feat: RSA key management for ActivityPub signing

- keys.py: Generate/load RSA-2048 keypairs, sign activities - setup_keys.py: CLI to generate keys - Real RsaSignature2017 signing (falls back to placeholder if no keys) - Public key included in actor profile - Private keys gitignored 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-07 13:51:58 +00:00
parent acaf3a0ffa
commit dec5266554
6 changed files with 226 additions and 15 deletions
--- a/README.md
+++ b/README.md
@@ -20,10 +20,34 @@ export ARTDAG_USER=giles
 export ARTDAG_DATA=~/.artdag/l2
 export ARTDAG_L1=http://localhost:8100

+# Generate signing keys (required for federation)
+python setup_keys.py
+
 # Start server
 python server.py
 ```

+## Key Setup
+
+ActivityPub requires RSA keys for signing activities. Generate them:
+
+```bash
+# Local
+python setup_keys.py
+
+# Or with custom paths
+python setup_keys.py --data-dir /data/l2 --user giles
+
+# In Docker, exec into container or mount volume
+docker exec -it <container> python setup_keys.py
+```
+
+Keys are stored in `$ARTDAG_DATA/keys/`:
+- `{username}.pem` - Private key (chmod 600, NEVER share)
+- `{username}.pub` - Public key (included in actor profile)
+
+**Important**: Private keys are gitignored. Back them up securely. Losing them invalidates all your signatures.
+
 ## API Endpoints

 ### Server Info