# HTTP Signatures

Adoption of current drafts of HTTP Signatures across the Fediverse.

Service | Library | Accepts | Sends | ||||||
---|---|---|---|---|---|---|---|---|---|

algorithm="hs2019" | (created) & (expires) | Signature-Input | algorithm | (created) & (expires) | Signature-Input | ||||

Mastodon | None | Partial^{5} | Yes | No | rsa-sha256 | No | No | ||

Pleroma | pleroma/http_signatures | Partial^{1} | No | No | rsa-sha256 | No | No | ||

PeerTube | @peertube/http-signature | Partial^{7} | Yes | No - Issue | rsa-sha256 | No | No | ||

WriteFreely | writeas/httpsig | No - Issue | No | No | rsa-sha256 | No | No | ||

Pixelfed | None | Partial^{1} | No | No | rsa-sha256 | No | No | ||

Misskey | http-signature | No - Issue | Yes | No | rsa-sha256 | No | No | ||

Friendica | None | Partial^{5} | Yes | No | rsa-sha256 | No | No | ||

Hubzilla | None | Partial^{2} | No | No | rsa-sha256 | No | No | ||

Funkwhale | EliotBerriot/requests-http-signature#signature-header-support^{3} | No | No^{4} | No | rsa-sha256 | No | No | ||

Plume | None | Partial^{1} | No | No | rsa-sha256 | No | No | ||

Mobilizon | pleroma/http_signatures | Partial^{1} | No | No | rsa-sha256 | No | No | ||

Lemmy | http-signature-normalization | Partial^{1} | Yes | No | hs2019 | Yes | No | ||

GNU social | None | Partial^{1} | No | No | rsa-sha256 | No | No | ||

lotide | hancock | Maybe^{6} | Yes | No | hs2019 | No | No |

^{1}This implementation assumes all signatures use SHA256^{2}This implementation uses the passed algorithm if known (not recommended by the spec), but falls back to SHA256 if unrecognized, which technically works for current uses of hs2019^{3}Temporary fork, seethis issue^{4}Implemented in upstream library, but not released yet^{5}This implementation assumes "hs2019" is equivalent to "rsa-sha256", which is not recommended but is technically compatible with current uses of hs2019^{6}This implementation technically supports signature algorithm derivation, but given that it's the only one, this is not a standard^{7}This implementation assumes "hs2019" is equivalent to "rsa-sha512"

Graciously provided under CC0 from this Github repo.