marnanel · November 26, 2018 23:02 · marnanel · Nov 18, 2018
diff --git a/gistfile1.txt b/gistfile1.txt
 "RsaSignature2017" doesn't appear to be documented anywhere. Here is
 my understanding of how to use it, based on reading the Mastodon
 source code. My Ruby isn't very good, and my understanding of the
 algorithm is clearly deficient, because it doesn't work.

 == Validation ==

 First part: we canonicalise the body signature. The body signature is
 the "signature" field of the message, except that we remove the keys
 "type", "id", and "signatureValue", then force "@context" to be
 "https://w3id.org/identity/v1".

 Second part: we canonicalise the entire original message, except that
 we remove the "signature" key.

 Then, we make a SHA256 digest of each part, and concatenate their
 lowercase hex values.

 Then we take another SHA256 digest of the concatenated value, and the
 hex value of THAT digest is the document which the signature is to be
 verified against.

 == Canonicalisation ==

 "Canonicalising" a message involves normalising it into RDF using
 URDNA2015, then dumping that into a Turtle representation.

 In Mastodon's own tests, the message
 {"creator"=>"http://example.com/alice", "created"=>"2017-09-23T20:21:34Z"}

 canonicalises to the two-line string
 _:c14n0 <http://purl.org/dc/terms/created> "2017-09-23T20:21:34Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
 _:c14n0 <http://purl.org/dc/terms/creator> <http://example.com/alice> .
 including the final newline.

 I don't know where the identifier "c14n0" comes from, but it seems
 necessary for validating a message!
	"RsaSignature2017" doesn't appear to be documented anywhere. Here is
	my understanding of how to use it, based on reading the Mastodon
	source code. My Ruby isn't very good, and my understanding of the
	algorithm is clearly deficient, because it doesn't work.

	== Validation ==

	First part: we canonicalise the body signature. The body signature is
	the "signature" field of the message, except that we remove the keys
	"type", "id", and "signatureValue", then force "@context" to be
	"https://w3id.org/identity/v1".

	Second part: we canonicalise the entire original message, except that
	we remove the "signature" key.

	Then, we make a SHA256 digest of each part, and concatenate their
	lowercase hex values.

	Then we take another SHA256 digest of the concatenated value, and the
	hex value of THAT digest is the document which the signature is to be
	verified against.

	== Canonicalisation ==

	"Canonicalising" a message involves normalising it into RDF using
	URDNA2015, then dumping that into a Turtle representation.

	In Mastodon's own tests, the message
	{"creator"=>"http://example.com/alice", "created"=>"2017-09-23T20:21:34Z"}

	canonicalises to the two-line string
	_:c14n0 <http://purl.org/dc/terms/created> "2017-09-23T20:21:34Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
	_:c14n0 <http://purl.org/dc/terms/creator> <http://example.com/alice> .
	including the final newline.

	I don't know where the identifier "c14n0" comes from, but it seems
	necessary for validating a message!