Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the
many
design deficits that plague the JOSE standards.
PASETO Implementations
v3/v4 support
| Name | Language | Author | Features | ||||
|---|---|---|---|---|---|---|---|
| v3.l | v3.p | v4.l | v4.p | convert keys to/from PASERK |
|||
| go-paseto | Go | Aidan T. Woods | |||||
| vk-rv/pvx | Go | Oleg Vakarev | |||||
| nbaars/paseto4j | Java | Nanne Baars | |||||
| daviddesmet/paseto-dotnet | .NET | David De Smet | |||||
| panva/paseto | Node.js | Filip Skokan | |||||
| paragonie/paseto | PHP | Paragon Initiative Enterprises | via paserk-php | ||||
| pypaseto | Python | Ryan Littlefield | |||||
| python-paseto | Python | python-paseto | |||||
| PySETO | Python | AJITOMI Daisuke | |||||
| rusty-paseto | Rust | rodzilla | |||||
| brycx/pasetors | Rust | Johannes | |||||
| swift-paseto | Swift | Aidan T. Woods | |||||
v1/v2 support
| Name | Language | Author | Features | |||
|---|---|---|---|---|---|---|
| v1.l | v1.p | v2.l | v2.p | |||
| authenticvision/libpaseto | C | Thomas Renoth | ||||
| Ianleeclark/Paseto | Elixir | Ian Clark | ||||
| go-paseto | Go | Aidan T. Woods | ||||
| lib/paseto | Go | Shulhan | ||||
| vk-rv/pvx | Go | Oleg Vakarev | ||||
| o1egl/paseto | Go | Oleg Lobanov | ||||
| nbaars/paseto4j | Java | Nanne Baars | ||||
| atholbro/paseto | Java | Andrew Holbrook | ||||
| JPaseto | Java | Paseto Toolkit | ||||
| paseto.js | JavaScript | Samuel Judson | ||||
| peter-evans/paseto-lua | Lua | Peter Evans | ||||
| scottbrady91/IdentityModel | .NET | Scott Brady | ||||
| daviddesmet/paseto-dotnet | .NET | David De Smet | ||||
| dustinsoftware/paseto.net | .NET Standard | Dustin Software, Inc. | ||||
| panva/paseto | Node.js | Filip Skokan | ||||
| paragonie/paseto | PHP | Paragon Initiative Enterprises | ||||
| pypaseto | Python | Ryan Littlefield | ||||
| python-paseto | Python | python-paseto | ||||
| PySETO | Python | AJITOMI Daisuke | ||||
| mguymon/paseto.rb | Ruby |
Michael Guymon Frank Murphy |
||||
| rusty-paseto | Rust | rodzilla | ||||
| brycx/pasetors | Rust | Johannes | ||||
| instructure/paseto | Rust | Instructure | ||||
| swift-paseto | Swift | Aidan T. Woods | ||||
Conference Talks and Presentations
-
No Way JOSE! Designing Cryptography Features for Mere Mortals
-
DEFCON 26 – Crypto & Privacy Village —
- Slides (LibreOffice)
- Slides (PDF)
- Video (YouTube)
The past three years of vulnerability research and cryptanalysis
has not been kind to the JOSE family of Internet standards (most
commonly known as JSON Web Tokens a.k.a. JWT). This has led to many
security experts declaring boldly, “Don’t use JWT!” but has left
many developers in want of a viable alternative. Scott went a step
further and designed a safer alternative: PASETO (Platform-Agnostic
SEcurity TOkens), which is currently implemented in 10 programming
languages. -
DEFCON 26 – Crypto & Privacy Village —
Project Status
- PASETO specification
- PASETO test vectors
- Stable PASETO reference implementation
-
Usable documentation
- Protocol Definitions
- Reference Implementation User Guide
- Guide for Implementors
- Implementations in multiple programming languages and environments
This website is open source on Github.