Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256

See more JSON Web Encryption (JWE) Examples

This example duplicates the example A.2 in RFC 7516 for JSON Web Encryption (JWE).

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Jwe,
  Chilkat.StringBuilder,
  Chilkat.PrivateKey,
  Chilkat.PublicKey,
  Chilkat.JsonObject;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  plaintext: string;
  jweProtHdr: TJsonObject;
  sbJwk: TStringBuilder;
  rsaPrivKey: TPrivateKey;
  rsaPubKey: TPublicKey;
  jwe: TJwe;
  strJwe: string;
  jwe2: TJwe;
  originalPlaintext: string;
  sbJwe: TStringBuilder;

begin
  success := False;

  //  This requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  //  Note: This example requires Chilkat v9.5.0.66 or greater.

  plaintext := 'Live long and prosper.';

  //  First build the JWE Protected Header.
  //  We want to build this: {"alg":"RSA1_5","enc":"A128CBC-HS256"}
  jweProtHdr := TJsonObject.Create;
  jweProtHdr.AppendString('alg','RSA1_5');
  jweProtHdr.AppendString('enc','A128CBC-HS256');
  WriteLn('JWE Protected Header: ' + jweProtHdr.Emit());
  WriteLn('--');

  //  The specific RSA key used in the A.2 example is the following JWK:
  sbJwk := TStringBuilder.Create;
  sbJwk.Append('{"kty":"RSA",');
  sbJwk.Append('"n":"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl');
  sbJwk.Append('UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre');
  sbJwk.Append('cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_');
  sbJwk.Append('7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI');
  sbJwk.Append('Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU');
  sbJwk.Append('7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw",');
  sbJwk.Append('"e":"AQAB",');
  sbJwk.Append('"d":"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq');
  sbJwk.Append('1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry');
  sbJwk.Append('nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_');
  sbJwk.Append('0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj');
  sbJwk.Append('-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj');
  sbJwk.Append('T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ",');
  sbJwk.Append('"p":"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68');
  sbJwk.Append('ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP');
  sbJwk.Append('krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM",');
  sbJwk.Append('"q":"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y');
  sbJwk.Append('BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN');
  sbJwk.Append('-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0",');
  sbJwk.Append('"dp":"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv');
  sbJwk.Append('ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra');
  sbJwk.Append('Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs",');
  sbJwk.Append('"dq":"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff');
  sbJwk.Append('7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_');
  sbJwk.Append('odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU",');
  sbJwk.Append('"qi":"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC');
  sbJwk.Append('tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ');
  sbJwk.Append('B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo"');
  sbJwk.Append('}');

  //  Load this JWK into a Chilkat private key object.
  rsaPrivKey := TPrivateKey.Create;
  success := rsaPrivKey.LoadJwk(sbJwk.GetAsString());
  if (success = False) then
    begin
      WriteLn(rsaPrivKey.LastErrorText);
      Exit;
    end;

  //  The public key is used to encrypt (i.e. create the JWE), 
  //  and the private key is used to decrypt.
  //  The RSA public key is simply a subset of the private key.  The RSA public key
  //  is composed of the "n" and "e" members shown above.  These are also known as the
  //  modulus and exponent.
  //  We can simply get the public key object from the private key object
  rsaPubKey := TPublicKey.Create;
  rsaPrivKey.ToPublicKey(rsaPubKey);

  //  Create the JWE...
  jwe := TJwe.Create;
  jwe.SetProtectedHeader(jweProtHdr);
  jwe.SetPublicKey(0,rsaPubKey);

  strJwe := jwe.Encrypt(plaintext,'utf-8');
  if (jwe.LastMethodSuccess = False) then
    begin
      WriteLn(jwe.LastErrorText);
      Exit;
    end;

  //  Show the JWE we just created:
  WriteLn(strJwe);

  //  Note: The RSA PKCS1_V1_5 padding uses random value, and the results
  //  will be different each time.  However, each result should be successfully
  //  decrypting if using the correct RSA private key.

  //  Let's decrypt the JWE that was just produced.
  //  Do the following to decrypt a JWE:
  //  1) Load the JWE.
  //  2) Set the private key for decryption.
  //  3) Decrypt.
  jwe2 := TJwe.Create;
  success := jwe2.LoadJwe(strJwe);
  if (success = False) then
    begin
      WriteLn(jwe2.LastErrorText);
      Exit;
    end;

  //  Provide the RSA private key for decryption.
  //  (The JWE was encrypted for a single recipient at index 0.)
  jwe2.SetPrivateKey(0,rsaPrivKey);

  //  Decrypt.
  originalPlaintext := jwe2.Decrypt(0,'utf-8');
  if (jwe2.LastMethodSuccess = False) then
    begin
      WriteLn(jwe2.LastErrorText);
      Exit;
    end;

  WriteLn('original text: ');
  WriteLn(originalPlaintext);

  //  ---------------------------------------------------------------------------------
  //  It should also be possible to decrypt the JWE as shown in RFC 7516, Appendix A.2.7
  //  because it was produced using the same RSA key.

  sbJwe := TStringBuilder.Create;
  sbJwe.Append('eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.');
  sbJwe.Append('UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm');
  sbJwe.Append('1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc');
  sbJwe.Append('HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF');
  sbJwe.Append('NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8');
  sbJwe.Append('rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv');
  sbJwe.Append('-B3oWh2TbqmScqXMR4gp_A.');
  sbJwe.Append('AxY8DCtDaGlsbGljb3RoZQ.');
  sbJwe.Append('KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY.');
  sbJwe.Append('9hH0vgRfYgPnAHOd8stkvw');

  success := jwe2.LoadJweSb(sbJwe);
  if (success = False) then
    begin
      WriteLn(jwe2.LastErrorText);
      Exit;
    end;

  //  Provide the RSA private key for decryption.
  jwe2.SetPrivateKey(0,rsaPrivKey);

  //  Decrypt.
  originalPlaintext := jwe2.Decrypt(0,'utf-8');
  if (jwe2.LastMethodSuccess = False) then
    begin
      WriteLn(jwe2.LastErrorText);
      Exit;
    end;

  WriteLn(originalPlaintext);


  jweProtHdr.Free;
  sbJwk.Free;
  rsaPrivKey.Free;
  rsaPubKey.Free;
  jwe.Free;
  jwe2.Free;
  sbJwe.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.