Sample code for 30+ languages & platforms
Unicode C

JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256

See more JSON Web Encryption (JWE) Examples

This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).

Chilkat Unicode C Downloads

Unicode C
#include <C_CkJsonObjectW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkPrivateKeyW.h>
#include <C_CkPublicKeyW.h>
#include <C_CkJweW.h>

void ChilkatSample(void)
    {
    BOOL success;
    const wchar_t *plaintext;
    HCkJsonObjectW jweProtHdr;
    HCkStringBuilderW sbJwk;
    HCkPrivateKeyW rsaPrivKey;
    HCkPublicKeyW rsaPubKey;
    HCkJweW jwe;
    const wchar_t *strJwe;
    HCkJweW jwe2;
    const wchar_t *originalPlaintext;
    HCkStringBuilderW sbJwe;

    success = FALSE;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: This example requires Chilkat v9.5.0.66 or greater.

    plaintext = L"Live long and prosper.";

    // First build the JWE Protected Header.
    // We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
    jweProtHdr = CkJsonObjectW_Create();
    CkJsonObjectW_AppendString(jweProtHdr,L"alg",L"RSA1_5");
    CkJsonObjectW_AppendString(jweProtHdr,L"enc",L"A128CBC-HS256");
    wprintf(L"JWE Protected Header: %s\n",CkJsonObjectW_emit(jweProtHdr));
    wprintf(L"--\n");

    // The specific RSA key used in the A.2 example is the following JWK:
    sbJwk = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbJwk,L"{\"kty\":\"RSA\",");
    CkStringBuilderW_Append(sbJwk,L"\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl");
    CkStringBuilderW_Append(sbJwk,L"UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre");
    CkStringBuilderW_Append(sbJwk,L"cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_");
    CkStringBuilderW_Append(sbJwk,L"7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI");
    CkStringBuilderW_Append(sbJwk,L"Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU");
    CkStringBuilderW_Append(sbJwk,L"7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\",");
    CkStringBuilderW_Append(sbJwk,L"\"e\":\"AQAB\",");
    CkStringBuilderW_Append(sbJwk,L"\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq");
    CkStringBuilderW_Append(sbJwk,L"1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry");
    CkStringBuilderW_Append(sbJwk,L"nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_");
    CkStringBuilderW_Append(sbJwk,L"0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj");
    CkStringBuilderW_Append(sbJwk,L"-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj");
    CkStringBuilderW_Append(sbJwk,L"T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\",");
    CkStringBuilderW_Append(sbJwk,L"\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68");
    CkStringBuilderW_Append(sbJwk,L"ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP");
    CkStringBuilderW_Append(sbJwk,L"krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\",");
    CkStringBuilderW_Append(sbJwk,L"\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y");
    CkStringBuilderW_Append(sbJwk,L"BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN");
    CkStringBuilderW_Append(sbJwk,L"-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\",");
    CkStringBuilderW_Append(sbJwk,L"\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv");
    CkStringBuilderW_Append(sbJwk,L"ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra");
    CkStringBuilderW_Append(sbJwk,L"Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\",");
    CkStringBuilderW_Append(sbJwk,L"\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff");
    CkStringBuilderW_Append(sbJwk,L"7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_");
    CkStringBuilderW_Append(sbJwk,L"odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\",");
    CkStringBuilderW_Append(sbJwk,L"\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC");
    CkStringBuilderW_Append(sbJwk,L"tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ");
    CkStringBuilderW_Append(sbJwk,L"B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\"");
    CkStringBuilderW_Append(sbJwk,L"}");

    // Load this JWK into a Chilkat private key object.
    rsaPrivKey = CkPrivateKeyW_Create();
    success = CkPrivateKeyW_LoadJwk(rsaPrivKey,CkStringBuilderW_getAsString(sbJwk));
    if (success == FALSE) {
        wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(rsaPrivKey));
        CkJsonObjectW_Dispose(jweProtHdr);
        CkStringBuilderW_Dispose(sbJwk);
        CkPrivateKeyW_Dispose(rsaPrivKey);
        return;
    }

    // The public key is used to encrypt (i.e. create the JWE), 
    // and the private key is used to decrypt.
    // The RSA public key is simply a subset of the private key.  The RSA public key
    // is composed of the "n" and "e" members shown above.  These are also known as the
    // modulus and exponent.
    // We can simply get the public key object from the private key object
    rsaPubKey = CkPublicKeyW_Create();
    CkPrivateKeyW_ToPublicKey(rsaPrivKey,rsaPubKey);

    // Create the JWE...
    jwe = CkJweW_Create();
    CkJweW_SetProtectedHeader(jwe,jweProtHdr);
    CkJweW_SetPublicKey(jwe,0,rsaPubKey);

    strJwe = CkJweW_encrypt(jwe,plaintext,L"utf-8");
    if (CkJweW_getLastMethodSuccess(jwe) == FALSE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe));
        CkJsonObjectW_Dispose(jweProtHdr);
        CkStringBuilderW_Dispose(sbJwk);
        CkPrivateKeyW_Dispose(rsaPrivKey);
        CkPublicKeyW_Dispose(rsaPubKey);
        CkJweW_Dispose(jwe);
        return;
    }

    // Show the JWE we just created:
    wprintf(L"%s\n",strJwe);

    // Note: The RSA PKCS1_V1_5 padding uses random value, and the results
    // will be different each time.  However, each result should be successfully
    // decrypting if using the correct RSA private key.

    // Let's decrypt the JWE that was just produced.
    // Do the following to decrypt a JWE:
    // 1) Load the JWE.
    // 2) Set the private key for decryption.
    // 3) Decrypt.
    jwe2 = CkJweW_Create();
    success = CkJweW_LoadJwe(jwe2,strJwe);
    if (success == FALSE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
        CkJsonObjectW_Dispose(jweProtHdr);
        CkStringBuilderW_Dispose(sbJwk);
        CkPrivateKeyW_Dispose(rsaPrivKey);
        CkPublicKeyW_Dispose(rsaPubKey);
        CkJweW_Dispose(jwe);
        CkJweW_Dispose(jwe2);
        return;
    }

    // Provide the RSA private key for decryption.
    // (The JWE was encrypted for a single recipient at index 0.)
    CkJweW_SetPrivateKey(jwe2,0,rsaPrivKey);

    // Decrypt.
    originalPlaintext = CkJweW_decrypt(jwe2,0,L"utf-8");
    if (CkJweW_getLastMethodSuccess(jwe2) == FALSE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
        CkJsonObjectW_Dispose(jweProtHdr);
        CkStringBuilderW_Dispose(sbJwk);
        CkPrivateKeyW_Dispose(rsaPrivKey);
        CkPublicKeyW_Dispose(rsaPubKey);
        CkJweW_Dispose(jwe);
        CkJweW_Dispose(jwe2);
        return;
    }

    wprintf(L"original text: \n");
    wprintf(L"%s\n",originalPlaintext);

    // ---------------------------------------------------------------------------------
    // It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
    // because it was produced using the same RSA key.

    sbJwe = CkStringBuilderW_Create();
    CkStringBuilderW_Append(sbJwe,L"eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.");
    CkStringBuilderW_Append(sbJwe,L"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm");
    CkStringBuilderW_Append(sbJwe,L"1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc");
    CkStringBuilderW_Append(sbJwe,L"HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF");
    CkStringBuilderW_Append(sbJwe,L"NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8");
    CkStringBuilderW_Append(sbJwe,L"rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv");
    CkStringBuilderW_Append(sbJwe,L"-B3oWh2TbqmScqXMR4gp_A.");
    CkStringBuilderW_Append(sbJwe,L"AxY8DCtDaGlsbGljb3RoZQ.");
    CkStringBuilderW_Append(sbJwe,L"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.");
    CkStringBuilderW_Append(sbJwe,L"9hH0vgRfYgPnAHOd8stkvw");

    success = CkJweW_LoadJweSb(jwe2,sbJwe);
    if (success == FALSE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
        CkJsonObjectW_Dispose(jweProtHdr);
        CkStringBuilderW_Dispose(sbJwk);
        CkPrivateKeyW_Dispose(rsaPrivKey);
        CkPublicKeyW_Dispose(rsaPubKey);
        CkJweW_Dispose(jwe);
        CkJweW_Dispose(jwe2);
        CkStringBuilderW_Dispose(sbJwe);
        return;
    }

    // Provide the RSA private key for decryption.
    CkJweW_SetPrivateKey(jwe2,0,rsaPrivKey);

    // Decrypt.
    originalPlaintext = CkJweW_decrypt(jwe2,0,L"utf-8");
    if (CkJweW_getLastMethodSuccess(jwe2) == FALSE) {
        wprintf(L"%s\n",CkJweW_lastErrorText(jwe2));
        CkJsonObjectW_Dispose(jweProtHdr);
        CkStringBuilderW_Dispose(sbJwk);
        CkPrivateKeyW_Dispose(rsaPrivKey);
        CkPublicKeyW_Dispose(rsaPubKey);
        CkJweW_Dispose(jwe);
        CkJweW_Dispose(jwe2);
        CkStringBuilderW_Dispose(sbJwe);
        return;
    }

    wprintf(L"%s\n",originalPlaintext);


    CkJsonObjectW_Dispose(jweProtHdr);
    CkStringBuilderW_Dispose(sbJwk);
    CkPrivateKeyW_Dispose(rsaPrivKey);
    CkPublicKeyW_Dispose(rsaPubKey);
    CkJweW_Dispose(jwe);
    CkJweW_Dispose(jwe2);
    CkStringBuilderW_Dispose(sbJwe);

    }