diff --git a/lib/activitypub/federate.ts b/lib/activitypub/federate.ts
index f8be6bb..73bb639 100644
--- a/lib/activitypub/federate.ts
+++ b/lib/activitypub/federate.ts
@@ -113,12 +113,13 @@ export async function signAndSend(activity: Activity, inbox: string) {
 	const inboxFragment = inbox.replace("https://" + targetDomain, "");
 	const date = new Date();
 	const privKey = (await fs.readFile(process.env.PRIV_KEY_PEM!)).toString();
+	const bodyDigest = crypto.createHash("sha256").update(JSON.stringify(activity)).digest("base64");
+	const stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${date.toUTCString()}\ndigest: SHA-256=${bodyDigest}`;
 	const signer = crypto.createSign("sha256");
-	const stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${date.toUTCString()}`;
 	signer.update(stringToSign);
 	signer.end();
 	const signature = signer.sign(privKey, "base64");
-	const header = `keyId="https://${domain}/ap/actor#main-key",headers="(request-target) host date",signature="${signature}"`;
+	const header = `keyId="https://${domain}/ap/actor#main-key",headers="(request-target) host date digest",signature="${signature}"`;
 	console.log("Sending:", activity);
 	console.log("stringToSign:", stringToSign);
 	console.log("Signature: " + header);
@@ -127,12 +128,13 @@ export async function signAndSend(activity: Activity, inbox: string) {
 		headers: {
 			"Host": targetDomain,
 			"Date": date.toUTCString(),
+			"Digest": `SHA-256=${bodyDigest}`,
 			"Signature": header,
 			"Accept": "application/activity+json, application/json"
 		},
 		method: "POST",
 		json: true,
-		body: activity
+		body: activity,
 	}, (err, res) => {
 		console.log("Sent message to inbox at", targetDomain);
 		if (err) console.log("Error:", err, res);