silverpill@silverpill@mitra.social: @mariusor<br><br>RSA secret key: 3082013b020100024…

Home | Notifications | New Note | Local | Federated | Search | Logout

Note Detail

Reply to @mariusor@metalhead.club
silverpill@silverpill@mitra.social (2026-05-09 04:37:59)
@mariusor Sure, I'll prepare an example.

@Marius @marius
---Reply---
silverpill@silverpill@mitra.social (2026-05-09 17:19:46)
@mariusor

RSA secret key: 3082013b020100024100e221e7c6506e8e3932e66fbf59cc580cd3ccdf688213426f1264144143d58e3d2c478d1cc93a1ab3c1c94cfc927e32f077fa6eb6fe0d59bb656e1c7613b1d53b020301000102404394a271f023ba3979eec842c5917e57070d594f2060a52010bcfc18ad2f2b7ca8b39e75179bd5abb3d161c8c0fe9053cd8de87ae84dd9dc3a84a2749040c261022100e3fd1ddb28613f9ead9869b392fa1f9d91bef1ab625605c968c72f5312ac77b3022100fdea673212cf6da2b1277b736a3b9f04662bb993d8754b1516e9a03010b6e85902205f1a54fbf8aa2869beac575b6b321f42116bff4fa8a38da268acbe16ff31267502210096da64650377e912f75d15a3044257bf2d545cf4d16d1e26716e6b9522d90841022100a960c9d14d424fb58de781aa700d8a838a46e5978cc74dcfdfb9dc16edfcf1ee
request method: POST
request body: {}
request URI: https://verifier.example/inbox
created: 1778314593
content-digest header: sha-256=:RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o=:
signature base:

"@method": POST
"@target-uri": https://verifier.example/inbox
"content-digest": sha-256=:RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o=:
"@signature-params": ("@method" "@target-uri" "content-digest");keyid="https://signer.example/actor#main-key";created=1778314593;alg="rsa-v1_5-sha256"


signature header: sig1=:gJWUQjvkEcdXc86ZC+kEWKhUyiExKQomXxWd9q8mzDSm9fE6XjsA+HCoNE9LP4RRCdwAHWZ6Zeou4WPjhxpPwQ==:
signature-input header: sig1=("@method" "@target-uri" "content-digest");keyid="https://signer.example/actor#main-key";created=1778314593;alg="rsa-v1_5-sha256"


---Replies---

marius@mariusor@metalhead.club (2026-05-16 17:43:41)
@silverpill to come back to this, I have added both this example and one of your original requests to the unit-tests, and they both validate correctly.

So I still have no idea why this is failing in production. The only thing I can think of is the http proxy messing with the value of the "target-uri" parameter.