paseto v1.5.0

Paseto.V2 (paseto v1.5.0)

The Version2 implementation of the Paseto protocol.

More information about the implementation can be found here: 1.) https://github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Version2.md

In short, asymmetric encryption is handled by Ed25519, whereas symmetric encryption is handled by xchachapoly1305 Libsodium bindings are used for these crypto functions.

Link to this section Summary

Functions

decrypt(data, key, footer \\ "")

Handles decrypting a token payload given the correct key.

encrypt(data, key, footer \\ "", n \\ nil)

Handles encrypting the payload and returning a valid token

from_token(token)

Callback implementation for c:Paseto.VersionBehaviour.from_token/1.

peek(token)

Allows looking at the claims without having verified them.

sign(data, secret_key, footer \\ "")

Handles signing the token for public use.

verify(signed_message, public_key, footer \\ "")

Handles verifying the signature belongs to the provided key.

Link to this section Functions

Link to this function

decrypt(data, key, footer \\ "")

@spec decrypt(String.t(), String.t(), String.t() | nil) ::
  {:ok, String.t()} | {:error, String.t()}

Handles decrypting a token payload given the correct key.

Examples:

iex> key = <<56, 165, 237, 250, 173, 90, 82, 73, 227, 45, 166, 36, 121, 213, 122, 227, 188, 168, 248, 190, 39, 11, 243, 40, 236, 206, 123, 237, 189, 43, 220, 66>>
iex> Paseto.V2.decrypt("AUfxx2uuiOXEXnYlMCzesBUohpewQTQQURBonherEWHcRgnaJfMfZXCt96hciML5PN9ozels1bnPidmFvVc", key)
{:ok, "This is a test message"}
Link to this function

encrypt(data, key, footer \\ "", n \\ nil)

@spec encrypt(String.t(), String.t(), String.t(), binary() | nil) ::
  String.t() | {:error, String.t()}

Handles encrypting the payload and returning a valid token

Examples:

iex> key = <<56, 165, 237, 250, 173, 90, 82, 73, 227, 45, 166, 36, 121, 213, 122, 227, 188, 168, 248, 190, 39, 11, 243, 40, 236, 206, 123, 237, 189, 43, 220, 66>>
iex> Paseto.V2.encrypt("This is a test message", key)
"v2.local.voHwaLKK64eSfnCGoJuxJvoyncIpDrg2AkFbRTBeOOBdytn8XoRtl_sRORjlGdTvPageE38TR7dVlv5wxw0"
Link to this function

from_token(token)

@spec from_token(Paseto.Token.t()) :: %Paseto.V2{
  footer: term(),
  payload: term(),
  purpose: term(),
  version: term()
}

Callback implementation for c:Paseto.VersionBehaviour.from_token/1.

Link to this function

peek(token)

@spec peek(token :: String.t()) :: String.t()

Allows looking at the claims without having verified them.

Link to this function

sign(data, secret_key, footer \\ "")

@spec sign(String.t(), String.t(), String.t()) :: String.t() | {:error, String.t()}

Handles signing the token for public use.

Examples:

iex> {:ok, pk, sk} = Salty.Sign.Ed25519.keypair()
iex> Paseto.V2.sign("Test Message", sk)
"v2.public.VGVzdAJxQsXSrgYBkcwiOnWamiattqhhhNN_1jsY-LR_YbsoYpZ18-ogVSxWv7d8DlqzLSz9csqNtSzDk4y0JV5xaAE"
Link to this function

verify(signed_message, public_key, footer \\ "")

@spec verify(String.t(), [binary()], String.t() | nil) ::
  {:ok, binary()} | {:error, String.t()}

Handles verifying the signature belongs to the provided key.

Examples:

iex> {:ok, pk, sk} = Salty.Sign.Ed25519.keypair()
iex> Paseto.V2.sign("Test Message", sk)
"v2.public.VGVzdAJxQsXSrgYBkcwiOnWamiattqhhhNN_1jsY-LR_YbsoYpZ18-ogVSxWv7d8DlqzLSz9csqNtSzDk4y0JV5xaAE"
iex> Paseto.V2.verify("VGVzdAJxQsXSrgYBkcwiOnWamiattqhhhNN_1jsY-LR_YbsoYpZ18-ogVSxWv7d8DlqzLSz9csqNtSzDk4y0JV5xaAE", pk)
"{:ok, "Test"}"