python-paseto

Platform-Agnostic Security Tokens for Python

Installation

pip install python-paseto

Check installation

python -m paseto

libsodium is required, this will check if it is installed on your system. On Ubuntu 20.04 you can get it with sudo apt install libsodium23.

Low level API

Implements PASETO Version2 and Version4 protocols supporting v2.public, v2.local, v4.public and v4.local messages. Every protocol version provides access to encrypt() / decrypt() and sign() / verify() functions.

Low level API is focuses on solid, high quality, production ready primitives as specified directly in the PASETO protocol. See paseto-spec for protocol details.

Example use with Version2

from paseto.protocol.version2 import encrypt, decrypt

message = b"foo"  # your data
key = b"0" * 32  # encryption key

token = encrypt(message, key)
plain_text = decrypt(token, key)

assert plain_text == message
print(f"token={token}")
print(f"plain_text={plain_text}")
print(f"message={message}")

With optional footer

from paseto.protocol.version2 import encrypt, decrypt

message = b"foo"  # your data
key = b"0" * 32  # encryption key
optional_footer = b"sample_footer"  # authenticated but not encrypted metadata

token = encrypt(message, key, optional_footer)
plain_text = decrypt(token, key, optional_footer)

assert plain_text == message
print(f"token={token}")
print(f"plain_text={plain_text}")
print(f"message={message}")

Example use with Version4

from paseto.protocol.version4 import create_symmetric_key, decrypt, encrypt

message = b"this is a secret message"  # your data
key = create_symmetric_key()  # encryption key

token = encrypt(message, key)
plain_text = decrypt(token, key)

assert plain_text == message
print(f"token={token}")
print(f"plain_text={plain_text}")
print(f"message={message}")

Message signing

from paseto.protocol.version4 import create_asymmetric_key, sign, verify

message = b"this is a public message"  # your data
public_key, secret_key = create_asymmetric_key()  # signing / verifying keys

token = sign(message, secret_key)
verified_message = verify(token, public_key)

assert verified_message == message
print(f"token={token}")
print(f"verified_message={verified_message}")
print(f"message={message}")

High level API

In the future a high level API will provide developer friendly access to low level API and support easy integration into other projects.

Development

Typical dev workflow operations are automated in Makefile, including testing, linting, code quality checks, benchmarks and dev environment setup.

Contributing

This library is under active development and maintenance. For any feedback, questions, comments or if you would like to request a feature, please raise an issue!