Apply suggestions from code review

Co-authored-by: Keirthana T S <[email protected]>
canonical · Aug 20, 2024 · 59e4c1d · 59e4c1d
1 parent 3f41b8e
commit 59e4c1d
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/explanation/security/crypto_ams.md b/explanation/security/crypto_ams.md
@@ -1,7 +1,7 @@
 (exp-security-crypto-ams)=
-# AMS
+# Cryptographic information: AMS 
 
-AMS is using cryptographic technology for
+Anbox Management Service (AMS) is using cryptographic technology for:
 
 * TLS transport encryption
 * Mutual TLS based authentication
@@ -13,17 +13,17 @@ All network endpoints exposed by the AMS server are secured with TLS using an 40
 
 ## Mutual TLS based authentication
 
-AMS authenticates with all of its clients through the use of mutual TLS. The server authenticates a client by the presented client certificate and checks if it is recorded in its trust store. A client checks the certificate provided by the server against a recorded one. Once both sides checked and accepted the presented certificate a TLS connection is established for API access.
+AMS authenticates with all of its clients through the use of mutual TLS. The server authenticates a client by the presented client certificate and checks if it is recorded in its trust store. A client checks the certificate provided by the server against a recorded one. Once both sides have checked and accepted the presented certificate a TLS connection is established for API access.
 
-AMS uses for its server an RSA key with a length of 4096 bits. The standard AMS client `amc` uses a RSA key with a length of 4096 bits. The key in both cases is generated by the use of the [`rsa.GenerateKey`](https://pkg.go.dev/crypto/rsa#GenerateKey) method as provided by the Go standard library.
+AMS uses an RSA key with a length of 4096 bits for its server. The standard AMS client `amc` uses a RSA key with a length of 4096 bits. The key in both cases is generated by the use of the [`rsa.GenerateKey`](https://pkg.go.dev/crypto/rsa#GenerateKey) method as provided by the Go standard library.
 
-Authenticated client scan add additional certificates to the trust store AMS manages. The trust stored keeps a copy of all registered certificates and stores them in an [etcd database](https://etcd.io/).
+Authenticated clients can add additional certificates to the trust store AMS manages. The trust stored keeps a copy of all registered certificates and stores them in an [etcd database](https://etcd.io/).
 
 Communication with LXD is using mutual TLS based authenication too. More details on this can be found in the [LXD documentation](https://documentation.ubuntu.com/lxd/en/latest/authentication/).
 
 ## Token based authentication
 
-Individual Anbox instances have access to a limited set of API endpoints exposed by the AMS server to submit status information at runtime. Access is authenticated by a scope limited JWT based token. The token uses an expiry of one year and is signed with a HMAC using SHA-256 (HS256) and a 64 byte secret key. The [`jwt.New`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#Token) method is being used internally to generate the JWT token.
+Individual Anbox instances have access to a limited set of API endpoints exposed by the AMS server to submit status information during runtime. Access is authenticated by a scope-limited JWT based token. The token is valid for one year and is signed with a [HMAC](https://www.okta.com/identity-101/hmac/) using SHA-256 (HS256) and a 64 byte secret key. The [`jwt.New`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#Token) method is used internally to generate the JWT token.
 
 ## Packages used