Paseto.Core 1.0.7

.NET 5.0
This package has a SemVer 2.0.0 package version: 1.0.7+build.79.
NuGet\Install-Package Paseto.Core -Version 1.0.7
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
dotnet add package Paseto.Core --version 1.0.7
<PackageReference Include="Paseto.Core" Version="1.0.7" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Paseto.Core --version 1.0.7
#r "nuget: Paseto.Core, 1.0.7"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install Paseto.Core as a Cake Addin
#addin nuget:?package=Paseto.Core&version=1.0.7

// Install Paseto.Core as a Cake Tool
#tool nuget:?package=Paseto.Core&version=1.0.7

Paseto.NET, a Paseto (Platform-Agnostic Security Tokens) implementation for .NET

CI Build Status Maintenance contributions welcome

Features

PASETO protocols

purpose v1 v2 v3 v4
local
public

PASERK extension

type support
lid
local
seal
local-wrap
local-pw
sid
public
pid
secret
secret-wrap
secret-pw

Installation

NuGet

Install the Paseto.Core NuGet package from the .NET CLI using:

dotnet add package Paseto.Core

or from the NuGet package manager:

Install-Package Paseto.Core

Usage

PASETO

The library exposes a Fluent API with several method overloads found in Use(), WithKey(), AddClaim(), AddFooter() and so on to provide the flexibility needed for encoding and decoding PASETO tokens and also for generating the required symmetric or asymmetric key pairs. However, you can use the Protocols and Handlers directly if you like.

Below are a couple of examples for the most common use cases:

Generating a Symmetric Key
var pasetoKey = new PasetoBuilder().Use(version, Purpose.Local)
                                   .GenerateSymmetricKey();
Generating an Asymmetric Key Pair
var pasetoKey = new PasetoBuilder().Use(version, Purpose.Public)
                                   .GenerateAsymmetricKeyPair(seed);

NOTE: A seed is not required for protocol v1.

Generating a Token
var token = new PasetoBuilder().Use(version, purpose)
                               .WithKey(key)
                               .AddClaim("data", "this is a secret message")
                               .Issuer("https://github.com/daviddesmet/paseto-dotnet")
                               .Subject(Guid.NewGuid().ToString())
                               .Audience("https://paseto.io")
                               .NotBefore(DateTime.UtcNow.AddMinutes(5))
                               .IssuedAt(DateTime.UtcNow)
                               .Expiration(DateTime.UtcNow.AddHours(1))
                               .TokenIdentifier("123456ABCD")
                               .AddFooter("arbitrary-string-that-isn't-json")
                               .Encode();
Decoding a Token
var result = new PasetoBuilder().Use(version, purpose)
                                .WithKey(key)
                                .Decode(token);

Or validate the token's payload while decoding (the header and signature is always validated):

var valParams = new PasetoTokenValidationParameters
{
    ValidateLifetime = true,
    ValidateAudience = true,
    ValidateIssuer = true,
    ValidAudience = "https://paseto.io",
    ValidIssuer = "https://github.com/daviddesmet/paseto-dotnet"
};

var result = new PasetoBuilder().Use(version, purpose)
                                .WithKey(key)
                                .Decode(token, valParams);

PASERK

The library also provides the PASERK extension for encoding and decoding a key.

A serialized key in PASERK has the format:

k[version].[type].[data]
Encoding a Key
var paserk = Paserk.Encode(pasetoKey, purpose, type);
Decoding a Key
var key = Paserk.Decode(paserk);

Roadmap

  • Add support for remaining PASERK types and its operations.
  • Add support for version detection when decoding.
  • Add support for custom payload validation rules.
  • Improve documentation.
  • Remove dependency on JSON.NET.

Test Coverage

codecov

  • Includes the mandatory test vectors for PASETO and PASERK.

Cryptography

  • Uses Ed25519 (EdDSA over Curve25519) algorithm from CodesInChaos Chaos.NaCl cryptography library.
  • Uses Blake2b cryptographic hash function from Konscious.Security.Cryptography repository.
  • Uses AES-256-CTR, ECDSA over P-384 algorithms from Bouncy Castle cryptography library.
  • Uses XChaCha20-Poly1305 AEAD from NaCl.Core repository.

Learn More

License

Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Paseto.Core:

Package Downloads
PasetoBearer.Authentication

A simple implementation for securing the API by public PASETO access tokens.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.7 68 8/24/2022
1.0.6 16,516 5/24/2022
1.0.5 79 5/11/2022
1.0.4 2,423 4/28/2022
1.0.3 153 4/16/2022
0.7.2 22,227 7/9/2019
0.7.1 577 2/5/2019
0.7.0 2,090 11/27/2018
0.6.1 1,025 4/6/2018
0.6.0 828 3/30/2018
0.5.5 888 3/20/2018
0.5.4 722 3/19/2018
0.5.3 709 3/16/2018