Email or username:

Password:

Forgot your password?
3 posts total
Matej Ľach ✅

I wrote a small, easy to use #golang lib for signing HTTP requests so that #Mastodon would accept them and also to verify requests originating from Mastodon and other #ActivityPub servers, useful if you're implementing your own.

Check it out at github.com/MatejLach/httpsigve

Matej Ľach ✅

Super speedy #golang builds on the @PINE64 #PinePhone Pro w/ #GNU #Emacs running on #ArchLinux ARM. A powerful mobile workstation for hacking on the go.

Matej Ľach ✅

@Gargron Hey Eugen, am trying to understand HTTP Signatures better for my own AP server implementation.

I have two questions:

1.) How is the private key used to verify incoming request signatures stored on the Actor's server receiving the signed request? Is it a just a file at a well known location on the server/is there some additional layer?

2.) I I assume the private key is never shared with 3rd party clients acting for an actor, only the backend does the verification?

Thanks a lot!

Go Up