Support local/public/secret PASERK types

Question

Support local/public/secret PASERK types

not-my-profile opened this issue 3 years ago · 7 comments

In order to use Paseto for my application I need cross-language interoperability. However the only two Paseto v4 implementations for Python enforce Algorithm Lucidity, meaning they currently cannot be easily used in conjunction with pasetors, since it doesn't support Paserk.

So it would be great if pasetors could support importing/exporting keys from/to Paserk :)

Answer 1 · 2021-10-18T14:04:38.000Z

Thanks for this suggestion @not-my-profile.

PASERK does indeed sound like a good idea. I'll investigate this some more, since it seems this'll require more logic for footer-handling, additional cryptographic primitives, etc. What I mean is, it will not be trivial to support.

Answer 2 · 2021-10-18T14:09:50.000Z

You're welcome :)

I opened this issue specifically for the local and public PASERK types, which as far as I understand, shouldn't require additional cryptographic primitives. So to achieve key interoperability with other libraries this subset of PASERK should suffice.

Answer 3 · 2021-10-18T14:14:18.000Z

Could you clarify exactly which PASERK types you are referring to, from this matrix: https://github.com/paseto-standard/paserk#paserk

Am I correct in guessing it's: local, public and secret. The three types marked as unsafe to be put in the PASETO footer?

Answer 4 · 2021-10-18T14:16:49.000Z

Yes, exactly :)

Answer 5 · 2021-10-18T14:25:00.000Z

Alright.

So essentially additions to SymmetricKey, AsymmetricSecretKey and AsymmetricPublicKey, that enable each type to be created from a PASERK string and be converted back, would solve your use-case?

Answer 6 · 2021-10-18T14:25:40.000Z

Yes, exactly :)

Answer 7 · 2021-10-18T14:27:50.000Z

Okay, this is a much smaller scope than I initially feared. We can have this implemented.