A PASETO (Platform-Agnostic SEcurity TOkens) library for zig.
- Zig >= 0.16.0-dev.164+bc7955306.
PASETO (Platform-Agnostic SEcurity TOkens) is a specification and reference implementation for secure stateless tokens.
Unlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to hang themselves, PASETO only allows secure operations. JWT gives you "algorithm agility", PASETO gives you "versioned protocols". It's incredibly unlikely that you'll be able to use PASETO in an insecure way.
Add the dependency to your project:
zig fetch --save=zig-paseto git+https://github.com/deatil/zig-paseto#mainor use local path to add dependency at build.zig.zon file
.{
.dependencies = .{
.@"zig-paseto" = .{
.path = "./lib/zig-paseto",
},
...
}
}And the following to your build.zig file:
const zig_paseto_dep = b.dependency("zig-paseto", .{});
exe.root_module.addImport("zig-paseto", zig_paseto_dep.module("zig-paseto"));The zig-paseto structure can be imported in your application with:
const paseto = @import("zig-paseto");const std = @import("std");
const crypto = std.crypto;
const paseto = @import("zig-paseto");
pub fn main() !void {
const alloc = std.heap.page_allocator;
const key = "707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f";
var buf: [32]u8 = undefined;
const k = try std.fmt.hexToBytes(&buf, key);
const m = "{\"data\":\"this is a signed message\",\"exp\":\"2022-01-01T00:00:00+00:00\"}";
const f = "{\"kid\":\"zVhMiPBP9fRf2snEcT7gFTioeA9COcNy9DfgL1W60haN\"}";
const i = "{\"test-vector\":\"4-S-3\"}";
var e = paseto.V4Local.init(alloc);
defer e.deinit();
try e.withMessage(m);
try e.withFooter(f);
try e.withImplicit(i);
const token = try e.encode(crypto.random, k);
defer alloc.free(token);
// output:
// make paseto token: v4.local.G-ToOUO6A-LGTVrBKiVn7najk-XOBR2a4olurkkWrLgM9sKOf6tNlMpKbSZpI70E5MzgdnWq6yplehnR2VeLR4VTmGMZYDI0VMotPJpKJeBuS7xDoCsm8z_5wA9af2ZtTfrlMY5ErELyiqx5pqdVAzSBP9ZM6-Qxo4oHTnWAqjENeOHdYA.eyJraWQiOiJ6VmhNaVBCUDlmUmYyc25FY1Q3Z0ZUaW9lQTlDT2NOeTlEZmdMMVc2MGhhTiJ9
std.debug.print("make paseto token: {s} \n", .{token});
// ====================
// parse token
var p = paseto.V4Local.init(alloc);
defer p.deinit();
try p.withImplicit(i);
try p.decode(token, k);
// output:
// message: this is a signed message
const message = try p.getMessage();
defer message.deinit();
std.debug.print("message: {s} \n", .{message.value.object.get("data").?.string});
}The PASETO library have encode methods:
-
v1.local: paseto.V1Local -
v1.public: paseto.V1Public -
v2.local: paseto.V2Local -
v2.public: paseto.V2Public -
v3.local: paseto.V3Local -
v3.public: paseto.V3Public -
v4.local: paseto.V4Local -
v4.public: paseto.V4Public
- The library LICENSE is
Apache2, using the library need keep the LICENSE.
- Copyright deatil(https://github.com/deatil).