A Python implementation of PASETO (Platfrom-Agnostic Security Tokens).
Project description
PySETO - A Python implementation of PASETO
PySETO is a PASETO (Platform-Agnostic SEcurity TOkens) implementation written in Python which supports all of the versions and purposes below.
- Version 1: NIST Compatibility
- ✅ Local: Symmetric Authenticated Encryption
- AES-256-CTR + HMAC-SHA384 (Encrypt-then-MAC).
- ✅ Public: Asymmetric Authentication (Public-Key Signatures)
- RSASSA-PSS with 2048-bit key, SHA384 hashing and MGF1+SHA384.
- ✅ Local: Symmetric Authenticated Encryption
- Version 2: Sodium Original
- ✅ Local: Symmetric Authenticated Encryption
- XChaCha20-Poly1305 (192-bit nonce, 256-bit key, 128-bit authentication tag).
- ✅ Public: Asymmetric Authentication (Public-Key Signatures)
- EdDSA over Curve25519.
- ✅ Local: Symmetric Authenticated Encryption
- Version 3: NIST Modern
- ✅ Local: Symmetric Authenticated Encryption
- AES-256-CTR + HMAC-SHA384 (Encrypt-then-MAC).
- ✅ Public: Asymmetric Authentication (Public-Key Signatures)
- ECDSA over NIST P-384, with SHA-384, using RFC 6979 deterministic k-values.
- ✅ Local: Symmetric Authenticated Encryption
- Version 4: Sodium Modern
- ✅ Local: Symmetric Authenticated Encryption
- XChaCha20 + BLAKE2b-MAC (Encrypt-then-MAC).
- ✅ Public: Asymmetric Authentication (Public-Key Signatures)
- EdDSA over Curve25519.
- ✅ Local: Symmetric Authenticated Encryption
See Document for details.
Installation
You can install PySETO with pip:
$ pip install pyseto
Usage
You can use it as follows:
v4.public
import pyseto
from pyseto import Key
secret_key_pem = b"-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEILTL+0PfTOIQcn2VPkpxMwf6Gbt9n4UEFDjZ4RuUKjd0\n-----END PRIVATE KEY-----"
public_key_pem = b"-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAHrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI=\n-----END PUBLIC KEY-----"
secret_key = Key.new(version=4, type="public", key=secret_key_pem)
token = pyseto.encode(secret_key, b'{"data": "this is a signed message", "exp": "2022-01-01T00:00:00+00:00"}')
public_key = Key.new(version=4, type="public", key=public_key_pem)
decoded = pyseto.decode(public_key, token)
assert token == b'v4.public.eyJkYXRhIjogInRoaXMgaXMgYSBzaWduZWQgbWVzc2FnZSIsICJleHAiOiAiMjAyMi0wMS0wMVQwMDowMDowMCswMDowMCJ9l1YiKei2FESvHBSGPkn70eFO1hv3tXH0jph1IfZyEfgm3t1DjkYqD5r4aHWZm1eZs_3_bZ9pBQlZGp0DPSdzDg'
assert decoded.payload == b'{"data": "this is a signed message", "exp": "2022-01-01T00:00:00+00:00"}'
v4.local
import pyseto
from pyseto import Key
key = Key.new(version=4, type="local", key=b"our-secret")
token = pyseto.encode(key, b'{"data": "this is a signed message", "exp": "2022-01-01T00:00:00+00:00"}')
decoded = pyseto.decode(key, token)
assert decoded.payload == b'{"data": "this is a signed message", "exp": "2022-01-01T00:00:00+00:00"}'
API Reference
See Document.
Tests
You can run tests from the project root after cloning with:
$ tox
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyseto-0.6.1.tar.gz
(38.0 kB
view hashes)
Built Distribution
pyseto-0.6.1-py3-none-any.whl
(15.8 kB
view hashes)
