Last updated in 2017, the ActivityPub wiki provides provides a hint about the implementation of HTTP signatures in S2S communications. There are various ad-hoc implementations in bookwyrm, pagure or go-fed. It is unclear how the compatibility between them can be verified: that would require an embedable test environment similar to the go-fed testsuite.
For some reason (maybe because the message below references it), the http signature draft spec is the “cavage” variant although there is a more recent version that is is not authored by an individual. It is unclear what the differences are.
Signing requests using HTTP Signatures
Server to server federation is authenticated using HTTP Signatures in conjunction with the signing key from the actor’s publicKey field. The keyId should link to the actor so that the publicKey field can be retrieved. At minimum, the digest field should be included in the set of headers being signed.
There is a plugin for DRF that would nicely abstract the logic from the fedeproxy logic, but it has not been updated in seven years and is therefore unlikely to work out of the box with the more recent versions. Another option would be to do something similar to pagure and use requests-http-signature to abstract some of the logic.