Help Needed: HTTP Signatures

It’s unclear whether the header is ascii encoded before sha256

Which header? I’m not aware of any HTTP headers that support non-ASCII character sets. The encoding of a header is defined by the header itself though, the HTTP Signature spec just references the “header value” which has already been encoded by the relevant HTTP client library. So if you have a conforming HTTP client library, you shouldn’t have to worry about encoding. (See RFC 7230 § 3.2.4 - Field Parsing)

Thanks for your help!

solved, see


‘solved’ was a fallacy. Currently, it puzzlingly fails with requests such as:

(request-target): post /user/1/inbox.json
date: Thu, 21 Jul 2022 10:19:19 GMT
digest: SHA-256=olrkFelf87xqs/N2gg2Vlmd3s0ns7l47tPSQipyrYxs=
content-type: application/activity+json
signature: keyId="",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="gGbfGZqVMT/Md8ix3/25l+jULXps2PfRQtr7S+t4QyV0Ubi6JBk+qHgej0GOJ0R/5jAWy0hRA7jmF0g/VIvCcWf9TdnSNFXmDc7q5dkzl7wwaRm+ER8UkiqC+y4f80RNa8Xer/cPD2z0zMe7bg8xSTTSwZOq3jf/N1y1VjaysRlcX+qgBTjNEzGy5RLetaeibxg+80LcioVPfu9QL5lHw2U+959wXxzqZx3r8Tv1ggqOGi2+WuFC6X4fTdh49+KdCw7tyHpKnIyzQ19WehqFvLQqesKS/T0OCiRmgKOsemwfIzLTU91W94pcPJnY3fJ2zjySpqj17TbUdLp3JoTwyw=="
Accept: application/activity+json
User-Agent: Seppo/0.1

{"type":"Like","@context":"","id":"","summary":"That's the way, aha, aha, I Like it.","published":"2022-07-21T10:19:19-00:00","actor":"","to":[""],"cc":[""],"object":""}

Have opened but peertube, mastodon, lemmy, pleroma, pixelfed fail likewise. Some without response, some with ‘ok’, some with ‘500’, some with ‘403’.

fixed a case typo, works now.

see also at lemmy & federtion thread