Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @mariusor@metalhead.club
marius@mariusor@metalhead.club (2026-05-09 00:13:53)
> I might use a locally cached version that's out of date

@silverpill it's not that, the key online matches the public key in cache.

Have you tested the key generation against some known vectors? 

The only explanation I can come up with is that the signature is somehow incorrect... :(

(On my side I checked the verifier against the test examples given in the RFC9421, so I'm 90% confident the code should work as intended)

@marius@marius.federated.id @marius@federated.id
---Reply---
silverpill@silverpill@mitra.social (2026-05-09 02:01:16)
@mariusor It is possible that the signature is incorrect, but my own verifier can verify the signature. I assume that my verifier is good enough because it is compatible with several known RFC-9421 implementers (fedify, tootik, etc).
Another data point: mastodon.social accepts my RFC-9421 signed POST request, returns 202.

Components used in the signature base: @method, @target-uri, content-digest, @signature-params.

@Marius @marius

---Replies---

marius@mariusor@metalhead.club (2026-05-09 03:20:06)
@silverpill ok, cool, that makes sense too. 

Would it be too much trouble for you to create a minimum example that generates a signature using your libraries so I can adapt it to test on my dev setup? 

@marius@marius.federated.id @marius@federated.id