Bind Keys to Version and Purpose

[paragonie-security]

python-paseto/paseto/protocol/version2.py

Line 16 in 9638220

def encrypt(message: bytes, key: bytes, footer: bytes = b"") -> bytes:

python-paseto/paseto/protocol/version2.py

Line 91 in 9638220

def sign(message: bytes, secret_key: bytes, footer: bytes = b"") -> bytes:

See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md

Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local key.

[purificant]

Good call. Thanks for your feedback, appreciate it.