Tcl
Tcl
JWE using ECDH-ES+A256KW
See more JSON Web Encryption (JWE) Examples
Create a JWE with the following public/private key pair:
{
"kty": "EC",
"d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
"use": "enc",
"crv": "P-256",
"kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
"x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
"y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
"alg": "ECDH-ES+A256KW"
}
Also shows how to decrypt.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Create the following JSON:
# {
# "kty": "EC",
# "d": "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c",
# "use": "enc",
# "crv": "P-256",
# "kid": "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs",
# "x": "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM",
# "y": "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4",
# "alg": "ECDH-ES+A256KW"
# }
set json [new_CkJsonObject]
CkJsonObject_UpdateString $json "kty" "EC"
CkJsonObject_UpdateString $json "d" "jZCffzVqJjryBH4EoaN0oD-TyLXrW2XHoDdIuPZnk8c"
CkJsonObject_UpdateString $json "use" "enc"
CkJsonObject_UpdateString $json "crv" "P-256"
CkJsonObject_UpdateString $json "kid" "evEK2thJMsWxBYRivXI8ykUf6n6zizLiLCGH3s58wKs"
CkJsonObject_UpdateString $json "x" "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM"
CkJsonObject_UpdateString $json "y" "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4"
CkJsonObject_UpdateString $json "alg" "ECDH-ES+A256KW"
set pubkey [new_CkPublicKey]
set success [CkPublicKey_LoadFromString $pubkey [CkJsonObject_emit $json]]
if {$success == 0} then {
puts [CkPublicKey_lastErrorText $pubkey]
delete_CkJsonObject $json
delete_CkPublicKey $pubkey
exit
}
# Build our protected header:
# {
# "alg": "ECDH-ES+A256KW",
# "enc": "A256GCM",
# "exp": 1621957030,
# "cty": "NJWT",
# "epk": {
# "kty": "EC",
# "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
# "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
# "crv": "BP-256"
# }
# }
# Use jwt only for getting the current date/time + 3600 seconds.
set jwt [new_CkJwt]
set jweProtHdr [new_CkJsonObject]
CkJsonObject_UpdateString $jweProtHdr "alg" "ECDH-ES+A256KW"
CkJsonObject_UpdateString $jweProtHdr "enc" "A256GCM"
CkJsonObject_UpdateInt $jweProtHdr "exp" [CkJwt_GenNumericDate $jwt 3600]
CkJsonObject_UpdateString $jweProtHdr "cty" "NJWT"
CkJsonObject_UpdateString $jweProtHdr "epk.kty" "EC"
CkJsonObject_UpdateString $jweProtHdr "epk.x" "LOakgGvxWBsWbCPLY6Vq6OuBktIqG8POXFXe7ngQ2oM"
CkJsonObject_UpdateString $jweProtHdr "epk.y" "voJvS6I-Mc4qqmEA_G2hLQqBck3a3vqaJbmzY7YPUD4"
CkJsonObject_UpdateString $jweProtHdr "epk.crv" "P-256"
set jwe [new_CkJwe]
CkJwe_SetProtectedHeader $jwe $jweProtHdr
CkJwe_SetPublicKey $jwe 0 $pubkey
set plainText "This is the text to be encrypted."
set strJwe [CkJwe_encrypt $jwe $plainText "utf-8"]
if {[CkJwe_get_LastMethodSuccess $jwe] != 1} then {
puts [CkJwe_lastErrorText $jwe]
delete_CkJsonObject $json
delete_CkPublicKey $pubkey
delete_CkJwt $jwt
delete_CkJsonObject $jweProtHdr
delete_CkJwe $jwe
exit
}
puts "$strJwe"
# Let's decrypt...
set privkey [new_CkPrivateKey]
set success [CkPrivateKey_LoadJwk $privkey [CkJsonObject_emit $json]]
if {$success == 0} then {
puts [CkPrivateKey_lastErrorText $privkey]
delete_CkJsonObject $json
delete_CkPublicKey $pubkey
delete_CkJwt $jwt
delete_CkJsonObject $jweProtHdr
delete_CkJwe $jwe
delete_CkPrivateKey $privkey
exit
}
set jwe2 [new_CkJwe]
set success [CkJwe_LoadJwe $jwe2 $strJwe]
if {$success == 0} then {
puts [CkJwe_lastErrorText $jwe2]
delete_CkJsonObject $json
delete_CkPublicKey $pubkey
delete_CkJwt $jwt
delete_CkJsonObject $jweProtHdr
delete_CkJwe $jwe
delete_CkPrivateKey $privkey
delete_CkJwe $jwe2
exit
}
CkJwe_SetPrivateKey $jwe2 0 $privkey
# Decrypt.
set decryptedText [CkJwe_decrypt $jwe2 0 "utf-8"]
if {[CkJwe_get_LastMethodSuccess $jwe2] != 1} then {
puts [CkJwe_lastErrorText $jwe2]
delete_CkJsonObject $json
delete_CkPublicKey $pubkey
delete_CkJwt $jwt
delete_CkJsonObject $jweProtHdr
delete_CkJwe $jwe
delete_CkPrivateKey $privkey
delete_CkJwe $jwe2
exit
}
puts "$decryptedText"
delete_CkJsonObject $json
delete_CkPublicKey $pubkey
delete_CkJwt $jwt
delete_CkJsonObject $jweProtHdr
delete_CkJwe $jwe
delete_CkPrivateKey $privkey
delete_CkJwe $jwe2