PASETO (v4)

Decode/verify (v4.public) and decrypt (v4.local) PASETO tokens. Provide the appropriate key to verify or decrypt.

Token

Public key (Ed25519, base64url) for v4.public

Symmetric key (32 bytes, base64url) for v4.local

Footer (optional, for AAD)

Result

Paste a token to decode

—

How to Use

Paste PASETO Token

Input your PASETO v4 token. The tool supports both 'v4.public' (signed) and 'v4.local' (encrypted) formats.

Provide the Key

For 'v4.public', provide the Ed25519 public key to verify. For 'v4.local', provide the 32-byte symmetric key for decryption.

View Decrypted Content

The results, including the payload and footer, are displayed instantly. For signed tokens, the signature status is also shown.

Frequently Asked Questions

What is PASETO?

PASETO (Platform-Agnostic Security Tokens) is a secure alternative to JOSE (JWT, JWS, JWE). It's designed to avoid the common security pitfalls of JWT by providing 'golden' cryptographic defaults.

Why use PASETO v4?

Version 4 (v4) of PASETO uses modern, fast, and secure primitives like Ed25519 for signing and XChaCha20-Poly1305 for symmetric encryption.

What is the 'footer' in PASETO?

The footer is an optional, unencrypted part of the token that can carry additional metadata. It's often used for key identification or non-sensitive context.