Update README.md

scottbrady91 · Mar 29, 2024 · 4f010f2 · 4f010f2
1 parent d209d1f
commit 4f010f2
Showing 1 changed file with 41 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -5,17 +5,18 @@
 Helper libraries for tokens and cryptography in .NET.
 
 - EdDSA support for JWTs (Ed25519 and Ed448)
-- Branca tokens with JWT style validation
-- PASETO (v1.public & v2.public) with JWT style validation
 - Base16 (hex) and Base62 encoders
 - `passwordrule` attribute support for ASP.NET Identity
 - [Samples](https://github.com/scottbrady91/IdentityModel/tree/master/samples/ScottBrady.IdentityModel.Samples.AspNetCore) in ASP.NET Core
+- ~~Branca tokens with JWT style validation~~ (deprecated due to low usage of Branca)
+- ~~PASETO (v1.public & v2.public) with JWT style validation~~ (deprecated due to low usage of PASETO)
 
 **Feature requests welcome. Please see SECURITY.md for responsible disclosure policy.**
 
 ## EdDSA support
 
-EdDSA is a modern signing algorithm, not yet supported out of the box in .NET. This library provides some useful abstractions around the Bouncy Castle (software) implementation of EdDSA.
+EdDSA is a modern signing algorithm that is not yet supported out of the box in .NET.
+This library provides some useful abstractions around the Bouncy Castle (software) implementation of EdDSA.
 
 ```csharp
 // create EdDSA new key pair
@@ -29,9 +30,30 @@ EdDsa.Create(new EdDsaParameters(ExtendedSecurityAlgorithms.Curves.Ed25519)
 new EdDsaSecurityKey(EdDsa.Create(ExtendedSecurityAlgorithms.Curves.Ed25519))
 ```
 
-## Branca Tokens
+## Base16 (hex) Encoding
+
+Base16 allows you to encode and decode hexadecimal strings.
+
+```csharp
+var plaintext = "hello world"; // encoded = 68656c6c6f20776f726c64
+string encoded = Base16.Encode(Encoding.UTF8.GetBytes(plaintext));
+```
 
-[Branca](https://branca.io/) is token construct suitable for internal systems. The payload is encrypted using XChaCha20-Poly1305, using a 32-byte symmetric key.
+## Base62 Encoding
+
+Base62 encoding uses the `0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz` character set.
+
+```csharp
+var plaintext = "hello world"; // encoded = AAwf93rvy4aWQVw
+string encoded = Base62.Encode(Encoding.UTF8.GetBytes(plaintext));
+```
+
+## JWT alternatives (deprecated)
+
+### Branca Tokens
+
+[Branca](https://branca.io/) is a token construct suitable for internal systems.
+The payload is encrypted using XChaCha20-Poly1305, using a 32-byte symmetric key.
 
 This library supports the creation of Branca tokens with an arbitrary payload or using a JWT-style payload.
 
@@ -64,11 +86,17 @@ ClaimsPrincipal principal = handler.ValidateToken(
     }, out SecurityToken parsedToken);
 ```
 
-## PASETO
+> [!IMPORTANT]
+> Branca support is now deprecated and only supports Microsoft.IdentityModel 6.35.0.
+> This is due to the low usage of this library and the Branca project as a whole.
+
+### PASETO
 
-[PASETO](https://paseto.io/) is a competing standard to JOSE & JWT that offers a versioned ciphersuite. This library currently implements `v1` and `v2` for the `public` purpose, suitable for zero-trust systems such as an OAuth authorization server.
+[PASETO](https://paseto.io/) is a competing standard to JOSE & JWT that offers a versioned ciphersuite.
+This library currently implements `v1` and `v2` for the `public` purpose, suitable for zero-trust systems such as an OAuth authorization server.
 
-Explicit versioning allows PASETO to side-step [attacks on signature validation](https://www.rfc-editor.org/rfc/rfc8725.html#name-weak-signatures-and-insuffi) found in some JWT libraries. However, it does not mitigate any other attacks. 
+Explicit versioning allows PASETO to side-step [attacks on signature validation](https://www.rfc-editor.org/rfc/rfc8725.html#name-weak-signatures-and-insuffi) found in some JWT libraries.
+However, it does not mitigate any other attacks.
 
 If you are considering using PASETO, I recommend reading [RFC 8725 - JWT Best Current Practices](https://www.rfc-editor.org/rfc/rfc8725.html) and deciding if the interoperable JWT format is still wrong for you.
 
@@ -107,7 +135,11 @@ ClaimsPrincipal principal = handler.ValidateToken(
     }, out SecurityToken parsedToken);
 ```
 
-## API Protection with JWT Style Handler
+> [!IMPORTANT]
+> PASETO support is now deprecated and only supports Microsoft.IdentityModel 6.35.0.
+> This is due to the low usage of this library and the PASETO project as a whole.
+
+### API Protection with JWT Style Handler
 
 The Branca and PASETO token handlers can be used with the ASP.NET Core JWT bearer authentication handler.
 
@@ -122,21 +154,3 @@ services.AddAuthentication()
         options.TokenValidationParameters.ValidAudience = "me";
     })
 ```
-
-## Base16 (hex) Encoding
-
-Base16 allows you to encode and decode hexidecimal strings..
-
-```csharp
-var plaintext = "hello world"; // encoded = 68656c6c6f20776f726c64
-string encoded = Base16.Encode(Encoding.UTF8.GetBytes(plaintext));
-```
-
-## Base62 Encoding
-
-Base62 encoding uses the `0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz` character set.
-
-```csharp
-var plaintext = "hello world"; // encoded = AAwf93rvy4aWQVw
-string encoded = Base62.Encode(Encoding.UTF8.GetBytes(plaintext));
-```