stackoom
  简体   繁体   中英

How can I calculate an AWS API signature (v4) in python?

 原文  2012-10-22 20:21:03       python/ amazon-web-services/ hmac/ amazon-glacier

Question

I'm attempting to generate a signature for an Amazon Glacier upload request, using the example requests and example functions provided by the AWS documentation, but I can't make it work. At this point, I'm certain I'm missing something incredibly obvious: 

#!/bin/env python

import hmac
import hashlib

# This string to sign taken from: http://docs.amazonwebservices.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html#example-signature-calculation
sts = """AWS4-HMAC-SHA256
20120525T002453Z
20120525/us-east-1/glacier/aws4_request
5f1da1a2d0feb614dd03d71e87928b8e449ac87614479332aced3a701f916743"""

# These two functions taken from: http://docs.amazonwebservices.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python
def sign(key, msg):
    return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).hexdigest()

# The fake secret key is provided by the referenced docs
def getSignatureKey():
    kDate = sign(("AWS4" + "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY").encode('utf-8'), "20120525")
    kRegion = sign(kDate, "us-east-1")
    kService = sign(kRegion, "glacier")
    kSigning = sign(kService, "aws4_request")
    return kSigning

signature = sign(getSignatureKey(), sts)
print signature

If I run my program, I get the following hash: 

$ python test.py
3431315da57da4df28f92895c75364d94b36c745896ad3e580c0a6ae403b1e05

Yet the docs clearly state:

If the secret access key, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY, is used, then the calculated signature is:

3ce5b2f2fffac9262b4da9256f8d086b4aaf42eba5f111c21681a65a127b7c2a

What am I missing?

1 answers

solution1
 6 ACCPTED  2012-10-22 22:35:05

Your function differs from theirs in one respect. You're doing 

def sign(key, msg):
  return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).hexdigest()

but they're doing 

def sign(key, msg):
  return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

So your derived key is wrong. You only want to be using hexdigest at the last step of the process, not when calculating the signing key.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using boto for AWS S3 Buckets for Signature V4 How to use FindReplace for specify sheetname by Google API V4 Python Python-gitlab API V4 Setting Max Results in API v4 (python) Google API v4 for Python KeyError: '_module' Python example of how to get formatting information from a cell in Google Sheets API v4? How to get Top 50 Sessions from Google Analytics Reporting API v4 Python How to use Google sheet API V4 insert note in cell by python Python Google Sheets API v4: How to do Batch Get and Batch Update Google sheets? Unexpected response with Google Safe Browsing API v4 and Python requests
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM