diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/federation/federating_with_gotosocial.md | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/docs/federation/federating_with_gotosocial.md b/docs/federation/federating_with_gotosocial.md index 0fd4580ce..17a61219e 100644 --- a/docs/federation/federating_with_gotosocial.md +++ b/docs/federation/federating_with_gotosocial.md @@ -42,10 +42,12 @@ ED25519 GoToSocial request signing is implemented in [internal/transport](https://github.com/superseriousbusiness/gotosocial/blob/main/internal/transport/signing.go). -When assembling signatures: +Once https://github.com/superseriousbusiness/gotosocial/issues/2991 is resolved, GoToSocial will use the `(created)` pseudo-header instead of `date`. -- outgoing `GET` requests use `(request-target) (created) host` -- outgoing `POST` requests use `(request-target) (created) host digest` +For now however, when assembling signatures: + +- outgoing `GET` requests use `(request-target) host date` +- outgoing `POST` requests use `(request-target) host date digest` GoToSocial sets the "algorithm" field in signatures to the value `hs2019`, which essentially means "derive the algorithm from metadata associated with the keyId". The *actual* algorithm used for generating signatures is `RSA_SHA256`, which is in line with other ActivityPub implementations. When validating a GoToSocial HTTP signature, remote servers can safely assume that the signature is generated using `sha256`. |