Closed rlittlefield closed 2 years ago
The reference implementation also has a nice builder/parser. I'm okay not having any of the function-chain stuff, but it would be nice if we could have pypaseto's parser handle artificial key-type validation at a minimum.
https://github.com/paragonie/paseto/blob/master/src/Parser.php#L167
I'm leaning towards built-in PASERK support, and using that as the preferred way to easily generate and load keys.
Closing this issue in favor of a PASERK issue.
pypaseto needs functions to help safely generate secure secrets. The README currently shows generating keys using
secrets
andpysodium
, but it would be nice if we offered easier to find functions that do the same thing. Potentially, a serializable "safe" version of these keys that maintains typing so it is harder to accidentally use the same key in different ways. This appears to be a feature of the reference implementation through the use of custom classes to house each type:https://github.com/paragonie/paseto/blob/master/src/Keys/AsymmetricSecretKey.php