Sample code for 30+ languages & platforms
Tcl

JWE using ECDH-ES, BP-256, A256GCM

See more JSON Web Encryption (JWE) Examples

Create a JWE with the following header:
	{
	  "alg": "ECDH-ES",
	  "enc": "A256GCM",
	  "exp": 1621957030,
	  "cty": "NJWT",
	  "epk": {
	    "kty": "EC",
	    "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
	    "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
	    "crv": "BP-256"
	  }
	}

Note: This example requires Chilkat v9.5.0.87 or greater.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# Load our brainpool BP-256 public key.

# 	{
# 	  "use": "enc",
# 	  "kid": "puk_idp_enc",
# 	  "kty": "EC",
# 	  "crv": "BP-256",
# 	  "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w",
# 	  "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
# 	}

set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "use" "enc"
CkJsonObject_UpdateString $json "kid" "puk_idp_enc"
CkJsonObject_UpdateString $json "kty" "EC"
CkJsonObject_UpdateString $json "crv" "BP-256"
CkJsonObject_UpdateString $json "x" "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
CkJsonObject_UpdateString $json "y" "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"

set pubkey [new_CkPublicKey]

set success [CkPublicKey_LoadFromString $pubkey [CkJsonObject_emit $json]]
if {$success == 0} then {
    puts [CkPublicKey_lastErrorText $pubkey]
    delete_CkJsonObject $json
    delete_CkPublicKey $pubkey
    exit
}

# Build our protected header:

# 	{
# 	  "alg": "ECDH-ES",
# 	  "enc": "A256GCM",
# 	  "exp": 1621957030,
# 	  "cty": "NJWT",
# 	  "epk": {
# 	    "kty": "EC",
# 	    "x": "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
# 	    "y": "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
# 	    "crv": "BP-256"
# 	  }
# 	}

# Use jwt only for getting the current date/time + 3600 seconds.
set jwt [new_CkJwt]

set jweProtHdr [new_CkJsonObject]

CkJsonObject_UpdateString $jweProtHdr "alg" "ECDH-ES"
CkJsonObject_UpdateString $jweProtHdr "enc" "A256GCM"
CkJsonObject_UpdateInt $jweProtHdr "exp" [CkJwt_GenNumericDate $jwt 3600]
CkJsonObject_UpdateString $jweProtHdr "cty" "NJWT"
CkJsonObject_UpdateString $jweProtHdr "epk.kty" "EC"
CkJsonObject_UpdateString $jweProtHdr "epk.x" "QLpJ_LpFx-6yJhsb4OvHwU1khLnviiOwYOvmf5clK7w"
CkJsonObject_UpdateString $jweProtHdr "epk.y" "AJh7pJ3zZKDJkm8rbeG69GBooTosXJgSsvNFH0i3Vxnu"
CkJsonObject_UpdateString $jweProtHdr "epk.crv" "BP-256"

set jwe [new_CkJwe]

CkJwe_SetProtectedHeader $jwe $jweProtHdr
CkJwe_SetPublicKey $jwe 0 $pubkey

set plainText "This is the text to be encrypted."
set strJwe [CkJwe_encrypt $jwe $plainText "utf-8"]
if {[CkJwe_get_LastMethodSuccess $jwe] != 1} then {
    puts [CkJwe_lastErrorText $jwe]
    delete_CkJsonObject $json
    delete_CkPublicKey $pubkey
    delete_CkJwt $jwt
    delete_CkJsonObject $jweProtHdr
    delete_CkJwe $jwe
    exit
}

puts "$strJwe"

puts "Success."

delete_CkJsonObject $json
delete_CkPublicKey $pubkey
delete_CkJwt $jwt
delete_CkJsonObject $jweProtHdr
delete_CkJwe $jwe