Skip to content

Signature: Add compat for more key encodings #1557

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 11, 2025
Merged

Signature: Add compat for more key encodings #1557

merged 6 commits into from
Apr 11, 2025

Conversation

@obenland
Copy link
Member

@obenland obenland commented Apr 8, 2025

Fixes #1130.

Proposed changes:

  • Grabs public key from passed signature info.
  • Returns public key resource instead of key.
  • Adds unit tests.

Other information:

  • Have you written new tests for your changes, if applicable?

Testing instructions:

  • Go to '..'

Changelog entry

  • Automatically create a changelog entry from the details below.
Changelog Entry Details

Significance

  • Patch
  • Minor
  • Major

Type

  • Added - for new features
  • Changed - for changes in existing functionality
  • Deprecated - for soon-to-be removed features
  • Removed - for now removed features
  • Fixed - for any bug fixes
  • Security - in case of vulnerabilities

Message

Increased compatibility with Mobilizon and other platforms by improving signature verification for different key formats.

@obenland obenland requested a review from pfefferle April 8, 2025 19:53
@obenland obenland self-assigned this Apr 8, 2025
pfefferle
pfefferle approved these changes Apr 9, 2025
View reviewed changes
Copy link
Member

@pfefferle pfefferle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome! that was easier than I thought!

@obenland
Copy link
Member Author

obenland commented Apr 9, 2025

@Menrath Any chance you could help us test this before we merge?

@obenland
Copy link
Member Author

obenland commented Apr 10, 2025

I tested it with a mobilizon.us account.

@obenland obenland mentioned this pull request Apr 10, 2025
Closed
@obenland obenland merged commit c28dadc into trunk Apr 11, 2025
11 checks passed
@obenland obenland deleted the add/pkcs1-support branch April 11, 2025 12:58
jsit added a commit to jsit/wordpress-activitypub that referenced this pull request Nov 1, 2025
@jsit
Merge tag '5.7.0' into fix/nicename
fd1508e 
* tag '5.7.0': (29 commits)
  Release 5.7.0 (Automattic#1574)
  Fix: Show error if site uses "Almost Pretty Permalink" structure (Automattic#1570)
  Admin: Add padding to extra fields nav links (Automattic#1569)
  Signature: Add compat for more key encodings (Automattic#1557)
  Reply block: Improve fallback embed (Automattic#1560)
  Add label for "Health Check" and "REST API" (Automattic#1571)
  change changelog items (Automattic#1572)
  Transformers: Allow setting properties to false. (Automattic#1567)
  Upgrades: Delete orphaned extra fields (Automattic#1566)
  Fix: Missing Actor in Outbox-Activities (Automattic#1564)
  Outbox: Properly handle username requests (Automattic#1559)
  Import: Load on admin_init (Automattic#1561)
  Move: support same-server domain migrations (Automattic#1530)
  Follow Me: add a button-only mode (Automattic#1133)
  Tests: Convert timestamp to int for comparison (Automattic#1556)
  Reply: Make Mastodon embeds work (Automattic#1555)
  Add: `Vary` header settings (Automattic#1552)
  Actors: Don't convert non-numeric strings to Blog user id (Automattic#1554)
  Add: Shared Inbox setting (Automattic#1553)
  Add: New Health checks (Automattic#1524)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pfefferle pfefferle pfefferle approved these changes

Assignees

@obenland obenland

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for other PEM key formats than X.509 in signature verification

4 participants

@obenland @pfefferle @matticbot