Bind Keys to Purpose

[paragonie-security]

libpaseto/src/paseto_v2_local.c

Line 137 in e8bc52e

const uint8_t key[paseto_v2_LOCAL_KEYBYTES],

libpaseto/src/paseto_v2_public.c

Line 127 in e8bc52e

const uint8_t key[paseto_v2_LOCAL_KEYBYTES],

See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md

Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.

It may also be a good idea to bind keys to a version, in case you want to support v4 tokens too.

[minus7]

Ack, although I don't have time to work on this at the moment. Patches welcome.

The simplest implementation would probably be a struct type per key type (local/public/secret) that includes the version or even a type per version. Key loaders can then also implement PASERK formats linked in the guide and do away with the pretty arbitrary formats used now.

Changing this will break the API and thus be something for a 2.0 release.

[paragonie-security]

Thanks for your timely response. We'll look into sending a PR (the code delta between V2 and V4 isn't significant with libsodium).

[paragonie-security]

We drafted a PR in #8 that should solve this issue.

If accepted, we intend to follow-up with a PASETO V4 implementation soon after.