PASERK — PASETO Serialized Keys

PASERK (PASETO Serialized Keys) is the companion specification to PASETO. Where PASETO standardizes the token format, PASERK standardizes how the underlying keys are serialized, wrapped, and identified.

Why PASERK exists:

PASETO itself doesn't say anything about how to format keys. Without PASERK, every team would invent its own way to encode a v4.public Ed25519 key for storage or transmission — leading to incompatibilities and easy-to-make mistakes (PEM vs DER, base64 vs hex, etc.). PASERK gives a single canonical format per key type with a self-describing prefix.

PASERK types:

A PASERK string starts with a header that encodes both the PASETO version and the key role:

k4.local.<base64url-key-bytes>           — v4 symmetric key for v4.local
k4.public.<base64url-key-bytes>          — v4 Ed25519 public key
k4.secret.<base64url-key-bytes>          — v4 Ed25519 secret (private) key
k4.lid.<base64url-id>                    — v4 local key identifier (kid)
k4.pid.<base64url-id>                    — v4 public key identifier

There are corresponding k1., k2., k3. prefixes for the other PASETO versions.

Key wrapping:

PASERK includes "wrap" types — k4.local-wrap., k4.secret-wrap. — that let you encrypt one key with another. This is how you'd safely store a v4.local symmetric key inside a key management system that itself uses PASETO/PASERK keys, without exposing raw key material in plaintext config files.

Key identifiers (kid):

k4.lid and k4.pid are deterministic identifiers derived from the key bytes via BLAKE2b. They're stable, collision-resistant, and short — perfect for the kid hint in a token footer. Using PASERK kids means rotating a key automatically gives you a new, unambiguous kid string to put in the footer.

Implementations:

PASERK is implemented in the same libraries that implement PASETO — paseto.js, paseto-rs, php-paseto, etc. If you're already using PASETO in production, adopting PASERK costs nothing and saves a lot of bespoke key-format code.