Help Needed: HTTP Signatures

It’s unclear whether the header is ascii encoded before sha256

Which header? I’m not aware of any HTTP headers that support non-ASCII character sets. The encoding of a header is defined by the header itself though, the HTTP Signature spec just references the “header value” which has already been encoded by the relevant HTTP client library. So if you have a conforming HTTP client library, you shouldn’t have to worry about encoding. (See RFC 7230 § 3.2.4 - Field Parsing)

Thanks for your help!

solved, see https://codeberg.org/mro/activitypub/src/branch/master/like.sh#L111

2 Likes

‘solved’ was a fallacy. Currently, it puzzlingly fails with requests such as:

(request-target): post /user/1/inbox.json
host: gnusocial.net
date: Thu, 21 Jul 2022 10:19:19 GMT
digest: SHA-256=olrkFelf87xqs/N2gg2Vlmd3s0ns7l47tPSQipyrYxs=
content-type: application/activity+json
signature: keyId="https://demo.mro.name/seppo/activitypub/#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="gGbfGZqVMT/Md8ix3/25l+jULXps2PfRQtr7S+t4QyV0Ubi6JBk+qHgej0GOJ0R/5jAWy0hRA7jmF0g/VIvCcWf9TdnSNFXmDc7q5dkzl7wwaRm+ER8UkiqC+y4f80RNa8Xer/cPD2z0zMe7bg8xSTTSwZOq3jf/N1y1VjaysRlcX+qgBTjNEzGy5RLetaeibxg+80LcioVPfu9QL5lHw2U+959wXxzqZx3r8Tv1ggqOGi2+WuFC6X4fTdh49+KdCw7tyHpKnIyzQ19WehqFvLQqesKS/T0OCiRmgKOsemwfIzLTU91W94pcPJnY3fJ2zjySpqj17TbUdLp3JoTwyw=="
Accept: application/activity+json
User-Agent: Seppo/0.1

{"type":"Like","@context":"https://www.w3.org/ns/activitystreams","id":"https://demo.mro.name/seppo/activitypub/likes.json#https://gnusocial.net/notice/11921862","summary":"That's the way, aha, aha, I Like it.","published":"2022-07-21T10:19:19-00:00","actor":"https://demo.mro.name/seppo/activitypub/","to":["https://gnusocial.net/index.php/user/1"],"cc":["https://www.w3.org/ns/activitystreams#Public"],"object":"https://gnusocial.net/notice/11921862"}

Have opened https://notabug.org/diogo/gnu-social/issues/287 but peertube, mastodon, lemmy, pleroma, pixelfed fail likewise. Some without response, some with ‘ok’, some with ‘500’, some with ‘403’.

fixed a case typo, works now. https://codeberg.org/mro/seppo/commit/16ae3eba7aa6650573bb8f915528432d8b107df7

see also at lemmy & federtion thread