问题
I am following this example
http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
and trying to reproduce the 64 character string for the signature which they state as...
aeeed9bbccd4d02ee5c0109b86d86835f995330da4c265957d157751f604d404
I have successful matched the hex digeset for the Canonical Request and positive that the StringToSign string is correct.
The last piece is calculating the signing_key and signature. This is where I am hitting a road block using the provided ruby function 'getSignatureKey'
http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-ruby
signing_key = getSignatureKey secret_access_key, current_date, region, aws_service
signature = OpenSSL::HMAC.digest('sha256', signing_key, string_to_sign)
def getSignatureKey key, dateStamp, regionName, serviceName
kDate = OpenSSL::HMAC.digest('sha256', "AWS4" + key, dateStamp)
kRegion = OpenSSL::HMAC.digest('sha256', kDate, regionName)
kService = OpenSSL::HMAC.digest('sha256', kRegion, serviceName)
kSigning = OpenSSL::HMAC.digest('sha256', kService, "aws4_request")
kSigning
end
The current output for 'signature' is this strange sequence of characters.
��ٻ���.�����h5��3 ��e�}wQ��
What am I missing to get the signature to equal...
aeeed9bbccd4d02ee5c0109b86d86835f995330da4c265957d157751f604d404
回答1:
I can't tell from your post but those are quite possibly exactly the same results, formatted differently.
Your code returns the raw result of the HMAC operation - this is arbitrary binary data so it's not going to print as anything readable. Amazon expect you to provide the hex representation for each byte: your first couple of bytes are "\xae\xee" instead of "aeee"
The easiest way to do this is call hexdigest rather than digest. Note that you should only do this for the final HMAC (when you sign the string to sign with the signing key) not when constructing the signing key
回答2:
It's possible that your "strange sequence of characters" is in fact the correct output.
OpenSSL::HMAC.digest spits out a value represented in binary, and you are comparing that to a value represented in hex
Check to see what happens when you print out the signature after converting it to hex representation like so:
signature.each_byte.map { |b| "%02x" % b }.join
来源:https://stackoverflow.com/questions/30011035/unable-to-reproduce-aws-signature-from-example-using-hmac-sha256