nk
nk is a command line tool that generates nkeys. NKeys are a highly secure public-key signature system based on Ed25519.
With NKeys the server can verify identity without ever storing secrets on the server. The authentication system works by requiring a connecting client to provide its public key and digitally sign a challenge with its private key. The server generates a random challenge with every connection request, making it immune to playback attacks. The generated signature is validated a public key, thus proving the identity of the client. If the public key validation succeeds, authentication succeeds.
NKey is an awesome replacement for token authentication, because a connecting client will have to prove it controls the private key for the authorized public key.

Installing nk

To get started with NKeys, you’ll need the nk tool from https://github.com/nats-io/nkeys/tree/master/nk repository. If you have go installed, enter the following at a command prompt:
1
go get github.com/nats-io/nkeys/nk
Copied!

Generating NKeys and Configuring the Server

To generate a User NKEY:
1
nk -gen user -pubout
Copied!
Example output
1
SUACSSL3UAHUDXKFSNVUZRF5UHPMWZ6BFDTJ7M6USDXIEDNPPQYYYCU3VY
2
UDXU4RCSJNZOIQHZNWXHXORDPRTGNJAHAHFRGZNEEJCPQTT2M7NLCNF4
Copied!
The first output line starts with the letter S for Seed. The second letter U stands for User. Seeds are private keys; you should treat them as secrets and guard them with care.
The second line starts with the letter U for User, and is a public key which can be safely shared.
Last modified 10d ago
Export as PDF
Copy link
Edit on GitHub