paseto

package

v1.1.0 Latest Latest Go to latest Published: Apr 4, 2023 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kitabisa/perkakas

README ¶

PASETO (Platform-Agnostic SEcurity TOkens)

Paseto is specification for implementation of stateless secure token, similar to JWT

What Will Give You Motivation To Move From JWT to PASETO

JWT has critical security issue: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/

About This Library

This paseto library:

Will help encrypt and decrypt paseto token. Symmetric and asymmetric key are supported.
Support only paseto token v2, since v1 token are deprecated

Symmetric Or Asymmetric

Symmetric token are intended to create token for local usage; and asymmetric token are intended to create token for public use. Following is local and public token example:

Local paseto token

v2.local.vx3Xd8jVUVJlsYwkQzEQ_XqjbuE3ejO49QnkBpL3imOGRoaKS-sXGZcJCfZekI1beLjzlYdRqnVKYDl_rC1Wp1rFbRym-a_HDM7V1Lk7xoksoxEwTOBEA4C7bX463odkc3Vge0rOudWsAOx8vQ9rV8LZtBGYqR4NVhPxdE4BdUytRXuUpHf09udPaL5gTmNGIpFFkg4MqAkqkWApyxla1Z-_mRWIe5h7wH_NE3l432s4aGnHk0iI3W3V7yVsMDRrmCDyndJI27jf1FIJ-6tRcn9KFA6s-48ZHVU4xzVjad0U6wnU61Ycz3ld3fNbz7_UjjP1bpBIzqmUAaCUPrvhaJuI0_CNqQWxdqxS1LBCUehfsebh-KfrPQUEpNbB7nOU-gAqYon8P9jyd4l9fIS6NJa4edXrv12cvkPx1BmGWzHbLtXoSX0ETA.S2l0YWJpc2EuY29t

Public paseto token

v2.public.eyJhdWQiOiJLaXRhYmlzYSBzZXJ2aWNlcyIsImVtYWlsIjoiYnVkaUBraXRhYmlzYS5jb20iLCJleHAiOiIyMDIxLTA4LTIxVDE2OjMyOjE3KzA3OjAwIiwiaWF0IjoiMjAyMS0wOC0yMFQxNjozMjoxNyswNzowMCIsImlzcyI6Ikt1bG9udXd1biIsImp0aSI6IjcwNmNiZmNlLWMwMzEtNGE0NC04MTVlLTAzMGY5NjNmN2Q0ZSIsIm5hbWUiOiJCdWRpIEFyaXlhbnRvIiwibmJmIjoiMjAyMS0wOC0yMFQxNjozMjoxNyswNzowMCIsInN1YiI6ImNhYzJlZTdlLTcwZDAtNDIyMC1iYWRkLTdiNTY5NWY1M2FkOCJ9gGMdg3eH8wFcIZ5tn3_87e7Z7jwfW-Q6vZqmkXijRTRGCFb171Vl4Rc8PRvXirvV6dj9Ns8xTBY0ksmRskz9DA.S2l0YWJpc2EuY29t

Paseto Token Format

<token_version>.<purpose>.<payload>.<optional_footer>

token_version: v1 or v2. v2 is recommended since v1 is deprecated.
purpose: local or public
payload: token payload. Consist of token expiry time, audience, etc, and also your data
footer: optional. Usually footer is identity of token issuer. I.e: company name.

Example

Symmetric Token Encryption

// Symmetric key use 32 bytes characters long. Please create a secure one.
symmetricPaseto, err := NewSymmetric("PrU5AbXJawKJIUOJFmd4f6ZwmifLvvoF")
now := time.Now()

// Standard token data
token := paseto.JSONToken{
    Audience:   "Kitabisa services",
    Issuer:     "Kulonuwun",
    Jti:        "706cbfce-c031-4a44-815e-030f963f7d4e",
    Subject:    "cac2ee7e-70d0-4220-badd-7b5695f53ad8",
    Expiration: now.Add(24 * time.Hour),
    IssuedAt:   now,
    NotBefore:  now,
}

// Set your custom data here
token.Set("email", "budi@kitabisa.com")
token.Set("name", "Budi Ariyanto")

// Encrypt token with footer Kitabisa.com
encryptedToken, err = symmetricPaseto.Encrypt(token, "Kitabisa.com")
fmt.Println(encryptedToken)

Symmetric Token Decryption

symmetricPaseto, _ := NewSymmetric("PrU5AbXJawKJIUOJFmd4f6ZwmifLvvoF")

encToken := "v2.local.vx3Xd8jVUVJlsYwkQzEQ_XqjbuE3ejO49QnkBpL3imOGRoaKS-sXGZcJCfZekI1beLjzlYdRqnVKYDl_rC1Wp1rFbRym-a_HDM7V1Lk7xoksoxEwTOBEA4C7bX463odkc3Vge0rOudWsAOx8vQ9rV8LZtBGYqR4NVhPxdE4BdUytRXuUpHf09udPaL5gTmNGIpFFkg4MqAkqkWApyxla1Z-_mRWIe5h7wH_NE3l432s4aGnHk0iI3W3V7yVsMDRrmCDyndJI27jf1FIJ-6tRcn9KFA6s-48ZHVU4xzVjad0U6wnU61Ycz3ld3fNbz7_UjjP1bpBIzqmUAaCUPrvhaJuI0_CNqQWxdqxS1LBCUehfsebh-KfrPQUEpNbB7nOU-gAqYon8P9jyd4l9fIS6NJa4edXrv12cvkPx1BmGWzHbLtXoSX0ETA.S2l0YWJpc2EuY29t"
decToken, footer, err := symmetricPaseto.Decrypt(encToken)
if err != nil {
    return err
}

fmt.Printf("Decrypted token: %+v\n", decToken)
fmt.Println("Footer:", footer)

Asymmetric Key Creation

// You can create public and private keypair with ed25519 library from golang
// and encode it to hex string
import (
    "crypto/ed25519"
    "encoding/hex"
)

func main() {
    pubkey, privKey, _ := ed25519.GenerateKey(nil)
    pub := hex.EncodeToString(pubkey)
    priv := hex.EncodeToString(privKey)

    fmt.Println("Public key:", pub)
    fmt.Println("Private key:", priv)
}

Asymmetric Token Ecryption

pub := "07ddbb390ad3096b51138358c8e082686e8023853616768d0cd60cdb5ab68b58"
priv := "211eec1bbe7d6e4779542fb14591f8e2c0ef57607bff958b32267f1b9667bf0007ddbb390ad3096b51138358c8e082686e8023853616768d0cd60cdb5ab68b58"

ast, err := NewAsymmetric(pub, priv)
now := time.Now()

// Standard token data
token := paseto.JSONToken{
    Audience:   "Kitabisa services",
    Issuer:     "Kulonuwun",
    Jti:        "706cbfce-c031-4a44-815e-030f963f7d4e",
    Subject:    "cac2ee7e-70d0-4220-badd-7b5695f53ad8",
    Expiration: now.Add(24 * time.Hour),
    IssuedAt:   now,
    NotBefore:  now,
}

// Set your custom data here
token.Set("email", "budi@kitabisa.com")
token.Set("name", "Budi Ariyanto")

// Encrypt token with footer Kitabisa.com
encryptedToken, err := ast.Encrypt(token, "Kitabisa.com")
fmt.Println(encryptedToken)

Asymmetric Token Deryption

pub := "07ddbb390ad3096b51138358c8e082686e8023853616768d0cd60cdb5ab68b58"
priv := "211eec1bbe7d6e4779542fb14591f8e2c0ef57607bff958b32267f1b9667bf0007ddbb390ad3096b51138358c8e082686e8023853616768d0cd60cdb5ab68b58"

ast, _ := NewAsymmetric(pub, priv)

encToken := "v2.public.eyJhdWQiOiJLaXRhYmlzYSBzZXJ2aWNlcyIsImVtYWlsIjoiYnVkaUBraXRhYmlzYS5jb20iLCJleHAiOiIyMDIxLTA4LTIxVDE2OjMyOjE3KzA3OjAwIiwiaWF0IjoiMjAyMS0wOC0yMFQxNjozMjoxNyswNzowMCIsImlzcyI6Ikt1bG9udXd1biIsImp0aSI6IjcwNmNiZmNlLWMwMzEtNGE0NC04MTVlLTAzMGY5NjNmN2Q0ZSIsIm5hbWUiOiJCdWRpIEFyaXlhbnRvIiwibmJmIjoiMjAyMS0wOC0yMFQxNjozMjoxNyswNzowMCIsInN1YiI6ImNhYzJlZTdlLTcwZDAtNDIyMC1iYWRkLTdiNTY5NWY1M2FkOCJ9gGMdg3eH8wFcIZ5tn3_87e7Z7jwfW-Q6vZqmkXijRTRGCFb171Vl4Rc8PRvXirvV6dj9Ns8xTBY0ksmRskz9DA.S2l0YWJpc2EuY29t"
decToken, footer, err := ast.Decrypt(encToken)
if err != nil {
    return err
}

fmt.Printf("Decrypted token: %+v\n", decToken)
fmt.Println("Footer:", footer)

Documentation ¶

Index ¶

type PasetoAsymmetric
- func NewAsymmetric(pubKey, privKey string) (*PasetoAsymmetric, error)
- func (p PasetoAsymmetric) Decrypt(encToken string) (paseto.JSONToken, string, error)
- func (p PasetoAsymmetric) Encrypt(token paseto.JSONToken, footer string) (string, error)
type PasetoSymmetric
- func NewSymmetric(key string) (*PasetoSymmetric, error)
- func (p PasetoSymmetric) Decrypt(encToken string) (paseto.JSONToken, string, error)
- func (p PasetoSymmetric) Encrypt(token paseto.JSONToken, footer string) (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type PasetoAsymmetric ¶

type PasetoAsymmetric struct {
	PrivateKey ed25519.PrivateKey
	PublicKey  ed25519.PublicKey
}

func NewAsymmetric ¶

func NewAsymmetric(pubKey, privKey string) (*PasetoAsymmetric, error)

func (PasetoAsymmetric) Decrypt ¶

func (p PasetoAsymmetric) Decrypt(encToken string) (paseto.JSONToken, string, error)

func (PasetoAsymmetric) Encrypt ¶

func (p PasetoAsymmetric) Encrypt(token paseto.JSONToken, footer string) (string, error)

type PasetoSymmetric ¶

type PasetoSymmetric struct {
	Key string
}

func NewSymmetric ¶

func NewSymmetric(key string) (*PasetoSymmetric, error)

NewSymmetric key must be 32 bytes (32 characters long)

func (PasetoSymmetric) Decrypt ¶

func (p PasetoSymmetric) Decrypt(encToken string) (paseto.JSONToken, string, error)

func (PasetoSymmetric) Encrypt ¶

func (p PasetoSymmetric) Encrypt(token paseto.JSONToken, footer string) (string, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL