End to End security discussion

[9to1url]

I double check what generate on Agent and Client side, the agent.yaml is just a JWT token from token-generator.yaml,
I can't find a pair of public/private key been used for mitigate the MitM :

End-to-End Authentication: WireGuard uses pre-shared public keys for end-to-end authentication. 
Each party has a pair of public/private keys, and only devices with the correct public key can establish a connection. 
This ensures that a man-in-the-middle cannot insert or tamper with the communication without the correct keys.

Could you advise on this E2EE concern? thanks

[SajjadPourali]

The end-to-end encryption (E2EE) in Narrowlink differs from WireGuard. Narrowlink follows a distinct approach, as discussed here, and partially described in the End-to-End Encryption guide (However can be improvemented).

Narrowlink utilizes a preshared secret derived from the users' defined passphrase, which is not part of the token. Users are required to use a passphrase on both the client and agent sides. Subsequently, this passphrase is hashed using Sha3-256 to generate the encryption key.

[SajjadPourali]

I have added more clarification to the docs narrowlink/homepage@86b2252