Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/Edent/statuses/112055248004822483">Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 01:07:24 JST</a><a href="https://mastodon.social/@Edent" title="edent@mastodon.social"><img src="https://gnusocial.jp/avatar/22733-48-20230408091952.webp" width="48" height="48" alt="Terence Eden" style="position: absolute; left: 0; top: 0;">Terence Eden</a><div><a href="https://mastodon.social/@Edent/112003468681894715" rel="in-reply-to">in reply to</a></div></section><article><p>Another <a href="https://mastodon.social/tags/ActivityPub" rel="tag">#ActivityPub</a> question about verifying signatures.</p><p>A header contains: <br>`keyID="example.com/user/1#main-key`</p><p>But the body of the message might have:<br>"actor": "example.com/user/2"</p><p>How do I check that that message has been signed by the actor in the body?</p><p>The URls might not be in the same format. So I guess back to webfinger to request the key from the actor - ignoring the one provided in the header?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2799737#notice-5552156">In conversation</a><time datetime="2024-03-08T01:07:24+09:00" title="Friday, 08-Mar-2024 01:07:24 JST">about 9 months ago</time> <span>from <span><a href="https://mastodon.social/@Edent/112055248004822483" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@Edent/112055248004822483">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2346642">Untitled attachment</a></label><br></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/2346643">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Terence Eden (edent@mastodon.social)'s status on Friday, 08-Mar-2024 01:07:24 JST Terence Eden
in reply to
Another #ActivityPub question about verifying signatures.
A header contains:
`keyID="example.com/user/1#main-key`
But the body of the message might have:
"actor": "example.com/user/2"
How do I check that that message has been signed by the actor in the body?
The URls might not be in the same format. So I guess back to webfinger to request the key from the actor - ignoring the one provided in the header?
In conversationabout 9 months ago from mastodon.socialpermalink
Attachments
1. Untitled attachment
2. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice