Sample code for 30+ languages & platforms
Tcl

JWE using ECDH-ES+A256KW

See more JSON Web Encryption (JWE) Examples

Create a JWE with the following public/private key pair:
{
    "kty": "EC",
    "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
    "use": "enc",
    "crv": "P-256",
    "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
    "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
    "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
    "alg": "ECDH-ES+A256KW"
}

Also shows how to decrypt.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Create the following JSON:
# {
#     "kty": "EC",
#     "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
#     "use": "enc",
#     "crv": "P-256",
#     "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
#     "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
#     "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
#     "alg": "ECDH-ES+A256KW"
# }

set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "kty" "EC"
CkJsonObject_UpdateString $json "d" "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c"
CkJsonObject_UpdateString $json "use" "enc"
CkJsonObject_UpdateString $json "crv" "P-256"
CkJsonObject_UpdateString $json "kid" "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs"
CkJsonObject_UpdateString $json "x" "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM"
CkJsonObject_UpdateString $json "y" "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4"
CkJsonObject_UpdateString $json "alg" "ECDH-ES+A256KW"

set pubkey [new_CkPublicKey]

set success [CkPublicKey_LoadFromString $pubkey [CkJsonObject_emit $json]]
if {$success == 0} then {
    puts [CkPublicKey_lastErrorText $pubkey]
    delete_CkJsonObject $json
    delete_CkPublicKey $pubkey
    exit
}

# Build our protected header:

# 	{
# 	  "alg": "ECDH-ES+A256KW",
# 	  "enc": "A256GCM",
# 	  "exp": 1621957030,
# 	  "cty": "NJWT",
# 	  "epk": {
# 	    "kty": "EC",
# 	    "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
# 	    "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
# 	    "crv": "BP-256"
# 	  }
# 	}

# Use jwt only for getting the current date/time + 3600 seconds.
set jwt [new_CkJwt]

set jweProtHdr [new_CkJsonObject]

CkJsonObject_UpdateString $jweProtHdr "alg" "ECDH-ES+A256KW"
CkJsonObject_UpdateString $jweProtHdr "enc" "A256GCM"
CkJsonObject_UpdateInt $jweProtHdr "exp" [CkJwt_GenNumericDate $jwt 3600]
CkJsonObject_UpdateString $jweProtHdr "cty" "NJWT"
CkJsonObject_UpdateString $jweProtHdr "epk.kty" "EC"
CkJsonObject_UpdateString $jweProtHdr "epk.x" "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM"
CkJsonObject_UpdateString $jweProtHdr "epk.y" "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4"
CkJsonObject_UpdateString $jweProtHdr "epk.crv" "P-256"

set jwe [new_CkJwe]

CkJwe_SetProtectedHeader $jwe $jweProtHdr
CkJwe_SetPublicKey $jwe 0 $pubkey

set plainText "This is the text to be encrypted."
set strJwe [CkJwe_encrypt $jwe $plainText "utf-8"]
if {[CkJwe_get_LastMethodSuccess $jwe] != 1} then {
    puts [CkJwe_lastErrorText $jwe]
    delete_CkJsonObject $json
    delete_CkPublicKey $pubkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jweProtHdr
    delete_CkJwe $jwe
    exit
}

puts "$strJwe"

# Let's decrypt...
set privkey [new_CkPrivateKey]

set success [CkPrivateKey_LoadJwk $privkey [CkJsonObject_emit $json]]
if {$success == 0} then {
    puts [CkPrivateKey_lastErrorText $privkey]
    delete_CkJsonObject $json
    delete_CkPublicKey $pubkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jweProtHdr
    delete_CkJwe $jwe
    delete_CkPrivateKey $privkey
    exit
}

set jwe2 [new_CkJwe]

set success [CkJwe_LoadJwe $jwe2 $strJwe]
if {$success == 0} then {
    puts [CkJwe_lastErrorText $jwe2]
    delete_CkJsonObject $json
    delete_CkPublicKey $pubkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jweProtHdr
    delete_CkJwe $jwe
    delete_CkPrivateKey $privkey
    delete_CkJwe $jwe2
    exit
}

CkJwe_SetPrivateKey $jwe2 0 $privkey

#  Decrypt.
set decryptedText [CkJwe_decrypt $jwe2 0 "utf-8"]
if {[CkJwe_get_LastMethodSuccess $jwe2] != 1} then {
    puts [CkJwe_lastErrorText $jwe2]
    delete_CkJsonObject $json
    delete_CkPublicKey $pubkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jweProtHdr
    delete_CkJwe $jwe
    delete_CkPrivateKey $privkey
    delete_CkJwe $jwe2
    exit
}

puts "$decryptedText"

delete_CkJsonObject $json
delete_CkPublicKey $pubkey
delete_CkJwt $jwt
delete_CkJsonObject $jweProtHdr
delete_CkJwe $jwe
delete_CkPrivateKey $privkey
delete_CkJwe $jwe2