HTTP Signatures

By Fediverse Developer Network

https://fedidevs.org/reference/signatures/

Adoption of current drafts of HTTP Signatures across the Fediverse.

Service	Library	algorithm="hs2019"	(created) & (expires)	Signature-Input	algorithm	(created) & (expires)	Signature-Input
Service	Library	Accepts			Sends
Mastodon	None	Partial⁵	Yes	No	rsa-sha256	No	No
Pleroma	pleroma/http_signatures	Partial¹	No	No	rsa-sha256	No	No
PeerTube	@peertube/http-signature	Partial⁷	Yes	No - Issue	rsa-sha256	No	No
WriteFreely	writeas/httpsig	No - Issue	No	No	rsa-sha256	No	No
Pixelfed	None	Partial¹	No	No	rsa-sha256	No	No
Misskey	http-signature	No - Issue	Yes	No	rsa-sha256	No	No
Friendica	None	Partial⁵	Yes	No	rsa-sha256	No	No
Hubzilla	None	Partial²	No	No	rsa-sha256	No	No
Funkwhale	EliotBerriot/requests-http-signature#signature-header-support ³	No	No⁴	No	rsa-sha256	No	No
Plume	None	Partial¹	No	No	rsa-sha256	No	No
Mobilizon	pleroma/http_signatures	Partial¹	No	No	rsa-sha256	No	No
Lemmy	http-signature-normalization	Partial¹	Yes	No	hs2019	Yes	No
GNU social	None	Partial¹	No	No	rsa-sha256	No	No
lotide	hancock	Maybe⁶	Yes	No	hs2019	No	No

¹ This implementation assumes all signatures use SHA256
² This implementation uses the passed algorithm if known (not recommended by the spec), but falls back to SHA256 if unrecognized, which technically works for current uses of hs2019
³ Temporary fork, see this issue
⁴ Implemented in upstream library, but not released yet
⁵ This implementation assumes "hs2019" is equivalent to "rsa-sha256", which is not recommended but is technically compatible with current uses of hs2019
⁶ This implementation technically supports signature algorithm derivation, but given that it's the only one, this is not a standard
⁷ This implementation assumes "hs2019" is equivalent to "rsa-sha512"

Graciously provided under CC0 from this Github repo.