Why
RFC 9421 supports several signature algorithms, and packages/fedify/src/sig/http.ts already maps verification identifiers such as rsa-pss-sha512, ecdsa-p256-sha256, ecdsa-p384-sha384, and ed25519. Signing is narrower: signRequestRfc9421() currently rejects anything except RSASSA-PKCS1-v1_5 and always emits rsa-v1_5-sha256.
That means Fedify can verify more peer signatures than it can produce. It also makes Accept-Signature challenges with compatible non-RSA algorithms impossible to satisfy with a matching local key.
Current code
signRequestRfc9421() and the draft-cavage path are in packages/fedify/src/sig/http.ts. Key validation and generation live in packages/fedify/src/sig/key.ts. Existing signature tests are in packages/fedify/src/sig/http.test.ts and packages/fedify/src/sig/key.test.ts.
Scope
Add RFC 9421 signing support for at least one non-RSASSA-PKCS1-v1_5 algorithm already understood by the verifier. Ed25519 is probably the best first target because generateCryptoKeyPair() already supports it.
The implementation should:
- choose the correct RFC 9421
alg value from the private key;
- call
crypto.subtle.sign() with the right WebCrypto algorithm parameters;
- keep draft-cavage signing behavior unchanged unless there is a clear compatibility reason;
- update
Accept-Signature fulfillment so a compatible local key can satisfy a matching challenge;
- keep metrics attributes bounded to known algorithm names.
Non-goals
Do not remove RSA PKCS#1 as the default. Do not add algorithms that cannot be generated or imported consistently across Deno, Node.js, and Bun. Do not weaken existing key validation for ActivityPub compatibility.
Suggested checks
Add signing and verification round-trip tests in packages/fedify/src/sig/http.test.ts. Add key tests in packages/fedify/src/sig/key.test.ts if the accepted key set changes. Please verify at least Deno and one Node/Bun path if runtime support differs.
Why
RFC 9421 supports several signature algorithms, and packages/fedify/src/sig/http.ts already maps verification identifiers such as
rsa-pss-sha512,ecdsa-p256-sha256,ecdsa-p384-sha384, anded25519. Signing is narrower:signRequestRfc9421()currently rejects anything exceptRSASSA-PKCS1-v1_5and always emitsrsa-v1_5-sha256.That means Fedify can verify more peer signatures than it can produce. It also makes
Accept-Signaturechallenges with compatible non-RSA algorithms impossible to satisfy with a matching local key.Current code
signRequestRfc9421()and the draft-cavage path are in packages/fedify/src/sig/http.ts. Key validation and generation live in packages/fedify/src/sig/key.ts. Existing signature tests are in packages/fedify/src/sig/http.test.ts and packages/fedify/src/sig/key.test.ts.Scope
Add RFC 9421 signing support for at least one non-
RSASSA-PKCS1-v1_5algorithm already understood by the verifier.Ed25519is probably the best first target becausegenerateCryptoKeyPair()already supports it.The implementation should:
algvalue from the private key;crypto.subtle.sign()with the right WebCrypto algorithm parameters;Accept-Signaturefulfillment so a compatible local key can satisfy a matching challenge;Non-goals
Do not remove RSA PKCS#1 as the default. Do not add algorithms that cannot be generated or imported consistently across Deno, Node.js, and Bun. Do not weaken existing key validation for ActivityPub compatibility.
Suggested checks
Add signing and verification round-trip tests in packages/fedify/src/sig/http.test.ts. Add key tests in packages/fedify/src/sig/key.test.ts if the accepted key set changes. Please verify at least Deno and one Node/Bun path if runtime support differs.