Safe Haskell	Safe-Inferred
Language	Haskell2010

Crypto.Paseto.Protocol.V4

Contents

Local purpose
Public purpose

Description

Implementation of PASETO version 4 (modern Sodium cryptography).

Note that we're not actually using libsodium itself in this module but, instead, the equivalent algorithm implementations that are available in crypton.

Synopsis

v4LocalTokenHeader :: ByteString
encrypt :: SymmetricKey V4 -> Claims -> Maybe Footer -> Maybe ImplicitAssertion -> IO (Token V4 Local)
encryptPure :: ByteString -> SymmetricKey V4 -> Claims -> Maybe Footer -> Maybe ImplicitAssertion -> Token V4 Local
data DecryptionError
renderDecryptionError :: DecryptionError -> Text
decrypt :: SymmetricKey V4 -> Token V4 Local -> Maybe Footer -> Maybe ImplicitAssertion -> Either DecryptionError Claims
v4PublicTokenHeader :: ByteString
sign :: SigningKey V4 -> Claims -> Maybe Footer -> Maybe ImplicitAssertion -> Token V4 Public
data VerificationError
renderVerificationError :: VerificationError -> Text
verify :: VerificationKey V4 -> Token V4 Public -> Maybe Footer -> Maybe ImplicitAssertion -> Either VerificationError Claims

Local purpose

v4LocalTokenHeader :: ByteString Source #

encrypt Source #

Arguments

:: SymmetricKey V4	Symmetric key.
-> Claims	Claims to be encrypted.
-> Maybe Footer	Optional footer to authenticate and encode within the resulting token.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> IO (Token V4 Local)

PASETO version 4 encryption.

This is an authenticated encryption with associated data (AEAD) algorithm which combines the XChaCha20 stream cipher with the Blake2b message authentication code.

Note that this function essentially just calls encryptPure with a random 32-byte nonce generated from the operating system's CSPRNG.

encryptPure Source #

Arguments

:: ByteString	Random 32-byte nonce. It is recommended to generate this from the operating system's CSPRNG.
-> SymmetricKey V4	Symmetric key.
-> Claims	Claims to be encrypted.
-> Maybe Footer	Optional footer to authenticate and encode within the resulting token.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Token V4 Local

Pure variant of encrypt.

For typical usage, please use encrypt.

data DecryptionError Source #

PASETO version 4 decryption error.

Constructors

DecryptionInvalidFooterError	Invalid token footer.
Fields !(Maybe Footer) Expected footer. !(Maybe Footer) Actual footer.
DecryptionInvalidNonceSizeError !Int	Invalid nonce size.
DecryptionInvalidMacSizeError !Int	Invalid `Blake2b` message authentication code size.
DecryptionInvalidMacError	Invalid `Blake2b` message authenticartion code.
Fields !ByteString Expected MAC. !ByteString Actual MAC.
DecryptionClaimsDeserializationError !String	Error deserializing a decrypted collection of claims as JSON.

Instances

Instances details

Show DecryptionError Source #
Instance details Defined in Crypto.Paseto.Protocol.V4 Methods showsPrec :: Int -> DecryptionError -> ShowS # show :: DecryptionError -> String # showList :: [DecryptionError] -> ShowS #
Eq DecryptionError Source #
Instance details Defined in Crypto.Paseto.Protocol.V4 Methods (==) :: DecryptionError -> DecryptionError -> Bool # (/=) :: DecryptionError -> DecryptionError -> Bool #

renderDecryptionError :: DecryptionError -> Text Source #

Render a DecryptionError as Text.

decrypt Source #

Arguments

:: SymmetricKey V4	Symmetric key.
-> Token V4 Local	Token to decrypt.
-> Maybe Footer	Optional footer to authenticate.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Either DecryptionError Claims

PASETO version 4 decryption.

Public purpose

v4PublicTokenHeader :: ByteString Source #

sign Source #

Arguments

:: SigningKey V4	Signing key.
-> Claims	Claims to be signed.
-> Maybe Footer	Optional footer to authenticate and encode within the resulting token.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Token V4 Public

PASETO version 4 cryptographic signing.

This implementation produces a token which is signed using Ed25519.

data VerificationError Source #

PASETO version 4 signature verification error.

Constructors

VerificationInvalidFooterError	Invalid token footer.
Fields !(Maybe Footer) Expected footer. !(Maybe Footer) Actual footer.
VerificationCryptoError !CryptoError	`CryptoError` that occurred during verification.
VerificationInvalidSignatureError	Signature verification failed.
VerificationClaimsDeserializationError !String	Error deserializing a verified collection of claims as JSON.

Instances

Instances details

Show VerificationError Source #
Instance details Defined in Crypto.Paseto.Protocol.V4 Methods showsPrec :: Int -> VerificationError -> ShowS # show :: VerificationError -> String # showList :: [VerificationError] -> ShowS #
Eq VerificationError Source #
Instance details Defined in Crypto.Paseto.Protocol.V4 Methods (==) :: VerificationError -> VerificationError -> Bool # (/=) :: VerificationError -> VerificationError -> Bool #

renderVerificationError :: VerificationError -> Text Source #

Render a VerificationError as Text.

verify Source #

Arguments

:: VerificationKey V4	Verification key.
-> Token V4 Public	Token to verify.
-> Maybe Footer	Optional footer to authenticate.
-> Maybe ImplicitAssertion	Optional implicit assertion to authenticate.
-> Either VerificationError Claims

PASETO version 4 cryptographic signature verification.