From 935603a11608067a58901ddc42a665f3ec1d7167 Mon Sep 17 00:00:00 2001 From: Matthias Hanel Date: Tue, 16 Feb 2021 13:12:24 -0500 Subject: [PATCH] Update developing-with-nats/tutorials/jwt.md Co-authored-by: Colin Sullivan --- developing-with-nats/tutorials/jwt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/developing-with-nats/tutorials/jwt.md b/developing-with-nats/tutorials/jwt.md index 2077714..b4f8b23 100644 --- a/developing-with-nats/tutorials/jwt.md +++ b/developing-with-nats/tutorials/jwt.md @@ -365,7 +365,7 @@ Furthermore JWT documents have an issuer, this may be an (identity) NKEY or a de A key is a signing key if it is listed as such in the JWT (above). Signing NKEYs adhere to same NKEY roles and are additional keys that unlike identity NKEY may change over time. In the hierarchy, signing keys can only be used to sign JWT for the role right below them. -User JWT have no signing keys for this reason. +User JWTs have no signing keys for this reason. To modify one role's set of signing keys, the identity NKEY needs to be used. Each JWT is signed as follows: `jwt.sig = sign(hash(jwt.header+jwt.body), private-key(jwt.issuer))` (jwt.issuer is part of jwt.body)