Suspected incorrect key algorithm on createInternalAccount #1230
Description
CAVEAT: I may be misunderstanding how dependencies are initialised, so apologies if that is the case
createInternalAccount seems to be called when first enabling Network from the Ghost Admin settings
It in turn calls generateKeyPair which has a default of generateCryptoKeyPair from fedify
generateKeyPair is called without arguments, and looking at the implementation in fedify, calling without arguments will create a RSASSA-PKCS1-v1_5 key.
I can confirm that this behaviour happens in practice, as my ActivityPub logs show No algorithm specified. Using RSASSA-PKCS1-v1_5 by default, but it is recommended to specify the algorithm explicitly as the parameter will be required in the future. when enabling Network in settings.
I logged in to the DB container and confirmed that the private key for my account is"alg": "RS256"
When trying to follow another account, I get the following error:
activitypub-1 | 12:51:22.026 WRN fedify·federation·outbox: No supported key found to create a proof for the activity 'http://miggl.es/.ghost/activitypub/follow/f0d92341-1865-4037-9e65-0c581da29d88'. The activity will be sent without a proof. In order to create a proof, at least one Ed25519 key must be provided.
activitypub-1 | 12:51:22.026 INF activitypub: KnexKvStore: Get key _fedify,httpMessageSignaturesSpec,https://www.404media.co
activitypub-1 | 12:51:22.584 ERR fedify·federation·outbox: Failed to send activity 'http://miggl.es/.ghost/activitypub/follow/f0d92341-1865-4037-9e65-0c581da29d88' to 'https://www.404media.co/.ghost/activitypub/inbox/index' (401 'Unauthorized'):
activitypub-1 | 'The signer and the actor do not match.'
activitypub-1 | 12:51:22.584 ERR activitypub: Error: Failed to send activity http://miggl.es/.ghost/activitypub/follow/f0d92341-1865-4037-9e65-0c581da29d88 to https://www.404media.co/.ghost/activitypub/inbox/index (401 Unauthorized):
activitypub-1 | The signer and the actor do not match.
activitypub-1 | at sendActivityInternal (file:///opt/activitypub/node_modules/@fedify/fedify/dist/middleware-BPdRnvp4.js:1745:9)
activitypub-1 | at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
activitypub-1 | at async file:///opt/activitypub/node_modules/@fedify/fedify/dist/middleware-BPdRnvp4.js:1677:4
activitypub-1 | at async Promise.all (index 0)
activitypub-1 | at async FederationImpl.sendActivity (file:///opt/activitypub/node_modules/@fedify/fedify/dist/middleware-BPdRnvp4.js:2313:4)
activitypub-1 | at async RequestContextImpl.sendActivityInternal (file:///opt/activitypub/node_modules/@fedify/fedify/dist/middleware-BPdRnvp4.js:3073:4)
activitypub-1 | at async file:///opt/activitypub/node_modules/@fedify/fedify/dist/middleware-BPdRnvp4.js:2992:5
activitypub-1 | at async FollowController.handleFollow (file:///opt/activitypub/dist/app.js:5625:5)
activitypub-1 | at async dispatch (file:///opt/activitypub/node_modules/hono/dist/compose.js:22:17)
activitypub-1 | at async dispatch (file:///opt/activitypub/node_modules/hono/dist/compose.js:22:17
Looking at the sendActivity method from fedify, I can see that proofCreated is only set if the private key type is Ed25519.
My assumption is that the 401 error The signer and the actor do not match. stems from this, and the fix would be to explicitly create an Ed25519 key in createInternalAccount.
Please let me know if my assumptions here are wrong, unfortunately at the moment I am unable to follow any other accounts.