#fernet #cryptography #aead #xchacha20-poly1305


Authenticated encrypted API tokens for Rust. A secure alternative to JWT.

10 releases (5 breaking)

0.10.1 Feb 1, 2022
0.10.0 Nov 29, 2020
0.9.2 Aug 31, 2020
0.9.1 May 10, 2020
0.1.1 Nov 26, 2018

#130 in Authentication

Download history 90/week @ 2023-08-13 99/week @ 2023-08-20 98/week @ 2023-08-27 137/week @ 2023-09-03 92/week @ 2023-09-10 53/week @ 2023-09-17 43/week @ 2023-09-24 58/week @ 2023-10-01 66/week @ 2023-10-08 64/week @ 2023-10-15 82/week @ 2023-10-22 108/week @ 2023-10-29 123/week @ 2023-11-05 92/week @ 2023-11-12 107/week @ 2023-11-19 166/week @ 2023-11-26

491 downloads per month
Used in 3 crates

MIT license

556 lines

Branca - A secure alternative token format to JWT

Crate Documentation License CI
Crates.io Docs License CI

Branca is a secure alternative token format to JWT. This implementation is written in pure Rust and uses the XChaCha20-Poly1305 AEAD (Authenticated Encryption with Associated Data) stream cipher for generating authenticated and encrypted tamper-proof tokens. More information about the Branca token specification can be found here in branca-spec.


NOTE: Branca uses Orion for its cryptographic primitives and due to Orion not receiving any formal security audit, the same security risks that Orion has also applies to this Branca implementation if one uses it in production. For a better understanding about the security risks involved, see the Orion wiki.

⚠️ Use at your own risk. ⚠️


  • Rust 1.52
  • Cargo


Add this line into your Cargo.toml under the dependencies section:

branca = "^0.10.0"
getrandom = "^0.2.3"

Then you can import the crate into your project with these lines:

extern crate getrandom;
extern crate branca;
use branca::{Branca, encode, decode};

Example Usage

The simplest way to use this crate is to use Branca::new() in this example below:

    let mut key = [0u8; 32];
    getrandom::getrandom(&mut key).unwrap();

    let mut token = Branca::new(&key).unwrap();
    let ciphertext = token.encode(b"Hello World!").unwrap();

    let payload = token.decode(ciphertext.as_str(), 0).unwrap();
    println!("{}", payload); // "Hello World!"

See more examples of setting fields in the Branca struct and in the Documentation section.

Direct usage without Branca builder.


let mut key = [0u8; 32];
getrandom::getrandom(&mut key).unwrap();

let message = b"Hello world!";
let timestamp = 123206400;
let branca_token = encode(message, &key, timestamp).unwrap();

// branca_token = 875GH233T7.......


let ciphertext = branca_token.as_str();
let ttl = 0; // The ttl can be used to determine if the supplied token has expired or not.
let decoded = decode(ciphertext, &key, ttl);

if decoded.is_err() {
    // Error
} else {
    let msg = decoded.unwrap(); 
    // msg = "Hello world!"

Encode/Decode arbitrary data structures with Serde.

Since Branca is able to work with any format of data in the payload, it is possible for the payload to be anything from a JSON object, plaintext, raw bytes, protocol buffers or even a JWT.

Here is an example of using Branca to encode/decode a typical JSON object with serde_json.

Add the following into your Cargo.toml file:

branca = "^0.10.0"
serde_json = "^1.0"
serde_derive = "1.0.97"

extern crate serde_json;
extern crate serde_derive;
extern crate branca;
extern crate getrandom;

use branca::{encode, decode};

#[derive(Serialize, Deserialize, Debug)]
struct User {
    user: String,
    scope: Vec<String>,

fn main(){

    let message = json!({
        "user" : "someone@example.com",
        "scope":["read", "write", "delete"],

    let mut key = [0u8; 32];
    getrandom::getrandom(&mut key).unwrap();
    let mut token = Branca::new(&key).unwrap();
    // Encode Message
    let branca_token = token.encode(message.as_bytes()).unwrap();
    // Decode Message
    let payload = token.decode(branca_token.as_str(), 0).unwrap();

    let json: User = serde_json::from_str(payload.as_str()).unwrap();

    println!("{}", branca_token);
    println!("{}", payload);
    println!("{:?}", json);

Branca uses Orion to generate secure random nonces when using the encode() and builder methods. By default, Branca does not allow setting the nonce directly since that there is a risk that it can be reused by the user which is a foot-gun.

The nonce generated must be 24 bytes in length. Keys must be 32 bytes in length.


cargo build


cargo test


Contributions and patches are welcome! Fork this repository, add your changes and send a PR.

Before you send a PR, make sure you run cargo test first to check if your changes pass the tests.

If you would like to fix a bug or add a enhancement, please do so in the issues section and provide a short description about your changes.




~94K SLoC