search

o1egl / paseto

Platform-Agnostic Security Tokens implementation in GO (Golang)
MIT License
856 stars 35 forks source link

Unable to verify data #13

Closed rebootcode closed 5 years ago

rebootcode commented 5 years ago

I have my token, symmetric key and footer string passed

v2 := paseto.NewV2()
err := v2.Decrypt(token, symmetricKey, &newJSONToken, &newFooter)

But how do I verify data?

I found there is newJSONToken.Validate() function which basically returns an error if there is any.

I have a couple of question for this library:

  1. Is verification done by verifying "key" and "value" set using "Set" method on JSONToken?
  2. Can "token" generated be altered like "JWT" and pass modified or tampered data?
  3. Can "token" generated using "paseto" be decrypted and viewed like "JWT"?

Thanks

rebootcode commented 5 years ago

Also asked here - https://stackoverflow.com/questions/57048911/can-token-generated-using-paseto-token-be-decrypted-and-viewed-like-jwt-tok