PASETO is a draft RFC spec. It defines two token types: local and public. Local tokens are symmetrically encrypted with a shared secret key (i.e. no one can view the contents of the local PASETO unless they have the correct key). Public tokens are readable by anyone with a validated public key. Nobody can access a token without a key.
Okta has developed an open-source PASETO library: JPaseto. It is Java-based, and is modeled off of the JJWT project. JJWT is the most popular JWT library for Java developers. JPaseto has the same feature set of JJWT in half the number of code lines.