examples: Update features/encryption/README.md file (#7045)

grpc · Mar 22, 2024 · b78c0eb · b78c0eb · YahyaMohamedYahya · Mar 25, 2024
1 parent c003fdf
commit b78c0eb
Showing 1 changed file with 21 additions and 8 deletions.
diff --git a/examples/features/encryption/README.md b/examples/features/encryption/README.md
@@ -1,7 +1,7 @@
 # Encryption
 
-The example for encryption includes two individual examples for TLS and ALTS
-encryption mechanism respectively.
+The example for encryption includes three individual examples for TLS, ALTS
+and mTLS encryption mechanism respectively.
 
 ## Try it
 
@@ -35,7 +35,7 @@ In our example, we use the public/private keys created ahead:
 * "ca_cert.pem" contains the certificate (certificate authority)
 that can verify the server's certificate.
 
-On server side, we provide the paths to "server.pem" and "server.key" to
+On server side, we provide the paths to "server_cert.pem" and "server_key.pem" to
 configure TLS and create the server credential using
 [`credentials.NewServerTLSFromFile`](https://godoc.org/google.golang.org/grpc/credentials#NewServerTLSFromFile).
 
@@ -91,16 +91,29 @@ successfully up.
 In mutual TLS (mTLS), the client and the server authenticate each other. gRPC
 allows users to configure mutual TLS at the connection level.
 
+In this example, we use the following public/private keys created ahead of time:
+
+* "server_cert.pem" contains the server's certificate (public key). 
+* "server_key.pem" contains the server's private key. 
+* "ca_cert.pem" contains the certificate of the certificate authority that can
+  verify the server's certificate.
+* "client_cert.pem" contains the client's certificate (public key). 
+* "client_key.pem" contains the client's private key. 
+* "client_ca_cert.pem" contains the certificate of the certificate authority
+  that can verify the client's certificate.
+
 In normal TLS, the server is only concerned with presenting the server
 certificate for clients to verify. In mutual TLS, the server also loads in a
-list of trusted CA files for verifying client presented certificates with.
-This is done via setting
+list of trusted CA files for verifying the client's presented certificates.
+This is done by setting
 [`tls.Config.ClientCAs`](https://pkg.go.dev/crypto/tls#Config.ClientCAs)
 to the list of trusted CA files,
-and setting [`tls.config.ClientAuth`](https://pkg.go.dev/crypto/tls#Config.ClientAuth)
-to [`tls.RequireAndVerifyClientCert`](https://pkg.go.dev/crypto/tls#RequireAndVerifyClientCert).
+and setting
+[`tls.config.ClientAuth`](https://pkg.go.dev/crypto/tls#Config.ClientAuth)
+to
+[`tls.RequireAndVerifyClientCert`](https://pkg.go.dev/crypto/tls#RequireAndVerifyClientCert).
 
 In normal TLS, the client is only concerned with authenticating the server by
 using one or more trusted CA file. In mutual TLS, the client also presents its
-client certificate to the server for authentication. This is done via setting
+client certificate to the server for authentication. This is done by setting
 [`tls.Config.Certificates`](https://pkg.go.dev/crypto/tls#Config.Certificates).