(Unicode C) JWE using ECDH-ES+A256KW

See more JSON Web Encryption (JWE) Examples

Create a JWE with the following public/private key pair:

{
    "kty": "EC",
    "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
    "use": "enc",
    "crv": "P-256",
    "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
    "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
    "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
    "alg": "ECDH-ES+A256KW"
}

Also shows how to decrypt.

Chilkat C/C++ Library Downloads

MS Visual C/C++

C++ Builder

Linux C/C++

Alpine Linux C/C++

MacOS C/C++

iOS C/C++

Android C/C++

MinGW C/C++

#include <C_CkJsonObjectW.h>
#include <C_CkPublicKeyW.h>
#include <C_CkJwtW.h>
#include <C_CkJweW.h>
#include <C_CkPrivateKeyW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkJsonObjectW json;
    HCkPublicKeyW pubkey;
    HCkJwtW jwt;
    HCkJsonObjectW jweProtHdr;
    HCkJweW jwe;
    const wchar_t *plainText;
    const wchar_t *strJwe;
    HCkPrivateKeyW privkey;
    HCkJweW jwe2;
    const wchar_t *decryptedText;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Create the following JSON:
    // {
    //     "kty": "EC",
    //     "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
    //     "use": "enc",
    //     "crv": "P-256",
    //     "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
    //     "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
    //     "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
    //     "alg": "ECDH-ES+A256KW"
    // }

    json = CkJsonObjectW_Create();
    CkJsonObjectW_UpdateString(json,L"kty",L"EC");
    CkJsonObjectW_UpdateString(json,L"d",L"jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c");
    CkJsonObjectW_UpdateString(json,L"use",L"enc");
    CkJsonObjectW_UpdateString(json,L"crv",L"P-256");
    CkJsonObjectW_UpdateString(json,L"kid",L"evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs");
    CkJsonObjectW_UpdateString(json,L"x",L"LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM");
    CkJsonObjectW_UpdateString(json,L"y",L"voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4");
    CkJsonObjectW_UpdateString(json,L"alg",L"ECDH-ES+A256KW");

    pubkey = CkPublicKeyW_Create();

    success = CkPublicKeyW_LoadFromString(pubkey,CkJsonObjectW_emit(json));
    if (success == FALSE) {
        wprintf(L"%s\n",CkPublicKeyW_lastErrorText(pubkey));
        CkJsonObjectW_Dispose(json);
        CkPublicKeyW_Dispose(pubkey);
        return;
    }

    // Build our protected header:

    // 	{
    // 	  "alg": "ECDH-ES+A256KW",
    // 	  "enc": "A256GCM",
    // 	  "exp": 1621957030,
    // 	  "cty": "NJWT",
    // 	  "epk": {
    // 	    "kty": "EC",
    // 	    "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
    // 	    "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
    // 	    "crv": "BP-256"
    // 	  }
    // 	}

    // Use jwt only for getting the current date/time + 3600 seconds.
    jwt = CkJwtW_Create();

    jweProtHdr = CkJsonObjectW_Create();
    CkJsonObjectW_UpdateString(jweProtHdr,L"alg",L"ECDH-ES+A256KW");
    CkJsonObjectW_UpdateString(jweProtHdr,L"enc",L"A256GCM");
    CkJsonObjectW_UpdateInt(jweProtHdr,L"exp",CkJwtW_GenNumericDate(jwt,3600));
    CkJsonObjectW_UpdateString(jweProtHdr,L"cty",L"NJWT");
    CkJsonObjectW_UpdateString(jweProtHdr,L"epk.kty",L"EC");
    CkJsonObjectW_UpdateString(jweProtHdr,L"epk.x",L"LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM");
    CkJsonObjectW_UpdateString(jweProtHdr,L"epk.y",L"voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4");
    CkJsonObjectW_UpdateString(jweProtHdr,L"epk.crv",L"P-256");

    jwe = CkJweW_Create();
    CkJweW_SetProtectedHeader(jwe,jweProtHdr);
    CkJweW_SetPublicKey(jwe,0,pubkey);

    plainText = L"This is the text to be encrypted.";
    strJwe = CkJweW_encrypt(jwe,plainText,L"utf-8");
    if (CkJweW_getLastMethodSuccess(jwe) != TRUE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe));
        CkJsonObjectW_Dispose(json);
        CkPublicKeyW_Dispose(pubkey);
        CkJwtW_Dispose(jwt);
        CkJsonObjectW_Dispose(jweProtHdr);
        CkJweW_Dispose(jwe);
        return;
    }

    wprintf(L"%s\n",strJwe);

    // Let's decrypt...
    privkey = CkPrivateKeyW_Create();

    success = CkPrivateKeyW_LoadJwk(privkey,CkJsonObjectW_emit(json));
    if (success == FALSE) {
        wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(privkey));
        CkJsonObjectW_Dispose(json);
        CkPublicKeyW_Dispose(pubkey);
        CkJwtW_Dispose(jwt);
        CkJsonObjectW_Dispose(jweProtHdr);
        CkJweW_Dispose(jwe);
        CkPrivateKeyW_Dispose(privkey);
        return;
    }

    jwe2 = CkJweW_Create();
    success = CkJweW_LoadJwe(jwe2,strJwe);
    if (success == FALSE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
        CkJsonObjectW_Dispose(json);
        CkPublicKeyW_Dispose(pubkey);
        CkJwtW_Dispose(jwt);
        CkJsonObjectW_Dispose(jweProtHdr);
        CkJweW_Dispose(jwe);
        CkPrivateKeyW_Dispose(privkey);
        CkJweW_Dispose(jwe2);
        return;
    }

    CkJweW_SetPrivateKey(jwe2,0,privkey);

    //  Decrypt.
    decryptedText = CkJweW_decrypt(jwe2,0,L"utf-8");
    if (CkJweW_getLastMethodSuccess(jwe2) != TRUE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
        CkJsonObjectW_Dispose(json);
        CkPublicKeyW_Dispose(pubkey);
        CkJwtW_Dispose(jwt);
        CkJsonObjectW_Dispose(jweProtHdr);
        CkJweW_Dispose(jwe);
        CkPrivateKeyW_Dispose(privkey);
        CkJweW_Dispose(jwe2);
        return;
    }

    wprintf(L"%s\n",decryptedText);


    CkJsonObjectW_Dispose(json);
    CkPublicKeyW_Dispose(pubkey);
    CkJwtW_Dispose(jwt);
    CkJsonObjectW_Dispose(jweProtHdr);
    CkJweW_Dispose(jwe);
    CkPrivateKeyW_Dispose(privkey);
    CkJweW_Dispose(jwe2);

    }