VictorTzeng / paseto-dotnet

πŸ”‘ Paseto.NET, a Paseto (Platform-Agnostic Security Tokens) implementation for .NET

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Paseto.NET, a Paseto (Platform-Agnostic Security Tokens) implementation for .NET

Build status Build Status NuGet MyGet Dependabot Status Maintenance License contributions welcome

Features

v1.local v1.public v2.local v2.public
❌ βœ”οΈ βœ”οΈ βœ”οΈ

Usage

Generating keypair

string secretKey = "YJExjGFZvdbSKTeVgLUQFupOzFWfSlRm"; // The secret key must have 32 chars.
byte[] hashSeed  =  Encoding.ASCII.GetBytes(secretKey); // Convert it into byte array

byte[] privateKey = new byte[64];
byte[] publicKey =  new byte[32];

Ed25519.KeyPairFromSeed(out publicKey, out privateKey, hashSeed);

Generating private key only

//...
byte[] privateKey = Ed25519.ExpandedPrivateKeyFromSeed(hashSeed);

Generating public key only

//...
byte[] publicKey = Ed25519.PublicKeyFromSeed(hashSeed);

Building a Paseto

var token = new PasetoBuilder<Version2>()
		.WithKey(privateKey)
		.AddClaim("example", "Hello Paseto!")
		.Expiration(DateTime.UtcNow.AddHours(24))
		.AsPublic() // Purpose
		.Build();
var encoder = new PasetoEncoder(cfg => cfg.Use<Version2>(privateKey)); // default is public purpose
var token = encoder.Encode(new PasetoPayload
{
	{ "example", "Hello Paseto!" },
	{ "exp", DateTime.UtcNow.AddHours(24) }
});

Encoded Token:

v2.public.eyJleGFtcGxlIjoiSGVsbG8gUGFzZXRvISIsImV4cCI6IjIwMTgtMDQtMDdUMDU6MDQ6MDcuOTE5NjM3NVoifTuR3EYYCG12DjhIqPKiVmTkKx2ewCDrYNZHcoewiF-lpFeaFqKW3LkEgnW28UZxrBWA5wrLFCR5FP1qUlMeqQA

Decoding a Paseto

var payload = new PasetoBuilder<Version2>()
		.WithKey(publicKey)
		.AsPublic() // Purpose
		.Decode(token);
var decoder = new PasetoDecoder(cfg => cfg.Use<Version2>(publicKey)); // default is public purpose
var payload = decoder.Decode(token);

Decrypted Payload:

{
  "example": "Hello Paseto!",
  "exp": "2018-04-07T05:04:07.9196375Z"
}

Roadmap

  • Switch from Unix DateTime to ISO 8601 compliant to adhere to Paseto registered claims
  • Add support for local authentication for v2
  • Add support for local authentication for v1
  • Add support for version detection when decoding
  • Add payload validation rules
  • Improve protocol versioning
  • Add more documentation on the usage
  • Extend the fluent builder API
  • Add more tests

Cryptography

  • Uses Ed25519 algorithm from CodesInChaos Chaos.NaCl cryptography library.
  • Uses Blake2b cryptographic hash function from metadings repository.
  • Uses XChaCha20-Poly1305 AEAD from NaCl.Core repository.

About

πŸ”‘ Paseto.NET, a Paseto (Platform-Agnostic Security Tokens) implementation for .NET

License:MIT License


Languages

Language:C# 98.3%Language:Smalltalk 1.7%