nk

With NKeys the server can verify identity without ever storing secrets on the server. The authentication system works by requiring a connecting client to provide its public key and digitally sign a challenge with its private key. The server generates a random challenge with every connection request, making it immune to playback attacks. The generated signature is validated a public key, thus proving the identity of the client. If the public key validation succeeds, authentication succeeds.

To get started with NKeys, you’ll need the tool from https://github.com/nats-io/nkeys/tree/master/nk repository. If you have go installed, enter the following at a command prompt:

Generating NKeys and Configuring the Server

Example output

The second line starts with the letter U for User, and is a public key which can be safely shared.