Closed vpzomtrrfrt closed 2 years ago
I already support the "same as rsa-sha256" part as of this commit on the dev branch: https://github.com/grishka/Smithereen/commit/b95ae2e3476a7bcb813a6d8322d365966b58f7f7
ah fair enough, I didn't realize you had a separate branch for development
Some AP implementations are sending signatures with "hs2019" as the algorithm per https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-00.txt
Technically it's supposed to mean deriving the algorithm from other objects, but practically everyone still assumes it means rsa-sha256 (see also https://socialhub.activitypub.rocks/t/state-of-http-signatures/754)
Apparently the newer drafts completely change the format of the signature headers so that might also be relevant eventually