diff --git a/developing-with-nats/security/creds.md b/developing-with-nats/security/creds.md index e1ecd27..cc2896e 100644 --- a/developing-with-nats/security/creds.md +++ b/developing-with-nats/security/creds.md @@ -1,6 +1,6 @@ # Authenticating with a Credentials File -The 2.0 version of NATS server introduced the idea of JWT-based authentication. Clients interact with this new scheme using a user JWT and the private key from an NKey pair. To help make connecting with a JWT easier, the client libraries support the concept of a credentials file. This file contains both the private key and the JWT and can be generated with the `nsc` tool. The contents will look like the following and should be protected because it contains a private key. This creds file is unused and only for example purposes. +The 2.0 version of NATS server introduced the idea of decentralized authentication based on [JSON Web Tokens \(JWT\)](https://jwt.io/). Clients interact with this new scheme using a [user JWT](../../nats-server/configuration/securing_nats/auth_intro/jwt_auth.md) and corresponding [NKey](../../nats-server/configuration/securing_nats/auth_intro/nkey_auth.md) private key. To help make connecting with a JWT easier, the client libraries support the concept of a credentials file. This file contains both the private key and the JWT and can be generated with the `nsc` [tool](../../nats-tools/nsc/README.md). The contents will look like the following and should be protected because it contains a private key. This creds file is unused and only for example purposes. ```text -----BEGIN NATS USER JWT----- diff --git a/developing-with-nats/security/nkey.md b/developing-with-nats/security/nkey.md index c5c87f6..7479d6b 100644 --- a/developing-with-nats/security/nkey.md +++ b/developing-with-nats/security/nkey.md @@ -1,6 +1,6 @@ # Authenticating with an NKey -The 2.0 version of NATS server introduces a new challenge response authentication option. This challenge response is based on a wrapper we call NKeys which uses [Ed25519](https://ed25519.cr.yp.to/) signing. The server can use these keys in several ways for authentication. The simplest is for the server to be configured with a list of known public keys and for the clients to respond to the challenge by signing it with its private key. This challenge-response ensures security by ensuring that the client has the private key, but also protects the private key from the server which never has to actually see it. +The 2.0 version of NATS server introduces a new challenge response authentication option. This challenge response is based on a wrapper we call [NKeys](../../nats-server/configuration/securing_nats/auth_intro/nkey_auth.md). The server can use these keys in several ways for authentication. The simplest is for the server to be configured with a list of known public keys and for the clients to respond to the challenge by signing it with its private key. (A printable private NKey is refered to as seed). This challenge-response ensures security by ensuring that the client has the private key, but also protects the private key from the server which never has to actually see it. Handling challenge response may require more than just a setting in the connection options, depending on the client library. diff --git a/developing-with-nats/security/userpass.md b/developing-with-nats/security/userpass.md index 2f661b5..755a043 100644 --- a/developing-with-nats/security/userpass.md +++ b/developing-with-nats/security/userpass.md @@ -6,7 +6,7 @@ For this example, start the server using: > nats-server --user myname --pass password ``` -You can encrypt passwords to pass to `nats-server` using a simple tool provided by the server: +You can encrypt passwords to pass to `nats-server` using a simple [tool](../../nats-tools/mkpasswd.md) provided by the server: ```bash > go run mkpasswd.go -p