|Classes of Scott Arciszewski||>||PHP PASeTo||>||docs/01-Protocol-Versions/Common.md||>||Download|
Common Implementation Details
Nearly every component in a Paseto (except for the version, purpose, and the
This is implemented in our constant-time RFC 4648 library
Multi-part messages (e.g. header, content, footer) are encoded in a specific manner before being passed to the respective cryptographic function.
The reference implementation resides in
PAE() accepts an array of strings (usually denoted as
LE64() encodes a 64-bit unsigned integer into a little-endian binary string. The most significant bit MUST be cleared for interoperability with programming languages that do not have unsigned integer support.
The first 8 bytes of the output will be the number of pieces. Typically
this is a small number (3 or 4). This is calculated by
Next, for each piece provided, the length of the piece is encoded via
An implementation may look like this:
As a consequence:
As a result, you cannot create a collision with only a partially controlled plaintext. Either the number of pieces will differ, or the length of one of the fields (which is prefixed to the input you can provide) will differ, or both.
Due to the length being expressed as an unsigned 64-bit integer, it remains infeasible to generate/transmit enough data to create an integer overflow.
This is not used to encode data prior to decryption, and no decoding function is provided or specified. This merely exists to prevent canonicalization attacks.