Matej Ľach ✅'s wall

Super speedy #golang builds on the @PINE64 #PinePhone Pro w/ #GNU #Emacs running on #ArchLinux ARM. A powerful mobile workstation for hacking on the go.

Like 6 Feb 2022 at 12:44 | Open on social.matej-lach.me

Matej Ľach ✅

@Gargron Hey Eugen, am trying to understand HTTP Signatures better for my own AP server implementation.

I have two questions:

1.) How is the private key used to verify incoming request signatures stored on the Actor's server receiving the signed request? Is it a just a file at a well known location on the server/is there some additional layer?

2.) I I assume the private key is never shared with 3rd party clients acting for an actor, only the backend does the verification?

Thanks a lot!

Like 9 Feb 2020 at 15:07 | Open on social.matej-lach.me

Eugen Rochko

@MatejLach Private key is used for signing, public key is used for verifying signatures

https://blog.joinmastodon.org/2018/07/how-to-make-friends-and-verify-requests/

9 Feb 2020 at 15:09 | Open on mastodon.social