Authenticated and encrypted API tokens using modern crypto
Branca Token
Authenticated and encrypted API tokens using modern crypto.
What?
Branca is a secure easy to use token format which makes it hard to shoot yourself in the foot. It uses IETF XChaCha20-Poly1305 AEAD symmetric encryption to create encrypted and tamperproof tokens. Payload itself is an arbitrary sequence of bytes. You can use for example a JSON object, plain text string or even binary data serialized by MessagePack or Protocol Buffers.
This specification defines the external format and encryption scheme of the token to help developers create their own implementations. Branca is closely based on Fernet specification.
Design Goals
Secure
Easy to implement
Small token size
Token Format
Branca token consists of header, ciphertext and an authentication tag. Header consists of version, timestamp and nonce. Putting…
Branca
tuupola / branca-spec
Authenticated and encrypted API tokens using modern crypto
Branca Token
Authenticated and encrypted API tokens using modern crypto.
What?
Branca is a secure easy to use token format which makes it hard to shoot yourself in the foot. It uses IETF XChaCha20-Poly1305 AEAD symmetric encryption to create encrypted and tamperproof tokens. Payload itself is an arbitrary sequence of bytes. You can use for example a JSON object, plain text string or even binary data serialized by MessagePack or Protocol Buffers.
Although not a goal, it is possible to use Branca as an alternative to JWT. Also see getting started instructions.
This specification defines the external format and encryption scheme of the token to help developers create their own implementations. Branca is closely based on Fernet specification.
Design Goals
Token Format
Branca token consists of header, ciphertext and an authentication tag. Header consists of version, timestamp and nonce. Putting…
'makes it hard to shoot yourself in the foot', now you need the secret on the client to decrypt?