httpsig
httpsig copied to clipboard
go-fed
Golang implementation of the HTTP Signatures RFC draft, with SSH support!
When using the SSH Agent signers we need to use a wrapper to actually allow signing with SHA256.
If the path of the url is currently empty `` instead of `/` the signing fails. From [RFC7540 Section 8.1.2.3](https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.3): > This pseudo-header field MUST NOT be empty for "http"...
https://travis-ci.org/ discontinued: `Since June 15th, 2021, the building on http://www.travis-ci.org/ is ceased. Please use http://www.travis-ci.com/ from now on.` Instead add pipeline for Github actions.
This commit https://github.com/go-fed/httpsig/commit/221cfc461e575336452c01121a845094ef8a2f37 hides the algo from the receiver. I'm integrating against apis that don't expect this. Are we open for making this behaviour configurable?
Hi, I'm @msporny, primary author of the HTTP Signatures specification at IETF for many years now. You've implemented some variation of that specification. I need your help to move that...
This is technically optional in the IETF spec. Of note, Mastodon does not include the query parameters in the signature, so this is important for interoperability. See also: * superseriousbusiness/gotosocial#894
Existing, deprecated header style: `Digest: SHA256=abc,SHA512=xyz` Newer, [IETF HTTPBIS (RFC track)](https://www.ietf.org/archive/id/draft-ietf-httpbis-digest-headers-12.html) header style: `Content-Digest: SHA256=:abc:,SHA512=:xyz:` The difference is that the header key is changed, and the base64 values are enclosed...
# motivation I've been using a go project sending to another go project which worked great! Now I need to send the request from a c++ client, anyone can recommend...
