0

My secret key was generated using PHP Paseto V3 with openssl_random_pseudo_bytes(32) and then converted from bin to hex. Now I need to decrypt and verify Paseto token using node.js and paseto library (https://github.com/panva/paseto). I don't understand why my secret key returns an error that the length is invalid. It was generated using 32 bytes.

The code:

const paseto = require('paseto');
const { V3: { decrypt } } = paseto;

(async () => {
  {
    const payload = await decrypt("example_token", "b244ac595fbe3a6ea8c3fad93f66d15221121428fd03dcccf32203e364f504ed")
  }
})()

An error in node.js: TypeError: v3.local secret key must be 32 bytes long symmetric key

Jacobino
  • 1
  • 2
  • A friendly tip, NEVER EVER paste any kind of token to SO or any other public site. More than many companies lost their data because of careless pastes :) – Simas Joneliunas Jul 24 '22 at 05:06
  • @SimasJoneliunas Yeah sure! The secret pasted here is not the secret I’m using in my app. It was generated just for example purposes. – Jacobino Jul 24 '22 at 08:24

1 Answers1

0

I figured it out! Solution here and more details here: https://github.com/panva/paseto/discussions/32

Jacobino
  • 1
  • 2
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jul 25 '22 at 01:55