Skip to content

atomfinger/gaseto

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
doc
doc
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
gleam.toml
gleam.toml
 
 
manifest.toml
manifest.toml
 
 

Repository files navigation

gaseto

Package Version Hex Docs

gaseto is a Gleam implementation of PASETO (Platform-Agnostic SEcurity TOkens).

PASETO is a specification for secure stateless tokens. Unlike JWT, which gives developers too many choices, PASETO specifies a small number of cryptographic suites to use.

Note: This library targets the Erlang runtime only. JavaScript is not supported.

🚧 This project is in construction. Not production ready 🚧

Features

  • PASETO V3 (recommended)
    • v3.local: Symmetric authenticated encryption using AES-256-CTR and HMAC-SHA-384, with HKDF-SHA-384 key derivation.
    • v3.public: Asymmetric authentication using ECDSA with P-384 and SHA-384.
  • PASETO V1 (deprecated — the PASETO standard itself has deprecated V1 in favour of V3)
    • v1.local: Symmetric authenticated encryption using AES-256-CTR and HMAC-SHA-384.
    • v1.public: Asymmetric authentication using RSA-PSS with SHA-384.

Installation

gleam add gaseto

Usage

Here's an example of how to create and verify a v3.local PASETO token:

import gleam/option.{None}
import gaseto.{LocalKey}
import gaseto/token

pub fn main() {
  let key = LocalKey("707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f")
  let payload = "{\"data\":\"this is a signed message\",\"exp\":\"2019-01-01T00:00:00+00:00\"}"

  let assert Ok(encrypted_token) = gaseto.encrypt(payload, key, token.PasetoV3, None)
  let token_string = gaseto.to_string(encrypted_token)
  let assert Ok(decrypted_token) = gaseto.decrypt(token_string, key)

  let assert True = decrypted_token.payload == payload
}

For v3.public, use a KeyPair:

import gleam/option.{None}
import gaseto.{KeyPair}
import gaseto/token

pub fn main() {
  let key = KeyPair(
    secret_key: "...",  // 48-byte P-384 private scalar, hex-encoded
    public_key: "...",  // 49-byte compressed P-384 point, hex-encoded
  )
  let payload = "{\"data\":\"hello\",\"exp\":\"2025-01-01T00:00:00+00:00\"}"

  let assert Ok(signed_token) = gaseto.encrypt(payload, key, token.PasetoV3, None)
  let token_string = gaseto.to_string(signed_token)
  let assert Ok(verified) = gaseto.decrypt(token_string, key)

  let assert True = verified.payload == payload
}

Further documentation can be found at https://hexdocs.pm/gaseto.

Development

gleam test  # Run the tests

About

A gleam implementation of the PASETO standard

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages