PASETO (Platform-Agnostic SEcurity TOkens) was designed by Scott Arciszewski as a more opinionated, version-pinned alternative to JWT — no alg: none footguns, no algorithm confusion across versions, and exactly one safe choice per version + purpose pair. This tool splits a token into its components, surfaces the registered claims, and tells you exactly which cryptographic primitives a verifier needs to apply.
PASETO token
Structure
Format: version.purpose.payload.footer — the footer is optional. local tokens are symmetrically encrypted (AEAD); public tokens are signed and the payload is publicly readable JSON.
Token Metadata
Claims
Payload (JSON, signed but not encrypted)
Encrypted Payload Layout
Local tokens are sealed with an AEAD construction — decryption requires the symmetric key that was used at sign time. This tool intentionally does not accept keys; load the components into your PASETO library to verify and decrypt.
Footer
Footer (authenticated, but cleartext)
The footer is bound into the signature/MAC, so anyone tampering with it invalidates the token. Conventional use: kid for key rotation, or a JWK-style identifier.