Paseto vs JWT

August 10, 2024 (4mo ago)

Tokens are useful and widely used for transmitting information between parties on the web. They can be sent in the HTTP headers, query parameters (being URL-safe), some times even in cookies (if token is compact and does not exceed the size limit of cookies) and in the body of the request. The recieving party can then verify the token and extract the information from it. There are various types of algrothims used to sign the tokens. They are divid

  1. Symmetric key algrothims
  2. Asymmetric key algrothims

In symmetric key algrothims, the sending party signs the token using a secret key and the recieving party verifies the token using the same secret key. In asymmetric key algrothims, one uses a pair of keys (secret key and public key), the sending party signs the token using a secret key and the recieving party verifies the token using the public key. The public key can be shared with anyone and the secret key is kept secret, anyone with the public key can verify and extract the data from the token but only the party with the secret key can sign the token.

Symmetric key algrothims are faster than asymmetric key algrothims but the later is more secure as secret key is not shared with anyone. in the case of symmetric key algrothims, the secret key is shared with the recieving party and if the secret key is compromised, the attacker can sign the token and impersonate the sender.

Currently, the popular token formats are:

JSON Web Tokens (JWT)

These are signed tokens using various algrothims containing a payload of JSON data. These type of tokens are widely used in the industry being URL-safe, compact and different libraries availiable in different languages. A JWT token is made up of three components: the header, payload, and signature, which are separated by dots and are always placed in same order. The details of the algorithm used to sign the token are contained in the header. The data is contained in the payload, and the last part of token is signature for verification purpose of token. The header and payload of the token are base64 encoded and the signature is created by combining the header and payload, signing it with the secret key and then base64 encoding the result. Anyone with/without secreat key can read the data in the payload and header infromaation using a base64 decoder but without the signature, the server cannot verify the token. It is important to note that sensitive information should not be stored in the payload as it can be read by anyone. Consider this example of a JWT token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjE3MDcwMjY0ODYzNjUtNTViNDI0YjRiYTQ0MmE1ZjdhMzAiLCJpYXQiOjE3MjI5Mzk0MTYsImV4cCI6MTcyMzU0NDIxNn0.GBVKuH-JJwFRb434J3PlxQo4R4c_LcpHFeW-H6-ygfA

The above token is made up of three parts:

  1. Header: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
  2. Payload:
eyJpZCI6IjE3MDcwMjY0ODYzNjUtNTViNDI0YjRiYTQ0MmE1ZjdhMzAiLCJpYXQiOjE3MjI5Mzk0MTYsImV4cCI6MTcyMzU0NDIxNn0
  1. Signature: GBVKuH-JJwFRb434J3PlxQo4R4c_LcpHFeW-H6-ygfA

Use any base64 decoder to decode the header and payload information.

Decoded header:

{
  "alg": "HS256",
  "typ": "JWT"
}

Decoded payload:

{
  "id": "1707026486365-55b424b4ba442a5f7a30",
  "iat": 1722939416,
  "exp": 1723544216
}

You can find that this JWT token is signed using HS256 algrothim from the decoded header and from the decoded payload, this token contains the actual payload id information, and two other autogenerated (by JWT library) timestamps iat and exp information. The iat is the timestamp when the token was issued and exp is the timestamp when the token will expire (server will reject the signature of this token after this expiration time).

Paseto

Paseto stands for Platform-Agnostic Security Tokens. These tokens are similar to JWT tokens but are more secure and easier to use. Paseto automatically uses the best available modern cryptographic algrothim for signing the token and avoids any older vulnerable algrothims. Paseto tokens uses the versions like (v1, v2, v3, v4 etc.) to indicate the version of the token and the algrothim used to sign the token. These tokens are of the following format: version.purpose.payload or version.purpose.payload.footer where the footer is optional and can be used to store additional information.

There are two types/purpose of Paseto tokens.

  1. Local paseto tokens

These tokens uses the symmetric key algrothim. One generates a local secret key and uses it to encrypt the payload and the same key is used to decrypt the payload.

a local paseto token looks like this:

v2.local.nKuH0Mz001gSPsKMIgUf7qtjnYB_FkG3q3RwwRG0tFZakkNvpBl3_v9XzUrFvxMK5PKz75-XMhctZ4PwqSo8C--ix863rOWAIEgGELS6JLzUUQh7eIVcuxeEQYfOQdwMwmI0q919gVaS0XZsUyO_EQMA2kXmZMqyED-151WjLDWNtNNAh-b_E1JzuowDkB0nwoa_zQf--zcUauUWdw.eyJraWQiOiJ0b2tlbi1kZXYtMTIzIn0

v2.local denotes the version and purpose/type of token.

Try decoding the payload of the above token using any base64 decoder.

The decoded footer of the above token is:

{
  "kid": "token-dev-123"
}
  1. Public paseto tokens

These tokens uses the asymmetric key algrothim. One generates a pair of keys (secet key and public key).

a public paseto token looks like this:

v4.public.eyJpZCI6Imx6a3ZzdW9xLWM1Njk1Y2YyZGVlMTQ2NjY4MTIyMGFlY2JkNDZiNzc5IiwiaWF0IjoiMjAyNC0wOC0wOVQxMzoyNDoxOC45NTFaIiwiZXhwIjoiMjAyNC0wOC0xNlQxMzoyNDoxOC45NTFaIn2Et3m5wjMwfWmBuH9II6qtvtHu45ZwlbygBOeo0Vyac7ZEw09Cxaec8ivLu5mKktsORJwQVBA0GYBAXAUEwjYM

If you decode the above token using base64 decoder then you will get the payload information like:

{"id":"lzkvsuoq-c5695cf2dee1466681220aecbd46b779","iat":"2024-08-09T13:24:18.951Z","exp":"2024-08-16T13:24:18.951Z"}y30}iH#p\sDOBŧ+˻DT4@\6

Similiar to JWT, here in decoded token contains the payload information and a signature at the end of the decoded token. The signature is directly embedded at the end of payload and not seperated unlike JWT. Also, the algrothim used here is not clear as same can be found in decoded JWT header.

Conclusion

Both JWT and Paseto tokens are used for the similiar purposes. JWT are more popular and gives the freedom to choose the algrothim to sign the tokens but Paseto, with its focus on security, automatically uses the best available modern cryptographic algrothim for signing the token. Paseto tokens are more secure and easier to use than JWT tokens. Paseto tokens are recommended to use over JWT tokens for better security. While JWT are still widely used and are available in multiple libraries, Paseto tokens are gaining popularity due to their security features. Choice of tokens depends on the use case and the security requirements of the application.