Sample code for 30+ languages & platforms
Chilkat2-Python

JWE using A256GCMKW

See more JSON Web Encryption (JWE) Examples

This example demonstrates creating a JCE with AES GCM key wrap.

Chilkat Chilkat2-Python Downloads

Chilkat2-Python
import sys
import chilkat2

success = False

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

plaintext = "My text to enrypt"

jwe = chilkat2.Jwe()

# First build the JWE Protected Header: 

#         {
#             "alg": "A256GCMKW",
#             "kid": "18ec08e1-bfa9-4d95-b205-2b4dd1d4321d",
#             "tag": "kfPduVQ3T3H6vnewt--ksw",
#             "iv": "KkYT0GX_2jHlfqN_",
#             "enc": "A128CBC-HS256"
#         }

jweProtHdr = chilkat2.JsonObject()
jweProtHdr.AppendString("alg","A256GCMKW")
# kid is optional
jweProtHdr.AppendString("kid","18ec08e1-bfa9-4d95-b205-2b4dd1d4321d")
# tag is optional
jweProtHdr.AppendString("tag","kfPduVQ3T3H6vnewt--ksw")
jweProtHdr.AppendString("enc","A256GCM")
# the iv should be 16 random chars.
prng = chilkat2.Prng()
jweProtHdr.AppendString("iv",prng.RandomString(16,True,True,True))
jwe.SetProtectedHeader(jweProtHdr)

print("JWE Protected Header: " + jweProtHdr.Emit())
print("--")

# Given that we have 256-bit AES, our key should be 32 bytes.
# The ascii string here is 32 bytes, therefore the 2nd arg is "ascii" to use these
# ascii chars directly as the key.
aesWrappingKey = "2baf4f730f5e4542b428593ef9cceb0e"
jwe.SetWrappingKey(0,aesWrappingKey,"ascii")

# Encrypt and return the JWE:
strJwe = jwe.Encrypt(plaintext,"utf-8")
if (jwe.LastMethodSuccess != True):
    print(jwe.LastErrorText)
    sys.exit()

# Show the JWE we just created:
print(strJwe)

# Decrypt the JWE that was just produced.
# 1) Load the JWE.
# 2) Set the AES wrapping key.
# 3) Decrypt.
jwe2 = chilkat2.Jwe()
success = jwe2.LoadJwe(strJwe)
if (success != True):
    print(jwe2.LastErrorText)
    sys.exit()

# Set the AES wrap key.  Important to use "ascii"
jwe2.SetWrappingKey(0,aesWrappingKey,"ascii")

# Decrypt.
originalPlaintext = jwe2.Decrypt(0,"utf-8")
if (jwe2.LastMethodSuccess != True):
    print(jwe2.LastErrorText)
    sys.exit()

print("original text: ")
print(originalPlaintext)