Open marnanel opened 5 years ago
mastodon uses json-ld signatures which are documented here: https://w3c-dvcg.github.io/ld-signatures/ but you don't need to use them for most purposes. c14n comes from the RDF Dataset Normalization spec: https://json-ld.github.io/normalization/spec/, which is referenced from the ld-signature spec.
However, for nearly all purposes, you're fine verifying the HTTP Signature header only. HTTP Signatures authenticate the transmission of messages between servers, while the ld-signature values are used only for messages that are forwarded by a third party (a completely optional enhancement).
You can read the HTTP Signature spec here: https://w3c-dvcg.github.io/http-signatures/
all of this is documented on this wiki page: https://www.w3.org/wiki/SocialCG/ActivityPub/Authentication_Authorization and in Mastodon's implementation report
Looking at https://github.com/tootsuite/mastodon/blob/master/app/lib/activitypub/linked_data_signature.rb I notice that Mastodon's ld sigs code asserts a type of RsaSignature2017
:
However, the namespace used does not define this type: https://w3id.org/identity/v1
The Linked Data Signatures 1.0 spec linked above uses Ed25519Signature2018
in its examples, from the Security Vocabulary sec:
namespace. The W3ID Security namespace includes signature, which is what is used here: https://web-payments.org/vocabs/security#signature
But there's no RsaSignature2017
. There is a RsaSignature2018
in the Security Vocabulary v2, however: https://w3id.org/security/v2
mastodon uses json-ld signatures which are documented here: https://w3c-dvcg.github.io/ld-signatures/
The link now redirects to https://w3c-ccg.github.io/data-integrity-spec/ If I understand the new spec correctly, it permits other canonicalization algorithms besides RDF. Is there a chance that mastodon switches to another algorithm which is easier to implement (JCS perhaps)?
UPDATE: The latest version of the Data Integrity spec is located at https://w3c.github.io/vc-data-integrity/
I've published a proposal for JSON signatures that is based on the latest Data Integrity working draft: https://codeberg.org/fediverse/fep/pulls/21/files
As far as I can see, Mastodon does not document the "RsaSignature2017" signature method, which is needed in order to verify ActivityPub messages received from Mastodon instances.
Please could you document it? Or is there some other way of verifying incoming messages?
My efforts to figure it out from the Ruby source have foundered on its apparent reliance on specific quirks of Ruby's RDF Turtle serializer. Here are my notes, anyway: https://gist.github.com/marnanel/ba6cba944d1f12d705891b1f7a7808d6