Paseto is your favorite for JOSE (JWT, JWE, JWS) without any of the design flaws that plague the JOSE standard.
PASETO implementation
v3/v4 support
| Name |
Language |
Author |
Features |
v3.l |
v3.p |
v4.l
v4.p
Convert key |
ROUTE PASERK |
| |
|
|
go -pasto
| go |
Aidan T. Woods
|
|
|
|
|
|
vk-rv/pvx |
go |
Oleg · Vakarev |
|
|
|
|
|
|
|
|
|
| nbaars/paseto4j Java |
Nanny Balls |
|
|
|
|
|
daviddesmet/paseto-dotnet
| . network |
David De Smet |
|
|
|
|
|
|
|
|
|
)
panva/paseto Node.js
| |
Philip Skokane |
|
|
|
|
|
|
|
|
|
|
|
paragonie/paseto |
PHP |
Paragon Initiative Enterprises |
|
|
|
|
via paserk-php |
|
|
|
Python Ryan Littlefield |
|
|
|
|
|
|
|
|
|
|
| python-paseto |
|
Python |
python-paseto |
|
|
|
|
|
|
|
|
|
|
PySETO
|
|
|
|
Rusty
| |
Rust |
Rozra |
|
|
|
|
|
|
|
|
| brycx/pasetors |
Rust |
|
Johannes |
|
|
|
|
Fast Passetto
| Swift |
Aidan T. Trees
|
|
|
|
|
|
|
|
|
|
|
|
|
|
v1/v2 support
| Name |
language |
author |
Features |
v1.l |
v1.p |
v2.l |
v2.p |
|
true vision/libpaseto
|
C |
Thomas Reynolds |
|
|
|
|
|
|
Ian Lee Clark/Passetto Elixir
| Ian Clark |
|
|
|
|
|
go -pasto
| go |
Aidan T. Woods |
|
|
|
|
|
|
|
|
|
|
|
|
| library/paseto |
go
Shulhan
|
|
|
|
|
|
|
|
vk-rv/pvx
go |
Oleg Vakarev
|
|
|
|
|
|
)
| o1egl/paseto |
go
Oleg Lobanov
|
|
|
|
|
|
|
nbaars/paseto4j Java
Nanny Balls |
|
|
|
|
|
|
|
| atholbro/paseto |
Java |
Andrew Holbrook |
|
|
|
|
|
|
|
|
|
| JPaseto |
Java |
Passetto Kit |
|
|
|
|
|
|
|
|
|
paseto.js
| |
JavaScript |
Samuel Judson |
|
|
|
|
|
|
Peter Evans/paseto-lua
| Lua Peter Evans |
|
|
|
|
|
|
|
|
|
| scottbrady91/IdentityModel |
. network |
Scott Brady |
|
|
|
|
|
|
|
|
|
| daviddesmet/paseto-dotnet |
. network |
David Desmet |
|
|
|
|
|
|
dust software/paseto.net
|
.NET Standard
Dustin Software |
|
|
|
|
|
panva/paseto
node.js
| Philip Skokane |
|
|
|
|
|
|
|
|
|
|
paragonie/paseto PHP |
|
Model Initiative Enterprise |
|
|
|
|
|
|
|
|
|
| pypaseto |
|
Python |
Ryan Littlefield |
|
|
|
|
|
|
|
|
|
|
| Python -paseto |
Python |
|
Python Passetto
|
|
|
|
|
|
|
|
PySETO
Python |
AJITOMI Daisuke |
|
|
|
|
|
|
|
|
mguymon/paseto.rb |
Ruby |
Michael Gammon Frank Murphy |
|
|
|
|
Rusty Dough |
Rust Rozra |
|
|
|
|
|
|
|
|
brycx/pasetors rust
|
Johannes
|
|
|
|
|
|
Structure /paseto
| |
rust |
Structure |
|
|
|
|
|
|
| Quick Paste Swift |
Aidan T. Woods |
|
|
|
|
|
|
Conference presentations and presentations
Don’t even think about it! Designing cryptographic features for ordinary people DEFCON 26 – Encryption and Privacy Village – August 11, 2018 12:00 PM PDT
Slideshow (LibreOffice) Slides (PDF) Video (YouTube)
Vulnerability research and cryptanalysis over the past three years on the JOSE family of internet standards (most commonly known as JSON Web Tokens aka JWT). This has led many security experts to boldly declare: “Don’t use JWTs!” but left many developers without viable alternatives. Scott went a step further and devised a more secure alternative: PASETO (Platform Independent Security Token), currently implemented in 10 programming languages.
project status
PASETO specification PASETO test vector STABLE PASETO REFERENCE IMPLEMENTATION
Available Documents
Protocol Definition
Reference Implementation User Guide
| Implementer’s Guide |
exist Implementations in multiple programming languages and environments
This site is open source
|
on
|
|
