Chilkat Examples

ChilkatHOMEAndroid™Classic ASPCC++C#Mono C#.NET Core C#C# UWP/WinRTDataFlexDelphi ActiveXDelphi DLLVisual FoxProJavaLianjaMFCObjective-CPerlPHP ActiveXPHP ExtensionPowerBuilderPowerShellPureBasicCkPythonChilkat2-PythonRubySQL ServerSwift 2Swift 3/4TclUnicode CUnicode C++Visual Basic 6.0VB.NETVB.NET UWP/WinRTVBScriptXojo PluginNode.jsExcelGo

C Examples

ASN.1
Amazon S3
Amazon S3 (new)
Amazon SES
Amazon SNS
Amazon SQS
Async
Azure Cloud Storage
Azure Service Bus
Bounced Email
Box
CSR
CSV
Certificates
Compression
DKIM / DomainKey
DSA
Diffie-Hellman
Digital Signatures
Dropbox
Dynamics CRM
ECC
Email Object
Encryption
FTP
Facebook
Firebase
GMail REST API
GeoOp
Google APIs
Google Calendar
Google Cloud Storage
Google Drive
Google Sheets
Gzip
HTML-to-XML/Text
HTTP
HTTP Misc
IMAP
JSON
JSON Web Encryption (JWE)
JSON Web Signatures (JWS)
JSON Web Token (JWT)
Java KeyStore (JKS)

Jira
MHT / HTML Email
MIME
Microsoft Graph
NTLM
OAuth1
OAuth2
OneDrive
OpenSSL
Outlook
PEM
PFX/P12
POP3
PRNG
PayPal
Peoplevox
QuickBooks
REST
REST Misc
RSA Encryption
SCP
SFTP
SMTP
SSH
SSH Key
SSH Tunnel
SharePoint
Shopify
Socket/SSL/TLS
Spider
Stream
Stripe
SugarCRM
Tar Archive
Twitter
Upload
VoiceBase
Walmart
WebSocket
XAdES
XML
XML Digital Signatures
XMP
Xero
Zip
curl
eBay

 

 

 

(C) JWE using RSAES-OAEP and AES GCM

This example duplicates the example A.1 in RFC 7516 for JSON Web Encryption (JWE).

Note: This example requires Chilkat v9.5.0.66 or greater.

Chilkat C/C++ Library Downloads

MS Visual C/C++

Linux/CentOS C/C++

Alpine Linux C/C++

MAC OS X C/C++

armhf/aarch64 C/C++

C++ Builder

iOS C/C++

Android C/C++

Win Mobile 5.0/Pocket PC 2003

Solaris C/C++

FreeBSD C/C++

OpenBSD C/C++

MinGW C/C++

#include <C_CkJsonObject.h>
#include <C_CkStringBuilder.h>
#include <C_CkPrivateKey.h>
#include <C_CkPublicKey.h>
#include <C_CkJwe.h>

void ChilkatSample(void)
    {
    BOOL success;
    const char *plaintext;
    HCkJsonObject jweProtHdr;
    HCkStringBuilder sbJwk;
    HCkPrivateKey rsaPrivKey;
    HCkPublicKey rsaPubKey;
    HCkJwe jwe;
    const char *strJwe;
    HCkJwe jwe2;
    const char *originalPlaintext;
    HCkStringBuilder sbJwe;

    //  This requires the Chilkat API to have been previously unlocked.
    //  See Global Unlock Sample for sample code.

    //  Note: This example requires Chilkat v9.5.0.66 or greater.

    plaintext = "The true sign of intelligence is not knowledge but imagination.";

    //  ---------------------------------
    //  A.1.1 JOSE Header
    //  First build the JWE Protected Header.
    //  We want to build this: {"alg":"RSA-OAEP","enc":"A256GCM"}
    jweProtHdr = CkJsonObject_Create();
    CkJsonObject_AppendString(jweProtHdr,"alg","RSA-OAEP");
    CkJsonObject_AppendString(jweProtHdr,"enc","A256GCM");
    printf("JWE Protected Header: %s\n",CkJsonObject_emit(jweProtHdr));
    printf("--\n");

    //  ---------------------------------
    //  A.1.2 Content Encryption Key
    //  Note: Chilkat automatically generates the random CEK internally.
    //  The application does not need to explicitly take this step.

    //  ---------------------------------
    //  A.1.3.  Key Encryption
    //  The application should load an RSA private key from any format.
    //  However, the application does not need to explicitly construct the JWE Encrypted Key.
    //  Chilkat automatically does it internally.
    //  The design of the Chilkat JWE API is to allow the application to create the JWE
    //  after specifying the inputs.  (This is in contrast to forcing the application developer
    //  to painstakingly go through each step of the JWE construction process.)

    //  The specific RSA key used in the A.1 example is the following JWK:
    sbJwk = CkStringBuilder_Create();
    CkStringBuilder_Append(sbJwk,"{\"kty\": \"RSA\",");
    CkStringBuilder_Append(sbJwk,"\"n\": \"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW");
    CkStringBuilder_Append(sbJwk,"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S");
    CkStringBuilder_Append(sbJwk,"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a");
    CkStringBuilder_Append(sbJwk,"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS");
    CkStringBuilder_Append(sbJwk,"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj");
    CkStringBuilder_Append(sbJwk,"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\",");
    CkStringBuilder_Append(sbJwk,"\"e\": \"AQAB\",");
    CkStringBuilder_Append(sbJwk,"\"d\": \"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N");
    CkStringBuilder_Append(sbJwk,"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9");
    CkStringBuilder_Append(sbJwk,"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk");
    CkStringBuilder_Append(sbJwk,"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl");
    CkStringBuilder_Append(sbJwk,"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd");
    CkStringBuilder_Append(sbJwk,"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\",");
    CkStringBuilder_Append(sbJwk,"\"p\": \"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-");
    CkStringBuilder_Append(sbJwk,"SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf");
    CkStringBuilder_Append(sbJwk,"fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\",");
    CkStringBuilder_Append(sbJwk,"\"q\": \"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm");
    CkStringBuilder_Append(sbJwk,"UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX");
    CkStringBuilder_Append(sbJwk,"IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\",");
    CkStringBuilder_Append(sbJwk,"\"dp\": \"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL");
    CkStringBuilder_Append(sbJwk,"hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827");
    CkStringBuilder_Append(sbJwk,"rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\",");
    CkStringBuilder_Append(sbJwk,"\"dq\": \"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj");
    CkStringBuilder_Append(sbJwk,"ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB");
    CkStringBuilder_Append(sbJwk,"UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\",");
    CkStringBuilder_Append(sbJwk,"\"qi\": \"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7");
    CkStringBuilder_Append(sbJwk,"AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3");
    CkStringBuilder_Append(sbJwk,"eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\"}");

    //  Load this JWK into a Chilkat private key object.
    rsaPrivKey = CkPrivateKey_Create();
    success = CkPrivateKey_LoadJwk(rsaPrivKey,CkStringBuilder_getAsString(sbJwk));
    if (success != TRUE) {
        printf("%s\n",CkPrivateKey_lastErrorText(rsaPrivKey));
        CkJsonObject_Dispose(jweProtHdr);
        CkStringBuilder_Dispose(sbJwk);
        CkPrivateKey_Dispose(rsaPrivKey);
        return;
    }

    //  The public key is used to encrypt (i.e. create the JWE),
    //  and the private key is used to decrypt.
    //  The RSA public key is simply a subset of the private key.  The RSA public key
    //  is composed of the "n" and "e" members shown above.  These are also known as the
    //  modulus and exponent.
    //  We can simply get the public key object from the private key object
    rsaPubKey = CkPrivateKey_GetPublicKey(rsaPrivKey);

    //  ---------------------------------
    //  A.1.4.  Initialization Vector
    //  Chilkat automatically generates the necessary random IV internally.
    //  The application does not need to do this explicitly.

    //  ---------------------------------
    //  A.1.5.  Additional Authenticated Data
    //  The Additional Authenticated Data encryption parameter is
    //  ASCII(BASE64URL(UTF8(JWE Protected Header))).
    //  Again, Chilkat automatically takes care of this internally.
    //  The application does not need to explicitly take this step.

    //  ---------------------------------
    //  A.1.6.  Content Encryption
    //  Again... this step is handled by Chilkat internally.

    //  ---------------------------------
    //  A.1.7.  Complete Representation
    //  The application need only call the Encrypt, EncryptSb, or EncryptBd method
    //  return the fully assembled JWE.
    //  The final representation in the Compact Serialization
    //  is the string BASE64URL(UTF8(JWE Protected Header)) || '.' ||
    //  BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization
    //  Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE
    //  Authentication Tag).

    jwe = CkJwe_Create();
    CkJwe_SetProtectedHeader(jwe,jweProtHdr);
    CkJwe_SetPublicKey(jwe,0,rsaPubKey);
    CkPublicKey_Dispose(rsaPubKey);

    strJwe = CkJwe_encrypt(jwe,plaintext,"utf-8");
    if (CkJwe_getLastMethodSuccess(jwe) != TRUE) {
        printf("%s\n",CkJwe_lastErrorText(jwe));
        CkJsonObject_Dispose(jweProtHdr);
        CkStringBuilder_Dispose(sbJwk);
        CkPrivateKey_Dispose(rsaPrivKey);
        CkJwe_Dispose(jwe);
        return;
    }

    //  Note: The RSA OAEP algorithm uses random padding bytes internally.
    //  Therefore, the results will appear different each time -- even if the
    //  identical plaintext is encrypted with the identical RSA key.
    //  (Do not expect the appearance of the results to be the same as what
    //  is published in the RFC.  However, what is published in the RFC *should*
    //  be decryptable using the code that follows.)
    printf("%s\n",strJwe);

    //  Let's decrypt the JWE that was just produced.
    //  Do the following to decrypt a JWE:
    //  1) Load the JWE.
    //  2) Set the private key for decryption.
    //  3) Decrypt.
    jwe2 = CkJwe_Create();
    success = CkJwe_LoadJwe(jwe2,strJwe);
    if (success != TRUE) {
        printf("%s\n",CkJwe_lastErrorText(jwe2));
        CkJsonObject_Dispose(jweProtHdr);
        CkStringBuilder_Dispose(sbJwk);
        CkPrivateKey_Dispose(rsaPrivKey);
        CkJwe_Dispose(jwe);
        CkJwe_Dispose(jwe2);
        return;
    }

    //  Provide the RSA private key for decryption.
    //  (The JWE was encrypted for a single recipient at index 0.)
    CkJwe_SetPrivateKey(jwe2,0,rsaPrivKey);

    //  Decrypt.
    originalPlaintext = CkJwe_decrypt(jwe2,0,"utf-8");
    if (CkJwe_getLastMethodSuccess(jwe2) != TRUE) {
        printf("%s\n",CkJwe_lastErrorText(jwe2));
        CkJsonObject_Dispose(jweProtHdr);
        CkStringBuilder_Dispose(sbJwk);
        CkPrivateKey_Dispose(rsaPrivKey);
        CkJwe_Dispose(jwe);
        CkJwe_Dispose(jwe2);
        return;
    }

    printf("original text: \n");
    printf("%s\n",originalPlaintext);

    //  ---------------------------------------------------------------------------------
    //  It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.1.7
    //  because it was produced using the same RSA key.

    sbJwe = CkStringBuilder_Create();
    CkStringBuilder_Append(sbJwe,"eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ.");
    CkStringBuilder_Append(sbJwe,"OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe");
    CkStringBuilder_Append(sbJwe,"ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb");
    CkStringBuilder_Append(sbJwe,"Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV");
    CkStringBuilder_Append(sbJwe,"mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8");
    CkStringBuilder_Append(sbJwe,"1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi");
    CkStringBuilder_Append(sbJwe,"6UklfCpIMfIjf7iGdXKHzg.");
    CkStringBuilder_Append(sbJwe,"48V1_ALb6US04U3b.");
    CkStringBuilder_Append(sbJwe,"5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji");
    CkStringBuilder_Append(sbJwe,"SdiwkIr3ajwQzaBtQD_A.");
    CkStringBuilder_Append(sbJwe,"XFBoMYUZodetZdvTiFvSkQ");

    success = CkJwe_LoadJweSb(jwe2,sbJwe);
    if (success != TRUE) {
        printf("%s\n",CkJwe_lastErrorText(jwe2));
        CkJsonObject_Dispose(jweProtHdr);
        CkStringBuilder_Dispose(sbJwk);
        CkPrivateKey_Dispose(rsaPrivKey);
        CkJwe_Dispose(jwe);
        CkJwe_Dispose(jwe2);
        CkStringBuilder_Dispose(sbJwe);
        return;
    }

    //  Provide the RSA private key for decryption.
    CkJwe_SetPrivateKey(jwe2,0,rsaPrivKey);

    //  Decrypt.
    originalPlaintext = CkJwe_decrypt(jwe2,0,"utf-8");
    if (CkJwe_getLastMethodSuccess(jwe2) != TRUE) {
        printf("%s\n",CkJwe_lastErrorText(jwe2));
        CkJsonObject_Dispose(jweProtHdr);
        CkStringBuilder_Dispose(sbJwk);
        CkPrivateKey_Dispose(rsaPrivKey);
        CkJwe_Dispose(jwe);
        CkJwe_Dispose(jwe2);
        CkStringBuilder_Dispose(sbJwe);
        return;
    }

    printf("%s\n",originalPlaintext);


    CkJsonObject_Dispose(jweProtHdr);
    CkStringBuilder_Dispose(sbJwk);
    CkPrivateKey_Dispose(rsaPrivKey);
    CkJwe_Dispose(jwe);
    CkJwe_Dispose(jwe2);
    CkStringBuilder_Dispose(sbJwe);

    }

 

© 2000-2016 Chilkat Software, Inc. All Rights Reserved.