Amazon CloudFront
Developer Guide (API Version 2014-11-06)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Using Linux Commands and OpenSSL for Base64-Encoding and Encryption

You can use Linux command-line commands and OpenSSL to:

  • Base64-encode the policy statement and replace invalid characters with valid characters.

  • Convert the policy statement into a signature.

For information about OpenSSL, go to http://www.openssl.org.

Base64-Encoding the Policy Statement

The following Linux command Base64-encodes the policy statement (in the file policy) and replaces characters that are not valid in URL query string parameters with characters that are valid:

1 cat policy | 2 openssl base64 | 3 tr '+=/' '-_~'

where:

cat sends the policy file to openssl.

OpenSSL Base64-encodes the file.

tr replaces characters that are not valid in URL query string parameters with characters that are valid.

Converting the Policy Statement into a Signature

The following Linux command hashes, signs, and Base64-encodes the policy statement to create a signature:

1 cat policy | 2 openssl sha1 -sign private-key.pem | 3 openssl base64 | 4 tr '+=/' '-_~'

where:

cat sends the Base64-encoded policy file to OpenSSL.

OpenSSL hashes the file using SHA-1 and signs it using the private key file private-key.pem.

OpenSSL Base64-encodes the hashed and signed policy statement.

tr replaces characters that are not valid in URL query string parameters with characters that are valid.

Note

Remove whitespace, if any, from the resulting signature.

For code examples that demonstrate creating a signature in several programming languages see Code and Examples for Creating a Signature for a Signed URL.