purificant
commented
2 years ago Good call. Thanks for your feedback, appreciate it.
Open paragonie-security opened 2 years ago
purificant
commented
2 years ago Good call. Thanks for your feedback, appreciate it.
https://github.com/purificant/python-paseto/blob/9638220495498a9ad45efe15ac2e3edda2d0f27c/paseto/protocol/version2.py#L16 https://github.com/purificant/python-paseto/blob/9638220495498a9ad45efe15ac2e3edda2d0f27c/paseto/protocol/version2.py#L91
See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md
Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.