My hope of having #FedBOX interacting fully with Mastodon by the end of the year is wholly shattered as they don't support HTTP Signatures generated with anything other than RSA256 keys. For a moment I was hopeful that HS2019 was a solution to that, but sadly no, even when using it, Mastodon expects that the keys are RSA256.
There are discussions about adding support for more modern ones like ed25519, but no input from the devs so far. :(
Because I'm responsible for my own goals, and not Mastodon, I have added a way to generate RSA keys for actors belonging to #fedBOX instances.
I will do some tests with this setup and see if anything else breaks.
In the meanwhile, a Mastodon dev seemed receptive to the ticket about Ed25519 keys: https://github.com/mastodon/mastodon/issues/21429
Pitch The current Mastodon implementation supports rsa-sha256 and hs2019 as valid HTTP signature algorithms: mastodon/app/controllers/concerns/signature_verification.rb Line 83 in 8cf7006 raise Sig...
marius