Why does "encodeUser" need the full KeyPair (including Seed) of the user, but not just the Public Key?

[Roseidon]

I have been looking at the implementation for "encodeUser" [1] and wondered why the function that creates a signed User JWT needs the KeyPair of the User, i.e. including the Seed, but not just the Public Key.

From my understanding of the NATS security and JWT model, this does not align with the intended trust boundaries. The User's Seed never should leave the client [2], but in this implementation the Account Manager (who is the one signing the User's JWT) would require the Seed.

[1] https://github.com/nats-io/jwt.js/blob/main/src/jwt.ts#L123-L146
[2] https://docs.nats.io/running-a-nats-service/nats_admin/security/jwt#what-are-nkeys

[Roseidon]

@aricart
Can you tell me more about this?

[aricart]

encode is creating the digital signature on the JWT so it needs the private key - the public key can only verify. This is how PKI works. The secret that is required is the account, not the user.

[Roseidon]

I get that it needs the private key of the issuer (in this case the Account), but seeing the parameters passed to encodeUser [1], I see that from the user it requires ukp: Key, so not only the User's public key, but also their Seed.

[1] https://github.com/nats-io/jwt.js/blob/main/src/jwt.ts#L123-L146

[aricart]

(Perhaps what you are confused about is that the argument is a Key) - A Key can be private/public etc. It just simplifies the interaction with the API - also private and public keys are nkeys.KeyPair - the difference is that it public won't be able to sign only verify. See https://github.com/nats-io/jwt.js/blob/main/src/keys.ts

[aricart]

function parseKey(v: string | Uint8Array): KeyPair {
  if (v instanceof Uint8Array) {
    v = new TextDecoder().decode(v);
  }
  if (v.charAt(0) === "S") {
    return fromSeed(new TextEncoder().encode(v));
  }
  return fromPublic(v);
}

[Roseidon]

So if I get you correctly, I can call the encoceUser by only passing the Public Key as ukp and the checkKey-function parses it properly?
That way the Account signing the User would only need the Public Key, while the User never gives out their Seed?

[aricart]

that is the whole idea - keys are loaded from different places and have different encodings - from disk you get bytes, and you may get a seed or public depending on what you pass - if you pass a secret instead of the public, it will still do the right thing. If you pass the wrong one, you'll be greeted with an exception.

[Roseidon]

Thanks for the info!