|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
Before you calculate a signature, you derive a signing key from your AWS secret access key. (You don't just use your secret access key to sign the request.) You then use the derived key and the string to sign that you created in Task 2: Create a String to Sign for Signature Version 4 as the inputs to a keyed hash function. The hex encoded result from the keyed hash function is the signature.
To calculate a signature
Derive your signing key by using your secret access key to create a series of hash-based
message authentication codes (HMACs) as shown by the following pseudocode, where
HMAC(key, data) represents an HMAC-SHA256 function that returns output in
Pseudocode for deriving a signing key
Your AWS Secret Access KeykDate = HMAC("AWS4" + kSecret, Date) kRegion = HMAC(kDate, Region) kService = HMAC(kRegion, Service) kSigning = HMAC(kService, "aws4_request")
The date used in the hashing process is just the date (for example,
not a complete date and time.
Make sure that you specify the HMAC parameters in the correct order (the key is the first parameter and the content is the second parameter). In some progamming languages, the HMAC function might reverse the order of these parameters.
Use the digest for the key derivation. Most languages have functions to compute either a binary format hash, commonly called digest, or a hex encoded hash, called hexdigest. The key derivation requires that you use digest.
As an example of a signing key, the follow two samples show sample inputs to deriving a
signing key and the resulting output, where kSecret =
The following example uses the same parameters from the sample request in Task 1 and Task
2 (a request to IAM in the
region on September 09, 2011).
The follow example shows the signing key that results from this sequence of HMAC hash operations, using the inputs shown in the previous example. This representation shows the digit represenation of each byte in the binary derived key.
Sample signing key
152 241 216 137 254 196 244 66 26 220 82 43 171 12 225 248 46 105 41 194 98 237 21 229 169 76 144 239 209 227 176 231
Use your derived signing key and your string to sign as inputs to the keyed hash function that you use to calculate the signature.
The following pseudocode shows how to calculate the signature.
signature = HexEncode(HMAC(
The following example shows the resulting signature if you use the sample signing key and the sample string to sign from Task 2: