Bind Keys to Purpose

Lines 286 to 288 in 618da17

    
           if (!(key.protocol() instanceof V2)) { 
        
             return done(new InvalidVersionError('The given key is not intended for this version of PASETO.')); 
        
           }

You're correctly asserting that a PASETO key is only used for a given version, but from our understanding of this code, it's possible to use a public key as a local key.

The easiest thing to do would be to also check the key object's "purpose" (or type) at runtime.

The updated guidance can be found here: https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md

Will review and (hopefully) merge shortly.

	if (!(key.protocol() instanceof V2)) {
	return done(new InvalidVersionError('The given key is not intended for this version of PASETO.'));
	}