marius@mariusor@metalhead.club: > I might use a locally cached version that&#x2…

Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @silverpill@mitra.social
marius@mariusor@metalhead.club (2026-05-09 00:05:48)
@silverpill gaaah!! 😱 
Thank you.

The log is just telling me the signature failed verification:

err="actor IRI https://mitra.social/users/silverpill: verification failed: invalid signature: crypto/rsa: verification error"

Did you by any chance update your key  recently? (I might use a locally cached version that's out of date, version in cache is since May 2025)

@marius@marius.federated.id @marius@federated.id
---Reply---
marius@mariusor@metalhead.club (2026-05-09 00:13:53)
> I might use a locally cached version that's out of date

@silverpill it's not that, the key online matches the public key in cache.

Have you tested the key generation against some known vectors? 

The only explanation I can come up with is that the signature is somehow incorrect... :(

(On my side I checked the verifier against the test examples given in the RFC9421, so I'm 90% confident the code should work as intended)

@marius@marius.federated.id @marius@federated.id


---Replies---

silverpill@silverpill@mitra.social (2026-05-09 02:01:16)
@mariusor It is possible that the signature is incorrect, but my own verifier can verify the signature. I assume that my verifier is good enough because it is compatible with several known RFC-9421 implementers (fedify, tootik, etc).
Another data point: mastodon.social accepts my RFC-9421 signed POST request, returns 202.

Components used in the signature base: @method, @target-uri, content-digest, @signature-params.

@Marius @marius