PASETO
This go library exposed as zntr.io/paseto
provides :
This is used in my OIDC framework SolID.
I removed the JSON part encoding requirement to allow PASETO to be used as a
generic data container. You can still use JSON, but also more bytes oriented
serialization for message
, footer
and implicit-assertion
.
What is PASETO?
From https://github.com/paragonie/paseto :
PASETO: Platform-Agnostic Security Tokens
Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.
How to use the library?
import (
pasetov4 "zntr.io/paseto/v4"
)
func main () {
// Generate an encryption key.
localKey, err := pasetov4.GenerateLocalKey(rand.Reader)
if err != nil {
panic(err)
}
// Prepare the message
m := []byte("my super secret message")
// Encrypt the token
token, err := pasetov4.Encrypt(rand.Reader, localKey, m, nil, nil)
if err != nil {
panic(err)
}
}
More examples - here
Benchmarks
Go version 1.23.1 / Mac M1
V3
❯ go test -bench=. -test.benchtime=1s
goos: darwin
goarch: arm64
pkg: zntr.io/paseto/v3
cpu: Apple M1 Pro
Benchmark_Paseto_Encrypt-10 213638 5511 ns/op 7378 B/op 52 allocs/op
Benchmark_Paseto_Decrypt-10 226226 5268 ns/op 7154 B/op 52 allocs/op
Benchmark_Paseto_Sign-10 10000 124865 ns/op 9060 B/op 86 allocs/op
Benchmark_Paseto_Verify-10 2292 536478 ns/op 2504 B/op 36 allocs/op
PASS
ok zntr.io/paseto/v3 6.052s
V4
❯ go test -bench=. -test.benchtime=1s
goos: darwin
goarch: arm64
pkg: zntr.io/paseto/v4
cpu: Apple M1 Pro
Benchmark_Paseto_Encrypt-10 511538 2397 ns/op 2288 B/op 12 allocs/op
Benchmark_Paseto_Decrypt-10 528723 2260 ns/op 2064 B/op 12 allocs/op
Benchmark_Paseto_Sign-10 51476 24680 ns/op 928 B/op 4 allocs/op
Benchmark_Paseto_Verify-10 22828 52875 ns/op 704 B/op 4 allocs/op
PASS
ok zntr.io/paseto/v4 7.119s
V4X (XCHACHA20-BLAKE3) - Non standard
This is a non-standard version of PASETO using XCHACHA20-BLAKE3 instead of XCHACHA20-POLY1305.
https://kerkour.com/chacha20-blake3/
❯ go test -bench=. -test.benchtime=1s
goos: darwin
goarch: arm64
pkg: zntr.io/paseto/v4x
cpu: Apple M1 Pro
Benchmark_Paseto_Encrypt-10 496018 2336 ns/op 1056 B/op 6 allocs/op
Benchmark_Paseto_Decrypt-10 531135 2314 ns/op 832 B/op 6 allocs/op
PASS
ok zntr.io/paseto/v4x 2.832s
License
All artifacts and source code are released under Apache 2.0 Software License.
Reference(s)