr = sp_OADestroy @rsaPrivKey
        EXEC @hr = sp_OADestroy @jwe
        EXEC @hr = sp_OADestroy @jwe2
        EXEC @hr = sp_OADestroy @sbJwe
        RETURN
      END


    PRINT @originalPlaintext

    EXEC @hr = sp_OADestroy @jweProtHdr
    EXEC @hr = sp_OADestroy @sbJwk
    EXEC @hr = sp_OADestroy @rsaPrivKey
    EXEC @hr = sp_OADestroy @jwe
    EXEC @hr = sp_OADestroy @jwe2
    EXEC @hr = sp_OADestroy @sbJwe


END
GO