Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.
See Also
JWT Signing AlgorithmsPASETO Implementations
v3/v4 support
| Name | Language | Author | Features | ||||
|---|---|---|---|---|---|---|---|
| v3.l | v3.p | v4.l | v4.p | convert keys to/from PASERK | |||
| go-paseto | Go | Aidan T. Woods | |||||
| vk-rv/pvx | Go | Oleg Vakarev | |||||
| nbaars/paseto4j | Java | Nanne Baars | |||||
| daviddesmet/paseto-dotnet | .NET | David De Smet | |||||
| panva/paseto | Node.js | Filip Skokan | |||||
| paragonie/paseto | PHP | Paragon Initiative Enterprises | via paserk-php | ||||
| PySETO | Python | AJITOMI Daisuke | |||||
| pypaseto | Python | Ryan Littlefield | |||||
| python-paseto | Python | python-paseto | |||||
| bannable/paseto | Ruby | Joe Truba | |||||
| rusty-paseto | Rust | rodzilla | |||||
| brycx/pasetors | Rust | Johannes | |||||
| swift-paseto | Swift | Aidan T. Woods | |||||
v1/v2 support
| Name | Language | Author | Features | |||
|---|---|---|---|---|---|---|
| v1.l | v1.p | v2.l | v2.p | |||
| authenticvision/libpaseto | C | Thomas Renoth | ||||
| Ianleeclark/Paseto | Elixir | Ian Clark | ||||
| o1egl/paseto | Go | Oleg Lobanov | ||||
| go-paseto | Go | Aidan T. Woods | ||||
| lib/paseto | Go | Shulhan | ||||
| vk-rv/pvx | Go | Oleg Vakarev | ||||
| JPaseto | Java | Paseto Toolkit | ||||
| nbaars/paseto4j | Java | Nanne Baars | ||||
| atholbro/paseto | Java | Andrew Holbrook | ||||
| paseto.js | JavaScript | Samuel Judson | ||||
| peter-evans/paseto-lua | Lua | Peter Evans | ||||
| daviddesmet/paseto-dotnet | .NET | David De Smet | ||||
| scottbrady91/IdentityModel | .NET | Scott Brady | ||||
| dustinsoftware/paseto.net | .NET Standard | Dustin Software, Inc. | ||||
| panva/paseto | Node.js | Filip Skokan | ||||
| paragonie/paseto | PHP | Paragon Initiative Enterprises | ||||
| PySETO | Python | AJITOMI Daisuke | ||||
| pypaseto | Python | Ryan Littlefield | ||||
| python-paseto | Python | python-paseto | ||||
| mguymon/paseto.rb | Ruby | Michael Guymon Frank Murphy | ||||
| rusty-paseto | Rust | rodzilla | ||||
| brycx/pasetors | Rust | Johannes | ||||
| instructure/paseto | Rust | Instructure | ||||
| swift-paseto | Swift | Aidan T. Woods | ||||
Conference Talks and Presentations
- No Way JOSE! Designing Cryptography Features for Mere Mortals
- DEFCON 26 - Crypto & Privacy Village —
- Slides (LibreOffice)
- Slides (PDF)
- Video (YouTube)
The past three years of vulnerability research and cryptanalysis has not been kind to the JOSE family of Internet standards (most commonly known as JSON Web Tokens a.k.a. JWT). This has led to many security experts declaring boldly, "Don't use JWT!" but has left many developers in want of a viable alternative. Scott went a step further and designed a safer alternative: PASETO (Platform-Agnostic SEcurity TOkens), which is currently implemented in 10 programming languages.
Project Status
- PASETO specification
- PASETO test vectors
- Stable PASETO reference implementation
- Usable documentation
- Implementations in multiple programming languages and environments
This website is open source on Github.
