PASETO V4
Secure-by-construction JWT alternative tokens.
Definition
PASETO v4 supports two purposes: local (symmetric authenticated encryption XChaCha20-Poly1305) and public (asymmetric signature Ed25519). Format header (version + purpose) . payload . footer. PASERK (PASETO Serialized Keys) standardizes key serialization. No algorithm choice = no algorithm confusion attack. Growing adoption since 2022.
Origin
Scott Arciszewski (Paragon Initiative Enterprises), v1 2018, v2 2019, v3 2020, v4 2021, IETF draft in progress.
Usage
Recommended JWT alternative for new projects requiring crypto best practices. Implementations Go, Rust, Python, PHP, Java, Node.js.
Related terms
- JWT — standard concurrent.
- XChaCha20-Poly1305 — ciphersuite v4.local.
- Ed25519 — signature v4.public.