Open paragonie-security opened 3 years ago
https://github.com/Ianleeclark/Paseto/blob/78eb0b9183f0bf5daf7a344d94376e9dbb333166/lib/paseto/v2.ex#L69
https://github.com/Ianleeclark/Paseto/blob/78eb0b9183f0bf5daf7a344d94376e9dbb333166/lib/paseto/v2.ex#L102
See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md
Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.
https://github.com/Ianleeclark/Paseto/blob/78eb0b9183f0bf5daf7a344d94376e9dbb333166/lib/paseto/v2.ex#L69
https://github.com/Ianleeclark/Paseto/blob/78eb0b9183f0bf5daf7a344d94376e9dbb333166/lib/paseto/v2.ex#L102
See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md
Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.