Authentication in the nanopublication system is based on digital signatures. Each user owns one or more RSA key pairs, and every nanopublication is signed with one of the user's private keys. The signature and the corresponding public key are included in the nanopublication itself (in its publication info graph), so anyone can verify that a nanopublication was indeed created by the holder of that key and was not modified afterwards. Users do not need to manage these keys manually: tools like Nanodash take care of generating and handling the key pairs behind the scenes.

The link between a key pair and a user identity is itself established with a nanopublication: an introduction nanopublication declares that a given public key belongs to a given agent, identified by an IRI. A user can thereby have several key pairs linked to the same identity, for example one per tool or device. Typically the identifier is an ORCID ID, and Nanodash currently requires an ORCID login. Nanopublications in general, however, are not restricted to ORCID: any IRI denoting an agent can be used, as is the case for example for software agents (bots) publishing under their own identities and keys.

Whether other users should trust an identity is a separate concern, handled by the network's trust layer, where users endorse each other's introductions and services compute from this who is part of the trust network.