PASETO

PASETO Implementations

v3/v4 support

Name

Language

Author

Features

v3.l

v3.p

v4.l

v4.p

convert keys
to/from PASERK

go-paseto

Aidan T. Woods

vk-rv/pvx

Oleg Vakarev

paseto-haskell

Haskell

intricate

nbaars/paseto4j

Java

Nanne Baars

daviddesmet/paseto-dotnet

.NET

David De Smet

panva/paseto

Node.js

Filip Skokan

paragonie/paseto

PHP

Paragon Initiative Enterprises

via paserk-php

pypaseto

Python

Ryan Littlefield

PySETO

Python

AJITOMI Daisuke

python-paseto

Python

python-paseto

bannable/paseto

Ruby

Joe Truba

brycx/pasetors

Rust

Johannes

rusty-paseto

Rust

rodzilla

swift-paseto

Swift

Aidan T. Woods

paseto-ts

TypeScript

auth70

v1/v2 support

Name	Language	Author	Features
Name	Language	Author	v1.l	v1.p	v2.l	v2.p
authenticvision/libpaseto	C	Thomas Renoth
Ianleeclark/Paseto	Elixir	Ian Clark
go-paseto	Go	Aidan T. Woods
lib/paseto	Go	Shulhan
vk-rv/pvx	Go	Oleg Vakarev
o1egl/paseto	Go	Oleg Lobanov
JPaseto	Java	Paseto Toolkit
atholbro/paseto	Java	Andrew Holbrook
nbaars/paseto4j	Java	Nanne Baars
paseto.js	JavaScript	Samuel Judson
peter-evans/paseto-lua	Lua	Peter Evans
scottbrady91/IdentityModel	.NET	Scott Brady
daviddesmet/paseto-dotnet	.NET	David De Smet
dustinsoftware/paseto.net	.NET Standard	Dustin Software, Inc.
panva/paseto	Node.js	Filip Skokan
paragonie/paseto	PHP	Paragon Initiative Enterprises
pypaseto	Python	Ryan Littlefield
PySETO	Python	AJITOMI Daisuke
python-paseto	Python	python-paseto
mguymon/paseto.rb	Ruby	Michael Guymon Frank Murphy
brycx/pasetors	Rust	Johannes
rusty-paseto	Rust	rodzilla
instructure/paseto	Rust	Instructure
swift-paseto	Swift	Aidan T. Woods

Conference Talks and Presentations

No Way JOSE! Designing Cryptography Features for Mere Mortals

DEFCON 26 - Crypto & Privacy Village — August 11, 2018 at 12:00 PM PDT
Slides (LibreOffice)
Slides (PDF)
Video (YouTube)

The past three years of vulnerability research and cryptanalysis has not been kind to the JOSE family of Internet standards (most commonly known as JSON Web Tokens a.k.a. JWT). This has led to many security experts declaring boldly, "Don't use JWT!" but has left many developers in want of a viable alternative. Scott went a step further and designed a safer alternative: PASETO (Platform-Agnostic SEcurity TOkens), which is currently implemented in 10 programming languages.

Project Status

This website is open source on Github.