sjudson / paseto.js Goto Github PK

View Code? Open in Web Editor NEW

271.0 12.0 16.0 229 KB

PASETO: Platform-Agnostic Security Tokens

License: MIT License

JavaScript 97.83% Python 0.10% C++ 2.07%

paseto token cryptography authentication

paseto.js's People

Contributors

Stargazers

Watchers

Forkers

jaredhanson mikkomustikkamaa nask0 vogt31337 change pcouaillier neodon uchoasvinicius appgrader awmichel gjyoung1974 librechain achmadk devdanim mastermann paragonie-security triptych

paseto.js's Issues

Reach 1.0.0

Tracking development on main-next branch:

high level API
browser verification
extcrypto removal (see: #31)
change from master to main (i.e., when main-next is done it'll be renamed to main and master will be deleted)

Incompatibility with NodeJS 11

This code works fine with node 10.x, but throws an exception on node 11.x :

const Paseto = require('paseto.js');

async function main() {
  const key = new Paseto.PrivateKey.V2();
  await key.inject(Buffer.from('/W17oWlDaX7DxqublK5QN+2I/EbpSrzhy0/rvGGydpmlz3Utp1onJ6oYxlxH0ZOWr6PC4UAHqn7AWCwuEUr9EA==', 'base64'));
  await key.protocol().sign("hello world", key);
}

main().catch(console.log);

Exception :

TypeError [ERR_INVALID_ARG_TYPE]: The "byteLength" argument must be of type number. Received type undefined
    at validateNumber (internal/validators.js:130:11)
    at checkNumberType (internal/buffer.js:42:3)
    at boundsError (internal/buffer.js:47:5)
    at Buffer.writeIntLE (internal/buffer.js:687:3)
    at Object.pae (/opt/data/simon/tmp/digisthesia/smarketoo-api/node_modules/paseto.js/lib/utils.js:158:15)
    at sodium.ready.then (/opt/data/simon/tmp/digisthesia/smarketoo-api/node_modules/paseto.js/lib/protocol/V2.js:246:30)

Looks like the size must now be explicitly passed.

Replacing writeIntLE by wirteInt32LE in utils.js fixes the issue, with all tests still passing.

Unable to create symmetric key

Using Node v15.8.0

(async function () {
    const encoder = new Paseto.V2();
    const encoder_key = await encoder.symmetric();
    console.log(encoder_key);
})().catch(e => {
    console.error(e);
});

encoder_key is always undefined. Could this be a problem with the crypto bindings on newer node versions?

Thanks.

Rusty

Access token's data on client-side

Is it possible to access the values inside the token on the client-side? Like JWT do?

Bind Keys to Purpose

paseto.js/lib/protocol/V2.js

Lines 286 to 288 in 618da17

    
           if (!(key.protocol() instanceof V2)) { 
        
             return done(new InvalidVersionError('The given key is not intended for this version of PASETO.')); 
        
           }

You're correctly asserting that a PASETO key is only used for a given version, but from our understanding of this code, it's possible to use a public key as a local key.

The easiest thing to do would be to also check the key object's "purpose" (or type) at runtime.

The updated guidance can be found here: https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md

PrivateKey.public cannot be used in the promise interface

I use this code to generate a keypair :

const Paseto = require('paseto.js');    
    
async function main() {    
  const priv = new Paseto.PrivateKey(new Paseto.V2());    
  await priv.generate();    
  const pub = await priv.public();                                                      
  console.log(`Private key: ${(await priv.raw()).toString('base64')}`);    
  console.log(`Public key: ${(await pub.raw()).toString('base64')}`);      
}                                                                        

main().catch(err => {    
  console.log(err);      
});

Unfortunately, this fails because priv.public() returns undefined instead of a promise. The callback-style API works fine.

Support Paseto v3/v4

Paseto v1/v2 is planned to be deprecated on 2022-01-01. See paseto-standard/paseto-spec#13.

ReferenceError: cb is not defined

Error happens on macOs when trying to generate the token

ReferenceError: cb is not defined
    at encoder.encrypt (/Users/.../server/src/utils.js:556:16)
    at /Users/.../server/node_modules/paseto.js/lib/utils.js:239:39
    at sodium.ready.then (/Users/.../server/node_modules/paseto.js/lib/protocol/V2.js:146:14)

Edit:
This happens when i try to use something that is not the callback function
Error: Failed to construct 'TextDecoder': the 'fatal' option is unsupported.

Invalid encoding detected

Checked from my production logs that I get Invalid encoding detected the first time and then the all the requests crash with the following error, even though the token is valid.

Cannot enlarge memory arrays. Either (1) compile with  -s TOTAL_MEMORY=X  with X higher than the current value 83886080, (2) compile with  -s ALLOW_MEMORY_GROWTH=1  which allows increasing the size at runtime, or (3) if you want malloc to return NULL (0) instead of this abort, compile with  -s ABORTING_MALLOC=0 ") at Error:

There was enough memory on the instance. Once we restart the instance the issue disappears, does not show any sign of memory being increased.

Exception here is condensed probably can remove the catch for better debugging.

High-level api

I wanted to know how the high-level api talked about in the readme is coming along and if it was still on the table.

yarn add doesn't work with python 3

Hi,

for some reason during yarn add paseto.js, the installer executed some python 2 code. Which isn't compatible with python 3, maybe add a routine to detect the python version and call the corresponding code.

how to set notBefore, Expiration field

Hello,

How to set the notBefore and Expiration field ?

Also is it possible to import a private rsa key ?

Thanks by advance.

Install fails in Node 18.9.1

The module fails to build using Node 18. I had issues compiling under Node 16 and those issues were resolved by using a Debian-based image. Unfortunately that is not working this time. Any ideas would be appreciated. The error is:

#!/bin/bash -eo pipefail
if [ ! -d node_modules ]; then npm ci --progress=false --no-audit --prefer-offline ; fi
npm WARN skipping integrity check for git dependency ssh://[email protected]/change/feature-config-manager-js.git 
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated [email protected]: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: core-js@<3.4 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
npm ERR! code 1
npm ERR! path /home/circleci/**********************/node_modules/@change/psst/node_modules/paseto.js
npm ERR! command failed
npm ERR! command sh -c -- node-gyp rebuild
npm ERR! make: Entering directory '/home/circleci/**********************/node_modules/@change/psst/node_modules/paseto.js/build'
npm ERR!   CXX(target) Release/obj.target/extcrypto_addon/extcrypto/extcrypto.o
npm ERR! make: Leaving directory '/home/circleci/**********************/node_modules/@change/psst/node_modules/paseto.js/build'
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info find Python using Python version 3.8.10 found at "/usr/bin/python3"
npm ERR! gyp http GET https://nodejs.org/download/release/v18.9.1/node-v18.9.1-headers.tar.gz
npm ERR! gyp http 200 https://nodejs.org/download/release/v18.9.1/node-v18.9.1-headers.tar.gz
npm ERR! gyp http GET https://nodejs.org/download/release/v18.9.1/SHASUMS256.txt
npm ERR! gyp http 200 https://nodejs.org/download/release/v18.9.1/SHASUMS256.txt
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/usr/local/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/circleci/**********************/node_modules/@change/psst/node_modules/paseto.js/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/local/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/circleci/.cache/node-gyp/18.9.1/include/node/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/home/circleci/.cache/node-gyp/18.9.1',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/local/lib/node_modules/npm/node_modules/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/home/circleci/.cache/node-gyp/18.9.1/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/home/circleci/**********************/node_modules/@change/psst/node_modules/paseto.js',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp info spawn make
npm ERR! gyp info spawn args [ 'BUILDTYPE=Release', '-C', 'build' ]
npm ERR! In file included from /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/objects.h:19,
npm ERR!                  from /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/evp.h:43,
npm ERR!                  from /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:22,
npm ERR!                  from ../extcrypto/extcrypto.cc:7:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/obj_mac.h:3624:2: error: invalid preprocessing directive #def; did you mean #ifdef?
npm ERR!  3624 | #define SN_setct_CapTokenData           "setct-CapTokenData"
npm ERR!       |  ^~~
npm ERR!       |  ifdef
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/obj_mac.h:12: error: unterminated #ifndef
npm ERR!    12 | #ifndef OPENSSL_OBJ_MAC_H
npm ERR!       | 
npm ERR! ../extcrypto/extcrypto.cc: In function ‘void extcrypto::keygen(const v8::FunctionCallbackInfo<v8::Value>&)’:
npm ERR! ../extcrypto/extcrypto.cc:53:26: warning: ‘RSA* RSA_new()’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    53 |     RSA* rsa   = RSA_new();
npm ERR!       |                          ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:201:28: note: declared here
npm ERR!   201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
npm ERR!       |                            ^~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:53:26: warning: ‘RSA* RSA_new()’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    53 |     RSA* rsa   = RSA_new();
npm ERR!       |                          ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:201:28: note: declared here
npm ERR!   201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
npm ERR!       |                            ^~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:54:58: warning: ‘int RSA_generate_key_ex(RSA*, int, BIGNUM*, BN_GENCB*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    54 |     int64_t kg = RSA_generate_key_ex(rsa, 2048, exp, NULL);
npm ERR!       |                                                          ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:260:27: note: declared here
npm ERR!   260 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
npm ERR!       |                           ^~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:54:58: warning: ‘int RSA_generate_key_ex(RSA*, int, BIGNUM*, BN_GENCB*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    54 |     int64_t kg = RSA_generate_key_ex(rsa, 2048, exp, NULL);
npm ERR!       |                                                          ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:260:27: note: declared here
npm ERR!   260 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
npm ERR!       |                           ^~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:68:68: warning: ‘int PEM_write_bio_RSAPrivateKey(BIO*, const RSA*, const EVP_CIPHER*, const unsigned char*, int, int (*)(char*, int, int, void*), void*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    68 |     PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL);
npm ERR!       |                                                                    ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:7:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:81:9: note: declared here
npm ERR!    81 |     int PEM_##writename##_##name(OUTTYPE *out, const type *x,           \
npm ERR!       |         ^~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:295:10: note: in expansion of macro ‘PEM_write_cb_fnsig’
npm ERR!   295 |     attr PEM_write_cb_fnsig(name, type, BIO, write_bio);
npm ERR!       |          ^~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:322:5: note: in expansion of macro ‘DECLARE_PEM_write_cb_bio_attr’
npm ERR!   322 |     DECLARE_PEM_write_cb_bio_attr(attr, name, type)                         \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:360:5: note: in expansion of macro ‘DECLARE_PEM_write_cb_attr’
npm ERR!   360 |     DECLARE_PEM_write_cb_attr(attr, name, type)
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:447:1: note: in expansion of macro ‘DECLARE_PEM_rw_cb_attr’
npm ERR!   447 | DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
npm ERR!       | ^~~~~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:68:68: warning: ‘int PEM_write_bio_RSAPrivateKey(BIO*, const RSA*, const EVP_CIPHER*, const unsigned char*, int, int (*)(char*, int, int, void*), void*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    68 |     PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL);
npm ERR!       |                                                                    ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:7:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:81:9: note: declared here
npm ERR!    81 |     int PEM_##writename##_##name(OUTTYPE *out, const type *x,           \
npm ERR!       |         ^~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:295:10: note: in expansion of macro ‘PEM_write_cb_fnsig’
npm ERR!   295 |     attr PEM_write_cb_fnsig(name, type, BIO, write_bio);
npm ERR!       |          ^~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:322:5: note: in expansion of macro ‘DECLARE_PEM_write_cb_bio_attr’
npm ERR!   322 |     DECLARE_PEM_write_cb_bio_attr(attr, name, type)                         \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:360:5: note: in expansion of macro ‘DECLARE_PEM_write_cb_attr’
npm ERR!   360 |     DECLARE_PEM_write_cb_attr(attr, name, type)
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:447:1: note: in expansion of macro ‘DECLARE_PEM_rw_cb_attr’
npm ERR!   447 | DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
npm ERR!       | ^~~~~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:88:17: warning: ‘void RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    88 |     RSA_free(rsa);
npm ERR!       |                 ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:293:28: note: declared here
npm ERR!   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
npm ERR!       |                            ^~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:88:17: warning: ‘void RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!    88 |     RSA_free(rsa);
npm ERR!       |                 ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:293:28: note: declared here
npm ERR!   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
npm ERR!       |                            ^~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc: In function ‘void extcrypto::extract(const v8::FunctionCallbackInfo<v8::Value>&)’:
npm ERR! ../extcrypto/extcrypto.cc:120:24: warning: ‘RSA* RSA_new()’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   120 |     RSA* rsa = RSA_new();
npm ERR!       |                        ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:201:28: note: declared here
npm ERR!   201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
npm ERR!       |                            ^~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:120:24: warning: ‘RSA* RSA_new()’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   120 |     RSA* rsa = RSA_new();
npm ERR!       |                        ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:201:28: note: declared here
npm ERR!   201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
npm ERR!       |                            ^~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:123:53: warning: ‘RSA* PEM_read_bio_RSAPrivateKey(BIO*, RSA**, int (*)(char*, int, int, void*), void*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   123 |     PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL);
npm ERR!       |                                                     ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:7:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:70:11: note: declared here
npm ERR!    70 |     type *PEM_##readname##_##name(INTYPE *out, type **x,                \
npm ERR!       |           ^~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:268:10: note: in expansion of macro ‘PEM_read_cb_fnsig’
npm ERR!   268 |     attr PEM_read_cb_fnsig(name, type, BIO, read_bio);
npm ERR!       |          ^~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:332:5: note: in expansion of macro ‘DECLARE_PEM_read_bio_attr’
npm ERR!   332 |     DECLARE_PEM_read_bio_attr(attr, name, type)                             \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:359:5: note: in expansion of macro ‘DECLARE_PEM_read_attr’
npm ERR!   359 |     DECLARE_PEM_read_attr(attr, name, type)                                 \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:447:1: note: in expansion of macro ‘DECLARE_PEM_rw_cb_attr’
npm ERR!   447 | DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
npm ERR!       | ^~~~~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:123:53: warning: ‘RSA* PEM_read_bio_RSAPrivateKey(BIO*, RSA**, int (*)(char*, int, int, void*), void*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   123 |     PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL);
npm ERR!       |                                                     ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:7:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:70:11: note: declared here
npm ERR!    70 |     type *PEM_##readname##_##name(INTYPE *out, type **x,                \
npm ERR!       |           ^~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:268:10: note: in expansion of macro ‘PEM_read_cb_fnsig’
npm ERR!   268 |     attr PEM_read_cb_fnsig(name, type, BIO, read_bio);
npm ERR!       |          ^~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:332:5: note: in expansion of macro ‘DECLARE_PEM_read_bio_attr’
npm ERR!   332 |     DECLARE_PEM_read_bio_attr(attr, name, type)                             \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:359:5: note: in expansion of macro ‘DECLARE_PEM_read_attr’
npm ERR!   359 |     DECLARE_PEM_read_attr(attr, name, type)                                 \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:447:1: note: in expansion of macro ‘DECLARE_PEM_rw_cb_attr’
npm ERR!   447 | DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
npm ERR!       | ^~~~~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:124:40: warning: ‘int PEM_write_bio_RSAPublicKey(BIO*, const RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   124 |     PEM_write_bio_RSAPublicKey(bio, rsa);
npm ERR!       |                                        ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:7:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:79:9: note: declared here
npm ERR!    79 |     int PEM_##writename##_##name(OUTTYPE *out, const type *x)
npm ERR!       |         ^~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:278:10: note: in expansion of macro ‘PEM_write_fnsig’
npm ERR!   278 |     attr PEM_write_fnsig(name, type, BIO, write_bio);
npm ERR!       |          ^~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:305:5: note: in expansion of macro ‘DECLARE_PEM_write_bio_attr’
npm ERR!   305 |     DECLARE_PEM_write_bio_attr(attr, name, type)                            \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:343:5: note: in expansion of macro ‘DECLARE_PEM_write_attr’
npm ERR!   343 |     DECLARE_PEM_write_attr(attr, name, type)
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:448:1: note: in expansion of macro ‘DECLARE_PEM_rw_attr’
npm ERR!   448 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
npm ERR!       | ^~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:124:40: warning: ‘int PEM_write_bio_RSAPublicKey(BIO*, const RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   124 |     PEM_write_bio_RSAPublicKey(bio, rsa);
npm ERR!       |                                        ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:7:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:79:9: note: declared here
npm ERR!    79 |     int PEM_##writename##_##name(OUTTYPE *out, const type *x)
npm ERR!       |         ^~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:278:10: note: in expansion of macro ‘PEM_write_fnsig’
npm ERR!   278 |     attr PEM_write_fnsig(name, type, BIO, write_bio);
npm ERR!       |          ^~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:305:5: note: in expansion of macro ‘DECLARE_PEM_write_bio_attr’
npm ERR!   305 |     DECLARE_PEM_write_bio_attr(attr, name, type)                            \
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:343:5: note: in expansion of macro ‘DECLARE_PEM_write_attr’
npm ERR!   343 |     DECLARE_PEM_write_attr(attr, name, type)
npm ERR!       |     ^~~~~~~~~~~~~~~~~~~~~~
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/pem.h:448:1: note: in expansion of macro ‘DECLARE_PEM_rw_attr’
npm ERR!   448 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
npm ERR!       | ^~~~~~~~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:144:17: warning: ‘void RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   144 |     RSA_free(rsa);
npm ERR!       |                 ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:293:28: note: declared here
npm ERR!   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
npm ERR!       |                            ^~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:144:17: warning: ‘void RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
npm ERR!   144 |     RSA_free(rsa);
npm ERR!       |                 ^
npm ERR! In file included from ../extcrypto/extcrypto.cc:6:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/openssl/rsa.h:293:28: note: declared here
npm ERR!   293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
npm ERR!       |                            ^~~~~~~~
npm ERR! In file included from ../extcrypto/extcrypto.cc:2:
npm ERR! ../extcrypto/extcrypto.cc: At global scope:
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/node.h:890:43: warning: cast between incompatible function types from ‘void (*)(v8::Local<v8::Object>)’ to ‘node::addon_register_func’ {aka ‘void (*)(v8::Local<v8::Object>, v8::Local<v8::Value>, void*)’} [-Wcast-function-type]
npm ERR!   890 |       (node::addon_register_func) (regfunc),                          \
npm ERR!       |                                           ^
npm ERR! /home/circleci/.cache/node-gyp/18.9.1/include/node/node.h:924:3: note: in expansion of macro ‘NODE_MODULE_X’
npm ERR!   924 |   NODE_MODULE_X(modname, regfunc, NULL, 0)  // NOLINT (readability/null_usage)
npm ERR!       |   ^~~~~~~~~~~~~
npm ERR! ../extcrypto/extcrypto.cc:166:3: note: in expansion of macro ‘NODE_MODULE’
npm ERR!   166 |   NODE_MODULE(NODE_GYP_MODULE_NAME, init)
npm ERR!       |   ^~~~~~~~~~~
npm ERR! make: *** [extcrypto_addon.target.mk:113: Release/obj.target/extcrypto_addon/extcrypto/extcrypto.o] Error 1
npm ERR! gyp ERR! build error 
npm ERR! gyp ERR! stack Error: `make` failed with exit code: 2
npm ERR! gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:201:23)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:513:28)
npm ERR! gyp ERR! stack     at ChildProcess._handle.onexit (node:internal/child_process:291:12)
npm ERR! gyp ERR! System Linux 5.13.0-1023-aws
npm ERR! gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
npm ERR! gyp ERR! cwd /home/circleci/**********************/node_modules/@change/psst/node_modules/paseto.js
npm ERR! gyp ERR! node -v v18.9.1
npm ERR! gyp ERR! node-gyp -v v9.1.0
npm ERR! gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/circleci/.npm/_logs/2022-10-07T22_49_03_120Z-debug-0.log


Exited with code exit status 1
CircleCI received exit code 1

Custom symetric key doesn't seem to work, no output [Question]

I'm trying to generate a key and use that for the token, but everything below the encrypt method doesn't work.

"paseto.js": "^0.1.3",

const crypto = require("crypto")
const Paseto = require("paseto.js")
const uuid = require("uuid/v4")

async function generateToken() {
	const message = {
		tokenId: uuid(), // Token Id
	}

	// Generate key
	//const key = crypto.randomBytes(32)

	const keyRaw = Buffer.from(
		"deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
		"hex"
	)

	const sk = new Paseto.SymmetricKey(new Paseto.V2())

	await sk.inject(keyRaw)
        console.log(sk) // <-- output key object
	const encoder = sk.protocol()

	const token = await encoder.encrypt(message, sk)

        // No output below --v--
	console.log(message)
	console.log(token)

	return token
}
generateToken()

Output:

# node auth.js 
SymmetricKey {
  INFO_ENCRYPTION: 'paseto-encryption-key',
  INFO_AUTHENTICATION: 'paseto-auth-key-for-aead',
  _protocol: V2 { _repr: 'v2', _constants: { SYMMETRIC_KEY_BYTES: 32 } },
  _key:
   <Buffer de ad be ef de ad be ef de ad be ef de ad be ef de ad be ef de ad be ef de ad be ef de ad be ef> }

It may just be me but I find it as difficult as JWT to use for now 😆

Node 16 install issue

Hi there,

This may not be an issue with Paseto.js itself. It's hard to tell. I have successfully installed this package under Node 16 on my local, and in the CircleCI cimg/node:16.13.0 image. However, when building the image for deployment using the aws-ecr/default executor in CircleCI I get the following build failure from node-gyp. If you have any insights that would be helpful. Otherwise I'll try to debug the issue and get access to the detailed build error(s).

Sending build context to Docker daemon  11.46MB
Step 1/14 : FROM ********************************************/change/base/node:16-builder AS builder
16-builder: Pulling from change/base/node

a0d46f8b: Pulling fs layer 
0ad1b361: Pulling fs layer 
44ac7415: Pulling fs layer 
f63b29cb: Pulling fs layer 
Digest: sha256:c982c8240f42ec7f0164fd8961f7ce21e8d72a4560ece601d21b4e6d405fd0fa
Status: Downloaded newer image for ********************************************/change/base/node:16-builder
 ---> 2e2f03acea78
Step 2/14 : ARG AWS_ACCESS_KEY_ID
 ---> Running in 0ad4abf9469b
Removing intermediate container 0ad4abf9469b
 ---> 1bec70c542e1
Step 3/14 : ARG AWS_SECRET_ACCESS_KEY
 ---> Running in 00f06a1b2c85
Removing intermediate container 00f06a1b2c85
 ---> 8ae8747c1304
Step 4/14 : RUN /root/.local/bin/aws --region=********* secretsmanager get-secret-value --secret-id build/keys/change-build |         jq '.SecretString' -r > /root/.ssh/id_rsa     && chmod 0600 /root/.ssh/id_rsa
 ---> Running in 5d15910be1d2
Removing intermediate container 5d15910be1d2
 ---> 3c27f564c642
Step 5/14 : COPY package* /**********************/
 ---> fe58d2f34f45
Step 6/14 : WORKDIR /**********************/
 ---> Running in 64a25e6b8b7c
Removing intermediate container 64a25e6b8b7c
 ---> 76f7c8d4b688
Step 7/14 : RUN npm clean-install
 ---> Running in cc9a80e34dd5
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
npm notice 
npm notice New patch version of npm available! 8.1.0 -> 8.1.3
npm notice Changelog: <https://github.com/npm/cli/releases/tag/v8.1.3>
npm notice Run `npm install -g [email protected]` to update!
npm notice 
npm ERR! code 1
npm ERR! path /**********************/node_modules/paseto.js
npm ERR! command failed
npm ERR! command sh -c node-gyp rebuild
npm ERR! make: Entering directory '/**********************/node_modules/paseto.js/build'
npm ERR! make: Leaving directory '/**********************/node_modules/paseto.js/build'
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info find Python using Python version 3.9.5 found at "/usr/bin/python3"
npm ERR! gyp http GET https://unofficial-builds.nodejs.org/download/release/v16.13.0/node-v16.13.0-headers.tar.gz
npm ERR! gyp http 200 https://unofficial-builds.nodejs.org/download/release/v16.13.0/node-v16.13.0-headers.tar.gz
npm ERR! gyp http GET https://unofficial-builds.nodejs.org/download/release/v16.13.0/SHASUMS256.txt
npm ERR! gyp http 200 https://unofficial-builds.nodejs.org/download/release/v16.13.0/SHASUMS256.txt
npm ERR! gyp info spawn /usr/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/usr/local/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/**********************/node_modules/paseto.js/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/usr/local/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/root/.cache/node-gyp/16.13.0/include/node/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/root/.cache/node-gyp/16.13.0',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/usr/local/lib/node_modules/npm/node_modules/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/root/.cache/node-gyp/16.13.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/**********************/node_modules/paseto.js',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp info spawn make
npm ERR! gyp info spawn args [ 'BUILDTYPE=Release', '-C', 'build' ]
npm ERR! make: printf: Operation not permitted
npm ERR! make: *** [extcrypto_addon.target.mk:113: Release/obj.target/extcrypto_addon/extcrypto/extcrypto.o] Error 127
npm ERR! gyp ERR! build error 
npm ERR! gyp ERR! stack Error: `make` failed with exit code: 2
npm ERR! gyp ERR! stack     at ChildProcess.onExit (/usr/local/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:194:23)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:390:28)
npm ERR! gyp ERR! stack     at Process.ChildProcess._handle.onexit (node:internal/child_process:290:12)
npm ERR! gyp ERR! System Linux 5.4.0-1025-aws
npm ERR! gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
npm ERR! gyp ERR! cwd /**********************/node_modules/paseto.js
npm ERR! gyp ERR! node -v v16.13.0
npm ERR! gyp ERR! node-gyp -v v8.2.0
npm ERR! gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2021-11-11T01_29_41_964Z-debug.log
The command '/bin/sh -c npm clean-install' returned a non-zero code: 1

When building the same image on my local Mac OSX, it works. Which makes me think there is something about the version of Docker, or some other difference in the setup, that is causing the build failure.

If there's any information you can provide that explains why Paseto.js is not the issue here, or any information around Node 16 support, that would be helpful for me to narrow down the issue. Thanks!

The executor that fails:

executor: aws-ecr/default
...
  - aws-ecr/build-and-push-image:
      repo: << parameters.ecr_repository >>
      tag: ${TAGS}
      extra-build-args: --target=runner --build-arg AWS_ACCESS_KEY_ID --build-arg AWS_SECRET_ACCESS_KEY --build-arg BUNDLE_RUBYGEMS__PKG__GITHUB__COM
...

V1 Public Signed Token not able be verified by JAVA Public V1 verify (paseto4j)

Hi, I am new to paseto. I recently using the paseto (javascript) and was able to sign and verify with my own private and public keys but when other people who use JAVA paseto4j to verify the signed token and it will prompts invalid signature error.
The strange thing is, I was able to verify the signed token by JAVA paseto4j with the same Javascript paseto codes.

Store key as string and convert back to Key instance

Hi,

First of all thanks for this, it has been very useful.

I want to store the key generated by return encoder.symmetric() to a mongoDB database as a string, retrieve it and then use it to decrypt data. However, when storing it as string, it loses all of its attached properties i.e key.protocol().

Do you have any suggestions on how to do this? Is there a function i can use/expose i.e StringToV2?

logout - delete/remove or make token invalid again

I want to make an logout and therefor
I want to set the token somehow to invalid or remove it, but i really don't know how to do it?
apreciating any hints.

What stands "decapsulate" module for?

Loading base64 encoded key fails

I'm trying to load in a base64 encoded symmetric key using this code:

   const encoderKey = new Paseto.SymmetricKey(new Paseto.V2());
    // await encoderKey.generate();
    await encoderKey.base64(encryptionKey);
    const encoder = new Paseto.V2();

Returns in an error:

   TypeError: Cannot read property '_malloc' of undefined

      at d (node_modules/libsodium-wrappers-sumo/dist/modules-sumo/libsodium-wrappers.js:1:17462)
      at new l (node_modules/libsodium-wrappers-sumo/dist/modules-sumo/libsodium-wrappers.js:1:17376)
      at Object.e.from_base64 (node_modules/libsodium-wrappers-sumo/dist/modules-sumo/libsodium-wrappers.js:1:78331)
      at Object.fromB64URLSafe (node_modules/paseto.js/lib/utils.js:288:29)
      at SymmetricKey.base64 (node_modules/paseto.js/lib/key/symmetric.js:73:28)

But if I call encoderKey.generate() before attempting to load the key everything works.

Add `decode` example to your README, perhaps?

@sjudson, thanks for writing this library!

A couple thoughts from a new user of your library:

You may want to remove the example code that doesn't set up secret key material.
I was surprised that the .inject method returned undefined (and was a setter method). From the examples it looked like you were using a fluent API, but I missed the fact that your promise callback ignored the result from the promise. (I know, PEBCAK...)
I didn't see a .decode example in the README.

Here's the little test script I wrote, feel free to include it in your README.

const Paseto = require("paseto.js");
const assert = require("assert");

(async () => {
  try {
    // This example uses symmetric key encryption, where the same private key is
    // used to both encrypt and decrypt.
    const sk = new Paseto.SymmetricKey(new Paseto.V2());

    // Secret keys must be at least 256 bits. 
    // Key material longer than 256 bits is ignored.
    const secretKey = Buffer.from(
      "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
      "hex"
    );

    // Provide your secret key material to SymmetricKey.
    // Note that `.inject` returns a Promise that you must `await` before continuing.
    await sk.inject(secretKey);

    // If you don't provide your private key before encoding, you'll get a runtime
    // error.

    const encoder = sk.protocol();

    // Payloads are either strings or Buffers. We're `JSON.stringify`ing our
    // payload object here just as an example:
    const payload = JSON.stringify({ payload: 123 });

    const encryptedToken = await encoder.encrypt(payload, sk);

    // "v2.local.khvgHKw7YcOsVwJ01epdAgBdB2gmrgrRQb8EbCsh7JBKpJqE5-Mp3-kRgWzfcRWRi1KvHkjDRA"
    console.dir({ encryptedToken });

    // Example decryption:
    const decryptedPayload = await encoder.decrypt(encryptedToken, sk);

    // Validate that the payload survived paseto-ization:
    assert(payload == decryptedPayload);

  } catch (err) {
    console.error("caught", err);
  }
})();

Does not install in node 8.10

Installing paseto.js in [email protected] ends up failing with:

error /Users/nfantone/prj/fb/lambda-api-key-token-authorizer/node_modules/paseto.js: Command failed.
Exit code: 1
Command: node-gyp rebuild
Arguments:
Directory: /Users/nfantone/prj/fb/lambda-api-key-token-authorizer/node_modules/paseto.js
Output:
gyp info it worked if it ends with ok
gyp info using [email protected]
gyp info using [email protected] | darwin | x64
gyp info spawn /usr/local/bin/python2
gyp info spawn args [ '/Users/nfantone/.nvm/versions/node/v8.10.0/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
gyp info spawn args   'binding.gyp',
gyp info spawn args   '-f',
gyp info spawn args   'make',
gyp info spawn args   '-I',
gyp info spawn args   '/Users/nfantone/prj/fb/lambda-api-key-token-authorizer/node_modules/paseto.js/build/config.gypi',
gyp info spawn args   '-I',
gyp info spawn args   '/Users/nfantone/.nvm/versions/node/v8.10.0/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
gyp info spawn args   '-I',
gyp info spawn args   '/Users/nfantone/.node-gyp/8.10.0/include/node/common.gypi',
gyp info spawn args   '-Dlibrary=shared_library',
gyp info spawn args   '-Dvisibility=default',
gyp info spawn args   '-Dnode_root_dir=/Users/nfantone/.node-gyp/8.10.0',
gyp info spawn args   '-Dnode_gyp_dir=/Users/nfantone/.nvm/versions/node/v8.10.0/lib/node_modules/npm/node_modules/node-gyp',
gyp info spawn args   '-Dnode_lib_file=/Users/nfantone/.node-gyp/8.10.0/<(target_arch)/node.lib',
gyp info spawn args   '-Dmodule_root_dir=/Users/nfantone/prj/fb/lambda-api-key-token-authorizer/node_modules/paseto.js',
gyp info spawn args   '-Dnode_engine=v8',
gyp info spawn args   '--depth=.',
gyp info spawn args   '--no-parallel',
gyp info spawn args   '--generator-output',
gyp info spawn args   'build',
gyp info spawn args   '-Goutput_dir=.' ]

[email protected] (latest 8.x), which is what Travis is using to build and test this repository, works fine, but previous versions do not.

This is particularly inconvenient if working with environments where node version is locked, such as AWS Lambda.

Publish to NPM and usage example

You should Publish to NPM and add usage example 😄 Even if you tag it with version 0.3.0 or something.

Thanks for this!

The verify method assumes the content of the token message is UTF-8

In the verify method the last thing it does is call `toString('utf-8') on the data buffer. https://github.com/sjudson/paseto.js/blob/master/lib/protocol/V2.js#L321

In our case our message is binary because we are sending a compressed message. The fact that it is returned as UTF-8 breaks the message and makes it impossible for us to unzip it.

Is there anything in the Paseto spec that says the message has to be UTF-8? If not can this default be removed? Either the original data buffer could be returned, or maybe an option can be provided to specify the content encoding.

Thanks,
Mark

Paseto makes Node crash?

I'm using Node version 8.12.0 and as soon as I include Paseto.js, nodemon crashes:
[nodemon] app crashed - waiting for file changes before starting...

I don't know how to get more logs for you or what the issue is. I also have no way of testing on a different computer.

I removed my node_modules and reinstalled everything. The version installed is 0.1.2.

I simply add const Paseto = require('paseto.js') to any file.

Can someone test this also?

How can I provide more logs?

Thanks!

Could not install

Hi everyone,
I'm running npm install -D paseto.js

First I was getting an error in node-gyp rebuild which brought me to python is missing

I have installed the windows-build-tools on node (npm install --global windows-build-tools)
and now it appears the package is building but it spits out errors?
`
PS C:\Users\Pietro\projects\x> npm install -D paseto.js

[email protected] install C:\Users\Pietro\projects\x\node_modules\paseto.js
node-gyp rebuild

C:\Users\Pietro\projects\x\node_modules\paseto.js>if not defined npm_config_node_gyp (node "C:\Program Files\nodejs\node_modules\npm\node_modules\npm-lifecycle\node-gyp-bin\....\node_modules\node-gyp\bin\node-gyp.js" rebuild ) else (node "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" rebuild )
Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
extcrypto.cc
win_delay_load_hook.cc
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(27): error C2660: 'v8::Function::Call': function does not take 3 arguments [C:\Users\Pietro\projects\x\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro.node-gyp\12.6.0\include\node\v8.h(4148): note: see declaration of 'v8::Function::Call' (compiling source file ..\extcrypto\extcrypto.cc)
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(35): error C2660: 'v8::Function::Call': function does not take 3 arguments [C:\Users\Pietro\projects\x\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro.node-gyp\12.6.0\include\node\v8.h(4148): note: see declaration of 'v8::Function::Call' (compiling source file ..\extcrypto\extcrypto.cc)
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(56): warning C4996: 'v8::String::NewFromUtf8': was declared deprecated [C:\Users\Pietro\projects\GameServices\FitXR
.AdminPortal\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro.node-gyp\12.6.0\include\node\v8.h(2890): note: see declaration of 'v8::String::NewFromUtf8'
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(74): warning C4996: 'v8::String::NewFromUtf8': was declared deprecated [C:\Users\Pietro\projects\GameServices\FitXR
.AdminPortal\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro.node-gyp\12.6.0\include\node\v8.h(2890): note: see declaration of 'v8::String::NewFromUtf8'
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(92): warning C4996: 'v8::String::NewFromUtf8': was declared deprecated [C:\Users\Pietro\projects\GameServices\FitXR
.AdminPortal\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro.node-gyp\12.6.0\include\node\v8.h(2890): note: see declaration of 'v8::String::NewFromUtf8'
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(115): error C2664: 'v8::String::Utf8Value::Utf8Value(const v8::String::Utf8Value &)': cannot convert argument 1 fro
m 'v8::Localv8::String' to 'const v8::String::Utf8Value &' [C:\Users\Pietro\projects\x\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(115): note: Reason: cannot convert from 'v8::Localv8::String' to 'const v8::String::Utf8Value'
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(115): note: No user-defined-conversion operator available that can perform this conversion, or the operator canno
t be called
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(130): warning C4996: 'v8::String::NewFromUtf8': was declared deprecated [C:\Users\Pietro\projects\GameServices\FitX
R.AdminPortal\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro.node-gyp\12.6.0\include\node\v8.h(2890): note: see declaration of 'v8::String::NewFromUtf8'
c:\users\pietro\projects\x\node_modules\paseto.js\extcrypto\extcrypto.cc(147): warning C4996: 'v8::String::NewFromUtf8': was declared deprecated [C:\Users\Pietro\projects\GameServices\FitX
R.AdminPortal\node_modules\paseto.js\build\extcrypto_addon.vcxproj]
c:\users\pietro.node-gyp\12.6.0\include\node\v8.h(2890): note: see declaration of 'v8::String::NewFromUtf8'
gyp ERR! build error
gyp ERR! stack Error: C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\MSBuild\15.0\Bin\MSBuild.exe failed with exit code: 1
gyp ERR! stack at ChildProcess.onExit (C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\lib\build.js:262:23)
gyp ERR! stack at ChildProcess.emit (events.js:203:13)
gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
gyp ERR! System Windows_NT 10.0.17763
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Program Files\nodejs\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\Pietro\projects\x\node_modules\paseto.js
gyp ERR! node -v v12.6.0
gyp ERR! node-gyp -v v3.8.0
gyp ERR! not ok
npm WARN rollback Rolling back [email protected] failed (this is probably harmless): EPERM: operation not permitted, scandir 'C:\Users\Pietro\projects\x\node_modules\fsevents\node_modules'
npm WARN [email protected] requires a peer of popper.js@^1.14.7 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] No repository field.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\Pietro\AppData\Roaming\npm-cache_logs\2019-07-11T15_18_06_113Z-debug.log
`

Remove C++ OpenSSL Bindings

At the moment, the extcrypto.cc script [0] is used to provide two cryptographic functionalities: (i) generating RSA key material; and (ii) loading RSA key material stored in the .pem format.

As of Node 11, this functionality is available in the builtin crypto module, the former introduced in v10.12.0 [1] and the latter in v11.16.0[2]. As of May 1, 2021, Node v10 will no longer be supported [3]. As such, at that time the extcrypto module should be removed (as well as the dependency on nan) and the builtin functionalities used instead.

[0] https://github.com/sjudson/paseto.js/blob/master/extcrypto/extcrypto.cc
[1] https://nodejs.org/api/crypto.html#crypto_crypto_generatekeypair_type_options_callback
[2] https://nodejs.org/api/crypto.html#crypto_crypto_createprivatekey_key
[3] https://nodejs.org/en/about/releases/

Cannot resolve dependency '../build/Release/extcrypto_addon'

When compiling for the browser using Parcel I get the error:

🚨  ./node_modules/paseto.js/extcrypto/index.js:1:35: 
Cannot resolve dependency '../build/Release/extcrypto_addon' at './node_modules/paseto.js/build/Release/extcrypto_addon'

Would it be possible to make the import of extcrypto_addon conditional at compile time for the browser?

Some V2 functions seem to work fine when I comment the extcrypto_addon line, thanks to Parcel's automatic import of node-libs-browser.

	if (!(key.protocol() instanceof V2)) {
	return done(new InvalidVersionError('The given key is not intended for this version of PASETO.'));
	}