docs: 📝 Feature more information on SPKI key encoding

versia-pub · Dec 17, 2024 · 32aa7cf · 32aa7cf
1 parent fe451d0
commit 32aa7cf
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/app/entities/instance-metadata/page.mdx b/app/entities/instance-metadata/page.mdx
@@ -74,7 +74,7 @@ Check the entity's documentation page to see if it supports this (it will be not
                 ```
                 
                 - `algorithm`: Algorithm used for the public key. Can only be `ed25519` for now.
-                - `key`: Instance public key, in SPKI-encoded base64 (from raw bytes, not a PEM format).
+                - `key`: Instance public key, in [SPKI-encoded base64](/signatures#exporting-the-public-key).
             </Property>
             <Property name="moderators" type="URI" required={false}>
                 URI to [Collection](/structures/collection) of instance moderators.

diff --git a/app/entities/user/page.mdx b/app/entities/user/page.mdx
@@ -74,7 +74,7 @@ Instance **must** be the host of the instance the user is on (hostname with opti
             The user's public key. Must follow the [Versia Public Key](/signatures) format. `actor` may be a URI to another user's profile, in which case this key may allow the other user act on behalf of this user (see [delegation](/federation/delegation)).
 
             - `algorithm`: Must be `ed25519` for now.
-            - `key`: The public key in SPKI-encoded base64 (from raw bytes, not a PEM format). Must be the key associated with the `actor` URI.
+            - `key`: The public key in [SPKI-encoded base64](/signatures#exporting-the-public-key). Must be the key associated with the `actor` URI.
             - `actor`: URI to a user's profile, most often the user's own profile.
 
             ```typescript

diff --git a/app/signatures/page.mdx b/app/signatures/page.mdx
@@ -156,3 +156,27 @@ if (!isVerified) {
     return new Response("Signature verification failed", { status: 401 });
 }
 ```
+
+## Exporting the Public Key
+
+Public keys are always encoded using `base64` and must be in SPKI format. You will need to look up the appropriate method for your cryptographic library to convert the key to this format.
+
+<Note>
+    This is **not** the same as the key's raw bytes.
+
+    This is also not related to the commonly used "PEM" format.
+</Note>
+
+```typescript {{ title: "Example using TypeScript and the WebCrypto API" }}
+/**
+ * Using Node.js's Buffer API for brevity
+ * If using another runtime, you may need to use a different method to convert to/from Base64
+ */
+const spkiEncodedPublicKey = await crypto.subtle.exportKey(
+    "spki",
+    /* Your public key */
+    publicKey,
+);
+
+const base64PublicKey = Buffer.from(publicKey).toString("base64");
+```