Computing an HMAC-SHA signature
Question
I'm writing a module for Amazon's SimpleDB. They require REST requests to be signed using HMAC-SHA algorithm. ( Details here. )
I'm told that there is a function to computer this signature, but I can't find it in the documentation . What is the function called, and what do its arguments look like?
3 answers
solution1
1 2011-04-11 18:35:36
The HMAC is a standard function that can be found in crypto libraries for most platforms. Amazon shows several examples on the documentaion page you link to.
For Java, you can find it in javax.crypto.Mac
For .Net, look in System.Security.Cryptography
For KRL , I haven't found any built-in stock solution. Since it seems possible to embed javascript, the jsSHA implemenation could be useful. There is a sha1 function in the math library, and implementing HMAC according to RFC2104 doesn't seem that difficult.
solution2
1 ACCPTED 2011-04-12 17:55:44
EDITED: The following should work:
pre {
message = "Four score and seven years ago";
key = "Abe Lincoln";
signature = math:hmac_sha256_base64(message, key);
}
notify("Signature is", signature);
The function is math:hmac_sha256_base64(<datastring>,<keystring>)
solution3
1 2011-05-20 16:24:02
To sign strings with embedded newlines (AWS I'm talking to you!) you have to do the following (based on the AWS S3 example)
pre {
raw_string = uri:unescape("GET%0A%0A%0AWed, 28 Mar 2007 01:29:59 +0000%0A/");
sample_key = "uV3F3YluFJax1cknvbcGwgjvx4QpvB+leU8dUj2o";
signature = math:hmac_sha1_base64(raw_string, sample_key);
expected = "Db+gepJSUbZKwpx1FR0DLtEYoZA=";
passfail = (signature eq expected) => "pass" | "fail";
}
The uri:decode() function returns a string with proper newlines, where \\n\\n\\n does not. You might have to add trailing '=' to the signature.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.