Sample code for 30+ languages & platforms
Swift

JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256

See more JSON Web Encryption (JWE) Examples

This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).

Chilkat Swift Downloads

Swift

func chilkatTest() {
    var success: Bool = false

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: This example requires Chilkat v9.5.0.66 or greater.

    var plaintext: String? = "Live long and prosper."

    // First build the JWE Protected Header.
    // We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
    let jweProtHdr = CkoJsonObject()!
    jweProtHdr.appendString(name: "alg", value: "RSA1_5")
    jweProtHdr.appendString(name: "enc", value: "A128CBC-HS256")
    print("JWE Protected Header: \(jweProtHdr.emit()!)")
    print("--")

    // The specific RSA key used in the A.2 example is the following JWK:
    let sbJwk = CkoStringBuilder()!
    sbJwk.append(value: "{\"kty\":\"RSA\",")
    sbJwk.append(value: "\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl")
    sbJwk.append(value: "UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre")
    sbJwk.append(value: "cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_")
    sbJwk.append(value: "7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI")
    sbJwk.append(value: "Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU")
    sbJwk.append(value: "7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\",")
    sbJwk.append(value: "\"e\":\"AQAB\",")
    sbJwk.append(value: "\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq")
    sbJwk.append(value: "1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry")
    sbJwk.append(value: "nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_")
    sbJwk.append(value: "0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj")
    sbJwk.append(value: "-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj")
    sbJwk.append(value: "T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\",")
    sbJwk.append(value: "\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68")
    sbJwk.append(value: "ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP")
    sbJwk.append(value: "krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\",")
    sbJwk.append(value: "\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y")
    sbJwk.append(value: "BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN")
    sbJwk.append(value: "-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\",")
    sbJwk.append(value: "\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv")
    sbJwk.append(value: "ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra")
    sbJwk.append(value: "Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\",")
    sbJwk.append(value: "\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff")
    sbJwk.append(value: "7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_")
    sbJwk.append(value: "odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\",")
    sbJwk.append(value: "\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC")
    sbJwk.append(value: "tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ")
    sbJwk.append(value: "B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\"")
    sbJwk.append(value: "}")

    // Load this JWK into a Chilkat private key object.
    let rsaPrivKey = CkoPrivateKey()!
    success = rsaPrivKey.loadJwk(jsonStr: sbJwk.getAsString())
    if success == false {
        print("\(rsaPrivKey.lastErrorText!)")
        return
    }

    // The public key is used to encrypt (i.e. create the JWE), 
    // and the private key is used to decrypt.
    // The RSA public key is simply a subset of the private key.  The RSA public key
    // is composed of the "n" and "e" members shown above.  These are also known as the
    // modulus and exponent.
    // We can simply get the public key object from the private key object
    let rsaPubKey = CkoPublicKey()!
    rsaPrivKey.toPublicKey(pubKey: rsaPubKey)

    // Create the JWE...
    let jwe = CkoJwe()!
    jwe.setProtectedHeader(json: jweProtHdr)
    jwe.setPublicKey(index: 0, pubKey: rsaPubKey)

    var strJwe: String? = jwe.encrypt(content: plaintext, charset: "utf-8")
    if jwe.lastMethodSuccess == false {
        print("\(jwe.lastErrorText!)")
        return
    }

    // Show the JWE we just created:
    print("\(strJwe!)")

    // Note: The RSA PKCS1_V1_5 padding uses random value, and the results
    // will be different each time.  However, each result should be successfully
    // decrypting if using the correct RSA private key.

    // Let's decrypt the JWE that was just produced.
    // Do the following to decrypt a JWE:
    // 1) Load the JWE.
    // 2) Set the private key for decryption.
    // 3) Decrypt.
    let jwe2 = CkoJwe()!
    success = jwe2.load(jwe: strJwe)
    if success == false {
        print("\(jwe2.lastErrorText!)")
        return
    }

    // Provide the RSA private key for decryption.
    // (The JWE was encrypted for a single recipient at index 0.)
    jwe2.setPrivateKey(index: 0, privKey: rsaPrivKey)

    // Decrypt.
    var originalPlaintext: String? = jwe2.decrypt(index: 0, charset: "utf-8")
    if jwe2.lastMethodSuccess == false {
        print("\(jwe2.lastErrorText!)")
        return
    }

    print("original text: ")
    print("\(originalPlaintext!)")

    // ---------------------------------------------------------------------------------
    // It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
    // because it was produced using the same RSA key.

    let sbJwe = CkoStringBuilder()!
    sbJwe.append(value: "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.")
    sbJwe.append(value: "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm")
    sbJwe.append(value: "1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc")
    sbJwe.append(value: "HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF")
    sbJwe.append(value: "NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8")
    sbJwe.append(value: "rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv")
    sbJwe.append(value: "-B3oWh2TbqmScqXMR4gp_A.")
    sbJwe.append(value: "AxY8DCtDaGlsbGljb3RoZQ.")
    sbJwe.append(value: "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.")
    sbJwe.append(value: "9hH0vgRfYgPnAHOd8stkvw")

    success = jwe2.loadSb(sb: sbJwe)
    if success == false {
        print("\(jwe2.lastErrorText!)")
        return
    }

    // Provide the RSA private key for decryption.
    jwe2.setPrivateKey(index: 0, privKey: rsaPrivKey)

    // Decrypt.
    originalPlaintext = jwe2.decrypt(index: 0, charset: "utf-8")
    if jwe2.lastMethodSuccess == false {
        print("\(jwe2.lastErrorText!)")
        return
    }

    print("\(originalPlaintext!)")

}