{"id":15567343,"url":"https://github.com/dajiaji/pyseto","last_synced_at":"2025-05-16T18:06:03.023Z","repository":{"id":37049167,"uuid":"403210638","full_name":"dajiaji/pyseto","owner":"dajiaji","description":"A Python implementation of PASETO and PASERK.","archived":false,"fork":false,"pushed_at":"2025-04-01T22:08:12.000Z","size":1411,"stargazers_count":81,"open_issues_count":5,"forks_count":9,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-04T15:05:55.498Z","etag":null,"topics":["cryptography","encryption","paserk","paseto","python","security","signature","token"],"latest_commit_sha":null,"homepage":"https://pyseto.readthedocs.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dajiaji.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.rst","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-05T04:01:35.000Z","updated_at":"2025-04-01T22:08:09.000Z","dependencies_parsed_at":"2023-11-19T07:26:54.292Z","dependency_job_id":"aeb547a6-3b6e-4764-b43f-9f273c3a1365","html_url":"https://github.com/dajiaji/pyseto","commit_stats":{"total_commits":528,"total_committers":8,"mean_commits":66.0,"dds":0.553030303030303,"last_synced_commit":"04af05b84d34d72bd96c351f7b5598c9d5856e62"},"previous_names":[],"tags_count":45,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fpyseto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fpyseto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fpyseto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dajiaji%2Fpyseto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dajiaji","download_url":"https://codeload.github.com/dajiaji/pyseto/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248597584,"owners_count":21130900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","encryption","paserk","paseto","python","security","signature","token"],"created_at":"2024-10-02T17:10:46.220Z","updated_at":"2025-04-12T16:37:16.771Z","avatar_url":"https://github.com/dajiaji.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PySETO - A Python implementation of PASETO/PASERK\n\n[![PyPI version](https://badge.fury.io/py/pyseto.svg)](https://badge.fury.io/py/pyseto)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/pyseto)\n[![Documentation Status](https://readthedocs.org/projects/pyseto/badge/?version=latest)](https://pyseto.readthedocs.io/en/latest/?badge=latest)\n![Github CI](https://github.com/dajiaji/pyseto/actions/workflows/ci.yml/badge.svg)\n[![codecov](https://codecov.io/gh/dajiaji/pyseto/branch/main/graph/badge.svg?token=QN8GXEYEP3)](https://codecov.io/gh/dajiaji/pyseto)\n\n\nPySETO is a [PASETO (Platform-Agnostic SEcurity TOkens)](https://paseto.io/)/[PASERK (Platform-Agnostic Serialized Keys)](https://github.com/paseto-standard/paserk) implementation written in Python\nwhich supports all of the versions ([v1](https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version1.md),\n[v2](https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version2.md),\n[v3](https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version3.md) and\n[v4](https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version4.md)) and purposes (`public` and `local`)\nand has passed all of [the official tests](https://github.com/paseto-standard/test-vectors).\n\nYou can install PySETO with pip:\n\n```sh\n$ pip install pyseto\n```\n\nPySETO can be used in ease as follows (in case of `v4.public`):\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nprivate_key_pem = b\"-----BEGIN PRIVATE KEY-----\\nMC4CAQAwBQYDK2VwBCIEILTL+0PfTOIQcn2VPkpxMwf6Gbt9n4UEFDjZ4RuUKjd0\\n-----END PRIVATE KEY-----\"\npublic_key_pem = b\"-----BEGIN PUBLIC KEY-----\\nMCowBQYDK2VwAyEAHrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI=\\n-----END PUBLIC KEY-----\"\n\n\n# Create a PASETO token.\nprivate_key = Key.new(version=4, purpose=\"public\", key=private_key_pem)\ntoken = pyseto.encode(\n    private_key,\n    b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}',\n)\n\n# Decode and verify a PASETO token.\npublic_key = Key.new(version=4, purpose=\"public\", key=public_key_pem)\ndecoded = pyseto.decode(public_key, token)\n\nassert (\n    token\n    == b\"v4.public.eyJkYXRhIjogInRoaXMgaXMgYSBzaWduZWQgbWVzc2FnZSIsICJleHAiOiAiMjAyMi0wMS0wMVQwMDowMDowMCswMDowMCJ9l1YiKei2FESvHBSGPkn70eFO1hv3tXH0jph1IfZyEfgm3t1DjkYqD5r4aHWZm1eZs_3_bZ9pBQlZGp0DPSdzDg\"\n)\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\nSee following contents or [Documentation](https://pyseto.readthedocs.io/en/stable/) for details.\n\n## Index\n\n- [Installation](#installation)\n- [Supported PASETO Versions](#supported-paseto-versions)\n- [Supported PASERK Types](#supported-paserk-types)\n- [PASETO Usage](#paseto-usage)\n    - [Basic usage: v4.public](#basic-usage-v4public)\n    - [Basic usage: v4.local](#basic-usage-v4local)\n    - [Using serializer/deserializer for payload and footer](#using-serializerdeserializer-for-payload-and-footer)\n    - [Using Paseto class for handling registered claims](#using-paseto-class-for-handling-registered-claims)\n- [PASERK Usage](#paserk-usage)\n    - [Serializing/Deserializing PASERK](#serializingdeserializing-paserk)\n    - [Serializing PASERK ID](#serializing-paserk-id)\n    - [Key Wrapping](#key-wrapping)\n    - [Password-based Key Encryption](#password-based-key-encryption)\n    - [Asymmetric Encryption](#asymmetric-encryption)\n- [API Reference](#api-reference)\n- [Tests](#tests)\n- [Contributing](#contributing)\n\n## Installation\n\nYou can install PySETO with pip:\n\n```sh\n$ pip install pyseto\n```\n\n## Supported PASETO Versions\n\nPySETO supports all of PASETO versions and purposes below:\n\n\n|          |  v4  |  v3  |  v2  |  v1  |\n| ---------| ---- | ---- | ---- | ---- |\n| `local`  |  ✅  |  ✅  |  ✅  |  ✅  |\n| `public` |  ✅  |  ✅  |  ✅  |  ✅  |\n\n\n## Supported PASERK Types\n\nPySETO also supports [PASERK (Platform-Agnostic Serialized Keys)](https://github.com/paseto-standard/paserk).\nCurrently, following PASERK types are supported:\n\n\n|               |  v4  |  v3  |  v2  |  v1  |\n| ------------- | ---- | ---- | ---- | ---- |\n| `lid`         |  ✅  |  ✅  |  ✅  |  ✅  |\n| `sid`         |  ✅  |  ✅  |  ✅  |  ✅  |\n| `pid`         |  ✅  |  ✅  |  ✅  |  ✅  |\n| `local`       |  ✅  |  ✅  |  ✅  |  ✅  |\n| `secret`      |  ✅  |  ✅  |  ✅  |  ✅  |\n| `public`      |  ✅  |  ✅  |  ✅  |  ✅  |\n| `seal`        |  ✅  |      |  ✅  |      |\n| `local-wrap`  |  ✅  |  ✅  |  ✅  |  ✅  |\n| `secret-wrap` |  ✅  |  ✅  |  ✅  |  ✅  |\n| `local-pw`    |  ✅  |  ✅  |  ✅  |  ✅  |\n| `secret-pw`   |  ✅  |  ✅  |  ✅  |  ✅  |\n\n\n## PASETO Usage\n\nBy using this PySETO, you can easily create, decode and verify PASETO tokens. Here are sample codes that handle version 4 PySETO tokens.\n\nPlease refer to [the Documentation](https://pyseto.readthedocs.io/en/stable/) for all usage examples including other versions.\n\n### Basic usage: v4.public\n\n`v4.public` is one of current PASETO versions to be used for asymmetric authentication (public key signatures).\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nprivate_key_pem = b\"-----BEGIN PRIVATE KEY-----\\nMC4CAQAwBQYDK2VwBCIEILTL+0PfTOIQcn2VPkpxMwf6Gbt9n4UEFDjZ4RuUKjd0\\n-----END PRIVATE KEY-----\"\npublic_key_pem = b\"-----BEGIN PUBLIC KEY-----\\nMCowBQYDK2VwAyEAHrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI=\\n-----END PUBLIC KEY-----\"\n\nprivate_key = Key.new(version=4, purpose=\"public\", key=private_key_pem)\ntoken = pyseto.encode(\n    private_key,\n    b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}',\n)\n\npublic_key = Key.new(version=4, purpose=\"public\", key=public_key_pem)\ndecoded = pyseto.decode(public_key, token)\n\nassert (\n    token\n    == b\"v4.public.eyJkYXRhIjogInRoaXMgaXMgYSBzaWduZWQgbWVzc2FnZSIsICJleHAiOiAiMjAyMi0wMS0wMVQwMDowMDowMCswMDowMCJ9l1YiKei2FESvHBSGPkn70eFO1hv3tXH0jph1IfZyEfgm3t1DjkYqD5r4aHWZm1eZs_3_bZ9pBQlZGp0DPSdzDg\"\n)\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\n### Basic usage: v4.local\n\n`v4.local` is one of current PASETO versions to be used for symmetric authenticated encryption.\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nkey = Key.new(version=4, purpose=\"local\", key=b\"our-secret\")\ntoken = pyseto.encode(\n    key, b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n\ndecoded = pyseto.decode(key, token)\n\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\n### Using serializer/deserializer for payload and footer\n\nBy using `serializer` and `deserializer`, you can encode/decode a dict-typed payload and footer included in PASETO tokens into an arbitrary format.\nThe following example shows that the payload and the footer in a PASETO token are encoded/decoded as JSON formatted data.\nWhen specifing dict-typed payload, exp parameter can be used to set the expiration time (seconds) of the token.\n\n```py\nimport json\nimport pyseto\nfrom pyseto import Key\n\nprivate_key_pem = b\"-----BEGIN PRIVATE KEY-----\\nMC4CAQAwBQYDK2VwBCIEILTL+0PfTOIQcn2VPkpxMwf6Gbt9n4UEFDjZ4RuUKjd0\\n-----END PRIVATE KEY-----\"\npublic_key_pem = b\"-----BEGIN PUBLIC KEY-----\\nMCowBQYDK2VwAyEAHrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI=\\n-----END PUBLIC KEY-----\"\n\nprivate_key = Key.new(version=4, purpose=\"public\", key=private_key_pem)\npublic_key = Key.new(version=4, purpose=\"public\", key=public_key_pem)\ntoken = pyseto.encode(\n    private_key,\n    {\"data\": \"this is a signed message\"},\n    footer={\"kid\": public_key.to_paserk_id()},\n    serializer=json,\n    exp=3600,\n)\n\ndecoded = pyseto.decode(public_key, token, deserializer=json)\n\nassert decoded.payload[\"data\"] == \"this is a signed message\"\nassert decoded.payload[\"exp\"] == \"2021-11-11T00:00:00+00:00\"\nassert decoded.footer[\"kid\"] == \"k4.pid.yh4-bJYjOYAG6CWy0zsfPmpKylxS7uAWrxqVmBN2KAiJ\"\n```\n\n### Using `Paseto` class for handling registered claims\n\nBy using `Paseto` class, you can change the default value of `exp` (the expiration date ot tokens), whether to include an `iat` claim, and other settings.\n\nNote that `pyseto.encode()` and `pyseto.decode()` are aliases to the `encode()` and `decode()` of the global \"Paseto\" class instance created with the default settings.\n\n```py\nimport json\nimport pyseto\nfrom pyseto import Key, Paseto\n\nprivate_key_pem = b\"-----BEGIN PRIVATE KEY-----\\nMC4CAQAwBQYDK2VwBCIEILTL+0PfTOIQcn2VPkpxMwf6Gbt9n4UEFDjZ4RuUKjd0\\n-----END PRIVATE KEY-----\"\npublic_key_pem = b\"-----BEGIN PUBLIC KEY-----\\nMCowBQYDK2VwAyEAHrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI=\\n-----END PUBLIC KEY-----\"\n\nprivate_key = Key.new(version=4, purpose=\"public\", key=private_key_pem)\npaseto = Paseto.new(\n    exp=3600, include_iat=True\n)  # Default values are exp=0(not specified) and including_iat=False\ntoken = paseto.encode(\n    private_key,\n    {\"data\": \"this is a signed message\"},\n    serializer=json,\n)\n\npublic_key = Key.new(version=4, purpose=\"public\", key=public_key_pem)\ndecoded = pyseto.decode(public_key, token, deserializer=json)\n\nassert decoded.payload[\"data\"] == \"this is a signed message\"\nassert decoded.payload[\"iat\"] == \"2021-11-11T00:00:00+00:00\"\nassert decoded.payload[\"exp\"] == \"2021-11-11T01:00:00+00:00\"\n```\n\n## PASERK Usage\n\n[PASERK (Platform-Agnostic Serialized Keys)](https://github.com/paseto-standard/paserk) is an extension to PASETO that provides key-wrapping and serialization.\n\n### Serializing/Deserializing PASERK\n\nAs shown in the examples above, the `pyseto.Key` used for encryption and signature can be generated from PASERK or converted to PASERK as follows:\n\n```py\nimport pyseto\nfrom pyseto import Key\n\n# pyseto.Key can be generated from PASERK.\nsymmetric_key = Key.new(version=4, purpose=\"local\", key=b\"our-secret\")\nprivate_key = Key.from_paserk(\n    \"k4.secret.tMv7Q99M4hByfZU-SnEzB_oZu32fhQQUONnhG5QqN3Qeudu7vAR8A_1wYE4AcfCYfhayi3VyJcEfAEFdDiCxog\"\n)\npublic_key = Key.from_paserk(\"k4.public.Hrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI\")\n\ntoken = pyseto.encode(\n    private_key,\n    b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}',\n)\ndecoded = pyseto.decode(public_key, token)\n\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n\n# PASERK can be derived from pyseto.Key.\nassert symmetric_key.to_paserk() == \"k4.local.b3VyLXNlY3JldA\"\nassert (\n    private_key.to_paserk()\n    == \"k4.secret.tMv7Q99M4hByfZU-SnEzB_oZu32fhQQUONnhG5QqN3Qeudu7vAR8A_1wYE4AcfCYfhayi3VyJcEfAEFdDiCxog\"\n)\nassert public_key.to_paserk() == \"k4.public.Hrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI\"\n```\n\n### Serializing PASERK ID\n\n`pyseto.Key` can also be converted to PASERK ID as follows:\n\n```py\nimport pyseto\nfrom pyseto import Key\n\n# pyseto.Key can be generated from PASERK.\nsymmetric_key = Key.new(version=4, purpose=\"local\", key=b\"our-secret\")\nprivate_key = Key.from_paserk(\n    \"k4.secret.tMv7Q99M4hByfZU-SnEzB_oZu32fhQQUONnhG5QqN3Qeudu7vAR8A_1wYE4AcfCYfhayi3VyJcEfAEFdDiCxog\"\n)\npublic_key = Key.from_paserk(\"k4.public.Hrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI\")\n\n# PASERK ID can be derived from pyseto.Key.\nassert (\n    symmetric_key.to_paserk_id()\n    == \"k4.lid._D6kgTzxgiPGk35gMj9bukgj4En2H94u22wVX9zaoh05\"\n)\nassert (\n    private_key.to_paserk()\n    == \"k4.secret.tMv7Q99M4hByfZU-SnEzB_oZu32fhQQUONnhG5QqN3Qeudu7vAR8A_1wYE4AcfCYfhayi3VyJcEfAEFdDiCxog\"\n)\nassert (\n    public_key.to_paserk_id() == \"k4.pid.yh4-bJYjOYAG6CWy0zsfPmpKylxS7uAWrxqVmBN2KAiJ\"\n)\n```\n\n### Key Wrapping\n\nIf you call `to_paserk` with `wrapping_key`, you can get a wrapped (encrypted) PASERK with the wrapping key.\nThe wrapped PASERK can be decrypted by calling `from_paserk` with `wrapping key`.\n\nIn case of `local-wrap.pie`:\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nraw_key = Key.new(version=4, purpose=\"local\", key=b\"our-secret\")\nwrapping_key = token_bytes(32)\nwpk = raw_key.to_paserk(wrapping_key=wrapping_key)\ntoken = pyseto.encode(\n    raw_key, b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n\nunwrapped_key = Key.from_paserk(wpk, wrapping_key=wrapping_key)\ndecoded = pyseto.decode(unwrapped_key, token)\n\n# assert wpk == \"k4.local-wrap.pie.TNKEwC4K1xBcgJ_GiwWAoRlQFE33HJO3oN9DHEZ05pieSCd-W7bgAL64VG9TZ_pBkuNBFHNrfOGHtnfnhYGdbz5-x3CxShhPJxg\"\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\nIn case of `secret-wrap.pie`:\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nraw_private_key = Key.from_paserk(\n    \"k4.secret.tMv7Q99M4hByfZU-SnEzB_oZu32fhQQUONnhG5QqN3Qeudu7vAR8A_1wYE4AcfCYfhayi3VyJcEfAEFdDiCxog\"\n)\nwrapping_key = token_bytes(32)\nwpk = raw_private_key.to_paserk(wrapping_key=wrapping_key)\nunwrapped_private_key = Key.from_paserk(wpk, wrapping_key=wrapping_key)\ntoken = pyseto.encode(\n    unwrapped_private_key,\n    b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}',\n)\n\npublic_key = Key.from_paserk(\"k4.public.Hrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI\")\ndecoded = pyseto.decode(public_key, token)\n\n# assert wpk == \"k4.secret-wrap.pie.excv7V4-NaECy5hpji-tkSkMvyjsAgNxA-mGALgdjyvGNyDlTb89bJ35R1e3tILgbMpEW5WXMXzySe2T-sBz-ZAcs1j7rbD3ZWvsBTM6K5N9wWfAxbR4ppCXH_H5__9yY-kBaF2NimyAJyduhOhSmqLm6TTSucpAOakEJOXePW8\"\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\n### Password-based Key Encryption\n\nIf you call `to_paserk` with `password`, you can get a wrapped (encrypted) PASERK with the password.\nThe wrapped PASERK can be decrypted by calling `from_paserk` with `passwrod`.\n\nIn case of `local-pw`:\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nraw_key = Key.new(version=4, purpose=\"local\", key=b\"our-secret\")\ntoken = pyseto.encode(\n    raw_key, b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n\nwpk = raw_key.to_paserk(password=\"our-secret\")\nunwrapped_key = Key.from_paserk(wpk, password=\"our-secret\")\ndecoded = pyseto.decode(unwrapped_key, token)\n\n# assert wpk == \"k4.local-pw.HrCs9Pu-2LB0l7jkHB-x2gAAAAAA8AAAAAAAAgAAAAGttW0IHZjQCHJdg-Vc3tqO_GSLR4vzLl-yrKk2I-l8YHj6jWpC0lQB2Z7uzTtVyV1rd_EZQPzHdw5VOtyucP0FkCU\"\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\nIn case of `secret-pw`:\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nraw_private_key = Key.from_paserk(\n    \"k4.secret.tMv7Q99M4hByfZU-SnEzB_oZu32fhQQUONnhG5QqN3Qeudu7vAR8A_1wYE4AcfCYfhayi3VyJcEfAEFdDiCxog\"\n)\nwpk = raw_private_key.to_paserk(password=\"our-secret\")\nunwrapped_private_key = Key.from_paserk(wpk, password=\"our-secret\")\ntoken = pyseto.encode(\n    unwrapped_private_key,\n    b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}',\n)\n\npublic_key = Key.from_paserk(\"k4.public.Hrnbu7wEfAP9cGBOAHHwmH4Wsot1ciXBHwBBXQ4gsaI\")\ndecoded = pyseto.decode(public_key, token)\n\n# assert wpk == \"k4.secret-pw.MEMW4K1MaD5nWigCLyEyFAAAAAAA8AAAAAAAAgAAAAFU-tArtryNVjS2n2hCYiM11V6tOyuIog69Bjb0yNZanrLJ3afGclb3kPzQ6IhK8ob9E4QgRdEALGWCizZ0RCPFF_M95IQDfmdYKC0Er656UgKUK4UKG9JlxP4o81UwoJoZYz_D1zTlltipEa5RiNvUtNU8vLKoGSY\"\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\n### Asymmetric Encryption\n\nAt this time, PySETO supports asymmetric encryption (key sealing) for `v2` and `v4`.\n\n```py\nimport pyseto\nfrom pyseto import Key\n\nprivate_key_pem = b\"-----BEGIN PRIVATE KEY-----\\nMC4CAQAwBQYDK2VuBCIEIFAF7jSCZHFgWvC8hUkXr55Az6Pot2g4zOAUxck0/6x8\\n-----END PRIVATE KEY-----\"\npublic_key_pem = b\"-----BEGIN PUBLIC KEY-----\\nMCowBQYDK2VuAyEAFv8IXsICYj0paznDK/99GyCsFOIGnfY87ayyNSIvSB4=\\n-----END PUBLIC KEY-----\"\n\nraw_key = Key.new(version=4, purpose=\"local\", key=b\"our-secret\")\ntoken = pyseto.encode(\n    raw_key,\n    b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}',\n)\n\nsealed_key = raw_key.to_paserk(sealing_key=public_key_pem)\nunsealed_key = Key.from_paserk(sealed_key, unsealing_key=private_key_pem)\ndecoded = pyseto.decode(unsealed_key, token)\n\nassert (\n    decoded.payload\n    == b'{\"data\": \"this is a signed message\", \"exp\": \"2022-01-01T00:00:00+00:00\"}'\n)\n```\n\nKey searing for `v1` and `v3` have not been supported yet.\n\n\n## API Reference\n\nSee [Documentation](https://pyseto.readthedocs.io/en/stable/api.html).\n\n## Tests\n\nYou can run tests from the project root after cloning with:\n\n```sh\n$ tox\n```\n\n## Contributing\n\nWe welcome all kind of contributions, filing issues, suggesting new features or sending PRs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdajiaji%2Fpyseto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdajiaji%2Fpyseto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdajiaji%2Fpyseto/lists"}