"Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards."
PASETO (Platform-Agnostic SEcurity TOkens) are secure stateless tokens. Read more here and at PASETO.io.
This library includes:
- [x] Pure-Rust implementation of the Version 2 protocol
- [x] #![no_std] and #![forbid(unsafe_code)]
- [x] Fuzzing targets
- [x] Test vectors
- [x] Usage examples
```rust use pasetors::version2::*; use ed25519_dalek::Keypair;
let mut csprng = rand::rngs::OsRng{};
// Create and verify a public token let keypair: Keypair = Keypair::generate(&mut csprng); let pubtoken = PublicToken::sign(&keypair.secret.tobytes(), &keypair.public.tobytes(), b"Message to sign", Some(b"footer"))?; assert!(PublicToken::verify(&keypair.public.tobytes(), &pubtoken, Some(b"footer")).isok());
// Create and verify a local token let mut secret = [0u8; 32]; getrandom::getrandom(&mut secret)?;
let localtoken = LocalToken::encrypt(&secret, b"Message to encrypt and authenticate", Some(b"footer"))?; assert!(LocalToken::decrypt(&secret, &localtoken, Some(b"footer")).is_ok()); ```
This library has not undergone any third-party security audit. Usage is at own risk.
The ed25519-dalek library, used for public tokens, was included in an audit. The orion library, used for local tokens, has not been audited.
Rust 1.51 or later is supported however, the majority of testing happens with latest stable Rust.
MSRV may be changed at any point and will not be considered a SemVer breaking change.
Please refer to the CHANGELOG.md list.
pasetors is licensed under the MIT license. See the LICENSE file for more information.