Support for authorized fetch using instance actor signing key

2021-08-31 15:17:11 +01:00 · 2021-08-31 15:17:11 +01:00 · 6c0a39c64d
parent 894a8ce3fc
commit 6c0a39c64d
32 changed files with 860 additions and 460 deletions
--- a/announce.py
+++ b/announce.py
@ -122,7 +122,8 @@ def createAnnounce(session, baseDir: str, federationList: [],
                   clientToServer: bool,
                   sendThreads: [], postLog: [],
                   personCache: {}, cachedWebfingers: {},
-                   debug: bool, projectVersion: str) -> {}:
+                   debug: bool, projectVersion: str,
                   signingPrivateKeyPem: str) -> {}:
    """Creates an announce message
    Typically toUrl will be https://www.w3.org/ns/activitystreams#Public
    and ccUrl might be a specific person favorited or repeated and the
@ -179,7 +180,8 @@ def createAnnounce(session, baseDir: str, federationList: [],
                       announceNickname, announceDomain, announcePort, None,
                       httpPrefix, True, clientToServer, federationList,
                       sendThreads, postLog, cachedWebfingers, personCache,
-                       debug, projectVersion, None, groupAccount)
+                       debug, projectVersion, None, groupAccount,
                       signingPrivateKeyPem)
    return newAnnounce
@ -189,7 +191,8 @@ def announcePublic(session, baseDir: str, federationList: [],
                   objectUrl: str, clientToServer: bool,
                   sendThreads: [], postLog: [],
                   personCache: {}, cachedWebfingers: {},
-                   debug: bool, projectVersion: str) -> {}:
+                   debug: bool, projectVersion: str,
                   signingPrivateKeyPem: str) -> {}:
    """Makes a public announcement
    """
    fromDomain = getFullDomain(domain, port)
@ -202,7 +205,8 @@ def announcePublic(session, baseDir: str, federationList: [],
                          objectUrl, True, clientToServer,
                          sendThreads, postLog,
                          personCache, cachedWebfingers,
-                          debug, projectVersion)
+                          debug, projectVersion,
                          signingPrivateKeyPem)
 def sendAnnounceViaServer(baseDir: str, session,
@ -210,7 +214,8 @@ def sendAnnounceViaServer(baseDir: str, session,
                          fromDomain: str, fromPort: int,
                          httpPrefix: str, repeatObjectUrl: str,
                          cachedWebfingers: {}, personCache: {},
-                          debug: bool, projectVersion: str) -> {}:
+                          debug: bool, projectVersion: str,
                          signingPrivateKeyPem: str) -> {}:
    """Creates an announce message via c2s
    """
    if not session:
@ -242,7 +247,8 @@ def sendAnnounceViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                fromDomain, projectVersion, debug, False)
+                                fromDomain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: announce webfinger failed for ' + handle)
@ -257,7 +263,8 @@ def sendAnnounceViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey, fromPersonId,
     sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest,
                                 personCache,
                                 projectVersion, httpPrefix,
                                 fromNickname, fromDomain,
@ -298,7 +305,8 @@ def sendUndoAnnounceViaServer(baseDir: str, session,
                              domain: str, port: int,
                              httpPrefix: str, repeatObjectUrl: str,
                              cachedWebfingers: {}, personCache: {},
-                              debug: bool, projectVersion: str) -> {}:
+                              debug: bool, projectVersion: str,
                              signingPrivateKeyPem: str) -> {}:
    """Undo an announce message via c2s
    """
    if not session:
@ -322,7 +330,8 @@ def sendUndoAnnounceViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                domain, projectVersion, debug, False)
+                                domain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: undo announce webfinger failed for ' + handle)
@ -337,7 +346,8 @@ def sendUndoAnnounceViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey, fromPersonId,
     sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest,
                                 personCache,
                                 projectVersion, httpPrefix,
                                 nickname, domain,
--- a/availability.py
+++ b/availability.py
@ -82,7 +82,8 @@ def sendAvailabilityViaServer(baseDir: str, session,
                              httpPrefix: str,
                              status: str,
                              cachedWebfingers: {}, personCache: {},
-                              debug: bool, projectVersion: str) -> {}:
+                              debug: bool, projectVersion: str,
                              signingPrivateKeyPem: str) -> {}:
    """Sets the availability for a person via c2s
    """
    if not session:
@ -107,7 +108,8 @@ def sendAvailabilityViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                domain, projectVersion, debug, False)
+                                domain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: availability webfinger failed for ' + handle)
@ -122,7 +124,8 @@ def sendAvailabilityViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache, projectVersion,
                                            httpPrefix, nickname,
                                            domain, postToBox, 57262)
--- a/bookmarks.py
+++ b/bookmarks.py
@ -348,7 +348,8 @@ def sendBookmarkViaServer(baseDir: str, session,
                          domain: str, fromPort: int,
                          httpPrefix: str, bookmarkUrl: str,
                          cachedWebfingers: {}, personCache: {},
-                          debug: bool, projectVersion: str) -> {}:
+                          debug: bool, projectVersion: str,
                          signingPrivateKeyPem: str) -> {}:
    """Creates a bookmark via c2s
    """
    if not session:
@ -377,7 +378,8 @@ def sendBookmarkViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                domain, projectVersion, debug, False)
+                                domain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: bookmark webfinger failed for ' + handle)
@ -391,7 +393,8 @@ def sendBookmarkViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey, fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            nickname, domain,
@ -433,7 +436,8 @@ def sendUndoBookmarkViaServer(baseDir: str, session,
                              domain: str, fromPort: int,
                              httpPrefix: str, bookmarkUrl: str,
                              cachedWebfingers: {}, personCache: {},
-                              debug: bool, projectVersion: str) -> {}:
+                              debug: bool, projectVersion: str,
                              signingPrivateKeyPem: str) -> {}:
    """Removes a bookmark via c2s
    """
    if not session:
@ -462,7 +466,8 @@ def sendUndoBookmarkViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                domain, projectVersion, debug, False)
+                                domain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: unbookmark webfinger failed for ' + handle)
@ -476,7 +481,8 @@ def sendUndoBookmarkViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey, fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            nickname, domain,
--- a/cache.py
+++ b/cache.py
@ -139,7 +139,8 @@ def getWebfingerFromCache(handle: str, cachedWebfingers: {}) -> {}:
 def getPersonPubKey(baseDir: str, session, personUrl: str,
                    personCache: {}, debug: bool,
                    projectVersion: str, httpPrefix: str,
-                    domain: str, onionDomain: str) -> str:
+                    domain: str, onionDomain: str,
                    signingPrivateKeyPem: str) -> str:
    if not personUrl:
        return None
    personUrl = personUrl.replace('#main-key', '')
@ -165,7 +166,8 @@ def getPersonPubKey(baseDir: str, session, personUrl: str,
            'Accept': 'application/activity+json; profile="' + profileStr + '"'
        }
        personJson = \
-            getJson(session, personUrl, asHeader, None, debug,
+            getJson(signingPrivateKeyPem,
                    session, personUrl, asHeader, None, debug,
                    projectVersion, httpPrefix, personDomain)
        if not personJson:
            return None
--- a/daemon.py
+++ b/daemon.py
@ -623,7 +623,8 @@ class PubServer(BaseHTTPRequestHandler):
            getPersonPubKey(self.server.baseDir, self.server.session, keyId,
                            self.server.personCache, self.server.debug,
                            __version__, self.server.httpPrefix,
-                            self.server.domain, self.server.onionDomain)
+                            self.server.domain, self.server.onionDomain,
                            self.server.signingPrivateKeyPem)
        if not pubKey:
            if self.server.debug:
                print('DEBUG: Authenticated fetch failed to ' +
@ -1171,7 +1172,8 @@ class PubServer(BaseHTTPRequestHandler):
                                   city, self.server.systemLanguage,
                                   self.server.sharedItemsFederatedDomains,
                                   self.server.sharedItemFederationTokens,
-                                   self.server.lowBandwidth)
+                                   self.server.lowBandwidth,
                                   self.server.signingPrivateKeyPem)
    def _postToOutboxThread(self, messageJson: {}) -> bool:
        """Creates a thread to send a post
@ -1777,7 +1779,8 @@ class PubServer(BaseHTTPRequestHandler):
                                            self.server.port,
                                            searchHandle,
                                            self.server.debug,
-                                            self.server.systemLanguage)
+                                            self.server.systemLanguage,
                                            self.server.signingPrivateKeyPem)
                    else:
                        msg = \
                            htmlModerationInfo(self.server.cssCache,
@ -2420,6 +2423,7 @@ class PubServer(BaseHTTPRequestHandler):
            if isModerator(self.server.baseDir, chooserNickname):
                if debug:
                    print('Showing info for ' + optionsActor)
                signingPrivateKeyPem = self.server.signingPrivateKeyPem
                msg = \
                    htmlAccountInfo(self.server.cssCache,
                                    self.server.translate,
@ -2430,7 +2434,8 @@ class PubServer(BaseHTTPRequestHandler):
                                    self.server.port,
                                    optionsActor,
                                    self.server.debug,
-                                    self.server.systemLanguage).encode('utf-8')
+                                    self.server.systemLanguage,
                                    signingPrivateKeyPem).encode('utf-8')
                msglen = len(msg)
                self._set_headers('text/html', msglen,
                                  cookie, callingDomain, False)
@ -2703,7 +2708,8 @@ class PubServer(BaseHTTPRequestHandler):
                                  self.server.cachedWebfingers,
                                  self.server.personCache,
                                  debug,
-                                  self.server.projectVersion)
+                                  self.server.projectVersion,
                                  self.server.signingPrivateKeyPem)
        if callingDomain.endswith('.onion') and onionDomain:
            originPathStr = 'http://' + onionDomain + usersPath
        elif (callingDomain.endswith('.i2p') and i2pDomain):
@ -2962,7 +2968,8 @@ class PubServer(BaseHTTPRequestHandler):
                                      self.server.allowLocalNetworkAccess,
                                      self.server.themeName,
                                      self.server.systemLanguage,
-                                      self.server.maxLikeCount)
+                                      self.server.maxLikeCount,
                                      self.server.signingPrivateKeyPem)
                if hashtagStr:
                    msg = hashtagStr.encode('utf-8')
                    msglen = len(msg)
@ -3018,7 +3025,8 @@ class PubServer(BaseHTTPRequestHandler):
                                      self.server.allowLocalNetworkAccess,
                                      self.server.themeName, 'outbox',
                                      self.server.systemLanguage,
-                                      self.server.maxLikeCount)
+                                      self.server.maxLikeCount,
                                      self.server.signingPrivateKeyPem)
                if historyStr:
                    msg = historyStr.encode('utf-8')
                    msglen = len(msg)
@ -3054,7 +3062,8 @@ class PubServer(BaseHTTPRequestHandler):
                                      self.server.allowLocalNetworkAccess,
                                      self.server.themeName, 'bookmarks',
                                      self.server.systemLanguage,
-                                      self.server.maxLikeCount)
+                                      self.server.maxLikeCount,
                                      self.server.signingPrivateKeyPem)
                if bookmarksStr:
                    msg = bookmarksStr.encode('utf-8')
                    msglen = len(msg)
@ -3106,7 +3115,8 @@ class PubServer(BaseHTTPRequestHandler):
                                          baseDir, httpPrefix,
                                          actor,
                                          self.server.personCache,
-                                          None, True)
+                                          None, True,
                                          self.server.signingPrivateKeyPem)
                    profilePathStr += \
                        '?options=' + actor + ';1;' + avatarUrl
@ -3126,6 +3136,8 @@ class PubServer(BaseHTTPRequestHandler):
                    if self.server.keyShortcuts.get(nickname):
                        accessKeys = self.server.keyShortcuts[nickname]
                    signingPrivateKeyPem = \
                        self.server.signingPrivateKeyPem
                    profileStr = \
                        htmlProfileAfterSearch(self.server.cssCache,
                                               self.server.recentPostsCache,
@ -3151,7 +3163,8 @@ class PubServer(BaseHTTPRequestHandler):
                                               self.server.themeName,
                                               accessKeys,
                                               self.server.systemLanguage,
-                                               self.server.maxLikeCount)
+                                               self.server.maxLikeCount,
                                               signingPrivateKeyPem)
                if profileStr:
                    msg = profileStr.encode('utf-8')
                    msglen = len(msg)
@ -6530,7 +6543,8 @@ class PubServer(BaseHTTPRequestHandler):
                              self.server.allowLocalNetworkAccess,
                              self.server.themeName,
                              self.server.systemLanguage,
-                              self.server.maxLikeCount)
+                              self.server.maxLikeCount,
                              self.server.signingPrivateKeyPem)
        if hashtagStr:
            msg = hashtagStr.encode('utf-8')
            msglen = len(msg)
@ -6685,7 +6699,8 @@ class PubServer(BaseHTTPRequestHandler):
                           self.server.personCache,
                           self.server.cachedWebfingers,
                           debug,
-                           self.server.projectVersion)
+                           self.server.projectVersion,
                           self.server.signingPrivateKeyPem)
        if announceJson:
            # clear the icon from the cache so that it gets updated
            if self.server.iconsCache.get('repeat.png'):
@ -6846,7 +6861,8 @@ class PubServer(BaseHTTPRequestHandler):
                                       self.server.cachedWebfingers,
                                       self.server.personCache,
                                       debug,
-                                       self.server.projectVersion)
+                                       self.server.projectVersion,
                                       self.server.signingPrivateKeyPem)
        originPathStrAbsolute = \
            httpPrefix + '://' + domainFull + originPathStr
        if callingDomain.endswith('.onion') and onionDomain:
@ -7003,7 +7019,8 @@ class PubServer(BaseHTTPRequestHandler):
                                    self.server.cachedWebfingers,
                                    self.server.personCache,
                                    debug,
-                                    self.server.projectVersion)
+                                    self.server.projectVersion,
                                    self.server.signingPrivateKeyPem)
        originPathStrAbsolute = \
            httpPrefix + '://' + domainFull + originPathStr
        if callingDomain.endswith('.onion') and onionDomain:
@ -7473,7 +7490,8 @@ class PubServer(BaseHTTPRequestHandler):
                                  self.server.allowLocalNetworkAccess,
                                  self.server.themeName,
                                  self.server.systemLanguage,
-                                  self.server.maxLikeCount)
+                                  self.server.maxLikeCount,
                                  self.server.signingPrivateKeyPem)
            if deleteStr:
                deleteStrLen = len(deleteStr)
                self._set_headers('text/html', deleteStrLen,
@ -7683,7 +7701,8 @@ class PubServer(BaseHTTPRequestHandler):
                                    self.server.allowLocalNetworkAccess,
                                    self.server.themeName,
                                    self.server.systemLanguage,
-                                    self.server.maxLikeCount)
+                                    self.server.maxLikeCount,
                                    self.server.signingPrivateKeyPem)
                msg = msg.encode('utf-8')
                msglen = len(msg)
                self._set_headers('text/html', msglen,
@ -7772,7 +7791,8 @@ class PubServer(BaseHTTPRequestHandler):
                                    self.server.allowLocalNetworkAccess,
                                    self.server.themeName,
                                    self.server.systemLanguage,
-                                    self.server.maxLikeCount)
+                                    self.server.maxLikeCount,
                                    self.server.signingPrivateKeyPem)
                msg = msg.encode('utf-8')
                msglen = len(msg)
                self._set_headers('text/html', msglen,
@ -7848,7 +7868,8 @@ class PubServer(BaseHTTPRequestHandler):
                        getSpoofedCity(self.server.city,
                                       baseDir, nickname, domain)
                    msg = \
-                        htmlProfile(self.server.rssIconAtTop,
+                        htmlProfile(self.server.signingPrivateKeyPem,
                                    self.server.rssIconAtTop,
                                    self.server.cssCache,
                                    iconsAsButtons,
                                    defaultTimeline,
@ -7951,8 +7972,11 @@ class PubServer(BaseHTTPRequestHandler):
                                                      nickname, domain)
                                sharedItemsFederatedDomains = \
                                    self.server.sharedItemsFederatedDomains
                                signingPrivateKeyPem = \
                                    self.server.signingPrivateKeyPem
                                msg = \
-                                    htmlProfile(self.server.rssIconAtTop,
+                                    htmlProfile(signingPrivateKeyPem,
                                                self.server.rssIconAtTop,
                                                self.server.cssCache,
                                                iconsAsButtons,
                                                defaultTimeline,
@ -8113,7 +8137,8 @@ class PubServer(BaseHTTPRequestHandler):
                                   self.server.allowLocalNetworkAccess,
                                   self.server.themeName,
                                   self.server.systemLanguage,
-                                   self.server.maxLikeCount)
+                                   self.server.maxLikeCount,
                                   self.server.signingPrivateKeyPem)
            msg = msg.encode('utf-8')
            msglen = len(msg)
            self._set_headers('text/html', msglen,
@ -8327,7 +8352,8 @@ class PubServer(BaseHTTPRequestHandler):
                                        accessKeys,
                                        self.server.systemLanguage,
                                        self.server.maxLikeCount,
-                                        sharedItemsFederatedDomains)
+                                        sharedItemsFederatedDomains,
                                        self.server.signingPrivateKeyPem)
                        if GETstartTime:
                            self._benchmarkGETtimings(GETstartTime, GETtimings,
                                                      'show status done',
@ -8468,7 +8494,8 @@ class PubServer(BaseHTTPRequestHandler):
                                         accessKeys,
                                         self.server.systemLanguage,
                                         self.server.maxLikeCount,
-                                         sharedItemsFederatedDomains)
+                                         sharedItemsFederatedDomains,
                                         self.server.signingPrivateKeyPem)
                        msg = msg.encode('utf-8')
                        msglen = len(msg)
                        self._set_headers('text/html', msglen,
@ -8602,7 +8629,8 @@ class PubServer(BaseHTTPRequestHandler):
                                         accessKeys,
                                         self.server.systemLanguage,
                                         self.server.maxLikeCount,
-                                         sharedItemsFederatedDomains)
+                                         sharedItemsFederatedDomains,
                                         self.server.signingPrivateKeyPem)
                    msg = msg.encode('utf-8')
                    msglen = len(msg)
                    self._set_headers('text/html', msglen,
@ -8735,7 +8763,8 @@ class PubServer(BaseHTTPRequestHandler):
                                       accessKeys,
                                       self.server.systemLanguage,
                                       self.server.maxLikeCount,
-                                       self.server.sharedItemsFederatedDomains)
+                                       self.server.sharedItemsFederatedDomains,
                                       self.server.signingPrivateKeyPem)
                    msg = msg.encode('utf-8')
                    msglen = len(msg)
                    self._set_headers('text/html', msglen,
@ -8868,7 +8897,8 @@ class PubServer(BaseHTTPRequestHandler):
                                       accessKeys,
                                       self.server.systemLanguage,
                                       self.server.maxLikeCount,
-                                       self.server.sharedItemsFederatedDomains)
+                                       self.server.sharedItemsFederatedDomains,
                                       self.server.signingPrivateKeyPem)
                    msg = msg.encode('utf-8')
                    msglen = len(msg)
                    self._set_headers('text/html', msglen,
@ -9010,7 +9040,8 @@ class PubServer(BaseHTTPRequestHandler):
                                      accessKeys,
                                      self.server.systemLanguage,
                                      self.server.maxLikeCount,
-                                      self.server.sharedItemsFederatedDomains)
+                                      self.server.sharedItemsFederatedDomains,
                                      self.server.signingPrivateKeyPem)
                    msg = msg.encode('utf-8')
                    msglen = len(msg)
                    self._set_headers('text/html', msglen,
@ -9150,7 +9181,8 @@ class PubServer(BaseHTTPRequestHandler):
                                          accessKeys,
                                          self.server.systemLanguage,
                                          self.server.maxLikeCount,
-                                          sharedItemsFederatedDomains)
+                                          sharedItemsFederatedDomains,
                                          self.server.signingPrivateKeyPem)
                    msg = msg.encode('utf-8')
                    msglen = len(msg)
                    self._set_headers('text/html', msglen,
@ -9249,7 +9281,8 @@ class PubServer(BaseHTTPRequestHandler):
                                   accessKeys,
                                   self.server.systemLanguage,
                                   self.server.maxLikeCount,
-                                   self.server.sharedItemsFederatedDomains)
+                                   self.server.sharedItemsFederatedDomains,
                                   self.server.signingPrivateKeyPem)
                    msg = msg.encode('utf-8')
                    msglen = len(msg)
                    self._set_headers('text/html', msglen,
@ -9330,7 +9363,8 @@ class PubServer(BaseHTTPRequestHandler):
                                   accessKeys,
                                   self.server.systemLanguage,
                                   self.server.maxLikeCount,
-                                   self.server.sharedItemsFederatedDomains)
+                                   self.server.sharedItemsFederatedDomains,
                                   self.server.signingPrivateKeyPem)
                    msg = msg.encode('utf-8')
                    msglen = len(msg)
                    self._set_headers('text/html', msglen,
@ -9448,7 +9482,8 @@ class PubServer(BaseHTTPRequestHandler):
                                          accessKeys,
                                          self.server.systemLanguage,
                                          self.server.maxLikeCount,
-                                          sharedItemsFederatedDomains)
+                                          sharedItemsFederatedDomains,
                                          self.server.signingPrivateKeyPem)
                        msg = msg.encode('utf-8')
                        msglen = len(msg)
                        self._set_headers('text/html', msglen,
@ -9578,7 +9613,8 @@ class PubServer(BaseHTTPRequestHandler):
                               accessKeys,
                               self.server.systemLanguage,
                               self.server.maxLikeCount,
-                               self.server.sharedItemsFederatedDomains)
+                               self.server.sharedItemsFederatedDomains,
                               self.server.signingPrivateKeyPem)
                msg = msg.encode('utf-8')
                msglen = len(msg)
                self._set_headers('text/html', msglen,
@ -9698,7 +9734,8 @@ class PubServer(BaseHTTPRequestHandler):
                                           accessKeys,
                                           self.server.systemLanguage,
                                           self.server.maxLikeCount,
-                                           sharedItemsFederatedDomains)
+                                           sharedItemsFederatedDomains,
                                           self.server.signingPrivateKeyPem)
                        msg = msg.encode('utf-8')
                        msglen = len(msg)
                        self._set_headers('text/html', msglen,
@ -9790,7 +9827,8 @@ class PubServer(BaseHTTPRequestHandler):
                    city = getSpoofedCity(self.server.city,
                                          baseDir, nickname, domain)
                    msg = \
-                        htmlProfile(self.server.rssIconAtTop,
+                        htmlProfile(self.server.signingPrivateKeyPem,
                                    self.server.rssIconAtTop,
                                    self.server.cssCache,
                                    self.server.iconsAsButtons,
                                    self.server.defaultTimeline,
@ -9906,7 +9944,8 @@ class PubServer(BaseHTTPRequestHandler):
                        city = getSpoofedCity(self.server.city,
                                              baseDir, nickname, domain)
                    msg = \
-                        htmlProfile(self.server.rssIconAtTop,
+                        htmlProfile(self.server.signingPrivateKeyPem,
                                    self.server.rssIconAtTop,
                                    self.server.cssCache,
                                    self.server.iconsAsButtons,
                                    self.server.defaultTimeline,
@ -10021,7 +10060,8 @@ class PubServer(BaseHTTPRequestHandler):
                        city = getSpoofedCity(self.server.city,
                                              baseDir, nickname, domain)
                    msg = \
-                        htmlProfile(self.server.rssIconAtTop,
+                        htmlProfile(self.server.signingPrivateKeyPem,
                                    self.server.rssIconAtTop,
                                    self.server.cssCache,
                                    self.server.iconsAsButtons,
                                    self.server.defaultTimeline,
@ -10160,7 +10200,8 @@ class PubServer(BaseHTTPRequestHandler):
                city = getSpoofedCity(self.server.city,
                                      baseDir, nickname, domain)
            msg = \
-                htmlProfile(self.server.rssIconAtTop,
+                htmlProfile(self.server.signingPrivateKeyPem,
                            self.server.rssIconAtTop,
                            self.server.cssCache,
                            self.server.iconsAsButtons,
                            self.server.defaultTimeline,
@ -13505,7 +13546,8 @@ class PubServer(BaseHTTPRequestHandler):
                                self.server.port,
                                searchHandle,
                                self.server.debug,
-                                self.server.systemLanguage)
+                                self.server.systemLanguage,
                                self.server.signingPrivateKeyPem)
            msg = msg.encode('utf-8')
            msglen = len(msg)
            self._login_headers('text/html',
@ -13540,7 +13582,8 @@ class PubServer(BaseHTTPRequestHandler):
                                self.server.port,
                                searchHandle,
                                self.server.debug,
-                                self.server.systemLanguage)
+                                self.server.systemLanguage,
                                self.server.signingPrivateKeyPem)
            msg = msg.encode('utf-8')
            msglen = len(msg)
            self._login_headers('text/html',
@ -15717,6 +15760,9 @@ def runDaemon(lowBandwidth: bool,
        print('serverAddress: ' + str(serverAddress))
        return False
    # initialize authenticated fetch key
    httpd.signingPrivateKeyPem = None
    httpd.showNodeInfoAccounts = showNodeInfoAccounts
    httpd.showNodeInfoVersion = showNodeInfoVersion
@ -16090,7 +16136,8 @@ def runDaemon(lowBandwidth: bool,
                              verifyAllSignatures,
                              httpd.themeName,
                              httpd.systemLanguage,
-                              httpd.maxLikeCount), daemon=True)
+                              httpd.maxLikeCount,
                              httpd.signingPrivateKeyPem), daemon=True)
    print('Creating scheduled post thread')
    httpd.thrPostSchedule = \
@ -16121,6 +16168,17 @@ def runDaemon(lowBandwidth: bool,
    print('Adding hashtag categories for language ' + httpd.systemLanguage)
    loadHashtagCategories(baseDir, httpd.systemLanguage)
    # signing key used for authorized fetch
    # this is the instance actor private key
    instanceActorPrivateKeyFilename = \
        baseDir + '/keys/private/inbox@' + domain + '.key'
    if not os.path.isfile(instanceActorPrivateKeyFilename):
        print('ERROR: no instance actor private key for authorized fetch ' +
              instanceActorPrivateKeyFilename)
        return
    with open(instanceActorPrivateKeyFilename) as fp:
        httpd.signingPrivateKeyPem = fp.read()
    if not unitTest:
        print('Creating inbox queue watchdog')
        httpd.thrWatchdog = \
--- a/delete.py
+++ b/delete.py
@ -30,7 +30,8 @@ def sendDeleteViaServer(baseDir: str, session,
                        fromDomain: str, fromPort: int,
                        httpPrefix: str, deleteObjectUrl: str,
                        cachedWebfingers: {}, personCache: {},
-                        debug: bool, projectVersion: str) -> {}:
+                        debug: bool, projectVersion: str,
                        signingPrivateKeyPem: str) -> {}:
    """Creates a delete request message via c2s
    """
    if not session:
@ -57,7 +58,8 @@ def sendDeleteViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        fromDomain, projectVersion, debug, False)
+                        fromDomain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: delete webfinger failed for ' + handle)
@ -72,7 +74,8 @@ def sendDeleteViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest, personCache,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest, personCache,
                                 projectVersion, httpPrefix, fromNickname,
                                 fromDomain, postToBox, 53036)
--- a/desktop_client.py
+++ b/desktop_client.py
@ -418,7 +418,8 @@ def _desktopReplyToPost(session, postId: str,
                        debug: bool, subject: str,
                        screenreader: str, systemLanguage: str,
                        espeak, conversationId: str,
-                        lowBandwidth: bool) -> None:
+                        lowBandwidth: bool,
                        signingPrivateKeyPem: str) -> None:
    """Use the desktop client to send a reply to the most recent post
    """
    if '://' not in postId:
@ -463,7 +464,7 @@ def _desktopReplyToPost(session, postId: str,
    city = 'London, England'
    sayStr = 'Sending reply'
    _sayCommand(sayStr, sayStr, screenreader, systemLanguage, espeak)
-    if sendPostViaServer(__version__,
+    if sendPostViaServer(signingPrivateKeyPem, __version__,
                         baseDir, session, nickname, password,
                         domain, port,
                         toNickname, toDomain, toPort, ccUrl,
@ -486,7 +487,8 @@ def _desktopNewPost(session,
                    cachedWebfingers: {}, personCache: {},
                    debug: bool,
                    screenreader: str, systemLanguage: str,
-                    espeak, lowBandwidth: bool) -> None:
+                    espeak, lowBandwidth: bool,
                    signingPrivateKeyPem: str) -> None:
    """Use the desktop client to create a new post
    """
    conversationId = None
@ -527,7 +529,7 @@ def _desktopNewPost(session,
    subject = None
    sayStr = 'Sending'
    _sayCommand(sayStr, sayStr, screenreader, systemLanguage, espeak)
-    if sendPostViaServer(__version__,
+    if sendPostViaServer(signingPrivateKeyPem, __version__,
                         baseDir, session, nickname, password,
                         domain, port,
                         None, '#Public', port, ccUrl,
@ -661,7 +663,8 @@ def _readLocalBoxPost(session, nickname: str, domain: str,
                      systemLanguage: str,
                      screenreader: str, espeak,
                      translate: {}, yourActor: str,
-                      domainFull: str, personCache: {}) -> {}:
+                      domainFull: str, personCache: {},
                      signingPrivateKeyPem: str) -> {}:
    """Reads a post from the given timeline
    Returns the post json
    """
@ -698,7 +701,8 @@ def _readLocalBoxPost(session, nickname: str, domain: str,
                             allowLocalNetworkAccess,
                             recentPostsCache, False,
                             systemLanguage,
-                             domainFull, personCache)
+                             domainFull, personCache,
                             signingPrivateKeyPem)
        if postJsonObject2:
            if hasObjectDict(postJsonObject2):
                if postJsonObject2['object'].get('attributedTo') and \
@ -742,7 +746,7 @@ def _readLocalBoxPost(session, nickname: str, domain: str,
    if isPGPEncrypted(content):
        sayStr = 'Encrypted message. Please enter your passphrase.'
        _sayCommand(sayStr, sayStr, screenreader, systemLanguage, espeak)
-        content = pgpDecrypt(domain, content, actor)
+        content = pgpDecrypt(domain, content, actor, signingPrivateKeyPem)
        if isPGPEncrypted(content):
            sayStr = 'Message could not be decrypted'
            _sayCommand(sayStr, sayStr, screenreader, systemLanguage, espeak)
@ -823,7 +827,7 @@ def _desktopShowProfile(session, nickname: str, domain: str,
                        systemLanguage: str,
                        screenreader: str, espeak,
                        translate: {}, yourActor: str,
-                        postJsonObject: {}) -> {}:
+                        postJsonObject: {}, signingPrivateKeyPem: str) -> {}:
    """Shows the profile of the actor for the given post
    Returns the actor json
    """
@ -854,7 +858,8 @@ def _desktopShowProfile(session, nickname: str, domain: str,
    if 'http://' in actor:
        isHttp = True
    actorJson, asHeader = \
-        getActorJson(domain, actor, isHttp, False, False, True)
+        getActorJson(domain, actor, isHttp, False, False, True,
                     signingPrivateKeyPem)
    _desktopShowActor(baseDir, actorJson, translate,
                      systemLanguage, screenreader, espeak)
@ -868,12 +873,14 @@ def _desktopShowProfileFromHandle(session, nickname: str, domain: str,
                                  systemLanguage: str,
                                  screenreader: str, espeak,
                                  translate: {}, yourActor: str,
-                                  postJsonObject: {}) -> {}:
+                                  postJsonObject: {},
                                  signingPrivateKeyPem: str) -> {}:
    """Shows the profile for a handle
    Returns the actor json
    """
    actorJson, asHeader = \
-        getActorJson(domain, handle, False, False, False, True)
+        getActorJson(domain, handle, False, False, False, True,
                     signingPrivateKeyPem)
    _desktopShowActor(baseDir, actorJson, translate,
                      systemLanguage, screenreader, espeak)
@ -1112,7 +1119,8 @@ def _desktopNewDM(session, toHandle: str,
                  cachedWebfingers: {}, personCache: {},
                  debug: bool,
                  screenreader: str, systemLanguage: str,
-                  espeak, lowBandwidth: bool) -> None:
+                  espeak, lowBandwidth: bool,
                  signingPrivateKeyPem: str) -> None:
    """Use the desktop client to create a new direct message
    which can include multiple destination handles
    """
@ -1133,7 +1141,8 @@ def _desktopNewDM(session, toHandle: str,
                          cachedWebfingers, personCache,
                          debug,
                          screenreader, systemLanguage,
-                          espeak, lowBandwidth)
+                          espeak, lowBandwidth,
                          signingPrivateKeyPem)
 def _desktopNewDMbase(session, toHandle: str,
@ -1142,7 +1151,8 @@ def _desktopNewDMbase(session, toHandle: str,
                      cachedWebfingers: {}, personCache: {},
                      debug: bool,
                      screenreader: str, systemLanguage: str,
-                      espeak, lowBandwidth: bool) -> None:
+                      espeak, lowBandwidth: bool,
                      signingPrivateKeyPem: str) -> None:
    """Use the desktop client to create a new direct message
    """
    conversationId = None
@ -1201,7 +1211,8 @@ def _desktopNewDMbase(session, toHandle: str,
            for after in range(randint(1, 16)):
                paddedMessage += ' '
        cipherText = \
-            pgpEncryptToActor(domain, paddedMessage, toHandle)
+            pgpEncryptToActor(domain, paddedMessage, toHandle,
                              signingPrivateKeyPem)
        if not cipherText:
            sayStr = \
                toHandle + ' has no PGP public key. ' + \
@ -1222,7 +1233,7 @@ def _desktopNewDMbase(session, toHandle: str,
    sayStr = 'Sending'
    _sayCommand(sayStr, sayStr, screenreader, systemLanguage, espeak)
-    if sendPostViaServer(__version__,
+    if sendPostViaServer(signingPrivateKeyPem, __version__,
                         baseDir, session, nickname, password,
                         domain, port,
                         toNickname, toDomain, toPort, ccUrl,
@ -1301,6 +1312,9 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
    """Runs the desktop and screen reader client,
    which announces new inbox items
    """
    # TODO: this should probably be retrieved somehow from the server
    signingPrivateKeyPem = None
    indent = '   '
    if showNewPosts:
        indent = ''
@ -1400,7 +1414,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                   nickname, password,
                                   domain, port, httpPrefix,
                                   cachedWebfingers, personCache,
-                                   debug, False)
+                                   debug, False,
                                   signingPrivateKeyPem)
                sayStr = indent + 'PGP public key uploaded'
                _sayCommand(sayStr, sayStr, screenreader,
                            systemLanguage, espeak)
@ -1410,7 +1425,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                             nickname, password,
                             domain, port, httpPrefix,
                             currTimeline, pageNumber,
-                             debug)
+                             debug, signingPrivateKeyPem)
        followRequestsJson = \
            getFollowRequestsViaServer(baseDir, session,
@ -1418,14 +1433,16 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                       domain, port,
                                       httpPrefix, 1,
                                       cachedWebfingers, personCache,
-                                       debug, __version__)
+                                       debug, __version__,
                                       signingPrivateKeyPem)
        if not (currTimeline == 'inbox' and pageNumber == 1):
            # monitor the inbox to generate notifications
            inboxJson = c2sBoxJson(baseDir, session,
                                   nickname, password,
                                   domain, port, httpPrefix,
-                                   'inbox', 1, debug)
+                                   'inbox', 1, debug,
                                   signingPrivateKeyPem)
        else:
            inboxJson = boxJson
        newDMsExist = False
@ -1502,7 +1519,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                     nickname, password,
                                     domain, port, httpPrefix,
                                     currTimeline, pageNumber,
-                                     debug)
+                                     debug, signingPrivateKeyPem)
                if boxJson:
                    _desktopShowBox(indent, followRequestsJson,
                                    yourActor, currTimeline, boxJson,
@ -1519,7 +1536,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                     nickname, password,
                                     domain, port, httpPrefix,
                                     currTimeline, pageNumber,
-                                     debug)
+                                     debug, signingPrivateKeyPem)
                if boxJson:
                    _desktopShowBox(indent, followRequestsJson,
                                    yourActor, currTimeline, boxJson,
@ -1537,7 +1554,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                     nickname, password,
                                     domain, port, httpPrefix,
                                     currTimeline, pageNumber,
-                                     debug)
+                                     debug, signingPrivateKeyPem)
                if boxJson:
                    _desktopShowBox(indent, followRequestsJson,
                                    yourActor, currTimeline, boxJson,
@ -1556,7 +1573,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                     nickname, password,
                                     domain, port, httpPrefix,
                                     currTimeline, pageNumber,
-                                     debug)
+                                     debug, signingPrivateKeyPem)
                if boxJson:
                    _desktopShowBox(indent, followRequestsJson,
                                    yourActor, currTimeline, boxJson,
@ -1583,7 +1600,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                     nickname, password,
                                     domain, port, httpPrefix,
                                     currTimeline, pageNumber,
-                                     debug)
+                                     debug, signingPrivateKeyPem)
                if boxJson:
                    _desktopShowBox(indent, followRequestsJson,
                                    yourActor, currTimeline, boxJson,
@ -1606,7 +1623,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                          pageNumber, postIndex, boxJson,
                                          systemLanguage, screenreader,
                                          espeak, translate, yourActor,
-                                          domainFull, personCache)
+                                          domainFull, personCache,
                                          signingPrivateKeyPem)
                    print('')
                    sayStr = 'Press Enter to continue...'
                    sayStr2 = _highlightText(sayStr)
@ -1628,7 +1646,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                boxJson,
                                                systemLanguage, screenreader,
                                                espeak, translate, yourActor,
-                                                postJsonObject)
+                                                postJsonObject,
                                                signingPrivateKeyPem)
                    else:
                        postIndexStr = '1'
                else:
@ -1643,7 +1662,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                  currTimeline, profileHandle,
                                                  systemLanguage, screenreader,
                                                  espeak, translate, yourActor,
-                                                  None)
+                                                  None, signingPrivateKeyPem)
                    sayStr = 'Press Enter to continue...'
                    sayStr2 = _highlightText(sayStr)
                    _sayCommand(sayStr2, sayStr,
@ -1661,7 +1680,7 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                            pageNumber, postIndex, boxJson,
                                            systemLanguage, screenreader,
                                            espeak, translate, yourActor,
-                                            None)
+                                            None, signingPrivateKeyPem)
                    sayStr = 'Press Enter to continue...'
                    sayStr2 = _highlightText(sayStr)
                    _sayCommand(sayStr2, sayStr,
@ -1689,7 +1708,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                            debug, subject,
                                            screenreader, systemLanguage,
                                            espeak, conversationId,
-                                            lowBandwidth)
+                                            lowBandwidth,
                                            signingPrivateKeyPem)
                refreshTimeline = True
                print('')
            elif (commandStr == 'post' or commandStr == 'p' or
@ -1723,7 +1743,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                      cachedWebfingers, personCache,
                                      debug,
                                      screenreader, systemLanguage,
-                                      espeak, lowBandwidth)
+                                      espeak, lowBandwidth,
                                      signingPrivateKeyPem)
                        refreshTimeline = True
                else:
                    # public post
@ -1733,7 +1754,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                    cachedWebfingers, personCache,
                                    debug,
                                    screenreader, systemLanguage,
-                                    espeak, lowBandwidth)
+                                    espeak, lowBandwidth,
                                    signingPrivateKeyPem)
                    refreshTimeline = True
                print('')
            elif commandStr == 'like' or commandStr.startswith('like '):
@ -1759,7 +1781,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                          domain, port, httpPrefix,
                                          postJsonObject['id'],
                                          cachedWebfingers, personCache,
-                                          False, __version__)
+                                          False, __version__,
                                          signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr == 'undo mute' or
@ -1797,7 +1820,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                              domain, port,
                                              httpPrefix, postJsonObject['id'],
                                              cachedWebfingers, personCache,
-                                              False, __version__)
+                                              False, __version__,
                                              signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr == 'mute' or
@ -1826,7 +1850,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                          domain, port,
                                          httpPrefix, postJsonObject['id'],
                                          cachedWebfingers, personCache,
-                                          False, __version__)
+                                          False, __version__,
                                          signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr == 'undo bookmark' or
@ -1867,7 +1892,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                  postJsonObject['id'],
                                                  cachedWebfingers,
                                                  personCache,
-                                                  False, __version__)
+                                                  False, __version__,
                                                  signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr == 'bookmark' or
@ -1896,7 +1922,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                              domain, port, httpPrefix,
                                              postJsonObject['id'],
                                              cachedWebfingers, personCache,
-                                              False, __version__)
+                                              False, __version__,
                                              signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr.startswith('undo block ') or
@ -1931,7 +1958,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                       blockActor,
                                                       cachedWebfingers,
                                                       personCache,
-                                                       False, __version__)
+                                                       False, __version__,
                                                       signingPrivateKeyPem)
                refreshTimeline = True
                print('')
            elif commandStr.startswith('block '):
@ -1976,7 +2004,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                       blockActor,
                                       cachedWebfingers,
                                       personCache,
-                                       False, __version__)
+                                       False, __version__,
                                       signingPrivateKeyPem)
                refreshTimeline = True
                print('')
            elif commandStr == 'unlike' or commandStr == 'undo like':
@ -2003,7 +2032,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                              domain, port, httpPrefix,
                                              postJsonObject['id'],
                                              cachedWebfingers, personCache,
-                                              False, __version__)
+                                              False, __version__,
                                              signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr.startswith('announce') or
@ -2033,7 +2063,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                              domain, port,
                                              httpPrefix, postId,
                                              cachedWebfingers, personCache,
-                                              True, __version__)
+                                              True, __version__,
                                              signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr.startswith('unannounce') or
@ -2067,7 +2098,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                  httpPrefix, postId,
                                                  cachedWebfingers,
                                                  personCache,
-                                                  True, __version__)
+                                                  True, __version__,
                                                  signingPrivateKeyPem)
                        refreshTimeline = True
                print('')
            elif (commandStr == 'follow requests' or
@ -2083,7 +2115,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                               domain, port,
                                               httpPrefix, currPage,
                                               cachedWebfingers, personCache,
-                                               debug, __version__)
+                                               debug, __version__,
                                               signingPrivateKeyPem)
                if followRequestsJson:
                    if isinstance(followRequestsJson, dict):
                        _desktopShowFollowRequests(followRequestsJson,
@ -2102,7 +2135,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                          domain, port,
                                          httpPrefix, currPage,
                                          cachedWebfingers, personCache,
-                                          debug, __version__)
+                                          debug, __version__,
                                          signingPrivateKeyPem)
                if followingJson:
                    if isinstance(followingJson, dict):
                        _desktopShowFollowing(followingJson, translate,
@ -2122,7 +2156,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                          domain, port,
                                          httpPrefix, currPage,
                                          cachedWebfingers, personCache,
-                                          debug, __version__)
+                                          debug, __version__,
                                          signingPrivateKeyPem)
                if followersJson:
                    if isinstance(followersJson, dict):
                        _desktopShowFollowing(followersJson, translate,
@ -2161,7 +2196,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                   httpPrefix,
                                                   cachedWebfingers,
                                                   personCache,
-                                                   debug, __version__)
+                                                   debug, __version__,
                                                   signingPrivateKeyPem)
                    else:
                        if followHandle:
                            sayStr = followHandle + ' is not valid'
@ -2195,7 +2231,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                     httpPrefix,
                                                     cachedWebfingers,
                                                     personCache,
-                                                     debug, __version__)
+                                                     debug, __version__,
                                                     signingPrivateKeyPem)
                    else:
                        sayStr = followHandle + ' is not valid'
                        _sayCommand(sayStr, sayStr,
@ -2224,7 +2261,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                      cachedWebfingers,
                                                      personCache,
                                                      debug,
-                                                      __version__)
+                                                      __version__,
                                                      signingPrivateKeyPem)
                    else:
                        if approveHandle:
                            sayStr = approveHandle + ' is not valid'
@ -2256,7 +2294,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                   cachedWebfingers,
                                                   personCache,
                                                   debug,
-                                                   __version__)
+                                                   __version__,
                                                   signingPrivateKeyPem)
                    else:
                        if denyHandle:
                            sayStr = denyHandle + ' is not valid'
@ -2341,7 +2380,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                             allowLocalNetworkAccess,
                                             recentPostsCache, False,
                                             systemLanguage,
-                                             domainFull, personCache)
+                                             domainFull, personCache,
                                             signingPrivateKeyPem)
                        if postJsonObject2:
                            postJsonObject = postJsonObject2
                if postJsonObject:
@ -2423,7 +2463,8 @@ def runDesktopClient(baseDir: str, proxyType: str, httpPrefix: str,
                                                    postJsonObject['id'],
                                                    cachedWebfingers,
                                                    personCache,
-                                                    False, __version__)
+                                                    False, __version__,
                                                    signingPrivateKeyPem)
                                refreshTimeline = True
                print('')
--- a/epicyon.py
+++ b/epicyon.py
@ -688,9 +688,11 @@ if args.posts:
        proxyType = 'gnunet'
    if not args.language:
        args.language = 'en'
    signingPrivateKeyPem = None
    getPublicPostsOfPerson(baseDir, nickname, domain, False, True,
                           proxyType, args.port, httpPrefix, debug,
-                           __version__, args.language)
+                           __version__, args.language,
                           signingPrivateKeyPem)
    sys.exit()
 if args.postDomains:
@ -722,13 +724,15 @@ if args.postDomains:
    domainList = []
    if not args.language:
        args.language = 'en'
    signingPrivateKeyPem = None
    domainList = getPublicPostDomains(None,
                                      baseDir, nickname, domain,
                                      proxyType, args.port,
                                      httpPrefix, debug,
                                      __version__,
                                      wordFrequency, domainList,
-                                      args.language)
+                                      args.language,
                                      signingPrivateKeyPem)
    for postDomain in domainList:
        print(postDomain)
    sys.exit()
@ -765,13 +769,15 @@ if args.postDomainsBlocked:
    domainList = []
    if not args.language:
        args.language = 'en'
    signingPrivateKeyPem = None
    domainList = getPublicPostDomainsBlocked(None,
                                             baseDir, nickname, domain,
                                             proxyType, args.port,
                                             httpPrefix, debug,
                                             __version__,
                                             wordFrequency, domainList,
-                                             args.language)
+                                             args.language,
                                             signingPrivateKeyPem)
    for postDomain in domainList:
        print(postDomain)
    sys.exit()
@ -806,12 +812,14 @@ if args.checkDomains:
    maxBlockedDomains = 0
    if not args.language:
        args.language = 'en'
    signingPrivateKeyPem = None
    checkDomains(None,
                 baseDir, nickname, domain,
                 proxyType, args.port,
                 httpPrefix, debug,
                 __version__,
-                 maxBlockedDomains, False, args.language)
+                 maxBlockedDomains, False, args.language,
                 signingPrivateKeyPem)
    sys.exit()
 if args.socnet:
@ -825,10 +833,12 @@ if args.socnet:
    proxyType = 'tor'
    if not args.language:
        args.language = 'en'
    signingPrivateKeyPem = None
    dotGraph = instancesGraph(baseDir, args.socnet,
                              proxyType, args.port,
                              httpPrefix, debug,
-                              __version__, args.language)
+                              __version__, args.language,
                              signingPrivateKeyPem)
    try:
        with open('socnet.dot', 'w+') as fp:
            fp.write(dotGraph)
@ -854,9 +864,11 @@ if args.postsraw:
        proxyType = 'gnunet'
    if not args.language:
        args.language = 'en'
    signingPrivateKeyPem = None
    getPublicPostsOfPerson(baseDir, nickname, domain, False, False,
                           proxyType, args.port, httpPrefix, debug,
-                           __version__, args.language)
+                           __version__, args.language,
                           signingPrivateKeyPem)
    sys.exit()
 if args.json:
@ -865,8 +877,9 @@ if args.json:
    asHeader = {
        'Accept': 'application/ld+json; profile="' + profileStr + '"'
    }
-    testJson = getJson(session, args.json, asHeader, None,
+    signingPrivateKeyPem = None
-                       debug, __version__, httpPrefix, None)
+    testJson = getJson(signingPrivateKeyPem, session, args.json, asHeader,
                       None, debug, __version__, httpPrefix, None)
    pprint(testJson)
    sys.exit()
@ -1075,6 +1088,7 @@ if args.approve:
    postLog = []
    cachedWebfingers = {}
    personCache = {}
    signingPrivateKeyPem = None
    manualApproveFollowRequest(session, baseDir,
                               httpPrefix,
                               args.nickname, domain, port,
@ -1082,7 +1096,8 @@ if args.approve:
                               federationList,
                               sendThreads, postLog,
                               cachedWebfingers, personCache,
-                               debug, __version__)
+                               debug, __version__,
                               signingPrivateKeyPem)
    sys.exit()
 if args.deny:
@ -1097,6 +1112,7 @@ if args.deny:
    postLog = []
    cachedWebfingers = {}
    personCache = {}
    signingPrivateKeyPem = None
    manualDenyFollowRequest(session, baseDir,
                            httpPrefix,
                            args.nickname, domain, port,
@ -1104,7 +1120,8 @@ if args.deny:
                            federationList,
                            sendThreads, postLog,
                            cachedWebfingers, personCache,
-                            debug, __version__)
+                            debug, __version__,
                            signingPrivateKeyPem)
    sys.exit()
 if args.followerspending:
@ -1184,9 +1201,10 @@ if args.message:
    replyTo = args.replyto
    followersOnly = False
    isArticle = False
    signingPrivateKeyPem = None
    print('Sending post to ' + args.sendto)
-    sendPostViaServer(__version__,
+    sendPostViaServer(signingPrivateKeyPem, __version__,
                      baseDir, session, args.nickname, args.password,
                      domain, port,
                      toNickname, toDomain, toPort, ccUrl,
@ -1216,13 +1234,14 @@ if args.announce:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending announce/repeat of ' + args.announce)
    sendAnnounceViaServer(baseDir, session, args.nickname, args.password,
                          domain, port,
                          httpPrefix, args.announce,
                          cachedWebfingers, personCache,
-                          True, __version__)
+                          True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1255,13 +1274,14 @@ if args.box:
            args.port = 80
    elif args.gnunet:
        proxyType = 'gnunet'
    signingPrivateKeyPem = None
    session = createSession(proxyType)
    boxJson = c2sBoxJson(baseDir, session,
                         args.nickname, args.password,
                         domain, port, httpPrefix,
                         args.box, args.pageNumber,
-                         args.debug)
+                         args.debug, signingPrivateKeyPem)
    if boxJson:
        pprint(boxJson)
    else:
@ -1311,6 +1331,7 @@ if args.itemName:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending shared item: ' + args.itemName)
    sendShareViaServer(baseDir, session,
@ -1327,7 +1348,8 @@ if args.itemName:
                       args.duration,
                       cachedWebfingers, personCache,
                       debug, __version__,
-                       args.itemPrice, args.itemCurrency)
+                       args.itemPrice, args.itemCurrency,
                       signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1348,6 +1370,7 @@ if args.undoItemName:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending undo of shared item: ' + args.undoItemName)
    sendUndoShareViaServer(baseDir, session,
@ -1356,7 +1379,7 @@ if args.undoItemName:
                           httpPrefix,
                           args.undoItemName,
                           cachedWebfingers, personCache,
-                           debug, __version__)
+                           debug, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1405,6 +1428,7 @@ if args.wantedItemName:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending wanted item: ' + args.wantedItemName)
    sendWantedViaServer(baseDir, session,
@ -1421,7 +1445,8 @@ if args.wantedItemName:
                        args.duration,
                        cachedWebfingers, personCache,
                        debug, __version__,
-                        args.itemPrice, args.itemCurrency)
+                        args.itemPrice, args.itemCurrency,
                        signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1442,6 +1467,7 @@ if args.undoWantedItemName:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending undo of wanted item: ' + args.undoWantedItemName)
    sendUndoWantedViaServer(baseDir, session,
@ -1450,7 +1476,7 @@ if args.undoWantedItemName:
                            httpPrefix,
                            args.undoWantedItemName,
                            cachedWebfingers, personCache,
-                            debug, __version__)
+                            debug, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1471,6 +1497,7 @@ if args.like:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending like of ' + args.like)
    sendLikeViaServer(baseDir, session,
@ -1478,7 +1505,7 @@ if args.like:
                      domain, port,
                      httpPrefix, args.like,
                      cachedWebfingers, personCache,
-                      True, __version__)
+                      True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1499,6 +1526,7 @@ if args.undolike:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending undo like of ' + args.undolike)
    sendUndoLikeViaServer(baseDir, session,
@ -1506,7 +1534,8 @@ if args.undolike:
                          domain, port,
                          httpPrefix, args.undolike,
                          cachedWebfingers, personCache,
-                          True, __version__)
+                          True, __version__,
                          signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1527,6 +1556,7 @@ if args.bookmark:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending bookmark of ' + args.bookmark)
    sendBookmarkViaServer(baseDir, session,
@ -1534,7 +1564,8 @@ if args.bookmark:
                          domain, port,
                          httpPrefix, args.bookmark,
                          cachedWebfingers, personCache,
-                          True, __version__)
+                          True, __version__,
                          signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1555,6 +1586,7 @@ if args.unbookmark:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending undo bookmark of ' + args.unbookmark)
    sendUndoBookmarkViaServer(baseDir, session,
@ -1562,7 +1594,7 @@ if args.unbookmark:
                              domain, port,
                              httpPrefix, args.unbookmark,
                              cachedWebfingers, personCache,
-                              True, __version__)
+                              True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1583,6 +1615,7 @@ if args.delete:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending delete request of ' + args.delete)
    sendDeleteViaServer(baseDir, session,
@ -1590,7 +1623,7 @@ if args.delete:
                        domain, port,
                        httpPrefix, args.delete,
                        cachedWebfingers, personCache,
-                        True, __version__)
+                        True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -1623,6 +1656,7 @@ if args.follow:
    followHttpPrefix = httpPrefix
    if args.follow.startswith('https'):
        followHttpPrefix = 'https'
    signingPrivateKeyPem = None
    sendFollowRequestViaServer(baseDir, session,
                               args.nickname, args.password,
@ -1630,7 +1664,7 @@ if args.follow:
                               followNickname, followDomain, followPort,
                               httpPrefix,
                               cachedWebfingers, personCache,
-                               debug, __version__)
+                               debug, __version__, signingPrivateKeyPem)
    for t in range(20):
        time.sleep(1)
        # TODO some method to know if it worked
@ -1664,6 +1698,7 @@ if args.unfollow:
    followHttpPrefix = httpPrefix
    if args.follow.startswith('https'):
        followHttpPrefix = 'https'
    signingPrivateKeyPem = None
    sendUnfollowRequestViaServer(baseDir, session,
                                 args.nickname, args.password,
@ -1671,7 +1706,7 @@ if args.unfollow:
                                 followNickname, followDomain, followPort,
                                 httpPrefix,
                                 cachedWebfingers, personCache,
-                                 debug, __version__)
+                                 debug, __version__, signingPrivateKeyPem)
    for t in range(20):
        time.sleep(1)
        # TODO some method to know if it worked
@ -1694,6 +1729,7 @@ if args.followingList:
    personCache = {}
    cachedWebfingers = {}
    followHttpPrefix = httpPrefix
    signingPrivateKeyPem = None
    followingJson = \
        getFollowingViaServer(baseDir, session,
@ -1701,7 +1737,7 @@ if args.followingList:
                              domain, port,
                              httpPrefix, args.pageNumber,
                              cachedWebfingers, personCache,
-                              debug, __version__)
+                              debug, __version__, signingPrivateKeyPem)
    if followingJson:
        pprint(followingJson)
    sys.exit()
@ -1722,6 +1758,7 @@ if args.followersList:
    personCache = {}
    cachedWebfingers = {}
    followHttpPrefix = httpPrefix
    signingPrivateKeyPem = None
    followersJson = \
        getFollowersViaServer(baseDir, session,
@ -1729,7 +1766,8 @@ if args.followersList:
                              domain, port,
                              httpPrefix, args.pageNumber,
                              cachedWebfingers, personCache,
-                              debug, __version__)
+                              debug, __version__,
                              signingPrivateKeyPem)
    if followersJson:
        pprint(followersJson)
    sys.exit()
@ -1750,6 +1788,7 @@ if args.followRequestsList:
    personCache = {}
    cachedWebfingers = {}
    followHttpPrefix = httpPrefix
    signingPrivateKeyPem = None
    followRequestsJson = \
        getFollowRequestsViaServer(baseDir, session,
@ -1757,7 +1796,7 @@ if args.followRequestsList:
                                   domain, port,
                                   httpPrefix, args.pageNumber,
                                   cachedWebfingers, personCache,
-                                   debug, __version__)
+                                   debug, __version__, signingPrivateKeyPem)
    if followRequestsJson:
        pprint(followRequestsJson)
    sys.exit()
@ -1797,9 +1836,10 @@ if args.migrations:
        httpPrefix = 'https'
        port = 443
    session = createSession(proxyType)
    signingPrivateKeyPem = None
    ctr = migrateAccounts(baseDir, session,
                          httpPrefix, cachedWebfingers,
-                          True)
+                          True, signingPrivateKeyPem)
    if ctr == 0:
        print('No followed accounts have moved')
    else:
@ -1807,7 +1847,9 @@ if args.migrations:
    sys.exit()
 if args.actor:
-    getActorJson(args.domain, args.actor, args.http, args.gnunet, debug)
+    signingPrivateKeyPem = None
    getActorJson(args.domain, args.actor, args.http, args.gnunet,
                 debug, False, signingPrivateKeyPem)
    sys.exit()
 if args.followers:
@ -1883,9 +1925,11 @@ if args.followers:
        nickname = domain
    handle = nickname + '@' + domain
    signingPrivateKeyPem = None
    wfRequest = webfingerHandle(session, handle,
                                httpPrefix, cachedWebfingers,
-                                None, __version__, debug, False)
+                                None, __version__, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        print('Unable to webfinger ' + handle)
        sys.exit()
@ -1927,9 +1971,10 @@ if args.followers:
        asHeader = {
            'Accept': 'application/ld+json; profile="' + profileStr + '"'
        }
-
+    signingPrivateKeyPem = None
    followersList = \
-        downloadFollowCollection('followers', session,
+        downloadFollowCollection(signingPrivateKeyPem,
                                 'followers', session,
                                 httpPrefix, personUrl, 1, 3)
    if followersList:
        for actor in followersList:
@ -2179,6 +2224,7 @@ if args.skill:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending ' + args.skill + ' skill level ' +
          str(args.skillLevelPercent) + ' for ' + nickname)
@ -2188,7 +2234,7 @@ if args.skill:
                       httpPrefix,
                       args.skill, args.skillLevelPercent,
                       cachedWebfingers, personCache,
-                       True, __version__)
+                       True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -2209,6 +2255,7 @@ if args.availability:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending availability status of ' + nickname +
          ' as ' + args.availability)
@ -2217,7 +2264,7 @@ if args.availability:
                              httpPrefix,
                              args.availability,
                              cachedWebfingers, personCache,
-                              True, __version__)
+                              True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -2318,13 +2365,14 @@ if args.block:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending block of ' + args.block)
    sendBlockViaServer(baseDir, session, nickname, args.password,
                       domain, port,
                       httpPrefix, args.block,
                       cachedWebfingers, personCache,
-                       True, __version__)
+                       True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -2345,13 +2393,14 @@ if args.mute:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending mute of ' + args.mute)
    sendMuteViaServer(baseDir, session, nickname, args.password,
                      domain, port,
                      httpPrefix, args.mute,
                      cachedWebfingers, personCache,
-                      True, __version__)
+                      True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -2372,13 +2421,14 @@ if args.unmute:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending undo mute of ' + args.unmute)
    sendUndoMuteViaServer(baseDir, session, nickname, args.password,
                          domain, port,
                          httpPrefix, args.unmute,
                          cachedWebfingers, personCache,
-                          True, __version__)
+                          True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
@ -2411,13 +2461,14 @@ if args.unblock:
    session = createSession(proxyType)
    personCache = {}
    cachedWebfingers = {}
    signingPrivateKeyPem = None
    print('Sending undo block of ' + args.unblock)
    sendUndoBlockViaServer(baseDir, session, nickname, args.password,
                           domain, port,
                           httpPrefix, args.unblock,
                           cachedWebfingers, personCache,
-                           True, __version__)
+                           True, __version__, signingPrivateKeyPem)
    for i in range(10):
        # TODO detect send success/fail
        time.sleep(1)
--- a/follow.py
+++ b/follow.py
@ -631,7 +631,8 @@ def receiveFollowRequest(session, baseDir: str, httpPrefix: str,
                         cachedWebfingers: {}, personCache: {},
                         messageJson: {}, federationList: [],
                         debug: bool, projectVersion: str,
-                         maxFollowers: int, onionDomain: str) -> bool:
+                         maxFollowers: int, onionDomain: str,
                         signingPrivateKeyPem: str) -> bool:
    """Receives a follow request within the POST section of HTTPServer
    """
    if not messageJson['type'].startswith('Follow'):
@ -743,7 +744,8 @@ def receiveFollowRequest(session, baseDir: str, httpPrefix: str,
            print('Obtaining the following actor: ' + messageJson['actor'])
        if not getPersonPubKey(baseDir, session, messageJson['actor'],
                               personCache, debug, projectVersion,
-                               httpPrefix, domainToFollow, onionDomain):
+                               httpPrefix, domainToFollow, onionDomain,
                               signingPrivateKeyPem):
            if debug:
                print('Unable to obtain following actor: ' +
                      messageJson['actor'])
@ -779,7 +781,8 @@ def receiveFollowRequest(session, baseDir: str, httpPrefix: str,
                print('Obtaining the following actor: ' + messageJson['actor'])
            if not getPersonPubKey(baseDir, session, messageJson['actor'],
                                   personCache, debug, projectVersion,
-                                   httpPrefix, domainToFollow, onionDomain):
+                                   httpPrefix, domainToFollow, onionDomain,
                                   signingPrivateKeyPem):
                if debug:
                    print('Unable to obtain following actor: ' +
                          messageJson['actor'])
@ -824,7 +827,8 @@ def receiveFollowRequest(session, baseDir: str, httpPrefix: str,
                                  messageJson['actor'], federationList,
                                  messageJson, sendThreads, postLog,
                                  cachedWebfingers, personCache,
-                                  debug, projectVersion, True)
+                                  debug, projectVersion, True,
                                  signingPrivateKeyPem)
 def followedAccountAccepts(session, baseDir: str, httpPrefix: str,
@ -835,7 +839,8 @@ def followedAccountAccepts(session, baseDir: str, httpPrefix: str,
                           followJson: {}, sendThreads: [], postLog: [],
                           cachedWebfingers: {}, personCache: {},
                           debug: bool, projectVersion: str,
-                           removeFollowActivity: bool):
+                           removeFollowActivity: bool,
                           signingPrivateKeyPem: str):
    """The person receiving a follow request accepts the new follower
    and sends back an Accept activity
    """
@ -884,7 +889,7 @@ def followedAccountAccepts(session, baseDir: str, httpPrefix: str,
                          federationList,
                          sendThreads, postLog, cachedWebfingers,
                          personCache, debug, projectVersion, None,
-                          groupAccount)
+                          groupAccount, signingPrivateKeyPem)
 def followedAccountRejects(session, baseDir: str, httpPrefix: str,
@ -894,7 +899,8 @@ def followedAccountRejects(session, baseDir: str, httpPrefix: str,
                           federationList: [],
                           sendThreads: [], postLog: [],
                           cachedWebfingers: {}, personCache: {},
-                           debug: bool, projectVersion: str):
+                           debug: bool, projectVersion: str,
                           signingPrivateKeyPem: str):
    """The person receiving a follow request rejects the new follower
    and sends back a Reject activity
    """
@ -949,7 +955,7 @@ def followedAccountRejects(session, baseDir: str, httpPrefix: str,
                          federationList,
                          sendThreads, postLog, cachedWebfingers,
                          personCache, debug, projectVersion, None,
-                          groupAccount)
+                          groupAccount, signingPrivateKeyPem)
 def sendFollowRequest(session, baseDir: str,
@ -960,7 +966,7 @@ def sendFollowRequest(session, baseDir: str,
                      clientToServer: bool, federationList: [],
                      sendThreads: [], postLog: [], cachedWebfingers: {},
                      personCache: {}, debug: bool,
-                      projectVersion: str) -> {}:
+                      projectVersion: str, signingPrivateKeyPem: str) -> {}:
    """Gets the json object for sending a follow request
    """
    if not domainPermitted(followDomain, federationList):
@ -1016,7 +1022,8 @@ def sendFollowRequest(session, baseDir: str,
                   httpPrefix, True, clientToServer,
                   federationList,
                   sendThreads, postLog, cachedWebfingers, personCache,
-                   debug, projectVersion, None, groupAccount)
+                   debug, projectVersion, None, groupAccount,
                   signingPrivateKeyPem)
    return newFollowJson
@ -1028,7 +1035,8 @@ def sendFollowRequestViaServer(baseDir: str, session,
                               followPort: int,
                               httpPrefix: str,
                               cachedWebfingers: {}, personCache: {},
-                               debug: bool, projectVersion: str) -> {}:
+                               debug: bool, projectVersion: str,
                               signingPrivateKeyPem: str) -> {}:
    """Creates a follow request via c2s
    """
    if not session:
@ -1057,7 +1065,8 @@ def sendFollowRequestViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        fromDomain, projectVersion, debug, False)
+                        fromDomain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: follow request webfinger failed for ' + handle)
@ -1072,7 +1081,8 @@ def sendFollowRequestViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest, personCache,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest, personCache,
                                 projectVersion, httpPrefix, fromNickname,
                                 fromDomain, postToBox, 52025)
@ -1114,7 +1124,8 @@ def sendUnfollowRequestViaServer(baseDir: str, session,
                                 followPort: int,
                                 httpPrefix: str,
                                 cachedWebfingers: {}, personCache: {},
-                                 debug: bool, projectVersion: str) -> {}:
+                                 debug: bool, projectVersion: str,
                                 signingPrivateKeyPem: str) -> {}:
    """Creates a unfollow request via c2s
    """
    if not session:
@ -1147,7 +1158,8 @@ def sendUnfollowRequestViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        fromDomain, projectVersion, debug, False)
+                        fromDomain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: unfollow webfinger failed for ' + handle)
@ -1162,7 +1174,8 @@ def sendUnfollowRequestViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session,
                                            wfRequest, personCache,
                                            projectVersion, httpPrefix,
                                            fromNickname,
@ -1205,7 +1218,8 @@ def getFollowingViaServer(baseDir: str, session,
                          domain: str, port: int,
                          httpPrefix: str, pageNumber: int,
                          cachedWebfingers: {}, personCache: {},
-                          debug: bool, projectVersion: str) -> {}:
+                          debug: bool, projectVersion: str,
                          signingPrivateKeyPem: str) -> {}:
    """Gets a page from the following collection as json
    """
    if not session:
@ -1227,9 +1241,8 @@ def getFollowingViaServer(baseDir: str, session,
        pageNumber = 1
    url = followActor + '/following?page=' + str(pageNumber)
    followingJson = \
-        getJson(session, url, headers, {}, debug,
+        getJson(signingPrivateKeyPem, session, url, headers, {}, debug,
-                __version__, httpPrefix,
+                __version__, httpPrefix, domain, 10, True)
                domain, 10, True)
    if not followingJson:
        if debug:
            print('DEBUG: GET following list failed for c2s to ' + url)
@ -1246,7 +1259,8 @@ def getFollowersViaServer(baseDir: str, session,
                          domain: str, port: int,
                          httpPrefix: str, pageNumber: int,
                          cachedWebfingers: {}, personCache: {},
-                          debug: bool, projectVersion: str) -> {}:
+                          debug: bool, projectVersion: str,
                          signingPrivateKeyPem: str) -> {}:
    """Gets a page from the followers collection as json
    """
    if not session:
@ -1268,7 +1282,7 @@ def getFollowersViaServer(baseDir: str, session,
        pageNumber = 1
    url = followActor + '/followers?page=' + str(pageNumber)
    followersJson = \
-        getJson(session, url, headers, {}, debug,
+        getJson(signingPrivateKeyPem, session, url, headers, {}, debug,
                __version__, httpPrefix, domain, 10, True)
    if not followersJson:
        if debug:
@ -1286,7 +1300,8 @@ def getFollowRequestsViaServer(baseDir: str, session,
                               domain: str, port: int,
                               httpPrefix: str, pageNumber: int,
                               cachedWebfingers: {}, personCache: {},
-                               debug: bool, projectVersion: str) -> {}:
+                               debug: bool, projectVersion: str,
                               signingPrivateKeyPem: str) -> {}:
    """Gets a page from the follow requests collection as json
    """
    if not session:
@ -1308,7 +1323,7 @@ def getFollowRequestsViaServer(baseDir: str, session,
        pageNumber = 1
    url = followActor + '/followrequests?page=' + str(pageNumber)
    followersJson = \
-        getJson(session, url, headers, {}, debug,
+        getJson(signingPrivateKeyPem, session, url, headers, {}, debug,
                __version__, httpPrefix, domain, 10, True)
    if not followersJson:
        if debug:
@ -1326,7 +1341,8 @@ def approveFollowRequestViaServer(baseDir: str, session,
                                  domain: str, port: int,
                                  httpPrefix: str, approveHandle: int,
                                  cachedWebfingers: {}, personCache: {},
-                                  debug: bool, projectVersion: str) -> str:
+                                  debug: bool, projectVersion: str,
                                  signingPrivateKeyPem: str) -> str:
    """Approves a follow request
    This is not exactly via c2s though. It simulates pressing the Approve
    button on the web interface
@ -1348,7 +1364,7 @@ def approveFollowRequestViaServer(baseDir: str, session,
    url = actor + '/followapprove=' + approveHandle
    approveHtml = \
-        getJson(session, url, headers, {}, debug,
+        getJson(signingPrivateKeyPem, session, url, headers, {}, debug,
                __version__, httpPrefix, domain, 10, True)
    if not approveHtml:
        if debug:
@ -1366,7 +1382,8 @@ def denyFollowRequestViaServer(baseDir: str, session,
                               domain: str, port: int,
                               httpPrefix: str, denyHandle: int,
                               cachedWebfingers: {}, personCache: {},
-                               debug: bool, projectVersion: str) -> str:
+                               debug: bool, projectVersion: str,
                               signingPrivateKeyPem: str) -> str:
    """Denies a follow request
    This is not exactly via c2s though. It simulates pressing the Deny
    button on the web interface
@ -1388,7 +1405,7 @@ def denyFollowRequestViaServer(baseDir: str, session,
    url = actor + '/followdeny=' + denyHandle
    denyHtml = \
-        getJson(session, url, headers, {}, debug,
+        getJson(signingPrivateKeyPem, session, url, headers, {}, debug,
                __version__, httpPrefix, domain, 10, True)
    if not denyHtml:
        if debug:
--- a/inbox.py
+++ b/inbox.py
@ -170,7 +170,8 @@ def _inboxStorePostToHtmlCache(recentPostsCache: {}, maxRecentPosts: int,
                               peertubeInstances: [],
                               allowLocalNetworkAccess: bool,
                               themeName: str, systemLanguage: str,
-                               maxLikeCount: int) -> None:
+                               maxLikeCount: int,
                               signingPrivateKeyPem: str) -> None:
    """Converts the json post into html and stores it in a cache
    This enables the post to be quickly displayed later
    """
@ -179,7 +180,8 @@ def _inboxStorePostToHtmlCache(recentPostsCache: {}, maxRecentPosts: int,
    if boxname != 'outbox':
        boxname = 'inbox'
-    individualPostAsHtml(True, recentPostsCache, maxRecentPosts,
+    individualPostAsHtml(signingPrivateKeyPem,
                         True, recentPostsCache, maxRecentPosts,
                         translate, pageNumber,
                         baseDir, session, cachedWebfingers,
                         personCache,
@ -1271,7 +1273,8 @@ def _receiveAnnounce(recentPostsCache: {},
                     debug: bool, translate: {},
                     YTReplacementDomain: str,
                     allowLocalNetworkAccess: bool,
-                     themeName: str, systemLanguage: str) -> bool:
+                     themeName: str, systemLanguage: str,
                     signingPrivateKeyPem: str) -> bool:
    """Receives an announce activity within the POST section of HTTPServer
    """
    if messageJson['type'] != 'Announce':
@ -1371,7 +1374,8 @@ def _receiveAnnounce(recentPostsCache: {},
                                      allowLocalNetworkAccess,
                                      recentPostsCache, debug,
                                      systemLanguage,
-                                      domainFull, personCache)
+                                      domainFull, personCache,
                                      signingPrivateKeyPem)
    if not postJsonObject:
        notInOnion = True
        if onionDomain:
@ -1422,7 +1426,8 @@ def _receiveAnnounce(recentPostsCache: {},
                        getPersonPubKey(baseDir, session, lookupActor,
                                        personCache, debug,
                                        __version__, httpPrefix,
-                                        domain, onionDomain)
+                                        domain, onionDomain,
                                        signingPrivateKeyPem)
                    if pubKey:
                        if debug:
                            print('DEBUG: public key obtained for announce: ' +
@ -1694,7 +1699,8 @@ def _validPostContent(baseDir: str, nickname: str, domain: str,
 def _obtainAvatarForReplyPost(session, baseDir: str, httpPrefix: str,
                              domain: str, onionDomain: str, personCache: {},
-                              postJsonObject: {}, debug: bool) -> None:
+                              postJsonObject: {}, debug: bool,
                              signingPrivateKeyPem: str) -> None:
    """Tries to obtain the actor for the person being replied to
    so that their avatar can later be shown
    """
@ -1725,7 +1731,7 @@ def _obtainAvatarForReplyPost(session, baseDir: str, httpPrefix: str,
            getPersonPubKey(baseDir, session, lookupActor,
                            personCache, debug,
                            __version__, httpPrefix,
-                            domain, onionDomain)
+                            domain, onionDomain, signingPrivateKeyPem)
        if pubKey:
            if debug:
                print('DEBUG: public key obtained for reply: ' + lookupActor)
@ -1904,7 +1910,8 @@ def _sendToGroupMembers(session, baseDir: str, handle: str, port: int,
                        sendThreads: [], postLog: [], cachedWebfingers: {},
                        personCache: {}, debug: bool,
                        systemLanguage: str,
-                        onionDomain: str, i2pDomain: str) -> None:
+                        onionDomain: str, i2pDomain: str,
                        signingPrivateKeyPem: str) -> None:
    """When a post arrives for a group send it out to the group members
    """
    if debug:
@ -1951,7 +1958,7 @@ def _sendToGroupMembers(session, baseDir: str, handle: str, port: int,
                       False, False,
                       sendThreads, postLog,
                       personCache, cachedWebfingers,
-                       debug, __version__)
+                       debug, __version__, signingPrivateKeyPem)
    sendToFollowersThread(session, baseDir, nickname, domain,
                          onionDomain, i2pDomain, port,
@ -1960,7 +1967,8 @@ def _sendToGroupMembers(session, baseDir: str, handle: str, port: int,
                          cachedWebfingers, personCache,
                          announceJson, debug, __version__,
                          sharedItemsFederatedDomains,
-                          sharedItemFederationTokens)
+                          sharedItemFederationTokens,
                          signingPrivateKeyPem)
 def _inboxUpdateCalendar(baseDir: str, handle: str,
@ -2074,7 +2082,8 @@ def _bounceDM(senderPostId: str, session, httpPrefix: str,
              sendThreads: [], postLog: [],
              cachedWebfingers: {}, personCache: {},
              translate: {}, debug: bool,
-              lastBounceMessage: [], systemLanguage: str) -> bool:
+              lastBounceMessage: [], systemLanguage: str,
              signingPrivateKeyPem: str) -> bool:
    """Sends a bounce message back to the sending handle
    if a DM has been rejected
    """
@ -2144,7 +2153,8 @@ def _bounceDM(senderPostId: str, session, httpPrefix: str,
                   senderNickname, senderDomain, senderPort, cc,
                   httpPrefix, False, False, federationList,
                   sendThreads, postLog, cachedWebfingers,
-                   personCache, debug, __version__, None, groupAccount)
+                   personCache, debug, __version__, None, groupAccount,
                   signingPrivateKeyPem)
    return True
@ -2157,7 +2167,8 @@ def _isValidDM(baseDir: str, nickname: str, domain: str, port: int,
               personCache: {},
               translate: {}, debug: bool,
               lastBounceMessage: [],
-               handle: str, systemLanguage: str) -> bool:
+               handle: str, systemLanguage: str,
               signingPrivateKeyPem: str) -> bool:
    """Is the given message a valid DM?
    """
    if nickname == 'inbox':
@ -2233,7 +2244,8 @@ def _isValidDM(baseDir: str, nickname: str, domain: str, port: int,
                                      personCache,
                                      translate, debug,
                                      lastBounceMessage,
-                                      systemLanguage)
+                                      systemLanguage,
                                      signingPrivateKeyPem)
                return False
    # dm index will be updated
@ -2260,7 +2272,7 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                       peertubeInstances: [],
                       lastBounceMessage: [],
                       themeName: str, systemLanguage: str,
-                       maxLikeCount: int) -> bool:
+                       maxLikeCount: int, signingPrivateKeyPem: str) -> bool:
    """ Anything which needs to be done after initial checks have passed
    """
    actor = keyId
@ -2341,7 +2353,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                        debug, translate,
                        YTReplacementDomain,
                        allowLocalNetworkAccess,
-                        themeName, systemLanguage):
+                        themeName, systemLanguage,
                        signingPrivateKeyPem):
        if debug:
            print('DEBUG: Announce accepted from ' + actor)
@ -2466,7 +2479,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                                      postJsonObject, debug,
                                      __version__,
                                      sharedItemsFederatedDomains,
-                                      sharedItemFederationTokens)
+                                      sharedItemFederationTokens,
                                      signingPrivateKeyPem)
        isReplyToMutedPost = False
@ -2483,7 +2497,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                                  personCache,
                                  translate, debug,
                                  lastBounceMessage,
-                                  handle, systemLanguage):
+                                  handle, systemLanguage,
                                  signingPrivateKeyPem):
                    return False
            # get the actor being replied to
@ -2519,7 +2534,7 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                            translate, YTReplacementDomain,
                            allowLocalNetworkAccess,
                            recentPostsCache, debug, systemLanguage,
-                            domainFull, personCache):
+                            domainFull, personCache, signingPrivateKeyPem):
                # media index will be updated
                updateIndexList.append('tlmedia')
            if isBlogPost(postJsonObject):
@ -2529,7 +2544,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
        # get the avatar for a reply/announce
        _obtainAvatarForReplyPost(session, baseDir,
                                  httpPrefix, domain, onionDomain,
-                                  personCache, postJsonObject, debug)
+                                  personCache, postJsonObject, debug,
                                  signingPrivateKeyPem)
        # save the post to file
        if saveJson(postJsonObject, destinationFilename):
@ -2594,7 +2610,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                                                   peertubeInstances,
                                                   allowLocalNetworkAccess,
                                                   themeName, systemLanguage,
-                                                   maxLikeCount)
+                                                   maxLikeCount,
                                                   signingPrivateKeyPem)
                        if debug:
                            timeDiff = \
                                str(int((time.time() - htmlCacheStartTime) *
@ -2617,7 +2634,8 @@ def _inboxAfterInitial(recentPostsCache: {}, maxRecentPosts: int,
                                    httpPrefix, federationList, sendThreads,
                                    postLog, cachedWebfingers, personCache,
                                    debug, systemLanguage,
-                                    onionDomain, i2pDomain)
+                                    onionDomain, i2pDomain,
                                    signingPrivateKeyPem)
    # if the post wasn't saved
    if not os.path.isfile(destinationFilename):
@ -2857,7 +2875,7 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                  peertubeInstances: [],
                  verifyAllSignatures: bool,
                  themeName: str, systemLanguage: str,
-                  maxLikeCount: int) -> None:
+                  maxLikeCount: int, signingPrivateKeyPem: str) -> None:
    """Processes received items and moves them to the appropriate
    directories
    """
@ -3008,7 +3026,7 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                getPersonPubKey(baseDir, session, keyId,
                                personCache, debug,
                                projectVersion, httpPrefix,
-                                domain, onionDomain)
+                                domain, onionDomain, signingPrivateKeyPem)
            if pubKey:
                if debug:
                    print('DEBUG: public key: ' + str(pubKey))
@ -3129,7 +3147,8 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                                queueJson['post'],
                                federationList,
                                debug, projectVersion,
-                                maxFollowers, onionDomain):
+                                maxFollowers, onionDomain,
                                signingPrivateKeyPem):
            if os.path.isfile(queueFilename):
                os.remove(queueFilename)
            if len(queue) > 0:
@ -3246,7 +3265,8 @@ def runInboxQueue(recentPostsCache: {}, maxRecentPosts: int,
                               peertubeInstances,
                               lastBounceMessage,
                               themeName, systemLanguage,
-                               maxLikeCount)
+                               maxLikeCount,
                               signingPrivateKeyPem)
            if debug:
                pprint(queueJson['post'])
                print('Queue: Queue post accepted')
--- a/like.py
+++ b/like.py
@ -62,7 +62,8 @@ def _like(recentPostsCache: {},
          clientToServer: bool,
          sendThreads: [], postLog: [],
          personCache: {}, cachedWebfingers: {},
-          debug: bool, projectVersion: str) -> {}:
+          debug: bool, projectVersion: str,
          signingPrivateKeyPem: str) -> {}:
    """Creates a like
    actor is the person doing the liking
    'to' might be a specific person (actor) whose post was liked
@ -122,7 +123,8 @@ def _like(recentPostsCache: {},
                       'https://www.w3.org/ns/activitystreams#Public',
                       httpPrefix, True, clientToServer, federationList,
                       sendThreads, postLog, cachedWebfingers, personCache,
-                       debug, projectVersion, None, groupAccount)
+                       debug, projectVersion, None, groupAccount,
                       signingPrivateKeyPem)
    return newLikeJson
@ -135,7 +137,8 @@ def likePost(recentPostsCache: {},
             likeStatusNumber: int, clientToServer: bool,
             sendThreads: [], postLog: [],
             personCache: {}, cachedWebfingers: {},
-             debug: bool, projectVersion: str) -> {}:
+             debug: bool, projectVersion: str,
             signingPrivateKeyPem: str) -> {}:
    """Likes a given status post. This is only used by unit tests
    """
    likeDomain = getFullDomain(likeDomain, likePort)
@ -147,7 +150,7 @@ def likePost(recentPostsCache: {},
                 session, baseDir, federationList, nickname, domain, port,
                 ccList, httpPrefix, objectUrl, actorLiked, clientToServer,
                 sendThreads, postLog, personCache, cachedWebfingers,
-                 debug, projectVersion)
+                 debug, projectVersion, signingPrivateKeyPem)
 def sendLikeViaServer(baseDir: str, session,
@ -155,7 +158,8 @@ def sendLikeViaServer(baseDir: str, session,
                      fromDomain: str, fromPort: int,
                      httpPrefix: str, likeUrl: str,
                      cachedWebfingers: {}, personCache: {},
-                      debug: bool, projectVersion: str) -> {}:
+                      debug: bool, projectVersion: str,
                      signingPrivateKeyPem: str) -> {}:
    """Creates a like via c2s
    """
    if not session:
@ -178,7 +182,8 @@ def sendLikeViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                fromDomain, projectVersion, debug, False)
+                                fromDomain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: like webfinger failed for ' + handle)
@ -192,7 +197,8 @@ def sendLikeViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey, fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            fromNickname, fromDomain,
@ -233,7 +239,8 @@ def sendUndoLikeViaServer(baseDir: str, session,
                          fromDomain: str, fromPort: int,
                          httpPrefix: str, likeUrl: str,
                          cachedWebfingers: {}, personCache: {},
-                          debug: bool, projectVersion: str) -> {}:
+                          debug: bool, projectVersion: str,
                          signingPrivateKeyPem: str) -> {}:
    """Undo a like via c2s
    """
    if not session:
@ -260,7 +267,8 @@ def sendUndoLikeViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                fromDomain, projectVersion, debug, False)
+                                fromDomain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: unlike webfinger failed for ' + handle)
@ -275,7 +283,8 @@ def sendUndoLikeViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey, fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache, projectVersion,
                                            httpPrefix, fromNickname,
                                            fromDomain, postToBox,
--- a/manualapprove.py
+++ b/manualapprove.py
@ -26,7 +26,8 @@ def manualDenyFollowRequest(session, baseDir: str,
                            sendThreads: [], postLog: [],
                            cachedWebfingers: {}, personCache: {},
                            debug: bool,
-                            projectVersion: str) -> None:
+                            projectVersion: str,
                            signingPrivateKeyPem: str) -> None:
    """Manually deny a follow request
    """
    accountsDir = acctDir(baseDir, nickname, domain)
@ -60,7 +61,8 @@ def manualDenyFollowRequest(session, baseDir: str,
                           federationList,
                           sendThreads, postLog,
                           cachedWebfingers, personCache,
-                           debug, projectVersion)
+                           debug, projectVersion,
                           signingPrivateKeyPem)
    print('Follow request from ' + denyHandle + ' was denied.')
@ -87,7 +89,8 @@ def manualApproveFollowRequest(session, baseDir: str,
                               sendThreads: [], postLog: [],
                               cachedWebfingers: {}, personCache: {},
                               debug: bool,
-                               projectVersion: str) -> None:
+                               projectVersion: str,
                               signingPrivateKeyPem: str) -> None:
    """Manually approve a follow request
    """
    handle = nickname + '@' + domain
@ -176,7 +179,8 @@ def manualApproveFollowRequest(session, baseDir: str,
                                                   cachedWebfingers,
                                                   personCache,
                                                   debug,
-                                                   projectVersion, False)
+                                                   projectVersion, False,
                                                   signingPrivateKeyPem)
                    updateApprovedFollowers = True
                else:
                    # this isn't the approved follow so it will remain
--- a/migrate.py
+++ b/migrate.py
@ -23,7 +23,8 @@ from person import getActorJson
 def _moveFollowingHandlesForAccount(baseDir: str, nickname: str, domain: str,
                                    session,
                                    httpPrefix: str, cachedWebfingers: {},
-                                    debug: bool) -> int:
+                                    debug: bool,
                                    signingPrivateKeyPem: str) -> int:
    """Goes through all follows for an account and updates any that have moved
    """
    ctr = 0
@ -38,14 +39,14 @@ def _moveFollowingHandlesForAccount(baseDir: str, nickname: str, domain: str,
                _updateMovedHandle(baseDir, nickname, domain,
                                   followHandle, session,
                                   httpPrefix, cachedWebfingers,
-                                   debug)
+                                   debug, signingPrivateKeyPem)
    return ctr
 def _updateMovedHandle(baseDir: str, nickname: str, domain: str,
                       handle: str, session,
                       httpPrefix: str, cachedWebfingers: {},
-                       debug: bool) -> int:
+                       debug: bool, signingPrivateKeyPem: str) -> int:
    """Check if an account has moved, and if so then alter following.txt
    for each account.
    Returns 1 if moved, 0 otherwise
@ -59,7 +60,8 @@ def _updateMovedHandle(baseDir: str, nickname: str, domain: str,
        handle = handle[1:]
    wfRequest = webfingerHandle(session, handle,
                                httpPrefix, cachedWebfingers,
-                                None, __version__, debug, False)
+                                None, __version__, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        print('updateMovedHandle unable to webfinger ' + handle)
        return ctr
@ -83,7 +85,8 @@ def _updateMovedHandle(baseDir: str, nickname: str, domain: str,
    if httpPrefix == 'gnunet':
        gnunet = True
    personJson = \
-        getActorJson(domain, personUrl, httpPrefix, gnunet, debug)
+        getActorJson(domain, personUrl, httpPrefix, gnunet, debug, False,
                     signingPrivateKeyPem)
    if not personJson:
        return ctr
    if not personJson.get('movedTo'):
@ -172,7 +175,7 @@ def _updateMovedHandle(baseDir: str, nickname: str, domain: str,
 def migrateAccounts(baseDir: str, session,
                    httpPrefix: str, cachedWebfingers: {},
-                    debug: bool) -> int:
+                    debug: bool, signingPrivateKeyPem: str) -> int:
    """If followed accounts change then this modifies the
    following lists for each account accordingly.
    Returns the number of accounts migrated
@ -188,6 +191,7 @@ def migrateAccounts(baseDir: str, session,
            ctr += \
                _moveFollowingHandlesForAccount(baseDir, nickname, domain,
                                                session, httpPrefix,
-                                                cachedWebfingers, debug)
+                                                cachedWebfingers, debug,
                                                signingPrivateKeyPem)
        break
    return ctr
--- a/outbox.py
+++ b/outbox.py
@ -194,7 +194,8 @@ def postMessageToOutbox(session, translate: {},
                        city: str, systemLanguage: str,
                        sharedItemsFederatedDomains: [],
                        sharedItemFederationTokens: {},
-                        lowBandwidth: bool) -> bool:
+                        lowBandwidth: bool,
                        signingPrivateKeyPem: str) -> bool:
    """post is received by the outbox
    Client to server message post
    https://www.w3.org/TR/activitypub/#client-to-server-outbox-delivery
@ -407,7 +408,8 @@ def postMessageToOutbox(session, translate: {},
                                    translate, YTReplacementDomain,
                                    allowLocalNetworkAccess,
                                    recentPostsCache, debug, systemLanguage,
-                                    domainFull, personCache):
+                                    domainFull, personCache,
                                    signingPrivateKeyPem):
                        inboxUpdateIndex('tlmedia', baseDir,
                                         postToNickname + '@' + domain,
                                         savedFilename, debug)
@ -468,7 +470,8 @@ def postMessageToOutbox(session, translate: {},
                              messageJson, debug,
                              version,
                              sharedItemsFederatedDomains,
-                              sharedItemFederationTokens)
+                              sharedItemFederationTokens,
                              signingPrivateKeyPem)
    followersThreads.append(followersThread)
    if debug:
@ -592,5 +595,6 @@ def postMessageToOutbox(session, translate: {},
                         messageJson, debug,
                         version,
                         sharedItemsFederatedDomains,
-                         sharedItemFederationTokens)
+                         sharedItemFederationTokens,
                         signingPrivateKeyPem)
    return True
--- a/person.py
+++ b/person.py
@ -1216,7 +1216,8 @@ def _detectUsersPath(url: str) -> str:
 def getActorJson(hostDomain: str, handle: str, http: bool, gnunet: bool,
-                 debug: bool, quiet: bool = False) -> ({}, {}):
+                 debug: bool, quiet: bool,
                 signingPrivateKeyPem: str) -> ({}, {}):
    """Returns the actor json
    """
    if debug:
@ -1307,7 +1308,7 @@ def getActorJson(hostDomain: str, handle: str, http: bool, gnunet: bool,
    wfRequest = webfingerHandle(session, handle,
                                httpPrefix, cachedWebfingers,
                                None, __version__, debug,
-                                groupAccount)
+                                groupAccount, signingPrivateKeyPem)
    if not wfRequest:
        if not quiet:
            print('getActorJson Unable to webfinger ' + handle)
@ -1361,7 +1362,7 @@ def getActorJson(hostDomain: str, handle: str, http: bool, gnunet: bool,
            'Accept': headerMimeType + '; profile="' + profileStr + '"'
        }
        personJson = \
-            getJson(session, personUrl, asHeader, None,
+            getJson(signingPrivateKeyPem, session, personUrl, asHeader, None,
                    debug, __version__, httpPrefix, hostDomain, 20, quiet)
        if personJson:
            if not quiet:
--- a/pgp.py
+++ b/pgp.py
@ -334,14 +334,16 @@ def _pgpEncrypt(content: str, recipientPubKey: str) -> str:
    return encryptResult
-def _getPGPPublicKeyFromActor(domain: str, handle: str,
+def _getPGPPublicKeyFromActor(signingPrivateKeyPem: str,
                              domain: str, handle: str,
                              actorJson: {} = None) -> str:
    """Searches tags on the actor to see if there is any PGP
    public key specified
    """
    if not actorJson:
        actorJson, asHeader = \
-            getActorJson(domain, handle, False, False, False, True)
+            getActorJson(domain, handle, False, False, False, True,
                         signingPrivateKeyPem)
    if not actorJson:
        return None
    if not actorJson.get('attachment'):
@ -373,18 +375,21 @@ def hasLocalPGPkey() -> bool:
    return False
-def pgpEncryptToActor(domain: str, content: str, toHandle: str) -> str:
+def pgpEncryptToActor(domain: str, content: str, toHandle: str,
                      signingPrivateKeyPem: str) -> str:
    """PGP encrypt a message to the given actor or handle
    """
    # get the actor and extract the pgp public key from it
-    recipientPubKey = _getPGPPublicKeyFromActor(domain, toHandle)
+    recipientPubKey = \
        _getPGPPublicKeyFromActor(signingPrivateKeyPem, domain, toHandle)
    if not recipientPubKey:
        return None
    # encrypt using the recipient public key
    return _pgpEncrypt(content, recipientPubKey)
-def pgpDecrypt(domain: str, content: str, fromHandle: str) -> str:
+def pgpDecrypt(domain: str, content: str, fromHandle: str,
               signingPrivateKeyPem: str) -> str:
    """ Encrypt using your default pgp key to the given recipient
    fromHandle can be a handle or actor url
    """
@ -395,7 +400,9 @@ def pgpDecrypt(domain: str, content: str, fromHandle: str) -> str:
    if containsPGPPublicKey(content):
        pubKey = extractPGPPublicKey(content)
    else:
-        pubKey = _getPGPPublicKeyFromActor(domain, content, fromHandle)
+        pubKey = \
            _getPGPPublicKeyFromActor(signingPrivateKeyPem,
                                      domain, content, fromHandle)
    if pubKey:
        _pgpImportPubKey(pubKey)
@ -450,7 +457,8 @@ def pgpPublicKeyUpload(baseDir: str, session,
                       domain: str, port: int,
                       httpPrefix: str,
                       cachedWebfingers: {}, personCache: {},
-                       debug: bool, test: str) -> {}:
+                       debug: bool, test: str,
                       signingPrivateKeyPem: str) -> {}:
    if debug:
        print('pgpPublicKeyUpload')
@ -482,7 +490,8 @@ def pgpPublicKeyUpload(baseDir: str, session,
        print('Getting actor for ' + handle)
    actorJson, asHeader = \
-        getActorJson(domainFull, handle, False, False, debug, True)
+        getActorJson(domainFull, handle, False, False, debug, True,
                     signingPrivateKeyPem)
    if not actorJson:
        if debug:
            print('No actor returned for ' + handle)
@ -549,7 +558,8 @@ def pgpPublicKeyUpload(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        domain, __version__, debug, False)
+                        domain, __version__, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: pgp actor update webfinger failed for ' +
@ -566,7 +576,8 @@ def pgpPublicKeyUpload(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest, personCache,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest, personCache,
                                 __version__, httpPrefix, nickname,
                                 domain, postToBox, 52025)
--- a/posts.py
+++ b/posts.py
@ -184,7 +184,8 @@ def getUserUrl(wfRequest: {}, sourceId: int = 0, debug: bool = False) -> str:
    return None
-def parseUserFeed(session, feedUrl: str, asHeader: {},
+def parseUserFeed(signingPrivateKeyPem: str,
                  session, feedUrl: str, asHeader: {},
                  projectVersion: str, httpPrefix: str,
                  domain: str, debug: bool, depth: int = 0) -> []:
    if depth > 10:
@ -195,7 +196,7 @@ def parseUserFeed(session, feedUrl: str, asHeader: {},
    if debug:
        print('Getting user feed for ' + feedUrl)
        print('User feed header ' + str(asHeader))
-    feedJson = getJson(session, feedUrl, asHeader, None,
+    feedJson = getJson(signingPrivateKeyPem, session, feedUrl, asHeader, None,
                       False, projectVersion, httpPrefix, domain)
    if not feedJson:
        if debug:
@ -222,7 +223,8 @@ def parseUserFeed(session, feedUrl: str, asHeader: {},
        if isinstance(nextUrl, str):
            if '?max_id=0' not in nextUrl:
                userFeed = \
-                    parseUserFeed(session, nextUrl, asHeader,
+                    parseUserFeed(signingPrivateKeyPem,
                                  session, nextUrl, asHeader,
                                  projectVersion, httpPrefix,
                                  domain, debug, depth + 1)
                if userFeed:
@ -238,7 +240,8 @@ def _getPersonBoxActor(session, baseDir: str, actor: str,
                       profileStr: str, asHeader: {},
                       debug: bool, projectVersion: str,
                       httpPrefix: str, domain: str,
-                       personCache: {}) -> {}:
+                       personCache: {},
                       signingPrivateKeyPem: str) -> {}:
    """Returns the actor json for the given actor url
    """
    personJson = \
@ -250,14 +253,14 @@ def _getPersonBoxActor(session, baseDir: str, actor: str,
        asHeader = {
            'Accept': 'application/ld+json; profile="' + profileStr + '"'
        }
-    personJson = getJson(session, actor, asHeader, None,
+    personJson = getJson(signingPrivateKeyPem, session, actor, asHeader, None,
                         debug, projectVersion, httpPrefix, domain)
    if personJson:
        return personJson
    asHeader = {
        'Accept': 'application/ld+json; profile="' + profileStr + '"'
    }
-    personJson = getJson(session, actor, asHeader, None,
+    personJson = getJson(signingPrivateKeyPem, session, actor, asHeader, None,
                         debug, projectVersion, httpPrefix, domain)
    if personJson:
        return personJson
@ -265,8 +268,8 @@ def _getPersonBoxActor(session, baseDir: str, actor: str,
    return None
-def getPersonBox(baseDir: str, session, wfRequest: {},
+def getPersonBox(signingPrivateKeyPem: str,
-                 personCache: {},
+                 baseDir: str, session, wfRequest: {}, personCache: {},
                 projectVersion: str, httpPrefix: str,
                 nickname: str, domain: str,
                 boxName: str = 'inbox',
@ -304,7 +307,7 @@ def getPersonBox(baseDir: str, session, wfRequest: {},
                           profileStr, asHeader,
                           debug, projectVersion,
                           httpPrefix, domain,
-                           personCache)
+                           personCache, signingPrivateKeyPem)
    if not personJson:
        return None, None, None, None, None, None, None
@ -366,7 +369,8 @@ def _getPosts(session, outboxUrl: str, maxPosts: int,
              personCache: {}, raw: bool,
              simple: bool, debug: bool,
              projectVersion: str, httpPrefix: str,
-              domain: str, systemLanguage: str) -> {}:
+              domain: str, systemLanguage: str,
              signingPrivateKeyPem: str) -> {}:
    """Gets public posts from an outbox
    """
    if debug:
@ -387,7 +391,8 @@ def _getPosts(session, outboxUrl: str, maxPosts: int,
            print('Returning the raw feed')
        result = []
        i = 0
-        userFeed = parseUserFeed(session, outboxUrl, asHeader,
+        userFeed = parseUserFeed(signingPrivateKeyPem,
                                 session, outboxUrl, asHeader,
                                 projectVersion, httpPrefix, domain, debug)
        for item in userFeed:
            result.append(item)
@ -399,7 +404,8 @@ def _getPosts(session, outboxUrl: str, maxPosts: int,
    if debug:
        print('Returning a human readable version of the feed')
-    userFeed = parseUserFeed(session, outboxUrl, asHeader,
+    userFeed = parseUserFeed(signingPrivateKeyPem,
                             session, outboxUrl, asHeader,
                             projectVersion, httpPrefix, domain, debug)
    if not userFeed:
        return personPosts
@ -617,7 +623,8 @@ def getPostDomains(session, outboxUrl: str, maxPosts: int,
                   projectVersion: str, httpPrefix: str,
                   domain: str,
                   wordFrequency: {},
-                   domainList: [], systemLanguage: str) -> []:
+                   domainList: [], systemLanguage: str,
                   signingPrivateKeyPem: str) -> []:
    """Returns a list of domains referenced within public posts
    """
    if not outboxUrl:
@ -634,7 +641,8 @@ def getPostDomains(session, outboxUrl: str, maxPosts: int,
    postDomains = domainList
    i = 0
-    userFeed = parseUserFeed(session, outboxUrl, asHeader,
+    userFeed = parseUserFeed(signingPrivateKeyPem,
                             session, outboxUrl, asHeader,
                             projectVersion, httpPrefix, domain, debug)
    for item in userFeed:
        i += 1
@ -672,7 +680,8 @@ def _getPostsForBlockedDomains(baseDir: str,
                               personCache: {},
                               debug: bool,
                               projectVersion: str, httpPrefix: str,
-                               domain: str) -> {}:
+                               domain: str,
                               signingPrivateKeyPem: str) -> {}:
    """Returns a dictionary of posts for blocked domains
    """
    if not outboxUrl:
@ -689,7 +698,8 @@ def _getPostsForBlockedDomains(baseDir: str,
    blockedPosts = {}
    i = 0
-    userFeed = parseUserFeed(session, outboxUrl, asHeader,
+    userFeed = parseUserFeed(signingPrivateKeyPem,
                             session, outboxUrl, asHeader,
                             projectVersion, httpPrefix, domain, debug)
    for item in userFeed:
        i += 1
@ -2025,7 +2035,7 @@ def threadSendPost(session, postJsonStr: str, federationList: [],
        tries += 1
-def sendPost(projectVersion: str,
+def sendPost(signingPrivateKeyPem: str, projectVersion: str,
             session, baseDir: str, nickname: str, domain: str, port: int,
             toNickname: str, toDomain: str, toPort: int, cc: str,
             httpPrefix: str, content: str, followersOnly: bool,
@ -2057,7 +2067,8 @@ def sendPost(projectVersion: str,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                domain, projectVersion, debug, False)
+                                domain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        return 1
    if not isinstance(wfRequest, dict):
@ -2075,7 +2086,8 @@ def sendPost(projectVersion: str,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     toPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            nickname, domain, postToBox,
@ -2171,7 +2183,7 @@ def sendPost(projectVersion: str,
    return 0
-def sendPostViaServer(projectVersion: str,
+def sendPostViaServer(signingPrivateKeyPem: str, projectVersion: str,
                      baseDir: str, session, fromNickname: str, password: str,
                      fromDomain: str, fromPort: int,
                      toNickname: str, toDomain: str, toPort: int, cc: str,
@ -2200,7 +2212,8 @@ def sendPostViaServer(projectVersion: str,
    # lookup the inbox for the To handle
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        fromDomainFull, projectVersion, debug, False)
+                        fromDomainFull, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: post webfinger failed for ' + handle)
@ -2217,7 +2230,8 @@ def sendPostViaServer(projectVersion: str,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            fromNickname,
@ -2361,7 +2375,8 @@ def sendSignedJson(postJsonObject: {}, session, baseDir: str,
                   federationList: [],
                   sendThreads: [], postLog: [], cachedWebfingers: {},
                   personCache: {}, debug: bool, projectVersion: str,
-                   sharedItemsToken: str, groupAccount: bool) -> int:
+                   sharedItemsToken: str, groupAccount: bool,
                   signingPrivateKeyPem: str) -> int:
    """Sends a signed json object to an inbox/outbox
    """
    if debug:
@ -2397,7 +2412,8 @@ def sendSignedJson(postJsonObject: {}, session, baseDir: str,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                                domain, projectVersion, debug, groupAccount)
+                                domain, projectVersion, debug, groupAccount,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: webfinger for ' + handle + ' failed')
@ -2419,7 +2435,8 @@ def sendSignedJson(postJsonObject: {}, session, baseDir: str,
    # get the actor inbox/outbox for the To handle
    (inboxUrl, pubKeyId, pubKey, toPersonId, sharedInboxUrl, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest,
                                 personCache,
                                 projectVersion, httpPrefix,
                                 nickname, domain, postToBox,
@ -2603,7 +2620,8 @@ def sendToNamedAddresses(session, baseDir: str,
                         postJsonObject: {}, debug: bool,
                         projectVersion: str,
                         sharedItemsFederatedDomains: [],
-                         sharedItemFederationTokens: {}) -> None:
+                         sharedItemFederationTokens: {},
                         signingPrivateKeyPem: str) -> None:
    """sends a post to the specific named addresses in to/cc
    """
    if not session:
@ -2740,11 +2758,12 @@ def sendToNamedAddresses(session, baseDir: str,
                       federationList,
                       sendThreads, postLog, cachedWebfingers,
                       personCache, debug, projectVersion,
-                       sharedItemsToken, groupAccount)
+                       sharedItemsToken, groupAccount,
                       signingPrivateKeyPem)
 def _hasSharedInbox(session, httpPrefix: str, domain: str,
-                    debug: bool) -> bool:
+                    debug: bool, signingPrivateKeyPem: str) -> bool:
    """Returns true if the given domain has a shared inbox
    This tries the new and the old way of webfingering the shared inbox
    """
@ -2754,7 +2773,8 @@ def _hasSharedInbox(session, httpPrefix: str, domain: str,
    tryHandles.append('inbox@' + domain)
    for handle in tryHandles:
        wfRequest = webfingerHandle(session, handle, httpPrefix, {},
-                                    None, __version__, debug, False)
+                                    None, __version__, debug, False,
                                    signingPrivateKeyPem)
        if wfRequest:
            if isinstance(wfRequest, dict):
                if not wfRequest.get('errors'):
@ -2790,7 +2810,8 @@ def sendToFollowers(session, baseDir: str,
                    postJsonObject: {}, debug: bool,
                    projectVersion: str,
                    sharedItemsFederatedDomains: [],
-                    sharedItemFederationTokens: {}) -> None:
+                    sharedItemFederationTokens: {},
                    signingPrivateKeyPem: str) -> None:
    """sends a post to the followers of the given nickname
    """
    print('sendToFollowers')
@ -2848,8 +2869,9 @@ def sendToFollowers(session, baseDir: str,
        print('Sending post to followers domain is active: ' +
              followerDomainUrl)
-        withSharedInbox = _hasSharedInbox(session, httpPrefix,
+        withSharedInbox = \
-                                          followerDomain, debug)
+            _hasSharedInbox(session, httpPrefix, followerDomain, debug,
                            signingPrivateKeyPem)
        if debug:
            if withSharedInbox:
                print(followerDomain + ' has shared inbox')
@ -2909,7 +2931,8 @@ def sendToFollowers(session, baseDir: str,
                           federationList,
                           sendThreads, postLog, cachedWebfingers,
                           personCache, debug, projectVersion,
-                           sharedItemsToken, groupAccount)
+                           sharedItemsToken, groupAccount,
                           signingPrivateKeyPem)
        else:
            # send to individual followers without using a shared inbox
            for handle in followerHandles:
@ -2937,7 +2960,8 @@ def sendToFollowers(session, baseDir: str,
                               federationList,
                               sendThreads, postLog, cachedWebfingers,
                               personCache, debug, projectVersion,
-                               sharedItemsToken, groupAccount)
+                               sharedItemsToken, groupAccount,
                               signingPrivateKeyPem)
        time.sleep(4)
@ -2959,7 +2983,8 @@ def sendToFollowersThread(session, baseDir: str,
                          postJsonObject: {}, debug: bool,
                          projectVersion: str,
                          sharedItemsFederatedDomains: [],
-                          sharedItemFederationTokens: {}):
+                          sharedItemFederationTokens: {},
                          signingPrivateKeyPem: str):
    """Returns a thread used to send a post to followers
    """
    sendThread = \
@ -2973,7 +2998,8 @@ def sendToFollowersThread(session, baseDir: str,
                              postJsonObject.copy(), debug,
                              projectVersion,
                              sharedItemsFederatedDomains,
-                              sharedItemFederationTokens), daemon=True)
+                              sharedItemFederationTokens,
                              signingPrivateKeyPem), daemon=True)
    try:
        sendThread.start()
    except SocketError as e:
@ -3149,7 +3175,8 @@ def isImageMedia(session, baseDir: str, httpPrefix: str,
                 allowLocalNetworkAccess: bool,
                 recentPostsCache: {}, debug: bool,
                 systemLanguage: str,
-                 domainFull: str, personCache: {}) -> bool:
+                 domainFull: str, personCache: {},
                 signingPrivateKeyPem: str) -> bool:
    """Returns true if the given post has attached image media
    """
    if postJsonObject['type'] == 'Announce':
@ -3161,7 +3188,8 @@ def isImageMedia(session, baseDir: str, httpPrefix: str,
                             allowLocalNetworkAccess,
                             recentPostsCache, debug,
                             systemLanguage,
-                             domainFull, personCache)
+                             domainFull, personCache,
                             signingPrivateKeyPem)
        if postJsonAnnounce:
            postJsonObject = postJsonAnnounce
    if postJsonObject['type'] != 'Create':
@ -3724,7 +3752,8 @@ def getPublicPostsOfPerson(baseDir: str, nickname: str, domain: str,
                           raw: bool, simple: bool, proxyType: str,
                           port: int, httpPrefix: str,
                           debug: bool, projectVersion: str,
-                           systemLanguage: str) -> None:
+                           systemLanguage: str,
                           signingPrivateKeyPem: str) -> None:
    """ This is really just for test purposes
    """
    print('Starting new session for getting public posts')
@ -3745,7 +3774,8 @@ def getPublicPostsOfPerson(baseDir: str, nickname: str, domain: str,
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        domain, projectVersion, debug, groupAccount)
+                        domain, projectVersion, debug, groupAccount,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('No webfinger result was returned for ' + handle)
@ -3759,7 +3789,8 @@ def getPublicPostsOfPerson(baseDir: str, nickname: str, domain: str,
        print('Getting the outbox for ' + handle)
    (personUrl, pubKeyId, pubKey,
     personId, shaedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            nickname, domain, 'outbox',
@ -3773,14 +3804,16 @@ def getPublicPostsOfPerson(baseDir: str, nickname: str, domain: str,
    _getPosts(session, personUrl, 30, maxMentions, maxEmoji,
              maxAttachments, federationList,
              personCache, raw, simple, debug,
-              projectVersion, httpPrefix, domain, systemLanguage)
+              projectVersion, httpPrefix, domain, systemLanguage,
              signingPrivateKeyPem)
 def getPublicPostDomains(session, baseDir: str, nickname: str, domain: str,
                         proxyType: str, port: int, httpPrefix: str,
                         debug: bool, projectVersion: str,
                         wordFrequency: {}, domainList: [],
-                         systemLanguage: str) -> []:
+                         systemLanguage: str,
                         signingPrivateKeyPem: str) -> []:
    """ Returns a list of domains referenced within public posts
    """
    if not session:
@ -3795,7 +3828,8 @@ def getPublicPostDomains(session, baseDir: str, nickname: str, domain: str,
    handle = httpPrefix + "://" + domainFull + "/@" + nickname
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        domain, projectVersion, debug, False)
+                        domain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        return domainList
    if not isinstance(wfRequest, dict):
@ -3805,7 +3839,8 @@ def getPublicPostDomains(session, baseDir: str, nickname: str, domain: str,
    (personUrl, pubKeyId, pubKey,
     personId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            nickname, domain, 'outbox',
@ -3818,12 +3853,14 @@ def getPublicPostDomains(session, baseDir: str, nickname: str, domain: str,
                       maxAttachments, federationList,
                       personCache, debug,
                       projectVersion, httpPrefix, domain,
-                       wordFrequency, domainList, systemLanguage)
+                       wordFrequency, domainList, systemLanguage,
                       signingPrivateKeyPem)
    postDomains.sort()
    return postDomains
-def downloadFollowCollection(followType: str,
+def downloadFollowCollection(signingPrivateKeyPem: str,
                             followType: str,
                             session, httpPrefix: str,
                             actor: str, pageNumber: int = 1,
                             noOfPages: int = 1, debug: bool = False) -> []:
@ -3843,7 +3880,7 @@ def downloadFollowCollection(followType: str,
    for pageCtr in range(noOfPages):
        url = actor + '/' + followType + '?page=' + str(pageNumber + pageCtr)
        followersJson = \
-            getJson(session, url, sessionHeaders, None,
+            getJson(signingPrivateKeyPem, session, url, sessionHeaders, None,
                    debug, __version__, httpPrefix, None)
        if followersJson:
            if followersJson.get('orderedItems'):
@ -3860,7 +3897,8 @@ def downloadFollowCollection(followType: str,
 def getPublicPostInfo(session, baseDir: str, nickname: str, domain: str,
                      proxyType: str, port: int, httpPrefix: str,
                      debug: bool, projectVersion: str,
-                      wordFrequency: {}, systemLanguage: str) -> []:
+                      wordFrequency: {}, systemLanguage: str,
                      signingPrivateKeyPem: str) -> []:
    """ Returns a dict of domains referenced within public posts
    """
    if not session:
@ -3875,7 +3913,8 @@ def getPublicPostInfo(session, baseDir: str, nickname: str, domain: str,
    handle = httpPrefix + "://" + domainFull + "/@" + nickname
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        domain, projectVersion, debug, False)
+                        domain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        return {}
    if not isinstance(wfRequest, dict):
@ -3885,7 +3924,8 @@ def getPublicPostInfo(session, baseDir: str, nickname: str, domain: str,
    (personUrl, pubKeyId, pubKey,
     personId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache,
                                            projectVersion, httpPrefix,
                                            nickname, domain, 'outbox',
@ -3899,7 +3939,7 @@ def getPublicPostInfo(session, baseDir: str, nickname: str, domain: str,
                       maxAttachments, federationList,
                       personCache, debug,
                       projectVersion, httpPrefix, domain,
-                       wordFrequency, [], systemLanguage)
+                       wordFrequency, [], systemLanguage, signingPrivateKeyPem)
    postDomains.sort()
    domainsInfo = {}
    for d in postDomains:
@ -3914,7 +3954,7 @@ def getPublicPostInfo(session, baseDir: str, nickname: str, domain: str,
                                   personCache,
                                   debug,
                                   projectVersion, httpPrefix,
-                                   domain)
+                                   domain, signingPrivateKeyPem)
    for blockedDomain, postUrlList in blockedPosts.items():
        domainsInfo[blockedDomain] += postUrlList
@ -3926,7 +3966,8 @@ def getPublicPostDomainsBlocked(session, baseDir: str,
                                proxyType: str, port: int, httpPrefix: str,
                                debug: bool, projectVersion: str,
                                wordFrequency: {}, domainList: [],
-                                systemLanguage: str) -> []:
+                                systemLanguage: str,
                                signingPrivateKeyPem: str) -> []:
    """ Returns a list of domains referenced within public posts which
    are globally blocked on this instance
    """
@ -3934,7 +3975,8 @@ def getPublicPostDomainsBlocked(session, baseDir: str,
        getPublicPostDomains(session, baseDir, nickname, domain,
                             proxyType, port, httpPrefix,
                             debug, projectVersion,
-                             wordFrequency, domainList, systemLanguage)
+                             wordFrequency, domainList, systemLanguage,
                             signingPrivateKeyPem)
    if not postDomains:
        return []
@ -3983,7 +4025,8 @@ def checkDomains(session, baseDir: str,
                 proxyType: str, port: int, httpPrefix: str,
                 debug: bool, projectVersion: str,
                 maxBlockedDomains: int, singleCheck: bool,
-                 systemLanguage: str) -> None:
+                 systemLanguage: str,
                 signingPrivateKeyPem: str) -> None:
    """Checks follower accounts for references to globally blocked domains
    """
    wordFrequency = {}
@ -4012,7 +4055,8 @@ def checkDomains(session, baseDir: str,
                                            proxyType, port, httpPrefix,
                                            debug, projectVersion,
                                            wordFrequency, [],
-                                            systemLanguage)
+                                            systemLanguage,
                                            signingPrivateKeyPem)
            if blockedDomains:
                if len(blockedDomains) > maxBlockedDomains:
                    followerWarningStr += handle + '\n'
@ -4033,7 +4077,8 @@ def checkDomains(session, baseDir: str,
                                            proxyType, port, httpPrefix,
                                            debug, projectVersion,
                                            wordFrequency, [],
-                                            systemLanguage)
+                                            systemLanguage,
                                            signingPrivateKeyPem)
            if blockedDomains:
                print(handle)
                for d in blockedDomains:
@ -4133,7 +4178,8 @@ def downloadAnnounce(session, baseDir: str, httpPrefix: str,
                     allowLocalNetworkAccess: bool,
                     recentPostsCache: {}, debug: bool,
                     systemLanguage: str,
-                     domainFull: str, personCache: {}) -> {}:
+                     domainFull: str, personCache: {},
                     signingPrivateKeyPem: str) -> {}:
    """Download the post referenced by an announce
    """
    if not postJsonObject.get('object'):
@ -4206,8 +4252,8 @@ def downloadAnnounce(session, baseDir: str, httpPrefix: str,
            print('Downloading Announce content for ' +
                  postJsonObject['object'])
        announcedJson = \
-            getJson(session, postJsonObject['object'], asHeader,
+            getJson(signingPrivateKeyPem, session, postJsonObject['object'],
-                    None, debug, projectVersion, httpPrefix, domain)
+                    asHeader, None, debug, projectVersion, httpPrefix, domain)
        if not announcedJson:
            return None
@ -4351,7 +4397,8 @@ def sendBlockViaServer(baseDir: str, session,
                       fromDomain: str, fromPort: int,
                       httpPrefix: str, blockedUrl: str,
                       cachedWebfingers: {}, personCache: {},
-                       debug: bool, projectVersion: str) -> {}:
+                       debug: bool, projectVersion: str,
                       signingPrivateKeyPem: str) -> {}:
    """Creates a block via c2s
    """
    if not session:
@ -4378,7 +4425,8 @@ def sendBlockViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                fromDomain, projectVersion, debug, False)
+                                fromDomain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: block webfinger failed for ' + handle)
@ -4393,7 +4441,8 @@ def sendBlockViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest,
                                 personCache,
                                 projectVersion, httpPrefix, fromNickname,
                                 fromDomain, postToBox, 72652)
@ -4431,7 +4480,8 @@ def sendMuteViaServer(baseDir: str, session,
                      fromDomain: str, fromPort: int,
                      httpPrefix: str, mutedUrl: str,
                      cachedWebfingers: {}, personCache: {},
-                      debug: bool, projectVersion: str) -> {}:
+                      debug: bool, projectVersion: str,
                      signingPrivateKeyPem: str) -> {}:
    """Creates a mute via c2s
    """
    if not session:
@ -4454,7 +4504,8 @@ def sendMuteViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                fromDomain, projectVersion, debug, False)
+                                fromDomain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: mute webfinger failed for ' + handle)
@ -4469,7 +4520,8 @@ def sendMuteViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest,
                                 personCache,
                                 projectVersion, httpPrefix, fromNickname,
                                 fromDomain, postToBox, 72652)
@ -4507,7 +4559,8 @@ def sendUndoMuteViaServer(baseDir: str, session,
                          fromDomain: str, fromPort: int,
                          httpPrefix: str, mutedUrl: str,
                          cachedWebfingers: {}, personCache: {},
-                          debug: bool, projectVersion: str) -> {}:
+                          debug: bool, projectVersion: str,
                          signingPrivateKeyPem: str) -> {}:
    """Undoes a mute via c2s
    """
    if not session:
@ -4535,7 +4588,8 @@ def sendUndoMuteViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                fromDomain, projectVersion, debug, False)
+                                fromDomain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: undo mute webfinger failed for ' + handle)
@ -4550,7 +4604,8 @@ def sendUndoMuteViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest,
                                 personCache,
                                 projectVersion, httpPrefix, fromNickname,
                                 fromDomain, postToBox, 72652)
@ -4589,7 +4644,8 @@ def sendUndoBlockViaServer(baseDir: str, session,
                           fromDomain: str, fromPort: int,
                           httpPrefix: str, blockedUrl: str,
                           cachedWebfingers: {}, personCache: {},
-                           debug: bool, projectVersion: str) -> {}:
+                           debug: bool, projectVersion: str,
                           signingPrivateKeyPem: str) -> {}:
    """Creates a block via c2s
    """
    if not session:
@ -4620,7 +4676,8 @@ def sendUndoBlockViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = webfingerHandle(session, handle, httpPrefix,
                                cachedWebfingers,
-                                fromDomain, projectVersion, debug, False)
+                                fromDomain, projectVersion, debug, False,
                                signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: unblock webfinger failed for ' + handle)
@ -4635,7 +4692,8 @@ def sendUndoBlockViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox, avatarUrl,
-     displayName) = getPersonBox(baseDir, session, wfRequest, personCache,
+     displayName) = getPersonBox(signingPrivateKeyPem,
                                 baseDir, session, wfRequest, personCache,
                                 projectVersion, httpPrefix, fromNickname,
                                 fromDomain, postToBox, 53892)
@ -4697,7 +4755,7 @@ def c2sBoxJson(baseDir: str, session,
               domain: str, port: int,
               httpPrefix: str,
               boxName: str, pageNumber: int,
-               debug: bool) -> {}:
+               debug: bool, signingPrivateKeyPem: str) -> {}:
    """C2S Authenticated GET of posts for a timeline
    """
    if not session:
@ -4719,7 +4777,7 @@ def c2sBoxJson(baseDir: str, session,
    # GET json
    url = actor + '/' + boxName + '?page=' + str(pageNumber)
-    boxJson = getJson(session, url, headers, None,
+    boxJson = getJson(signingPrivateKeyPem, session, url, headers, None,
                      debug, __version__, httpPrefix, None)
    if boxJson is not None and debug:
--- a/schedule.py
+++ b/schedule.py
@ -115,7 +115,8 @@ def _updatePostSchedule(baseDir: str, handle: str, httpd,
                                       httpd.city, httpd.systemLanguage,
                                       httpd.sharedItemsFederatedDomains,
                                       httpd.sharedItemFederationTokens,
-                                       httpd.lowBandwidth):
+                                       httpd.lowBandwidth,
                                       httpd.signingPrivateKeyPem):
                indexLines.remove(line)
                os.remove(postFilename)
                continue
--- a/session.py
+++ b/session.py
@ -87,7 +87,7 @@ def urlExists(session, url: str, timeoutSec: int = 3,
 def _getJsonRequest(session, url: str, domainFull: str, sessionHeaders: {},
                    sessionParams: {}, timeoutSec: int,
-                    privateKeyPem: str, quiet: bool, debug: bool) -> {}:
+                    signingPrivateKeyPem: str, quiet: bool, debug: bool) -> {}:
    """http GET for json
    """
    try:
@ -95,12 +95,12 @@ def _getJsonRequest(session, url: str, domainFull: str, sessionHeaders: {},
                             params=sessionParams, timeout=timeoutSec)
        if result.status_code != 200:
            if result.status_code == 401:
-                if not privateKeyPem:
+                if not signingPrivateKeyPem:
                    print("WARN: getJson requires secure fetch url: " + url)
                else:
                    return _getJsonSigned(session, url, domainFull,
                                          sessionHeaders, sessionParams,
-                                          timeoutSec, privateKeyPem,
+                                          timeoutSec, signingPrivateKeyPem,
                                          quiet, debug)
            elif result.status_code == 403:
                print('WARN: getJson Forbidden url: ' + url)
@ -138,7 +138,7 @@ def _getJsonRequest(session, url: str, domainFull: str, sessionHeaders: {},
 def _getJsonSigned(session, url: str, domainFull: str, sessionHeaders: {},
                   sessionParams: {}, timeoutSec: int,
-                   privateKeyPem: str, quiet: bool, debug: bool) -> {}:
+                   signingPrivateKeyPem: str, quiet: bool, debug: bool) -> {}:
    """Authorized fetch
    """
    if not domainFull:
@ -175,27 +175,26 @@ def _getJsonSigned(session, url: str, domainFull: str, sessionHeaders: {},
    nickname = domain
    if debug:
-        print('Signed GET privateKeyPem: ' + privateKeyPem)
+        print('Signed GET privateKeyPem: ' + signingPrivateKeyPem)
        print('Signed GET nickname: ' + nickname)
        print('Signed GET domain: ' + domain + ' ' + str(port))
        print('Signed GET toDomain: ' + toDomain + ' ' + str(toPort))
        print('Signed GET url: ' + url)
        print('Signed GET httpPrefix: ' + httpPrefix)
    signatureHeaderJson = \
-        createSignedHeader(privateKeyPem, nickname, domain, port,
+        createSignedHeader(signingPrivateKeyPem, nickname, domain, port,
-                           toDomain, toPort,
+                           toDomain, toPort, url, httpPrefix, False, '')
                           url, httpPrefix, False, '')
    for key, value in signatureHeaderJson.items():
        if key == 'Accept' or key == 'User-Agent':
            continue
        sessionHeaders[key] = value
    return _getJsonRequest(session, url, domainFull, sessionHeaders,
-                           sessionParams, timeoutSec,
+                           sessionParams, timeoutSec, None, quiet, debug)
                           None, quiet, debug)
-def getJson(session, url: str, headers: {}, params: {}, debug: bool,
+def getJson(signingPrivateKeyPem: str,
            session, url: str, headers: {}, params: {}, debug: bool,
            version: str = '1.2.0', httpPrefix: str = 'https',
            domain: str = 'testdomain',
            timeoutSec: int = 20, quiet: bool = False) -> {}:
@ -222,10 +221,9 @@ def getJson(session, url: str, headers: {}, params: {}, debug: bool,
    if debug:
        HTTPConnection.debuglevel = 1
    privateKeyPem = 'TODO instance actor private key'
    return _getJsonRequest(session, url, domain, sessionHeaders,
                           sessionParams, timeoutSec,
-                           privateKeyPem, quiet, debug)
+                           signingPrivateKeyPem, quiet, debug)
 def postJson(httpPrefix: str, domainFull: str,
--- a/shares.py
+++ b/shares.py
@ -535,7 +535,8 @@ def sendShareViaServer(baseDir, session,
                       location: str, duration: str,
                       cachedWebfingers: {}, personCache: {},
                       debug: bool, projectVersion: str,
-                       itemPrice: str, itemCurrency: str) -> {}:
+                       itemPrice: str, itemCurrency: str,
                       signingPrivateKeyPem: str) -> {}:
    """Creates an item share via c2s
    """
    if not session:
@ -585,7 +586,8 @@ def sendShareViaServer(baseDir, session,
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix,
                        cachedWebfingers,
-                        fromDomain, projectVersion, debug, False)
+                        fromDomain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: share webfinger failed for ' + handle)
@ -600,7 +602,8 @@ def sendShareViaServer(baseDir, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache, projectVersion,
                                            httpPrefix, fromNickname,
                                            fromDomain, postToBox,
@ -652,7 +655,8 @@ def sendUndoShareViaServer(baseDir: str, session,
                           fromDomain: str, fromPort: int,
                           httpPrefix: str, displayName: str,
                           cachedWebfingers: {}, personCache: {},
-                           debug: bool, projectVersion: str) -> {}:
+                           debug: bool, projectVersion: str,
                           signingPrivateKeyPem: str) -> {}:
    """Undoes a share via c2s
    """
    if not session:
@ -685,7 +689,8 @@ def sendUndoShareViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        fromDomain, projectVersion, debug, False)
+                        fromDomain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: unshare webfinger failed for ' + handle)
@ -700,7 +705,8 @@ def sendUndoShareViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache, projectVersion,
                                            httpPrefix, fromNickname,
                                            fromDomain, postToBox,
@ -747,7 +753,8 @@ def sendWantedViaServer(baseDir, session,
                        location: str, duration: str,
                        cachedWebfingers: {}, personCache: {},
                        debug: bool, projectVersion: str,
-                        itemMaxPrice: str, itemCurrency: str) -> {}:
+                        itemMaxPrice: str, itemCurrency: str,
                        signingPrivateKeyPem: str) -> {}:
    """Creates a wanted item via c2s
    """
    if not session:
@ -797,7 +804,8 @@ def sendWantedViaServer(baseDir, session,
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix,
                        cachedWebfingers,
-                        fromDomain, projectVersion, debug, False)
+                        fromDomain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: share webfinger failed for ' + handle)
@ -812,7 +820,8 @@ def sendWantedViaServer(baseDir, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache, projectVersion,
                                            httpPrefix, fromNickname,
                                            fromDomain, postToBox,
@ -864,7 +873,8 @@ def sendUndoWantedViaServer(baseDir: str, session,
                            fromDomain: str, fromPort: int,
                            httpPrefix: str, displayName: str,
                            cachedWebfingers: {}, personCache: {},
-                            debug: bool, projectVersion: str) -> {}:
+                            debug: bool, projectVersion: str,
                            signingPrivateKeyPem: str) -> {}:
    """Undoes a wanted item via c2s
    """
    if not session:
@ -897,7 +907,8 @@ def sendUndoWantedViaServer(baseDir: str, session,
    # lookup the inbox for the To handle
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix, cachedWebfingers,
-                        fromDomain, projectVersion, debug, False)
+                        fromDomain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: unwant webfinger failed for ' + handle)
@ -912,7 +923,8 @@ def sendUndoWantedViaServer(baseDir: str, session,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache, projectVersion,
                                            httpPrefix, fromNickname,
                                            fromDomain, postToBox,
@ -953,7 +965,8 @@ def sendUndoWantedViaServer(baseDir: str, session,
 def getSharedItemsCatalogViaServer(baseDir, session,
                                   nickname: str, password: str,
                                   domain: str, port: int,
-                                   httpPrefix: str, debug: bool) -> {}:
+                                   httpPrefix: str, debug: bool,
                                   signingPrivateKeyPem: str) -> {}:
    """Returns the shared items catalog via c2s
    """
    if not session:
@ -972,8 +985,8 @@ def getSharedItemsCatalogViaServer(baseDir, session,
    url = localActorUrl(httpPrefix, nickname, domainFull) + '/catalog'
    if debug:
        print('Shared items catalog request to: ' + url)
-    catalogJson = getJson(session, url, headers, None, debug,
+    catalogJson = getJson(signingPrivateKeyPem, session, url, headers, None,
-                          __version__, httpPrefix, None)
+                          debug, __version__, httpPrefix, None)
    if not catalogJson:
        if debug:
            print('DEBUG: GET shared items catalog failed for c2s to ' + url)
--- a/skills.py
+++ b/skills.py
@ -177,7 +177,8 @@ def sendSkillViaServer(baseDir: str, session, nickname: str, password: str,
                       httpPrefix: str,
                       skill: str, skillLevelPercent: int,
                       cachedWebfingers: {}, personCache: {},
-                       debug: bool, projectVersion: str) -> {}:
+                       debug: bool, projectVersion: str,
                       signingPrivateKeyPem: str) -> {}:
    """Sets a skill for a person via c2s
    """
    if not session:
@ -209,7 +210,8 @@ def sendSkillViaServer(baseDir: str, session, nickname: str, password: str,
    wfRequest = \
        webfingerHandle(session, handle, httpPrefix,
                        cachedWebfingers,
-                        domain, projectVersion, debug, False)
+                        domain, projectVersion, debug, False,
                        signingPrivateKeyPem)
    if not wfRequest:
        if debug:
            print('DEBUG: skill webfinger failed for ' + handle)
@ -224,7 +226,8 @@ def sendSkillViaServer(baseDir: str, session, nickname: str, password: str,
    # get the actor inbox for the To handle
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+     avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                            baseDir, session, wfRequest,
                                            personCache, projectVersion,
                                            httpPrefix, nickname, domain,
                                            postToBox, 86725)
--- a/socnet.py
+++ b/socnet.py
@ -18,7 +18,7 @@ def instancesGraph(baseDir: str, handles: str,
                   proxyType: str,
                   port: int, httpPrefix: str,
                   debug: bool, projectVersion: str,
-                   systemLanguage: str) -> str:
+                   systemLanguage: str, signingPrivateKeyPem: str) -> str:
    """ Returns a dot graph of federating instances
    based upon a few sample handles.
    The handles argument should contain a comma separated list
@ -54,7 +54,8 @@ def instancesGraph(baseDir: str, handles: str,
        wfRequest = \
            webfingerHandle(session, handle, httpPrefix,
                            cachedWebfingers,
-                            domain, projectVersion, debug, False)
+                            domain, projectVersion, debug, False,
                            signingPrivateKeyPem)
        if not wfRequest:
            return dotGraphStr + '}\n'
        if not isinstance(wfRequest, dict):
@ -64,7 +65,8 @@ def instancesGraph(baseDir: str, handles: str,
        (personUrl, pubKeyId, pubKey,
         personId, shaedInbox,
-         avatarUrl, displayName) = getPersonBox(baseDir, session, wfRequest,
+         avatarUrl, displayName) = getPersonBox(signingPrivateKeyPem,
                                                baseDir, session, wfRequest,
                                                personCache,
                                                projectVersion, httpPrefix,
                                                nickname, domain, 'outbox',
@ -75,7 +77,8 @@ def instancesGraph(baseDir: str, handles: str,
                           maxAttachments, federationList,
                           personCache, debug,
                           projectVersion, httpPrefix, domain,
-                           wordFrequency, [], systemLanguage)
+                           wordFrequency, [], systemLanguage,
                           signingPrivateKeyPem)
        postDomains.sort()
        for fedDomain in postDomains:
            dotLineStr = '    "' + domain + '" -> "' + fedDomain + '";\n'
--- a/tests.py
+++ b/tests.py
@ -978,8 +978,9 @@ def testPostMessageBetweenServers():
    assert len([name for name in os.listdir(outboxPath)
                if os.path.isfile(os.path.join(outboxPath, name))]) == 0
    lowBandwidth = False
    signingPrivateKeyPem = None
    sendResult = \
-        sendPost(__version__,
+        sendPost(signingPrivateKeyPem, __version__,
                 sessionAlice, aliceDir, 'alice', aliceDomain, alicePort,
                 'bob', bobDomain, bobPort, ccUrl, httpPrefix,
                 'Why is a mouse when it spins? ' +
@ -1100,7 +1101,7 @@ def testPostMessageBetweenServers():
                    'alice', aliceDomain, alicePort, [],
                    statusNumber, False, bobSendThreads, bobPostLog,
                    bobPersonCache, bobCachedWebfingers,
-                    True, __version__)
+                    True, __version__, signingPrivateKeyPem)
    for i in range(20):
        if 'likes' in open(outboxPostFilename).read():
@ -1135,7 +1136,7 @@ def testPostMessageBetweenServers():
                   objectUrl,
                   False, bobSendThreads, bobPostLog,
                   bobPersonCache, bobCachedWebfingers,
-                   True, __version__)
+                   True, __version__, signingPrivateKeyPem)
    announceMessageArrived = False
    outboxMessageArrived = False
    for i in range(10):
@ -1270,6 +1271,7 @@ def testFollowBetweenServers():
    aliceCachedWebfingers = {}
    alicePostLog = []
    bobActor = httpPrefix + '://' + bobAddress + '/users/bob'
    signingPrivateKeyPem = None
    sendResult = \
        sendFollowRequest(sessionAlice, aliceDir,
                          'alice', aliceDomain, alicePort, httpPrefix,
@ -1278,7 +1280,7 @@ def testFollowBetweenServers():
                          clientToServer, federationList,
                          aliceSendThreads, alicePostLog,
                          aliceCachedWebfingers, alicePersonCache,
-                          True, __version__)
+                          True, __version__, signingPrivateKeyPem)
    print('sendResult: ' + str(sendResult))
    for t in range(16):
@ -1315,8 +1317,9 @@ def testFollowBetweenServers():
    isArticle = False
    city = 'London, England'
    lowBandwidth = False
    signingPrivateKeyPem = None
    sendResult = \
-        sendPost(__version__,
+        sendPost(signingPrivateKeyPem, __version__,
                 sessionAlice, aliceDir, 'alice', aliceDomain, alicePort,
                 'bob', bobDomain, bobPort, ccUrl,
                 httpPrefix, 'Alice message', followersOnly, saveToFile,
@ -1466,6 +1469,7 @@ def testSharedItemsFederation():
    aliceCachedWebfingers = {}
    alicePostLog = []
    bobActor = httpPrefix + '://' + bobAddress + '/users/bob'
    signingPrivateKeyPem = None
    sendResult = \
        sendFollowRequest(sessionAlice, aliceDir,
                          'alice', aliceDomain, alicePort, httpPrefix,
@ -1474,7 +1478,7 @@ def testSharedItemsFederation():
                          clientToServer, federationList,
                          aliceSendThreads, alicePostLog,
                          aliceCachedWebfingers, alicePersonCache,
-                          True, __version__)
+                          True, __version__, signingPrivateKeyPem)
    print('sendResult: ' + str(sendResult))
    for t in range(16):
@ -1527,6 +1531,7 @@ def testSharedItemsFederation():
    sharedItemDuration = "10 days"
    sharedItemPrice = "1.30"
    sharedItemCurrency = "EUR"
    signingPrivateKeyPem = None
    shareJson = \
        sendShareViaServer(bobDir, sessionBob,
                           'bob', bobPassword,
@ -1537,7 +1542,8 @@ def testSharedItemsFederation():
                           sharedItemLocation, sharedItemDuration,
                           bobCachedWebfingers, bobPersonCache,
                           True, __version__,
-                           sharedItemPrice, sharedItemCurrency)
+                           sharedItemPrice, sharedItemCurrency,
                           signingPrivateKeyPem)
    assert shareJson
    assert isinstance(shareJson, dict)
    sharedItemName = 'Epicyon T-shirt'
@ -1560,7 +1566,8 @@ def testSharedItemsFederation():
                           sharedItemLocation, sharedItemDuration,
                           bobCachedWebfingers, bobPersonCache,
                           True, __version__,
-                           sharedItemPrice, sharedItemCurrency)
+                           sharedItemPrice, sharedItemCurrency,
                           signingPrivateKeyPem)
    assert shareJson
    assert isinstance(shareJson, dict)
    sharedItemName = 'Soldering iron'
@ -1583,7 +1590,8 @@ def testSharedItemsFederation():
                           sharedItemLocation, sharedItemDuration,
                           bobCachedWebfingers, bobPersonCache,
                           True, __version__,
-                           sharedItemPrice, sharedItemCurrency)
+                           sharedItemPrice, sharedItemCurrency,
                           signingPrivateKeyPem)
    assert shareJson
    assert isinstance(shareJson, dict)
@ -1605,9 +1613,11 @@ def testSharedItemsFederation():
    print('\n\n*********************************************************')
    print('Bob can read the shared items catalog on his own instance')
    signingPrivateKeyPem = None
    catalogJson = \
        getSharedItemsCatalogViaServer(bobDir, sessionBob, 'bob', bobPassword,
-                                       bobDomain, bobPort, httpPrefix, True)
+                                       bobDomain, bobPort, httpPrefix, True,
                                       signingPrivateKeyPem)
    assert catalogJson
    pprint(catalogJson)
    assert 'DFC:supplies' in catalogJson
@ -1633,8 +1643,9 @@ def testSharedItemsFederation():
    isArticle = False
    city = 'London, England'
    lowBandwidth = False
    signingPrivateKeyPem = None
    sendResult = \
-        sendPost(__version__,
+        sendPost(signingPrivateKeyPem, __version__,
                 sessionAlice, aliceDir, 'alice', aliceDomain, alicePort,
                 'bob', bobDomain, bobPort, ccUrl,
                 httpPrefix, 'Alice message', followersOnly, saveToFile,
@ -1697,7 +1708,9 @@ def testSharedItemsFederation():
        'Accept': 'application/json'
    }
    url = httpPrefix + '://' + bobAddress + '/catalog'
-    catalogJson = getJson(sessionAlice, url, headers, None, True)
+    signingPrivateKeyPem = None
    catalogJson = getJson(signingPrivateKeyPem, sessionAlice, url, headers,
                          None, True)
    assert catalogJson
    pprint(catalogJson)
    assert 'DFC:supplies' in catalogJson
@ -1836,8 +1849,9 @@ def testGroupFollow():
    asHeader = {
        'Accept': 'application/ld+json; profile="' + profileStr + '"'
    }
-    outboxJson = getJson(session, aliceOutbox, asHeader, None,
+    signingPrivateKeyPem = None
-                         True, __version__, 'http', None)
+    outboxJson = getJson(signingPrivateKeyPem, session, aliceOutbox, asHeader,
                         None, True, __version__, 'http', None)
    assert outboxJson
    pprint(outboxJson)
    assert outboxJson['type'] == 'OrderedCollection'
@ -1847,8 +1861,8 @@ def testGroupFollow():
    print('Alice outbox totalItems: ' + str(outboxJson['totalItems']))
    assert outboxJson['totalItems'] == 3
-    outboxJson = getJson(session, firstPage, asHeader, None,
+    outboxJson = getJson(signingPrivateKeyPem, session, firstPage, asHeader,
-                         True, __version__, 'http', None)
+                         None, True, __version__, 'http', None)
    assert outboxJson
    pprint(outboxJson)
    assert 'orderedItems' in outboxJson
@ -1879,6 +1893,7 @@ def testGroupFollow():
    alicePostLog = []
    # aliceActor = httpPrefix + '://' + aliceAddress + '/users/alice'
    testgroupActor = httpPrefix + '://' + testgroupAddress + '/users/testgroup'
    signingPrivateKeyPem = None
    sendResult = \
        sendFollowRequest(sessionAlice, aliceDir,
                          'alice', aliceDomain, alicePort, httpPrefix,
@ -1887,7 +1902,7 @@ def testGroupFollow():
                          clientToServer, federationList,
                          aliceSendThreads, alicePostLog,
                          aliceCachedWebfingers, alicePersonCache,
-                          True, __version__)
+                          True, __version__, signingPrivateKeyPem)
    print('sendResult: ' + str(sendResult))
    aliceFollowingFilename = \
@ -1954,6 +1969,7 @@ def testGroupFollow():
    bobPostLog = []
    # bobActor = httpPrefix + '://' + bobAddress + '/users/bob'
    testgroupActor = httpPrefix + '://' + testgroupAddress + '/users/testgroup'
    signingPrivateKeyPem = None
    sendResult = \
        sendFollowRequest(sessionBob, bobDir,
                          'bob', bobDomain, bobPort, httpPrefix,
@ -1962,7 +1978,7 @@ def testGroupFollow():
                          clientToServer, federationList,
                          bobSendThreads, bobPostLog,
                          bobCachedWebfingers, bobPersonCache,
-                          True, __version__)
+                          True, __version__, signingPrivateKeyPem)
    print('sendResult: ' + str(sendResult))
    bobFollowingFilename = \
@ -2025,8 +2041,9 @@ def testGroupFollow():
    isArticle = False
    city = 'London, England'
    lowBandwidth = False
    signingPrivateKeyPem = None
    sendResult = \
-        sendPost(__version__,
+        sendPost(signingPrivateKeyPem, __version__,
                 sessionAlice, aliceDir, 'alice', aliceDomain, alicePort,
                 'testgroup', testgroupDomain, testgroupPort, ccUrl,
                 httpPrefix, "Alice group message", followersOnly,
@ -2553,8 +2570,9 @@ def testClientToServer():
    assert len([name for name in os.listdir(bobOutboxPath)
                if os.path.isfile(os.path.join(bobOutboxPath, name))]) == 0
    print('EVENT: all inboxes and outboxes are empty')
    signingPrivateKeyPem = None
    sendResult = \
-        sendPostViaServer(__version__,
+        sendPostViaServer(signingPrivateKeyPem, __version__,
                          aliceDir, sessionAlice, 'alice', password,
                          aliceDomain, alicePort,
                          'bob', bobDomain, bobPort, None,
@ -2619,13 +2637,14 @@ def testClientToServer():
                               aliceDomain, alicePort)
    print('\n\nAlice follows Bob')
    signingPrivateKeyPem = None
    sendFollowRequestViaServer(aliceDir, sessionAlice,
                               'alice', password,
                               aliceDomain, alicePort,
                               'bob', bobDomain, bobPort,
                               httpPrefix,
                               cachedWebfingers, personCache,
-                               True, __version__)
+                               True, __version__, signingPrivateKeyPem)
    alicePetnamesFilename = aliceDir + '/accounts/' + \
        'alice@' + aliceDomain + '/petnames.txt'
    aliceFollowingFilename = \
@ -2667,7 +2686,7 @@ def testClientToServer():
                               'alice', aliceDomain, alicePort,
                               httpPrefix,
                               cachedWebfingers, personCache,
-                               True, __version__)
+                               True, __version__, signingPrivateKeyPem)
    for t in range(10):
        if os.path.isfile(aliceDir + '/accounts/alice@' + aliceDomain +
                          '/followers.txt'):
@ -2722,7 +2741,7 @@ def testClientToServer():
                      bobDomain, bobPort,
                      httpPrefix, outboxPostId,
                      cachedWebfingers, personCache,
-                      True, __version__)
+                      True, __version__, signingPrivateKeyPem)
    for i in range(20):
        if os.path.isdir(outboxPath) and os.path.isdir(inboxPath):
            if len([name for name in os.listdir(outboxPath)
@ -2753,11 +2772,13 @@ def testClientToServer():
    showTestBoxes('alice', aliceInboxPath, aliceOutboxPath)
    showTestBoxes('bob', bobInboxPath, bobOutboxPath)
    print('\n\nEVENT: Bob repeats the post')
    signingPrivateKeyPem = None
    sendAnnounceViaServer(bobDir, sessionBob, 'bob', password,
                          bobDomain, bobPort,
                          httpPrefix, outboxPostId,
                          cachedWebfingers,
-                          personCache, True, __version__)
+                          personCache, True, __version__,
                          signingPrivateKeyPem)
    for i in range(20):
        if os.path.isdir(outboxPath) and os.path.isdir(inboxPath):
            if len([name for name in os.listdir(outboxPath)
@ -2788,7 +2809,7 @@ def testClientToServer():
                        aliceDomain, alicePort,
                        httpPrefix, outboxPostId,
                        cachedWebfingers, personCache,
-                        True, __version__)
+                        True, __version__, signingPrivateKeyPem)
    for i in range(30):
        if os.path.isdir(inboxPath):
            test = len([name for name in os.listdir(inboxPath)
@ -2813,7 +2834,7 @@ def testClientToServer():
                                 'bob', bobDomain, bobPort,
                                 httpPrefix,
                                 cachedWebfingers, personCache,
-                                 True, __version__)
+                                 True, __version__, signingPrivateKeyPem)
    for t in range(10):
        if 'alice@' + aliceDomain + ':' + str(alicePort) not in \
           open(bobFollowersFilename).read():
@ -4704,13 +4725,14 @@ def testUpdateActor():
        'fnaZ2Wi050483Sj2RmQRpb99Dod7rVZTDtCqXk0J\n' + \
        '=gv5G\n' + \
        '-----END PGP PUBLIC KEY BLOCK-----'
    signingPrivateKeyPem = None
    actorUpdate = \
        pgpPublicKeyUpload(aliceDir, sessionAlice,
                           'alice', password,
                           aliceDomain, alicePort,
                           httpPrefix,
                           cachedWebfingers, personCache,
-                           True, pubKey)
+                           True, pubKey, signingPrivateKeyPem)
    print('actor update result: ' + str(actorUpdate))
    assert actorUpdate
--- a/webapp_confirm.py
+++ b/webapp_confirm.py
@ -34,7 +34,7 @@ def htmlConfirmDelete(cssCache: {},
                      peertubeInstances: [],
                      allowLocalNetworkAccess: bool,
                      themeName: str, systemLanguage: str,
-                      maxLikeCount: int) -> str:
+                      maxLikeCount: int, signingPrivateKeyPem: str) -> str:
    """Shows a screen asking to confirm the deletion of a post
    """
    if '/statuses/' not in messageId:
@ -66,7 +66,8 @@ def htmlConfirmDelete(cssCache: {},
        getConfigParam(baseDir, 'instanceTitle')
    deletePostStr = htmlHeaderWithExternalStyle(cssFilename, instanceTitle)
    deletePostStr += \
-        individualPostAsHtml(True, recentPostsCache, maxRecentPosts,
+        individualPostAsHtml(signingPrivateKeyPem,
                             True, recentPostsCache, maxRecentPosts,
                             translate, pageNumber,
                             baseDir, session, cachedWebfingers, personCache,
                             nickname, domain, port, postJsonObject,
--- a/webapp_frontscreen.py
+++ b/webapp_frontscreen.py
@ -33,7 +33,8 @@ def _htmlFrontScreenPosts(recentPostsCache: {}, maxRecentPosts: int,
                          peertubeInstances: [],
                          allowLocalNetworkAccess: bool,
                          themeName: str, systemLanguage: str,
-                          maxLikeCount: int) -> str:
+                          maxLikeCount: int,
                          signingPrivateKeyPem: str) -> str:
    """Shows posts on the front screen of a news instance
    These should only be public blog posts from the features timeline
    which is the blog timeline of the news actor
@ -61,7 +62,8 @@ def _htmlFrontScreenPosts(recentPostsCache: {}, maxRecentPosts: int,
        for item in outboxFeed['orderedItems']:
            if item['type'] == 'Create':
                postStr = \
-                    individualPostAsHtml(True, recentPostsCache,
+                    individualPostAsHtml(signingPrivateKeyPem,
                                         True, recentPostsCache,
                                         maxRecentPosts,
                                         translate, None,
                                         baseDir, session,
@ -86,7 +88,8 @@ def _htmlFrontScreenPosts(recentPostsCache: {}, maxRecentPosts: int,
    return profileStr
-def htmlFrontScreen(rssIconAtTop: bool,
+def htmlFrontScreen(signingPrivateKeyPem: str,
                    rssIconAtTop: bool,
                    cssCache: {}, iconsAsButtons: bool,
                    defaultTimeline: str,
                    recentPostsCache: {}, maxRecentPosts: int,
@ -173,7 +176,8 @@ def htmlFrontScreen(rssIconAtTop: bool,
                              peertubeInstances,
                              allowLocalNetworkAccess,
                              theme, systemLanguage,
-                              maxLikeCount) + licenseStr
+                              maxLikeCount,
                              signingPrivateKeyPem) + licenseStr
    # Footer which is only used for system accounts
    profileFooterStr = '      </td>\n'
--- a/webapp_moderation.py
+++ b/webapp_moderation.py
@ -50,7 +50,8 @@ def htmlModeration(cssCache: {}, defaultTimeline: str,
                   textModeBanner: str,
                   accessKeys: {}, systemLanguage: str,
                   maxLikeCount: int,
-                   sharedItemsFederatedDomains: []) -> str:
+                   sharedItemsFederatedDomains: [],
                   signingPrivateKeyPem: str) -> str:
    """Show the moderation feed as html
    This is what you see when selecting the "mod" timeline
    """
@ -67,14 +68,15 @@ def htmlModeration(cssCache: {}, defaultTimeline: str,
                        authorized, moderationActionStr, theme,
                        peertubeInstances, allowLocalNetworkAccess,
                        textModeBanner, accessKeys, systemLanguage,
-                        maxLikeCount, sharedItemsFederatedDomains)
+                        maxLikeCount, sharedItemsFederatedDomains,
                        signingPrivateKeyPem)
 def htmlAccountInfo(cssCache: {}, translate: {},
                    baseDir: str, httpPrefix: str,
                    nickname: str, domain: str, port: int,
                    searchHandle: str, debug: bool,
-                    systemLanguage: str) -> str:
+                    systemLanguage: str, signingPrivateKeyPem: str) -> str:
    """Shows which domains a search handle interacts with.
    This screen is shown if a moderator enters a handle and selects info
    on the moderation screen
@ -116,11 +118,13 @@ def htmlAccountInfo(cssCache: {}, translate: {},
                                   baseDir, searchNickname, searchDomain,
                                   proxyType, searchPort,
                                   httpPrefix, debug,
-                                   __version__, wordFrequency, systemLanguage)
+                                   __version__, wordFrequency, systemLanguage,
                                   signingPrivateKeyPem)
    # get a list of any blocked followers
    followersList = \
-        downloadFollowCollection('followers', session,
+        downloadFollowCollection(signingPrivateKeyPem,
                                 'followers', session,
                                 httpPrefix, searchActor, 1, 5)
    blockedFollowers = []
    for followerActor in followersList:
--- a/webapp_post.py
+++ b/webapp_post.py
@ -188,7 +188,8 @@ def _getPostFromRecentCache(session,
                            postStartTime,
                            pageNumber: int,
                            recentPostsCache: {},
-                            maxRecentPosts: int) -> str:
+                            maxRecentPosts: int,
                            signingPrivateKeyPem: str) -> str:
    """Attempts to get the html post from the recent posts cache in memory
    """
    if boxName == 'tlmedia':
@ -213,7 +214,8 @@ def _getPostFromRecentCache(session,
        _logPostTiming(enableTimingLog, postStartTime, '2.1')
-    updateAvatarImageCache(session, baseDir, httpPrefix,
+    updateAvatarImageCache(signingPrivateKeyPem,
                           session, baseDir, httpPrefix,
                           postActor, avatarUrl, personCache,
                           allowDownloads)
@ -1095,7 +1097,8 @@ def _getFooterWithIcons(showIcons: bool,
    return footerStr
-def individualPostAsHtml(allowDownloads: bool,
+def individualPostAsHtml(signingPrivateKeyPem: str,
                         allowDownloads: bool,
                         recentPostsCache: {}, maxRecentPosts: int,
                         translate: {},
                         pageNumber: int, baseDir: str,
@ -1169,7 +1172,8 @@ def individualPostAsHtml(allowDownloads: bool,
                                postStartTime,
                                pageNumber,
                                recentPostsCache,
-                                maxRecentPosts)
+                                maxRecentPosts,
                                signingPrivateKeyPem)
    if postHtml:
        return postHtml
@ -1179,7 +1183,8 @@ def individualPostAsHtml(allowDownloads: bool,
        getAvatarImageUrl(session,
                          baseDir, httpPrefix,
                          postActor, personCache,
-                          avatarUrl, allowDownloads)
+                          avatarUrl, allowDownloads,
                          signingPrivateKeyPem)
    _logPostTiming(enableTimingLog, postStartTime, '5')
@ -1193,14 +1198,16 @@ def individualPostAsHtml(allowDownloads: bool,
        postActorWf = \
            webfingerHandle(session, postActorHandle, httpPrefix,
                            cachedWebfingers,
-                            domain, __version__, False, False)
+                            domain, __version__, False, False,
                            signingPrivateKeyPem)
        avatarUrl2 = None
        displayName = None
        if postActorWf:
            (inboxUrl, pubKeyId, pubKey,
             fromPersonId, sharedInbox,
-             avatarUrl2, displayName) = getPersonBox(baseDir, session,
+             avatarUrl2, displayName) = getPersonBox(signingPrivateKeyPem,
                                                     baseDir, session,
                                                     postActorWf,
                                                     personCache,
                                                     projectVersion,
@ -1261,7 +1268,8 @@ def individualPostAsHtml(allowDownloads: bool,
                             allowLocalNetworkAccess,
                             recentPostsCache, False,
                             systemLanguage,
-                             domainFull, personCache)
+                             domainFull, personCache,
                             signingPrivateKeyPem)
        if not postJsonAnnounce:
            # if the announce could not be downloaded then mark it as rejected
            rejectPostId(baseDir, nickname, domain, postJsonObject['id'],
@ -1691,7 +1699,7 @@ def htmlIndividualPost(cssCache: {},
                       peertubeInstances: [],
                       allowLocalNetworkAccess: bool,
                       themeName: str, systemLanguage: str,
-                       maxLikeCount: int) -> str:
+                       maxLikeCount: int, signingPrivateKeyPem: str) -> str:
    """Show an individual post as html
    """
    postStr = ''
@ -1723,7 +1731,8 @@ def htmlIndividualPost(cssCache: {},
        postStr += followStr + '</p>\n'
    postStr += \
-        individualPostAsHtml(True, recentPostsCache, maxRecentPosts,
+        individualPostAsHtml(signingPrivateKeyPem,
                             True, recentPostsCache, maxRecentPosts,
                             translate, None,
                             baseDir, session, cachedWebfingers, personCache,
                             nickname, domain, port, postJsonObject,
@ -1748,7 +1757,8 @@ def htmlIndividualPost(cssCache: {},
            postJsonObject = loadJson(postFilename)
            if postJsonObject:
                postStr = \
-                    individualPostAsHtml(True, recentPostsCache,
+                    individualPostAsHtml(signingPrivateKeyPem,
                                         True, recentPostsCache,
                                         maxRecentPosts,
                                         translate, None,
                                         baseDir, session, cachedWebfingers,
@ -1781,7 +1791,8 @@ def htmlIndividualPost(cssCache: {},
            # add items to the html output
            for item in repliesJson['orderedItems']:
                postStr += \
-                    individualPostAsHtml(True, recentPostsCache,
+                    individualPostAsHtml(signingPrivateKeyPem,
                                         True, recentPostsCache,
                                         maxRecentPosts,
                                         translate, None,
                                         baseDir, session, cachedWebfingers,
@ -1818,14 +1829,16 @@ def htmlPostReplies(cssCache: {},
                    peertubeInstances: [],
                    allowLocalNetworkAccess: bool,
                    themeName: str, systemLanguage: str,
-                    maxLikeCount: int) -> str:
+                    maxLikeCount: int,
                    signingPrivateKeyPem: str) -> str:
    """Show the replies to an individual post as html
    """
    repliesStr = ''
    if repliesJson.get('orderedItems'):
        for item in repliesJson['orderedItems']:
            repliesStr += \
-                individualPostAsHtml(True, recentPostsCache,
+                individualPostAsHtml(signingPrivateKeyPem,
                                     True, recentPostsCache,
                                     maxRecentPosts,
                                     translate, None,
                                     baseDir, session, cachedWebfingers,
--- a/webapp_profile.py
+++ b/webapp_profile.py
@ -84,7 +84,8 @@ def htmlProfileAfterSearch(cssCache: {},
                           themeName: str,
                           accessKeys: {},
                           systemLanguage: str,
-                           maxLikeCount: int) -> str:
+                           maxLikeCount: int,
                           signingPrivateKeyPem: str) -> str:
    """Show a profile page after a search for a fediverse address
    """
    http = False
@ -94,7 +95,8 @@ def htmlProfileAfterSearch(cssCache: {},
    elif httpPrefix == 'gnunet':
        gnunet = True
    profileJson, asHeader = \
-        getActorJson(domain, profileHandle, http, gnunet, debug, False)
+        getActorJson(domain, profileHandle, http, gnunet, debug, False,
                     signingPrivateKeyPem)
    if not profileJson:
        return None
@ -251,7 +253,8 @@ def htmlProfileAfterSearch(cssCache: {},
            '</div>\n'
    userFeed = \
-        parseUserFeed(session, outboxUrl, asHeader, projectVersion,
+        parseUserFeed(signingPrivateKeyPem,
                      session, outboxUrl, asHeader, projectVersion,
                      httpPrefix, domain, debug)
    if userFeed:
        i = 0
@ -268,7 +271,8 @@ def htmlProfileAfterSearch(cssCache: {},
                continue
            profileStr += \
-                individualPostAsHtml(True, recentPostsCache, maxRecentPosts,
+                individualPostAsHtml(signingPrivateKeyPem,
                                     True, recentPostsCache, maxRecentPosts,
                                     translate, None, baseDir,
                                     session, cachedWebfingers, personCache,
                                     nickname, domain, port,
@ -466,7 +470,8 @@ def _getProfileHeaderAfterSearch(baseDir: str,
    return htmlStr
-def htmlProfile(rssIconAtTop: bool,
+def htmlProfile(signingPrivateKeyPem: str,
                rssIconAtTop: bool,
                cssCache: {}, iconsAsButtons: bool,
                defaultTimeline: str,
                recentPostsCache: {}, maxRecentPosts: int,
@ -491,7 +496,8 @@ def htmlProfile(rssIconAtTop: bool,
    if not nickname:
        return ""
    if isSystemAccount(nickname):
-        return htmlFrontScreen(rssIconAtTop,
+        return htmlFrontScreen(signingPrivateKeyPem,
                               rssIconAtTop,
                               cssCache, iconsAsButtons,
                               defaultTimeline,
                               recentPostsCache, maxRecentPosts,
@ -851,7 +857,8 @@ def htmlProfile(rssIconAtTop: bool,
                              peertubeInstances,
                              allowLocalNetworkAccess,
                              theme, systemLanguage,
-                              maxLikeCount) + licenseStr
+                              maxLikeCount,
                              signingPrivateKeyPem) + licenseStr
    elif selected == 'following':
        profileStr += \
            _htmlProfileFollowing(translate, baseDir, httpPrefix,
@ -860,7 +867,7 @@ def htmlProfile(rssIconAtTop: bool,
                                  cachedWebfingers, personCache, extraJson,
                                  projectVersion, ["unfollow"], selected,
                                  usersPath, pageNumber, maxItemsPerPage,
-                                  dormantMonths, debug)
+                                  dormantMonths, debug, signingPrivateKeyPem)
    elif selected == 'followers':
        profileStr += \
            _htmlProfileFollowing(translate, baseDir, httpPrefix,
@ -869,7 +876,8 @@ def htmlProfile(rssIconAtTop: bool,
                                  cachedWebfingers, personCache, extraJson,
                                  projectVersion, ["block"],
                                  selected, usersPath, pageNumber,
-                                  maxItemsPerPage, dormantMonths, debug)
+                                  maxItemsPerPage, dormantMonths, debug,
                                  signingPrivateKeyPem)
    elif selected == 'roles':
        profileStr += \
            _htmlProfileRoles(translate, nickname, domainFull,
@ -911,7 +919,8 @@ def _htmlProfilePosts(recentPostsCache: {}, maxRecentPosts: int,
                      peertubeInstances: [],
                      allowLocalNetworkAccess: bool,
                      themeName: str, systemLanguage: str,
-                      maxLikeCount: int) -> str:
+                      maxLikeCount: int,
                      signingPrivateKeyPem: str) -> str:
    """Shows posts on the profile screen
    These should only be public posts
    """
@ -939,7 +948,8 @@ def _htmlProfilePosts(recentPostsCache: {}, maxRecentPosts: int,
        for item in outboxFeed['orderedItems']:
            if item['type'] == 'Create':
                postStr = \
-                    individualPostAsHtml(True, recentPostsCache,
+                    individualPostAsHtml(signingPrivateKeyPem,
                                         True, recentPostsCache,
                                         maxRecentPosts,
                                         translate, None,
                                         baseDir, session, cachedWebfingers,
@ -972,7 +982,8 @@ def _htmlProfileFollowing(translate: {}, baseDir: str, httpPrefix: str,
                          feedName: str, actor: str,
                          pageNumber: int,
                          maxItemsPerPage: int,
-                          dormantMonths: int, debug: bool) -> str:
+                          dormantMonths: int, debug: bool,
                          signingPrivateKeyPem: str) -> str:
    """Shows following on the profile screen
    """
    profileStr = ''
@ -999,7 +1010,8 @@ def _htmlProfileFollowing(translate: {}, baseDir: str, httpPrefix: str,
                          dormantMonths)
        profileStr += \
-            _individualFollowAsHtml(translate, baseDir, session,
+            _individualFollowAsHtml(signingPrivateKeyPem,
                                    translate, baseDir, session,
                                    cachedWebfingers, personCache,
                                    domain, followingActor,
                                    authorized, nickname,
@ -2068,7 +2080,8 @@ def htmlEditProfile(cssCache: {}, translate: {}, baseDir: str, path: str,
    return editProfileForm
-def _individualFollowAsHtml(translate: {},
+def _individualFollowAsHtml(signingPrivateKeyPem: str,
                            translate: {},
                            baseDir: str, session,
                            cachedWebfingers: {},
                            personCache: {}, domain: str,
@ -2095,11 +2108,13 @@ def _individualFollowAsHtml(translate: {},
    followUrlWf = \
        webfingerHandle(session, followUrlHandle, httpPrefix,
                        cachedWebfingers,
-                        domain, __version__, debug, False)
+                        domain, __version__, debug, False,
                        signingPrivateKeyPem)
    (inboxUrl, pubKeyId, pubKey,
     fromPersonId, sharedInbox,
-     avatarUrl2, displayName) = getPersonBox(baseDir, session,
+     avatarUrl2, displayName) = getPersonBox(signingPrivateKeyPem,
                                             baseDir, session,
                                             followUrlWf,
                                             personCache, projectVersion,
                                             httpPrefix, followUrlNickname,
--- a/webapp_search.py
+++ b/webapp_search.py
@ -575,7 +575,8 @@ def htmlHistorySearch(cssCache: {}, translate: {}, baseDir: str,
                      allowLocalNetworkAccess: bool,
                      themeName: str, boxName: str,
                      systemLanguage: str,
-                      maxLikeCount: int) -> str:
+                      maxLikeCount: int,
                      signingPrivateKeyPem: str) -> str:
    """Show a page containing search results for your post history
    """
    if historysearch.startswith("'"):
@ -641,7 +642,8 @@ def htmlHistorySearch(cssCache: {}, translate: {}, baseDir: str,
        showIndividualPostIcons = True
        allowDeletion = False
        postStr = \
-            individualPostAsHtml(True, recentPostsCache,
+            individualPostAsHtml(signingPrivateKeyPem,
                                 True, recentPostsCache,
                                 maxRecentPosts,
                                 translate, None,
                                 baseDir, session, cachedWebfingers,
@ -680,7 +682,8 @@ def htmlHashtagSearch(cssCache: {},
                      peertubeInstances: [],
                      allowLocalNetworkAccess: bool,
                      themeName: str, systemLanguage: str,
-                      maxLikeCount: int) -> str:
+                      maxLikeCount: int,
                      signingPrivateKeyPem: str) -> str:
    """Show a page containing search results for a hashtag
    or after selecting a hashtag from the swarm
    """
@ -816,7 +819,8 @@ def htmlHashtagSearch(cssCache: {},
        avatarUrl = None
        showAvatarOptions = True
        postStr = \
-            individualPostAsHtml(allowDownloads, recentPostsCache,
+            individualPostAsHtml(signingPrivateKeyPem,
                                 allowDownloads, recentPostsCache,
                                 maxRecentPosts,
                                 translate, None,
                                 baseDir, session, cachedWebfingers,
--- a/webapp_timeline.py
+++ b/webapp_timeline.py
@ -423,7 +423,8 @@ def htmlTimeline(cssCache: {}, defaultTimeline: str,
                 textModeBanner: str,
                 accessKeys: {}, systemLanguage: str,
                 maxLikeCount: int,
-                 sharedItemsFederatedDomains: []) -> str:
+                 sharedItemsFederatedDomains: [],
                 signingPrivateKeyPem: str) -> str:
    """Show the timeline as html
    """
    enableTimingLog = False
@ -854,7 +855,8 @@ def htmlTimeline(cssCache: {}, defaultTimeline: str,
                    # read the post from disk
                    currTlStr = \
-                        individualPostAsHtml(False, recentPostsCache,
+                        individualPostAsHtml(signingPrivateKeyPem,
                                             False, recentPostsCache,
                                             maxRecentPosts,
                                             translate, pageNumber,
                                             baseDir, session,
@ -1079,7 +1081,8 @@ def htmlShares(cssCache: {}, defaultTimeline: str,
               textModeBanner: str,
               accessKeys: {}, systemLanguage: str,
               maxLikeCount: int,
-               sharedItemsFederatedDomains: []) -> str:
+               sharedItemsFederatedDomains: [],
               signingPrivateKeyPem: str) -> str:
    """Show the shares timeline as html
    """
    manuallyApproveFollowers = \
@ -1102,7 +1105,7 @@ def htmlShares(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlWanted(cssCache: {}, defaultTimeline: str,
@ -1127,7 +1130,8 @@ def htmlWanted(cssCache: {}, defaultTimeline: str,
               textModeBanner: str,
               accessKeys: {}, systemLanguage: str,
               maxLikeCount: int,
-               sharedItemsFederatedDomains: []) -> str:
+               sharedItemsFederatedDomains: [],
               signingPrivateKeyPem: str) -> str:
    """Show the wanted timeline as html
    """
    manuallyApproveFollowers = \
@ -1150,7 +1154,7 @@ def htmlWanted(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlInbox(cssCache: {}, defaultTimeline: str,
@ -1175,7 +1179,8 @@ def htmlInbox(cssCache: {}, defaultTimeline: str,
              textModeBanner: str,
              accessKeys: {}, systemLanguage: str,
              maxLikeCount: int,
-              sharedItemsFederatedDomains: []) -> str:
+              sharedItemsFederatedDomains: [],
              signingPrivateKeyPem: str) -> str:
    """Show the inbox as html
    """
    manuallyApproveFollowers = \
@ -1198,7 +1203,7 @@ def htmlInbox(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlBookmarks(cssCache: {}, defaultTimeline: str,
@ -1223,7 +1228,8 @@ def htmlBookmarks(cssCache: {}, defaultTimeline: str,
                  textModeBanner: str,
                  accessKeys: {}, systemLanguage: str,
                  maxLikeCount: int,
-                  sharedItemsFederatedDomains: []) -> str:
+                  sharedItemsFederatedDomains: [],
                  signingPrivateKeyPem: str) -> str:
    """Show the bookmarks as html
    """
    manuallyApproveFollowers = \
@ -1246,7 +1252,7 @@ def htmlBookmarks(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlInboxDMs(cssCache: {}, defaultTimeline: str,
@ -1271,7 +1277,8 @@ def htmlInboxDMs(cssCache: {}, defaultTimeline: str,
                 textModeBanner: str,
                 accessKeys: {}, systemLanguage: str,
                 maxLikeCount: int,
-                 sharedItemsFederatedDomains: []) -> str:
+                 sharedItemsFederatedDomains: [],
                 signingPrivateKeyPem: str) -> str:
    """Show the DM timeline as html
    """
    return htmlTimeline(cssCache, defaultTimeline,
@ -1289,7 +1296,7 @@ def htmlInboxDMs(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlInboxReplies(cssCache: {}, defaultTimeline: str,
@ -1314,7 +1321,8 @@ def htmlInboxReplies(cssCache: {}, defaultTimeline: str,
                     textModeBanner: str,
                     accessKeys: {}, systemLanguage: str,
                     maxLikeCount: int,
-                     sharedItemsFederatedDomains: []) -> str:
+                     sharedItemsFederatedDomains: [],
                     signingPrivateKeyPem: str) -> str:
    """Show the replies timeline as html
    """
    return htmlTimeline(cssCache, defaultTimeline,
@ -1333,7 +1341,7 @@ def htmlInboxReplies(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlInboxMedia(cssCache: {}, defaultTimeline: str,
@ -1358,7 +1366,8 @@ def htmlInboxMedia(cssCache: {}, defaultTimeline: str,
                   textModeBanner: str,
                   accessKeys: {}, systemLanguage: str,
                   maxLikeCount: int,
-                   sharedItemsFederatedDomains: []) -> str:
+                   sharedItemsFederatedDomains: [],
                   signingPrivateKeyPem: str) -> str:
    """Show the media timeline as html
    """
    return htmlTimeline(cssCache, defaultTimeline,
@ -1377,7 +1386,7 @@ def htmlInboxMedia(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlInboxBlogs(cssCache: {}, defaultTimeline: str,
@ -1402,7 +1411,8 @@ def htmlInboxBlogs(cssCache: {}, defaultTimeline: str,
                   textModeBanner: str,
                   accessKeys: {}, systemLanguage: str,
                   maxLikeCount: int,
-                   sharedItemsFederatedDomains: []) -> str:
+                   sharedItemsFederatedDomains: [],
                   signingPrivateKeyPem: str) -> str:
    """Show the blogs timeline as html
    """
    return htmlTimeline(cssCache, defaultTimeline,
@ -1421,7 +1431,7 @@ def htmlInboxBlogs(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlInboxFeatures(cssCache: {}, defaultTimeline: str,
@ -1447,7 +1457,8 @@ def htmlInboxFeatures(cssCache: {}, defaultTimeline: str,
                      textModeBanner: str,
                      accessKeys: {}, systemLanguage: str,
                      maxLikeCount: int,
-                      sharedItemsFederatedDomains: []) -> str:
+                      sharedItemsFederatedDomains: [],
                      signingPrivateKeyPem: str) -> str:
    """Show the features timeline as html
    """
    return htmlTimeline(cssCache, defaultTimeline,
@ -1466,7 +1477,7 @@ def htmlInboxFeatures(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlInboxNews(cssCache: {}, defaultTimeline: str,
@ -1491,7 +1502,8 @@ def htmlInboxNews(cssCache: {}, defaultTimeline: str,
                  textModeBanner: str,
                  accessKeys: {}, systemLanguage: str,
                  maxLikeCount: int,
-                  sharedItemsFederatedDomains: []) -> str:
+                  sharedItemsFederatedDomains: [],
                  signingPrivateKeyPem: str) -> str:
    """Show the news timeline as html
    """
    return htmlTimeline(cssCache, defaultTimeline,
@ -1510,7 +1522,7 @@ def htmlInboxNews(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
 def htmlOutbox(cssCache: {}, defaultTimeline: str,
@ -1535,7 +1547,8 @@ def htmlOutbox(cssCache: {}, defaultTimeline: str,
               textModeBanner: str,
               accessKeys: {}, systemLanguage: str,
               maxLikeCount: int,
-               sharedItemsFederatedDomains: []) -> str:
+               sharedItemsFederatedDomains: [],
               signingPrivateKeyPem: str) -> str:
    """Show the Outbox as html
    """
    manuallyApproveFollowers = \
@ -1555,4 +1568,4 @@ def htmlOutbox(cssCache: {}, defaultTimeline: str,
                        authorized, None, theme, peertubeInstances,
                        allowLocalNetworkAccess, textModeBanner,
                        accessKeys, systemLanguage, maxLikeCount,
-                        sharedItemsFederatedDomains)
+                        sharedItemsFederatedDomains, signingPrivateKeyPem)
--- a/webapp_utils.py
+++ b/webapp_utils.py
@ -232,7 +232,8 @@ def setBlogAddress(actorJson: {}, blogAddress: str) -> None:
    _setActorPropertyUrl(actorJson, 'Blog', removeHtml(blogAddress))
-def updateAvatarImageCache(session, baseDir: str, httpPrefix: str,
+def updateAvatarImageCache(signingPrivateKeyPem: str,
                           session, baseDir: str, httpPrefix: str,
                           actor: str, avatarUrl: str,
                           personCache: {}, allowDownloads: bool,
                           force: bool = False, debug: bool = False) -> str:
@ -299,7 +300,7 @@ def updateAvatarImageCache(session, baseDir: str, httpPrefix: str,
                'Accept': 'application/ld+json; profile="' + prof + '"'
            }
        personJson = \
-            getJson(session, actor, sessionHeaders, None,
+            getJson(signingPrivateKeyPem, session, actor, sessionHeaders, None,
                    debug, __version__, httpPrefix, None)
        if personJson:
            if not personJson.get('id'):
@ -1113,7 +1114,8 @@ def htmlHighlightLabel(label: str, highlight: bool) -> str:
 def getAvatarImageUrl(session,
                      baseDir: str, httpPrefix: str,
                      postActor: str, personCache: {},
-                      avatarUrl: str, allowDownloads: bool) -> str:
+                      avatarUrl: str, allowDownloads: bool,
                      signingPrivateKeyPem: str) -> str:
    """Returns the avatar image url
    """
    # get the avatar image url for the post actor
@ -1122,11 +1124,13 @@ def getAvatarImageUrl(session,
            getPersonAvatarUrl(baseDir, postActor, personCache,
                               allowDownloads)
        avatarUrl = \
-            updateAvatarImageCache(session, baseDir, httpPrefix,
+            updateAvatarImageCache(signingPrivateKeyPem,
                                   session, baseDir, httpPrefix,
                                   postActor, avatarUrl, personCache,
                                   allowDownloads)
    else:
-        updateAvatarImageCache(session, baseDir, httpPrefix,
+        updateAvatarImageCache(signingPrivateKeyPem,
                               session, baseDir, httpPrefix,
                               postActor, avatarUrl, personCache,
                               allowDownloads)
--- a/webfinger.py
+++ b/webfinger.py
@ -63,7 +63,8 @@ def _parseHandle(handle: str) -> (str, str, bool):
 def webfingerHandle(session, handle: str, httpPrefix: str,
                    cachedWebfingers: {},
                    fromDomain: str, projectVersion: str,
-                    debug: bool, groupAccount: bool) -> {}:
+                    debug: bool, groupAccount: bool,
                    signingPrivateKeyPem: str) -> {}:
    """Gets webfinger result for the given ActivityPub handle
    """
    if not session:
@ -98,9 +99,8 @@ def webfingerHandle(session, handle: str, httpPrefix: str,
        }
    try:
        result = \
-            getJson(session, url, hdr, par,
+            getJson(signingPrivateKeyPem, session, url, hdr, par,
-                    debug, projectVersion,
+                    debug, projectVersion, httpPrefix, fromDomain)
                    httpPrefix, fromDomain)
    except Exception as e:
        print('ERROR: webfingerHandle ' + str(e))
        return None