marnanel/gist:ba6cba944d1f12d705891b1f7a7808d6

## gistfile1.txt
"RsaSignature2017" doesn't appear to be documented anywhere. Here is
my understanding of how to use it, based on reading the Mastodon
source code. My Ruby isn't very good, and my understanding of the
algorithm is clearly deficient, because it doesn't work.

== Validation ==

First part: we canonicalise the body signature. The body signature is
the "signature" field of the message, except that we remove the keys
"type", "id", and "signatureValue", then force "@context" to be
"https://w3id.org/identity/v1".

Second part: we canonicalise the entire original message, except that
we remove the "signature" key.

Then, we make a SHA256 digest of each part, and concatenate their
lowercase hex values.

Then we take another SHA256 digest of the concatenated value, and the
hex value of THAT digest is the document which the signature is to be
verified against.

== Canonicalisation ==

"Canonicalising" a message involves normalising it into RDF using
URDNA2015, then dumping that into a Turtle representation.

In Mastodon's own tests, the message
{"creator"=>"http://example.com/alice", "created"=>"2017-09-23T20:21:34Z"}

canonicalises to the two-line string
_:c14n0 <http://purl.org/dc/terms/created> "2017-09-23T20:21:34Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
_:c14n0 <http://purl.org/dc/terms/creator> <http://example.com/alice> .
including the final newline.

I don't know where the identifier "c14n0" comes from, but it seems
necessary for validating a message!
	"RsaSignature2017" doesn't appear to be documented anywhere. Here is
	my understanding of how to use it, based on reading the Mastodon
	source code. My Ruby isn't very good, and my understanding of the
	algorithm is clearly deficient, because it doesn't work.

	== Validation ==

	First part: we canonicalise the body signature. The body signature is
	the "signature" field of the message, except that we remove the keys
	"type", "id", and "signatureValue", then force "@context" to be
	"https://w3id.org/identity/v1".

	Second part: we canonicalise the entire original message, except that
	we remove the "signature" key.

	Then, we make a SHA256 digest of each part, and concatenate their
	lowercase hex values.

	Then we take another SHA256 digest of the concatenated value, and the
	hex value of THAT digest is the document which the signature is to be
	verified against.

	== Canonicalisation ==

	"Canonicalising" a message involves normalising it into RDF using
	URDNA2015, then dumping that into a Turtle representation.

	In Mastodon's own tests, the message
	{"creator"=>"http://example.com/alice", "created"=>"2017-09-23T20:21:34Z"}

	canonicalises to the two-line string
	_:c14n0 <http://purl.org/dc/terms/created> "2017-09-23T20:21:34Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
	_:c14n0 <http://purl.org/dc/terms/creator> <http://example.com/alice> .
	including the final newline.

	I don't know where the identifier "c14n0" comes from, but it seems
	necessary for validating a message!