API Reference¶

A Python implementation of PASETO <https://pyseto.readthedocs.io>

pyseto.encode(key: pyseto.key_interface.KeyInterface, payload: Union[bytes, str], footer: Union[bytes, str] = b'', implicit_assertion: Union[bytes, str] = b'', nonce: bytes = b'') → bytes[source]¶

Encodes a message to a PASETO token with a key.

Parameters

key (KeyInterface) – A key for encryption or signing.
payload (Union[bytes, str]) – A message to be encrypted or signed.
footer (Union[bytes, str]) – A footer.
implicit_assertion (Union[bytes, str]) – An implicit assertion.
nonce (bytes) – A nonce. If omitted(it’s recommended), a nonce will be generated with secrets.token_bytes() internally. If you don’t want ot use secrets.token_bytes(), you can specify it via this parameter explicitly.

Returns

A PASETO token.

Return type

bytes

Raises

ValueError – Invalid arguments.
EncryptError – Failed to encrypt the message.
SignError – Failed to sign the message.

pyseto.decode(keys: Union[pyseto.key_interface.KeyInterface, List[pyseto.key_interface.KeyInterface]], token: Union[bytes, str], implicit_assertion: Union[bytes, str] = b'') → pyseto.token.Token[source]¶

Decodes a PASETO token with a key.

Parameters

key (KeyInterface) – A key for decryption or verifying the signature in the token.
token (Union[bytes, str]) – A PASETO token to be decrypted or verified.
implicit_assertion (Optional[Union[bytes, str]]) – An implicit assertion.

Returns

A parsed PASETO token object.

Return type

Token

Raises

ValueError – Invalid arguments.
DecryptError – Failed to decrypt the message.
VerifyError – Failed to verify the message.

class pyseto.Key[source]¶

Bases: object

static new(version: str, type: str, key: Union[bytes, str] = b'')[source]¶

static from_asymmetric_key_params(version: str, x: bytes = b'', y: bytes = b'', d: bytes = b'')[source]¶

exception pyseto.PysetoError[source]¶

Bases: Exception

Base class for all exceptions.

exception pyseto.DecryptError[source]¶

Bases: pyseto.exceptions.PysetoError

An Exception occurred when an decryption process failed.

exception pyseto.EncryptError[source]¶

Bases: pyseto.exceptions.PysetoError

An Exception occurred when an encryption process failed.

exception pyseto.NotSupportedError[source]¶

Bases: pyseto.exceptions.PysetoError

An Exception occurred when the function is not supported for the key object.

exception pyseto.SignError[source]¶

Bases: pyseto.exceptions.PysetoError

An Exception occurred when a signing process failed.

exception pyseto.VerifyError[source]¶

Bases: pyseto.exceptions.PysetoError

An Exception occurred when a verification process failed.

class pyseto.key_interface.KeyInterface(version: str, type: str, key: Any)[source]¶

Bases: object

The key interface class for PASETO.

paseto.Key.new returns an object which has this interface.

property version: str¶: The version of the key. It will be "v1", "v2", "v3" or "v4".

property type: str¶: The type (purpose) of the key. It will be "local" or "public".

property header: bytes¶: The header value for a PASETO token. It will be "<version>.<type>.". For example, "v1.local.".

encrypt(payload: bytes, footer: bytes = b'', implicit_assertion: bytes = b'', nonce: bytes = b'') → bytes[source]¶

Encrypts a message to a PASETO token with the key.

This function is calld in paseto.encode so you don’t need to call it directly.

Parameters

payload (bytes) – A message to be encrypted which will be the payload part of the PASETO token.
footer (bytes) – A footer.
implicit_assertion (bytes) – An implicit assertion.
nonce (bytes) – A nonce.

Returns

A PASETO token.

Return type

bytes

Raises

ValueError – Invalid arguments.
EncryptError – Failed to encrypt the message.
NotSupportedError – The key does not support the operation.

decrypt(payload: bytes, footer: bytes = b'', implicit_assertion: bytes = b'') → bytes[source]¶

Decrypts an encrypted PASETO token with the key.

This function is calld in paseto.decode so you don’t need to call it directly.

Parameters

payload (bytes) – A message to be decrypted which is the payload part of the PASETO token.
footer (bytes) – A footer.
implicit_assertion (bytes) – An implicit assertion.

Returns

A dcrypted payload.

Return type

bytes

Raises

ValueError – Invalid arguments.
DecryptError – Failed to decrypt the message.
NotSupportedError – The key does not support the operation.

sign(payload: bytes, footer: bytes = b'', implicit_assertion: bytes = b'') → bytes[source]¶

Signs a message with the key and makes a PASETO token.

This function is calld in paseto.encode so you don’t need to call it directly.

Parameters

payload (bytes) – A message to be signed and encoded which will be the payload part of the PASETO token.
footer (bytes) – A footer.
implicit_assertion (bytes) – An implicit assertion.
nonce (bytes) – A nonce.

Returns

A PASETO token.

Return type

bytes

Raises

ValueError – Invalid arguments.
EncryptError – Failed to sign the message.
NotSupportedError – The key does not support the operation.

verify(payload: bytes, footer: bytes = b'', implicit_assertion: bytes = b'') → bytes[source]¶

Verifies and decodes a signed PASETO token with the key.

This function is calld in paseto.decode so you don’t need to call it directly.

Parameters

payload (bytes) – A message to be verified and decoded which is the payload part of the PASETO token.
footer (bytes) – A footer.
implicit_assertion (bytes) – An implicit assertion.

Returns

A verified and decoded payload.

Return type

bytes

Raises

ValueError – Invalid arguments.
DecryptError – Failed to verify the message.
NotSupportedError – The key does not support the operation.

class pyseto.token.Token(version: str, purpose: str, payload: bytes, footer: bytes = b'')[source]¶

Bases: object

The parsed PASETO token class.

classmethod new(token: Union[bytes, str])[source]¶

property version: str¶

property purpose: str¶

property header: bytes¶

property payload: bytes¶

property footer: bytes¶