have a look at Help Needed: HTTP Signatures - #25 by mro – and there is a running dash example https://codeberg.org/mro/activitypub/src/branch/master/like.sh
There are numerous oddities in your sample, e.g. first lacks the digest(?) but this may be due to the high level helpers you use. The activity also looks different from what I found working.