[英]How can I calculate an AWS API signature (v4) in python?
I'm attempting to generate a signature for an Amazon Glacier upload request, using the example requests and example functions provided by the AWS documentation, but I can't make it work. 我正在尝试使用AWS文档提供的示例请求和示例函数为Amazon Glacier上传请求生成签名,但我无法使其正常工作。 At this point, I'm certain I'm missing something incredibly obvious: 在这一点上,我确信我错过了一些非常明显的东西:
#!/bin/env python
import hmac
import hashlib
# This string to sign taken from: http://docs.amazonwebservices.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html#example-signature-calculation
sts = """AWS4-HMAC-SHA256
20120525T002453Z
20120525/us-east-1/glacier/aws4_request
5f1da1a2d0feb614dd03d71e87928b8e449ac87614479332aced3a701f916743"""
# These two functions taken from: http://docs.amazonwebservices.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).hexdigest()
# The fake secret key is provided by the referenced docs
def getSignatureKey():
kDate = sign(("AWS4" + "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY").encode('utf-8'), "20120525")
kRegion = sign(kDate, "us-east-1")
kService = sign(kRegion, "glacier")
kSigning = sign(kService, "aws4_request")
return kSigning
signature = sign(getSignatureKey(), sts)
print signature
If I run my program, I get the following hash: 如果我运行我的程序,我得到以下哈希:
$ python test.py
3431315da57da4df28f92895c75364d94b36c745896ad3e580c0a6ae403b1e05
Yet the docs clearly state: 然而,文件明确指出:
If the secret access key, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY, is used, then the calculated signature is: 如果使用秘密访问密钥wJalrXUtnFEMI / K7MDENG / bPxRfiCYEXAMPLEKEY,则计算的签名为:
3ce5b2f2fffac9262b4da9256f8d086b4aaf42eba5f111c21681a65a127b7c2a 3ce5b2f2fffac9262b4da9256f8d086b4aaf42eba5f111c21681a65a127b7c2a
What am I missing? 我错过了什么?
Your function differs from theirs in one respect. 您的功能在某方面与他们的功能不同。 You're doing 你在做
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).hexdigest()
but they're doing 但他们正在做
def sign(key, msg):
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
So your derived key is wrong. 所以你的派生密钥是错误的。 You only want to be using hexdigest at the last step of the process, not when calculating the signing key. 您只希望在流程的最后一步使用hexdigest,而不是在计算签名密钥时使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.