taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

Gramarly

Browse Source
This commit is contained in:
Alberto Ricart
2019-05-20 17:51:27 -05:00
parent a1c12370c2
commit 5da9b66f5e
133 changed files with 246 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/nats_server/nkey_auth.html
View File

@@ -1857,10 +1857,10 @@
<section class="normal markdown-section">
<h2 id="nkey-authentication">NKey Authentication</h2>
<p>NKeys are a new highly secure public-key signature system based on <a href="https://ed25519.cr.yp.to/" target="_blank">Ed25519</a>.</p>
<p>NKeys are a new, highly secure public-key signature system based on <a href="https://ed25519.cr.yp.to/" target="_blank">Ed25519</a>.</p>
<p>With NKeys the server can verify identities without ever storing secrets on the server. The authentication system works by requiring a connecting client to provide its public key and digitally sign a challenge with its private key. The server generates a random challenge with every connection request, making it immune to playback attacks. The generated signature is validated against the provided public key, thus proving the identity of the client. If the public key is known to the server, authentication succeeds.</p>
<blockquote>
<p>NKey is an awesome replacement for token authentication, because a connecting client will have to prove it controls the private key for the authorized public key.</p>
<p>NKey is an excellent replacement for token authentication because a connecting client will have to prove it controls the private key for the authorized public key.</p>
</blockquote>
<p>To generate nkeys, you&apos;ll need the <a href="../nats_tools/nk.html"><code>nk</code> tool</a>.</p>
<h3 id="generating-nkeys-and-configuring-the-server">Generating NKeys and Configuring the Server</h3>
@@ -1868,9 +1868,9 @@
<pre class="language-"><code>&gt; nk -gen user -pubout
SUACSSL3UAHUDXKFSNVUZRF5UHPMWZ6BFDTJ7M6USDXIEDNPPQYYYCU3VY
UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4
</code></pre><p>The first output line starts with the letter <code>S</code> for <em>Seed</em>. The second letter <code>U</code> stands for <em>User</em>. Seeds are private keys; you should treat them as secrets and guard them with care.</p>
<p>The second line starts with the letter <code>U</code> for <em>User</em>, and is a public key which can be safely shared.</p>
<p>To use nkey authentication, add a user and set the <code>nkey</code> property to the public key of the user you want to authenticate:</p>
</code></pre><p>The first output line starts with the letter <code>S</code> for <em>Seed</em>. The second letter, <code>U</code> stands for <em>User</em>. Seeds are private keys; you should treat them as secrets and guard them with care.</p>
<p>The second line starts with the letter <code>U</code> for <em>User</em> and is a public key which can be safely shared.</p>
<p>To use nkey authentication, add a user, and set the <code>nkey</code> property to the public key of the user you want to authenticate:</p>
<pre class="language-"><code class="lang-text">authorization: {
users: [
{ nkey: UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4 }
@@ -1879,9 +1879,9 @@ UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4
</code></pre>
<p>Note that the user section sets the <code>nkey</code> property (user/password/token properties are not needed). Add <code>permission</code> sections as required.</p>
<h3 id="client-configuration">Client Configuration</h3>
<p>Now that you have a user nkey let&apos;s configure a client to use it for authentication. As an example, here are the connect options for the node client:</p>
<pre class="language-"><code class="lang-javascript"><span class="token keyword">const</span> <span class="token constant">NATS</span> <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span>&#x2018;nats&#x2018;<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">const</span> nkeys <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span>&apos;ts<span class="token operator">-</span>nkeys&#x2019;<span class="token punctuation">)</span><span class="token punctuation">;</span>
<p>Now that you have a user nkey, let&apos;s configure a client to use it for authentication. As an example, here are the connect options for the node client:</p>
<pre class="language-"><code class="lang-javascript"><span class="token keyword">const</span> <span class="token constant">NATS</span> <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span><span class="token string">&apos;nats&apos;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">const</span> nkeys <span class="token operator">=</span> <span class="token function">require</span><span class="token punctuation">(</span><span class="token string">&apos;ts-nkeys&apos;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">const</span> nkey_seed <span class="token operator">=</span> &#x2018;<span class="token constant">SUACSSL3UAHUDXKFSNVUZRF5UHPMWZ6BFDTJ7M6USDXIEDNPPQYYYCU3VY</span>&#x2019;<span class="token punctuation">;</span>
<span class="token keyword">const</span> nc <span class="token operator">=</span> <span class="token constant">NATS</span><span class="token punctuation">.</span><span class="token function">connect</span><span class="token punctuation">(</span><span class="token punctuation">{</span>
@@ -1946,7 +1946,7 @@ our <a href="https://nats.io/documentation/writing_applications/secure_connectio
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"NKeys","level":"2.5.1.2.4","depth":4,"next":{"title":"Accounts","level":"2.5.1.2.5","depth":4,"path":"nats_server/jwt_auth.md","ref":"nats_server/jwt_auth.md","articles":[]},"previous":{"title":"TLS Authentication","level":"2.5.1.2.3","depth":4,"path":"nats_server/tls_mutual_auth.md","ref":"nats_server/tls_mutual_auth.md","articles":[]},"dir":"ltr"},"config":{"plugins":["prism","-highlight","include-html","toggle-chapters"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{"lang":{"ascii":"markup","text":"markup"}},"include-html":{},"toggle-chapters":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"nats_server/nkey_auth.md","mtime":"2019-05-16T21:41:49.510Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-05-20T22:00:46.477Z"},"basePath":"..","book":{"language":""}});
gitbook.page.hasChanged({"page":{"title":"NKeys","level":"2.5.1.2.4","depth":4,"next":{"title":"Accounts","level":"2.5.1.2.5","depth":4,"path":"nats_server/jwt_auth.md","ref":"nats_server/jwt_auth.md","articles":[]},"previous":{"title":"TLS Authentication","level":"2.5.1.2.3","depth":4,"path":"nats_server/tls_mutual_auth.md","ref":"nats_server/tls_mutual_auth.md","articles":[]},"dir":"ltr"},"config":{"plugins":["prism","-highlight","include-html","toggle-chapters"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{"lang":{"ascii":"markup","text":"markup"}},"include-html":{},"toggle-chapters":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"nats_server/nkey_auth.md","mtime":"2019-05-20T22:44:12.881Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-05-20T22:49:57.562Z"},"basePath":"..","book":{"language":""}});
});
</script>
</div>