Skip to content

Piero Bosio Social Web Site Personale Logo Fediverso

Social Forum federato con il resto del mondo. Non contano le istanze, contano le persone
  1. Home
  2. Categories
  3. General Discussion
  4. Adjusting #Enigmatick's previously built functions to align with the #ActivityPub #E2EE draft.

Adjusting #Enigmatick's previously built functions to align with the #ActivityPub #E2EE draft.

General Discussion
8 3 33
  • jdt@enigmatick.socialundefined

    Adjusting #Enigmatick's previously built functions to align with the #ActivityPub #E2EE draft.

    KeyPackage collection on the Actor object

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt | jq '.keyPackages'

    Response

    "https://enigmatick.social/user/jdt/keys"

    Retrieve the KeyPackage Collection

    These are populated by the client (the browser using the wasm module loaded in the Svelte SPA). I had a different mechanism in place for managing this (using the instrument field on Activities) but am updating it to use the Add flow for the Collection as specified by the draft.

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt/keys | jq

    Response

    {
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Collection",
  "id": "https://enigmatick.social/user/jdt/keys",
  "totalItems": 39,
  "next": "https://enigmatick.social/user/jdt/keys?mkp=true"
}

    Follow the next link to retrieve a KeyPackage

    This will mark the KeyPackage as distributed and would typically link it to the Actor that signed the request (that's temporarily disabled for testing).

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt/keys?mkp=true | jq

    Response

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    "https://purl.archive.org/socialweb/mls"
  ],
  "type": "Collection",
  "totalItems": 1,
  "items": [
    {
      "type": "KeyPackage",
      "id": "https://enigmatick.social/key-package/cfde7b54-8d08-41e9-8eb5-d997a12e9347",
      "attributedTo": "https://enigmatick.social/user/jdt",
      "to": [
        "https://www.w3.org/ns/activitystreams#Public"
      ],
      "mediaType": "message/mls",
      "encoding": "base64",
      "content": "AAEAASCOWe7uxA8tPeI01nDP8ka2irEhgfkK2qM81/o+tEKPEiCz2h2Vv6VVuGSx/C0WINQCuazZm4rQAymxd1JdHGVvaSDurWzIE3z5eXUFz5coFGv9db7DxZDx0arb/gyRuidCAgABImh0dHBzOi8vZW5pZ21hdGljay5zb2NpYWwvdXNlci9qZHQCAAEIAAEAAgADAE0KAAEAAgADAAQABQwAAQACAAMABAAFAAcCAAEBAAAAAGeDNwsAAAAAZ/IDGwBAQJUffd/8/Efgt0ITBeMWfJYcb7S8E5U7yyUINiIUfqmsGwcvTyam6C+9F+k64NBEs0rXjGMjPA6AgiZ2oR4/1wwAQECliseeQfQb0zgq755ZiiujRqLkEWt8WOTJSsBXHK6hey6bNs4wet782NL8k92h1BNuPZDzxHaHXdXe1wgBO6QJ"
    }
  ]
}
    rimu@piefed.socialundefined silverpill@mitra.socialundefined 2 Replies
    0
  • jdt@enigmatick.socialundefined jdt@enigmatick.social

    Adjusting #Enigmatick's previously built functions to align with the #ActivityPub #E2EE draft.

    KeyPackage collection on the Actor object

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt | jq '.keyPackages'

    Response

    "https://enigmatick.social/user/jdt/keys"

    Retrieve the KeyPackage Collection

    These are populated by the client (the browser using the wasm module loaded in the Svelte SPA). I had a different mechanism in place for managing this (using the instrument field on Activities) but am updating it to use the Add flow for the Collection as specified by the draft.

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt/keys | jq

    Response

    {
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Collection",
  "id": "https://enigmatick.social/user/jdt/keys",
  "totalItems": 39,
  "next": "https://enigmatick.social/user/jdt/keys?mkp=true"
}

    Follow the next link to retrieve a KeyPackage

    This will mark the KeyPackage as distributed and would typically link it to the Actor that signed the request (that's temporarily disabled for testing).

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt/keys?mkp=true | jq

    Response

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    "https://purl.archive.org/socialweb/mls"
  ],
  "type": "Collection",
  "totalItems": 1,
  "items": [
    {
      "type": "KeyPackage",
      "id": "https://enigmatick.social/key-package/cfde7b54-8d08-41e9-8eb5-d997a12e9347",
      "attributedTo": "https://enigmatick.social/user/jdt",
      "to": [
        "https://www.w3.org/ns/activitystreams#Public"
      ],
      "mediaType": "message/mls",
      "encoding": "base64",
      "content": "AAEAASCOWe7uxA8tPeI01nDP8ka2irEhgfkK2qM81/o+tEKPEiCz2h2Vv6VVuGSx/C0WINQCuazZm4rQAymxd1JdHGVvaSDurWzIE3z5eXUFz5coFGv9db7DxZDx0arb/gyRuidCAgABImh0dHBzOi8vZW5pZ21hdGljay5zb2NpYWwvdXNlci9qZHQCAAEIAAEAAgADAE0KAAEAAgADAAQABQwAAQACAAMABAAFAAcCAAEBAAAAAGeDNwsAAAAAZ/IDGwBAQJUffd/8/Efgt0ITBeMWfJYcb7S8E5U7yyUINiIUfqmsGwcvTyam6C+9F+k64NBEs0rXjGMjPA6AgiZ2oR4/1wwAQECliseeQfQb0zgq755ZiiujRqLkEWt8WOTJSsBXHK6hey6bNs4wet782NL8k92h1BNuPZDzxHaHXdXe1wgBO6QJ"
    }
  ]
}
    rimu@piefed.socialundefined

    If the private keys are stored on the instance, how is this any better than what we have now?

    jdt@enigmatick.socialundefined 2 Replies
    0
  • rimu@piefed.socialundefined rimu@piefed.social

    If the private keys are stored on the instance, how is this any better than what we have now?

    jdt@enigmatick.socialundefined

    @rimu@piefed.social What makes you think it's a private key? (It's not.)

    Here's some information with examples of how the keys are used and exchanged.

    0
  • rimu@piefed.socialundefined rimu@piefed.social

    If the private keys are stored on the instance, how is this any better than what we have now?

    jdt@enigmatick.socialundefined

    @rimu@piefed.social And no, the instance admin cannot decrypt the communications. The KeyPackage is a public key used to start an encrypted message exchange. But it cannot be used to decrypt any of the messages.

    0
  • jdt@enigmatick.socialundefined jdt@enigmatick.social

    @rimu@piefed.social And no, the instance admin cannot decrypt the communications. The KeyPackage is a public key used to start an encrypted message exchange. But it cannot be used to decrypt any of the messages.

    rimu@piefed.socialundefined

    Ah I see, thanks ๐Ÿ‘

    0
  • rimu@piefed.socialundefined rimu@piefed.social

    Ah I see, thanks ๐Ÿ‘

    jdt@enigmatick.socialundefined

    @rimu@piefed.social No problem!

    0
  • jdt@enigmatick.socialundefined jdt@enigmatick.social

    Adjusting #Enigmatick's previously built functions to align with the #ActivityPub #E2EE draft.

    KeyPackage collection on the Actor object

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt | jq '.keyPackages'

    Response

    "https://enigmatick.social/user/jdt/keys"

    Retrieve the KeyPackage Collection

    These are populated by the client (the browser using the wasm module loaded in the Svelte SPA). I had a different mechanism in place for managing this (using the instrument field on Activities) but am updating it to use the Add flow for the Collection as specified by the draft.

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt/keys | jq

    Response

    {
  "@context": "https://www.w3.org/ns/activitystreams",
  "type": "Collection",
  "id": "https://enigmatick.social/user/jdt/keys",
  "totalItems": 39,
  "next": "https://enigmatick.social/user/jdt/keys?mkp=true"
}

    Follow the next link to retrieve a KeyPackage

    This will mark the KeyPackage as distributed and would typically link it to the Actor that signed the request (that's temporarily disabled for testing).

    Request

    > curl -H "Accept: application/activity+json" https://enigmatick.social/user/jdt/keys?mkp=true | jq

    Response

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    "https://purl.archive.org/socialweb/mls"
  ],
  "type": "Collection",
  "totalItems": 1,
  "items": [
    {
      "type": "KeyPackage",
      "id": "https://enigmatick.social/key-package/cfde7b54-8d08-41e9-8eb5-d997a12e9347",
      "attributedTo": "https://enigmatick.social/user/jdt",
      "to": [
        "https://www.w3.org/ns/activitystreams#Public"
      ],
      "mediaType": "message/mls",
      "encoding": "base64",
      "content": "AAEAASCOWe7uxA8tPeI01nDP8ka2irEhgfkK2qM81/o+tEKPEiCz2h2Vv6VVuGSx/C0WINQCuazZm4rQAymxd1JdHGVvaSDurWzIE3z5eXUFz5coFGv9db7DxZDx0arb/gyRuidCAgABImh0dHBzOi8vZW5pZ21hdGljay5zb2NpYWwvdXNlci9qZHQCAAEIAAEAAgADAE0KAAEAAgADAAQABQwAAQACAAMABAAFAAcCAAEBAAAAAGeDNwsAAAAAZ/IDGwBAQJUffd/8/Efgt0ITBeMWfJYcb7S8E5U7yyUINiIUfqmsGwcvTyam6C+9F+k64NBEs0rXjGMjPA6AgiZ2oR4/1wwAQECliseeQfQb0zgq755ZiiujRqLkEWt8WOTJSsBXHK6hey6bNs4wet782NL8k92h1BNuPZDzxHaHXdXe1wgBO6QJ"
    }
  ]
}
    silverpill@mitra.socialundefined

    @jdt

    >ActivityPub E2EE draft.

    Do you see any merit in that document?

    Looks like boilerplate to me.

    0
  • silverpill@mitra.socialundefined silverpill@mitra.social

    @jdt

    >ActivityPub E2EE draft.

    Do you see any merit in that document?

    Looks like boilerplate to me.

    jdt@enigmatick.socialundefined

    @silverpill@mitra.social it seems like a fair starting point to establish some common formats. There's clearly a lot of work still to be done.

    There are some choices that seem questionable to me; the document seems to imply that KeyPackages as an attribute of the Actor objects can be retrieved without much control. I think that's problematic. They're only usable one time and they could easily be exhausted if distribution isn't controlled (they have to be replenished by the client and the client has to maintain all active packages in its key store).

    I gate access behind a verified signature and record who is given which package at the server to establish some limits.

    0
Log in to reply

Feed RSS
Adjusting #Enigmatick's previously built functions to align with the #ActivityPub #E2EE draft.

Gli ultimi otto messaggi ricevuti dalla Federazione
@pierobosio@soc.bosio.info
Post suggeriti
  • activitypub.blog@activitypub.blogundefined

    WordPress Federation: Recap ofย 2025

    Fediverso 2025 activitypub fediverse recap retrospective wordpress
    12
    4
    0 Votes
    12 Posts
    42 Views
    pfefferle@mastodon.socialundefined
    @elettrona @activitypub.blog I hope 2026 will be the year, to boost ActivityPub also as Client2Server API!
  • fedify@hollo.socialundefined

    # Fedify 1.10.0: Observability foundations for the future debug dashboard

    Technical Discussion fedify fedidev release fediverse typescript activitypub opentelemetry
    1
    0 Votes
    1 Posts
    7 Views
    fedify@hollo.socialundefined
    Fedify 1.10.0: Observability foundations for the future debug dashboard Fedify is a #TypeScript framework for building #ActivityPub servers that participate in the #fediverse. It reduces the complexity and boilerplate typically required for ActivityPub implementation while providing comprehensive federation capabilities. We're excited to announce #Fedify 1.10.0, a focused release that lays critical groundwork for future debugging and observability features. Released on December 24, 2025, this version introduces infrastructure improvements that will enable the upcoming debug dashboard while maintaining full backward compatibility with existing Fedify applications. This release represents a transitional step toward Fedify 2.0.0, introducing optional capabilities that will become standard in the next major version. The changes focus on enabling richer observability through OpenTelemetry enhancements and adding prefix scanning capabilities to the keyโ€“value store interface. Enhanced OpenTelemetry instrumentation Fedify 1.10.0 significantly expands OpenTelemetry instrumentation with span events that capture detailed ActivityPub data. These enhancements enable richer observability and debugging capabilities without relying solely on span attributes, which are limited to primitive values. The new span events provide complete activity payloads and verification status, making it possible to build comprehensive debugging tools that show the full context of federation operations: activitypub.activity.received event on activitypub.inbox span โ€” records the full activity JSON, verification status (activity verified, HTTP signatures verified, Linked Data signatures verified), and actor information activitypub.activity.sent event on activitypub.send_activity span โ€” records the full activity JSON and target inbox URL activitypub.object.fetched event on activitypub.lookup_object span โ€” records the fetched object's type and complete JSON-LD representation Additionally, Fedify now instruments previously uncovered operations: activitypub.fetch_document span for document loader operations, tracking URL fetching, HTTP redirects, and final document URLs activitypub.verify_key_ownership span for cryptographic key ownership verification, recording actor ID, key ID, verification result, and the verification method used These instrumentation improvements emerged from work on issue #234 (Real-time ActivityPub debug dashboard). Rather than introducing a custom observer interface as originally proposed in #323, we leveraged Fedify's existing OpenTelemetry infrastructure to capture rich federation data through span events. This approach provides a standards-based foundation that's composable with existing observability tools like Jaeger, Zipkin, and Grafana Tempo. Distributed trace storage with FedifySpanExporter Building on the enhanced instrumentation, Fedify 1.10.0 introduces FedifySpanExporter, a new OpenTelemetry SpanExporter that persists ActivityPub activity traces to a KvStore. This enables distributed tracing support across multiple nodes in a Fedify deployment, which is essential for building debug dashboards that can show complete request flows across web servers and background workers. The new @fedify/fedify/otel module provides the following types and interfaces: import { MemoryKvStore } from "@fedify/fedify"; import { FedifySpanExporter } from "@fedify/fedify/otel"; import { BasicTracerProvider, SimpleSpanProcessor, } from "@opentelemetry/sdk-trace-base"; const kv = new MemoryKvStore(); const exporter = new FedifySpanExporter(kv, { ttl: Temporal.Duration.from({ hours: 1 }), }); const provider = new BasicTracerProvider(); provider.addSpanProcessor(new SimpleSpanProcessor(exporter)); The stored traces can be queried for display in debugging interfaces: // Get all activities for a specific trace const activities = await exporter.getActivitiesByTraceId(traceId); // Get recent traces with summary information const recentTraces = await exporter.getRecentTraces({ limit: 100 }); The exporter supports two storage strategies depending on the KvStore capabilities. When the list() method is available (preferred), it stores individual records with keys like [prefix, traceId, spanId]. When only cas() is available, it uses compare-and-swap operations to append records to arrays stored per trace. This infrastructure provides the foundation for implementing a comprehensive debug dashboard as a custom SpanExporter, as outlined in the updated implementation plan for issue #234. Optional list() method for KvStore interface Fedify 1.10.0 adds an optional list() method to the KvStore interface for enumerating entries by key prefix. This method enables efficient prefix scanning, which is useful for implementing features like distributed trace storage, cache invalidation by prefix, and listing related entries. interface KvStore { // ... existing methods list?(prefix?: KvKey): AsyncIterable<KvStoreListEntry>; } When the prefix parameter is omitted or empty, list() returns all entries in the store. This is useful for debugging and administrative purposes. All official KvStore implementations have been updated to support this method: MemoryKvStore โ€” filters in-memory keys by prefix SqliteKvStore โ€” uses LIKE query with JSON key pattern PostgresKvStore โ€” uses array slice comparison RedisKvStore โ€” uses SCAN with pattern matching and key deserialization DenoKvStore โ€” delegates to Deno KV's built-in list() API WorkersKvStore โ€” uses Cloudflare Workers KV list() with JSON key prefix pattern While list() is currently optional to give existing custom KvStore implementations time to add support, it will become a required method in Fedify 2.0.0 (tracked in issue #499). This migration path allows implementers to gradually adopt the new capability throughout the 1.x release cycle. The addition of list() support was implemented in pull request #500, which also included the setup of proper testing infrastructure for WorkersKvStore using Vitest with @cloudflare/vitest-pool-workers. NestJS 11 and Express 5 support Thanks to a contribution from Cho Hasang (@crohasang@hackers.pub), the @fedify/nestjs package now supports NestJS 11 environments that use Express 5. The peer dependency range for Express has been widened to ^4.0.0 || ^5.0.0, eliminating peer dependency conflicts in modern NestJS projects while maintaining backward compatibility with Express 4. This change, implemented in pull request #493, keeps the workspace catalog pinned to Express 4 for internal development and test stability while allowing Express 5 in consuming applications. What's next Fedify 1.10.0 serves as a stepping stone toward the upcoming 2.0.0 release. The optional list() method introduced in this version will become required in 2.0.0, simplifying the interface contract and allowing Fedify internals to rely on prefix scanning being universally available. The enhanced #OpenTelemetry instrumentation and FedifySpanExporter provide the foundation for implementing the debug dashboard proposed in issue #234. The next steps include building the web dashboard UI with real-time activity lists, filtering, and JSON inspection capabilitiesโ€”all as a separate package that leverages the standards-based observability infrastructure introduced in this release. Depending on the development timeline and feature priorities, there may be additional 1.x releases before the 2.0.0 migration. For developers building custom KvStore implementations, now is the time to add list() support to prepare for the eventual 2.0.0 upgrade. The implementation patterns used in the official backends provide clear guidance for various storage strategies. Acknowledgments Special thanks to Cho Hasang (@crohasang@hackers.pub) for the NestJS 11 compatibility improvements, and to all community members who provided feedback and testing for the new observability features. For the complete list of changes, bug fixes, and improvements, please refer to the CHANGES.md file in the repository. #fedidev #release
  • tom@tomkahe.comundefined

    Oh I didn't realize the entire vidzy github project was nuked https://github.com/vidzy-social/vidzy

    General Discussion activitypub vidzy loops
    1
    1
    0 Votes
    1 Posts
    11 Views
    tom@tomkahe.comundefined
    Oh I didn't realize the entire vidzy github project was nuked https://github.com/vidzy-social/vidzyThere's a couple of archive snapshots of it though https://web.archive.org/web/20241104180545/https://github.com/vidzy-social/vidzy so at least somewhat preserved
  • heybenji@social.coopundefined

    Could we build a governance protocol, something like Loomio, on top of ActivityPub?

    General Discussion fediverse activitypub
    5
    0 Votes
    5 Posts
    33 Views
    heybenji@social.coopundefined
    @django @reiver @lax this is very cool.