4. @rdegges @oktadev
What are cryptographic signatures?
Greetings,
I am writing to inform you
that you are the great
grandson of a very wealthy
king.
I've been attempting to
contact you to transfer
your inheritance. Please
send me your bank
account details so I can
initiate the transfer ASAP.
Sincerely yours,
Randall Degges
I know who Randall is. I know what
his signature looks like. I trust him.
Therefore, I trust this information.
5. @rdegges @oktadev
What are PASETOs for?
Proving that JSON
data can be trusted.
{
"name": "Randall Degges",
"height": "6'0",
"eyeColor": "brown"
}
single-use only
short duration
P
6. @rdegges @oktadev
What does a PASETO look like?
P
v2.public.eyJpZCI6ICJjNDQ1NDY1Mi05NWExLTQ2MzktODA0Y
y0yZjc2MTVhNGMwMjciLCAibmFtZSI6ICJSYW5kYWxsIERlZ2dl
cyIsICJleHAiOiAiMjAxOS0xMC0xMFQxMTowNDozNS0wNzowMCJ
9rUy35ian_44WAlMLVi5Wk4GGvDlmCpEWkldn1CH3RgLfo-VUWm
xC9EPTBY8l0uoomavACbAIoo1OiGVNMew1Bw.eyJraWQiOiAiMT
IzNDUifQbase64-encoded
URL safe!
7. @rdegges @oktadev
What does a PASETO look like?
P
v2.public.eyJpZCI6ICJjNDQ1NDY1Mi05NWExLTQ2MzktODA0Y
y0yZjc2MTVhNGMwMjciLCAibmFtZSI6ICJSYW5kYWxsIERlZ2dl
cyIsICJleHAiOiAiMjAxOS0xMC0xMFQxMTowNDozNS0wNzowMCJ
9rUy35ian_44WAlMLVi5Wk4GGvDlmCpEWkldn1CH3RgLfo-VUWm
xC9EPTBY8l0uoomavACbAIoo1OiGVNMew1Bw.eyJraWQiOiAiMT
IzNDUifQ
version
8. @rdegges @oktadev
What does a PASETO look like?
P
v2.public.eyJpZCI6ICJjNDQ1NDY1Mi05NWExLTQ2MzktODA0Y
y0yZjc2MTVhNGMwMjciLCAibmFtZSI6ICJSYW5kYWxsIERlZ2dl
cyIsICJleHAiOiAiMjAxOS0xMC0xMFQxMTowNDozNS0wNzowMCJ
9rUy35ian_44WAlMLVi5Wk4GGvDlmCpEWkldn1CH3RgLfo-VUWm
xC9EPTBY8l0uoomavACbAIoo1OiGVNMew1Bw.eyJraWQiOiAiMT
IzNDUifQ
version
purpose
9. @rdegges @oktadev
What does a PASETO look like?
P
v2.public.eyJpZCI6ICJjNDQ1NDY1Mi05NWExLTQ2MzktODA0Y
y0yZjc2MTVhNGMwMjciLCAibmFtZSI6ICJSYW5kYWxsIERlZ2dl
cyIsICJleHAiOiAiMjAxOS0xMC0xMFQxMTowNDozNS0wNzowMCJ
9rUy35ian_44WAlMLVi5Wk4GGvDlmCpEWkldn1CH3RgLfo-VUWm
xC9EPTBY8l0uoomavACbAIoo1OiGVNMew1Bw.eyJraWQiOiAiMT
IzNDUifQ
version
purpose
payload
10. @rdegges @oktadev
What does a PASETO look like?
P
v2.public.eyJpZCI6ICJjNDQ1NDY1Mi05NWExLTQ2MzktODA0Y
y0yZjc2MTVhNGMwMjciLCAibmFtZSI6ICJSYW5kYWxsIERlZ2dl
cyIsICJleHAiOiAiMjAxOS0xMC0xMFQxMTowNDozNS0wNzowMCJ
9rUy35ian_44WAlMLVi5Wk4GGvDlmCpEWkldn1CH3RgLfo-VUWm
xC9EPTBY8l0uoomavACbAIoo1OiGVNMew1Bw.eyJraWQiOiAiMT
IzNDUifQ
version
purpose
payload footer
12. @rdegges @oktadev
key name type example
iss Issuer string {"iss": "okta.com"}
sub Subject string {"sub": "test"}
aud Audience string {"aud": "okta.com"}
exp Expiration DateTime {"exp": "2019-10-31T00:00:00+00:00"}
nbf Not Before DateTime {"nbf": "2019-10-31T00:00:00+00:00"}
iat Issued At DateTime {"iat": "2019-10-31T00:00:00+00:00"}
jti Token ID string {"jti": "ac478bc0-c73a-4a2c-8f00-186456cf8d88")
kid Key-ID string {"kid": "stored in footer"}
Who created the token?
When does the token expire?
When was the token created?
13. @rdegges @oktadev
What are the different types of PASETOs?
P P
local public
symmetric shared key
simple
asymmetricpublic key
complicated
encrypted
not encrypted
14. @rdegges @oktadev
How do local PASETOs work?
v2.local.vB7daJlQOL5sY8mQa_FWb6ZYbkNi8yeRqI-DCFNEPTYEu7ItQH
MMM5jzD_fw-G7l-AXJRBj3E9jxx9-JS5eG436WGUn03zYp2nuV3PVqppEyR
P9LoZ1TTBREhR182NRcNYqUkM8FfazWegWcLc1gSzFXx0Kge4U7XHtAlliT
rR8p09hH6qVpqAsgMdp00ao66JX_mxlEjkL3y784CoAK-gyy_ZZ1WzAvYAj
QApl859RxnB9uLMpb-VURmetmrw9sC_Iw27to46ulTcMxx_KoSBem9eSG5M
4bvNQC5YFeDLIM2HXDf35YIo50.eyJraWQiOiAiMTIzNDUifQ
secret_key
{ json }
fuck
The secret_key is needed to
both encrypt and decrypt
the PASETO.
15. @rdegges @oktadev
How do I use local PASETOs?
www.
P
secret_key
dl.
{
"purchaseID": "1234567",
"permissions": [
"download:video1.mp4",
"download:video2.mp4",
"download:video3.mp4"
]
}
?token=v2.local.xxx&
file=video1.mp4
- Parse URL params
- Decrypt token
- Verify purchaseID
- Verify permissions
- Stream file to user
video1.mp4
I want to download
video1.mp4.
secret_key
- Validate request
- Generate PASETO
- Redirect
16. @rdegges @oktadev
How do public PASETOs work?
v2.public.vB7daJlQOL5sY8mQa_FWb6ZYbkNi8yeRqI-DCFNEPTYEu7ItQ
HMMM5jzD_fw-G7l-AXJRBj3E9jxx9-JS5eG436WGUn03zYp2nuV3PVqppEy
RP9LoZ1TTBREhR182NRcNYqUkM8FfazWegWcLc1gSzFXx0Kge4U7XHtAlli
TrR8p09hH6qVpqAsgMdp00ao66JX_mxlEjkL3y784CoAK-gyy_ZZ1WzAvYA
jQApl859RxnB9uLMpb-VURmetmrw9sC_Iw27to46ulTcMxx_KoSBem9eSG5
M4bvNQC5YFeDLIM2HXDf35YIo50.eyJraWQiOiAiMTIzNDUifQ
private key
{ json }
I can see the data.
The private key is needed to
create the PASETO. The
public key is need to
validate the PASETO.
public key
17. @rdegges @oktadev
How do I use public PASETOs?
website
P
public_key
authorization
server
private_key
public_key
{
"userID": "1234567"
}
I'd like to log in.
- Authenticate the user
- Generate a PASETO
- Redirect the user back to
the website
?token=v2.public.xxx
- Parse the token out of the URL
- Validate the token
- Create a secure session using
server-side session management
19. @rdegges @oktadev
What's wrong with JWTs?
Allows poor cryptography choices
- RSA w/ PKCS #1v1.5 padding
- RSA w/ OAEP Padding
- Elliptic Curve Diffie-Hellman (ECDH)
using Weierstrass curves
- AES-GCM
They're widely misused.
Force implementations to
strictly process the alg header.
This causes forgery issues.
Vulnerable to a padding
oracle attack.
Cryptographers recommend
migrating away from RSA.
Introduces risk of invalid-curve attacks
that allow attackers to steal your secret
keys.
This is the wrong type of
cryptography entirely. Using
symmetric encryption when
asymetric is needed.