I try to follow an actor on a mastadon instance from my own local machine. I sign my request and have uploaded my public key to a publicly available place where mastadon should be able to fetch it (a domain with a valid SSL cert).
But all I get is:
Public key not found for key https://www.example.com/id.pub
But I can download the public key with CURL without any problem.
The request looks like this:
{
"@context": "https://www.w3.org/ns/activitystreams",
"type": "Follow",
"summary": "john.doe follows foobarbaz",
"actor": {
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://w3id.org/security/v1"
],
"type": "Person",
"id": "https://localhost:8989/john.doe",
"preferredUsername": "john.doe",
"inbox": "https://localhost:8989/account/john.doe/inbox",
"outbox": "https://localhost:8989/account/john.doe/outbox",
"followers": "https://localhost:8989/account/john.doe/followers",
"following": "https://localhost:8989/account/john.doe/following",
"liked": "https://localhost:8989/account/john.doe/liked",
"publicKey": {
"@context": "https://w3id.org/security/v1",
"@type": "Key",
"id": "https://localhost:8989/john.doe#main-key",
"owner": "https://localhost:8989/john.doe",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----\\nMIIBIjANBg...MNgwQII57\\niQIDAQAB\\n-----END PUBLIC KEY-----"
}
},
"object": {
"@context": [
"https://www.w3.org/ns/activitystreams",
"https://w3id.org/security/v1"
],
"type": "Person",
"id": "https://other-example.com/users/foobarbaz",
"preferredUsername": "foobarbaz",
"inbox": "https://other-example.com/users/foobarbaz/inbox",
"outbox": "https://other-example.com/users/foobarbaz/outbox",
"followers": "https://other-example.com/users/foobarbaz/followers",
"following": "https://other-example.com/users/foobarbaz/following"
}
}
And the Signature
header:
keyId="https://example.com/id.pub",headers="(request-target) host date",signature="j9KruD7enrWaYaJuZ...4BjSUw=="