Unicode C
Unicode C
JWE using RSAES-OAEP and AES GCM
See more JSON Web Encryption (JWE) Examples
This example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE).Chilkat Unicode C Downloads
#include <C_CkJsonObjectW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkPrivateKeyW.h>
#include <C_CkPublicKeyW.h>
#include <C_CkJweW.h>
void ChilkatSample(void)
{
BOOL success;
const wchar_t *plaintext;
HCkJsonObjectW jweProtHdr;
HCkStringBuilderW sbJwk;
HCkPrivateKeyW rsaPrivKey;
HCkPublicKeyW rsaPubKey;
HCkJweW jwe;
const wchar_t *strJwe;
HCkJweW jwe2;
const wchar_t *originalPlaintext;
HCkStringBuilderW sbJwe;
success = FALSE;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: This example requires Chilkat v9.5.0.66 or greater.
plaintext = L"The true sign of intelligence is not knowledge but imagination.";
// ---------------------------------
// A.1.1 JOSE Header
// First build the JWE Protected Header.
// We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"}
jweProtHdr = CkJsonObjectW_Create();
CkJsonObjectW_AppendString(jweProtHdr,L"alg",L"RSA-OAEP");
CkJsonObjectW_AppendString(jweProtHdr,L"enc",L"A256GCM");
wprintf(L"JWE Protected Header: %s\n",CkJsonObjectW_emit(jweProtHdr));
wprintf(L"--\n");
// ---------------------------------
// A.1.2 Content Encryption Key
// Note: Chilkat automatically generates the random CEK internally.
// The application does not need to explicitly take this step.
// ---------------------------------
// A.1.3. Key Encryption
// The application should load an RSA private key from any format.
// However, the application does not need to explicitly construct the JWE Encrypted Key.
// Chilkat automatically does it internally.
// The design of the Chilkat JWE API is to allow the application to create the JWE
// after specifying the inputs. (This is in contrast to forcing the application developer
// to painstakingly go through each step of the JWE construction process.)
// The specific RSA key used in the A.1 example is the following JWK:
sbJwk = CkStringBuilderW_Create();
CkStringBuilderW_Append(sbJwk,L"{\"kty\": \"RSA\",");
CkStringBuilderW_Append(sbJwk,L"\"n\": \"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW");
CkStringBuilderW_Append(sbJwk,L"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S");
CkStringBuilderW_Append(sbJwk,L"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a");
CkStringBuilderW_Append(sbJwk,L"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS");
CkStringBuilderW_Append(sbJwk,L"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj");
CkStringBuilderW_Append(sbJwk,L"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\",");
CkStringBuilderW_Append(sbJwk,L"\"e\": \"AQAB\",");
CkStringBuilderW_Append(sbJwk,L"\"d\": \"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N");
CkStringBuilderW_Append(sbJwk,L"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9");
CkStringBuilderW_Append(sbJwk,L"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk");
CkStringBuilderW_Append(sbJwk,L"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl");
CkStringBuilderW_Append(sbJwk,L"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd");
CkStringBuilderW_Append(sbJwk,L"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\",");
CkStringBuilderW_Append(sbJwk,L"\"p\": \"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-");
CkStringBuilderW_Append(sbJwk,L"SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf");
CkStringBuilderW_Append(sbJwk,L"fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\",");
CkStringBuilderW_Append(sbJwk,L"\"q\": \"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm");
CkStringBuilderW_Append(sbJwk,L"UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX");
CkStringBuilderW_Append(sbJwk,L"IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\",");
CkStringBuilderW_Append(sbJwk,L"\"dp\": \"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL");
CkStringBuilderW_Append(sbJwk,L"hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827");
CkStringBuilderW_Append(sbJwk,L"rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\",");
CkStringBuilderW_Append(sbJwk,L"\"dq\": \"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj");
CkStringBuilderW_Append(sbJwk,L"ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB");
CkStringBuilderW_Append(sbJwk,L"UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\",");
CkStringBuilderW_Append(sbJwk,L"\"qi\": \"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7");
CkStringBuilderW_Append(sbJwk,L"AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3");
CkStringBuilderW_Append(sbJwk,L"eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\"}");
// Load this JWK into a Chilkat private key object.
rsaPrivKey = CkPrivateKeyW_Create();
success = CkPrivateKeyW_LoadJwk(rsaPrivKey,CkStringBuilderW_getAsString(sbJwk));
if (success == FALSE) {
wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(rsaPrivKey));
CkJsonObjectW_Dispose(jweProtHdr);
CkStringBuilderW_Dispose(sbJwk);
CkPrivateKeyW_Dispose(rsaPrivKey);
return;
}
// The public key is used to encrypt (i.e. create the JWE),
// and the private key is used to decrypt.
// The RSA public key is simply a subset of the private key. The RSA public key
// is composed of the "n" and "e" members shown above. These are also known as the
// modulus and exponent.
// We can simply get the public key object from the private key object
rsaPubKey = CkPublicKeyW_Create();
CkPrivateKeyW_ToPublicKey(rsaPrivKey,rsaPubKey);
// ---------------------------------
// A.1.4. Initialization Vector
// Chilkat automatically generates the necessary random IV internally.
// The application does not need to do this explicitly.
// ---------------------------------
// A.1.5. Additional Authenticated Data
// The Additional Authenticated Data encryption parameter is
// ASCII(BASE64URL(UTF8(JWE Protected Header))).
// Again, Chilkat automatically takes care of this internally.
// The application does not need to explicitly take this step.
// ---------------------------------
// A.1.6. Content Encryption
// Again... this step is handled by Chilkat internally.
// ---------------------------------
// A.1.7. Complete Representation
// The application need only call the Encrypt, EncryptSb, or EncryptBd method
// return the fully assembled JWE.
// The final representation in the Compact Serialization
// is the string BASE64URL(UTF8(JWE Protected Header)) || '.' ||
// BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization
// Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE
// Authentication Tag).
jwe = CkJweW_Create();
CkJweW_SetProtectedHeader(jwe,jweProtHdr);
CkJweW_SetPublicKey(jwe,0,rsaPubKey);
strJwe = CkJweW_encrypt(jwe,plaintext,L"utf-8");
if (CkJweW_getLastMethodSuccess(jwe) == FALSE) {
wprintf(L"%s\n",CkJweW_lastErrorText(jwe));
CkJsonObjectW_Dispose(jweProtHdr);
CkStringBuilderW_Dispose(sbJwk);
CkPrivateKeyW_Dispose(rsaPrivKey);
CkPublicKeyW_Dispose(rsaPubKey);
CkJweW_Dispose(jwe);
return;
}
// Note: The RSA OAEP algorithm uses random padding bytes internally.
// Therefore, the results will appear different each time -- even if the
// identical plaintext is encrypted with the identical RSA key.
// (Do not expect the appearance of the results to be the same as what
// is published in the RFC. However, what is published in the RFC *should*
// be decryptable using the code that follows.)
wprintf(L"%s\n",strJwe);
// Let's decrypt the JWE that was just produced.
// Do the following to decrypt a JWE:
// 1) Load the JWE.
// 2) Set the private key for decryption.
// 3) Decrypt.
jwe2 = CkJweW_Create();
success = CkJweW_LoadJwe(jwe2,strJwe);
if (success == FALSE) {
wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
CkJsonObjectW_Dispose(jweProtHdr);
CkStringBuilderW_Dispose(sbJwk);
CkPrivateKeyW_Dispose(rsaPrivKey);
CkPublicKeyW_Dispose(rsaPubKey);
CkJweW_Dispose(jwe);
CkJweW_Dispose(jwe2);
return;
}
// Provide the RSA private key for decryption.
// (The JWE was encrypted for a single recipient at index 0.)
CkJweW_SetPrivateKey(jwe2,0,rsaPrivKey);
// Decrypt.
originalPlaintext = CkJweW_decrypt(jwe2,0,L"utf-8");
if (CkJweW_getLastMethodSuccess(jwe2) == FALSE) {
wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
CkJsonObjectW_Dispose(jweProtHdr);
CkStringBuilderW_Dispose(sbJwk);
CkPrivateKeyW_Dispose(rsaPrivKey);
CkPublicKeyW_Dispose(rsaPubKey);
CkJweW_Dispose(jwe);
CkJweW_Dispose(jwe2);
return;
}
wprintf(L"original text: \n");
wprintf(L"%s\n",originalPlaintext);
// ---------------------------------------------------------------------------------
// It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7
// because it was produced using the same RSA key.
sbJwe = CkStringBuilderW_Create();
CkStringBuilderW_Append(sbJwe,L"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.");
CkStringBuilderW_Append(sbJwe,L"OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe");
CkStringBuilderW_Append(sbJwe,L"ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb");
CkStringBuilderW_Append(sbJwe,L"Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV");
CkStringBuilderW_Append(sbJwe,L"mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8");
CkStringBuilderW_Append(sbJwe,L"1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi");
CkStringBuilderW_Append(sbJwe,L"6UklfCpIMfIjf7iGdXKHzg.");
CkStringBuilderW_Append(sbJwe,L"48V1_ALb6US04U3b.");
CkStringBuilderW_Append(sbJwe,L"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji");
CkStringBuilderW_Append(sbJwe,L"SdiwkIr3ajwQzaBtQD_A.");
CkStringBuilderW_Append(sbJwe,L"XFBoMYUZodetZdvTiFvSkQ");
success = CkJweW_LoadJweSb(jwe2,sbJwe);
if (success == FALSE) {
wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
CkJsonObjectW_Dispose(jweProtHdr);
CkStringBuilderW_Dispose(sbJwk);
CkPrivateKeyW_Dispose(rsaPrivKey);
CkPublicKeyW_Dispose(rsaPubKey);
CkJweW_Dispose(jwe);
CkJweW_Dispose(jwe2);
CkStringBuilderW_Dispose(sbJwe);
return;
}
// Provide the RSA private key for decryption.
CkJweW_SetPrivateKey(jwe2,0,rsaPrivKey);
// Decrypt.
originalPlaintext = CkJweW_decrypt(jwe2,0,L"utf-8");
if (CkJweW_getLastMethodSuccess(jwe2) == FALSE) {
wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
CkJsonObjectW_Dispose(jweProtHdr);
CkStringBuilderW_Dispose(sbJwk);
CkPrivateKeyW_Dispose(rsaPrivKey);
CkPublicKeyW_Dispose(rsaPubKey);
CkJweW_Dispose(jwe);
CkJweW_Dispose(jwe2);
CkStringBuilderW_Dispose(sbJwe);
return;
}
wprintf(L"%s\n",originalPlaintext);
CkJsonObjectW_Dispose(jweProtHdr);
CkStringBuilderW_Dispose(sbJwk);
CkPrivateKeyW_Dispose(rsaPrivKey);
CkPublicKeyW_Dispose(rsaPubKey);
CkJweW_Dispose(jwe);
CkJweW_Dispose(jwe2);
CkStringBuilderW_Dispose(sbJwe);
}