paseto-v4

RustCrypto based PASETO V4 implementation.

Examples

use paseto_v4::UnsignedToken;
use paseto_v4::key::{SecretKey, SealingKey};
use paseto_json::RegisteredClaims;
use std::time::Duration;

// create a new keypair
let secret_key = SecretKey::random().unwrap();
let public_key = secret_key.public_key();

// create a set of token claims
let claims = RegisteredClaims::now(Duration::from_secs(3600))
    .from_issuer("https://paseto.conrad.cafe/".to_string())
    .for_subject("conradludgate".to_string());

// create and sign a new token
let signed_token = UnsignedToken::new(claims).sign(&secret_key).unwrap();

// serialize the token.
let token = signed_token.to_string();
// "v4.public.eyJpc3MiOiJodHRwczovL3Bhc2V0by5jb25yYWQuY2FmZS8iLCJzdWIiOiJjb25yYWRsdWRnYXRlIiwiYXVkIjpudWxsLCJleHAiOiIyMDI1LTA5LTIwVDEyOjAxOjEzLjcyMjQ3OVoiLCJuYmYiOiIyMDI1LTA5LTIwVDExOjAxOjEzLjcyMjQ3OVoiLCJpYXQiOiIyMDI1LTA5LTIwVDExOjAxOjEzLjcyMjQ3OVoiLCJqdGkiOm51bGx9N7O1CAXQpQ3rpxhq6xFZt32z27VSL8suiek38-5W4LRGr1tDmKcP0_xrlp5-kdE6o7B_K8KU-6Fwmu0hzrkiDQ"

// serialize the public key.
let key = public_key.to_string();
// "k4.public.xRPdFzRvXY-H-6L3S2I3_TmdMKu6XwLKLSR10lZ-yfk"

use paseto_v4::SignedToken;
use paseto_v4::key::PublicKey;
use paseto_json::{RegisteredClaims, Time, HasExpiry, FromIssuer, ForSubject, Validate};

// parse the token
let signed_token: SignedToken<RegisteredClaims> = token.parse().unwrap();

// parse the key
let public_key: PublicKey = key.parse().unwrap();

// verify the token signature and validate the claims.
let validation = Time::valid_now()
    .and_then(HasExpiry)
    .and_then(FromIssuer("https://paseto.conrad.cafe/"))
    .and_then(ForSubject("conradludgate"));
let verified_token = signed_token.verify(&public_key, &validation).unwrap();