|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
Signature Version 4 requires that you sign your message using a key that is derived from your secret access key rather than using the secret access key. To calculate a signature, you must first derive a signing key from your AWS secret access key. Then, you use the string to sign that you created in Task 2: Create a String to Sign for Signature Version 4 and your derived signing key as the inputs to a keyed hash function. The hex encoded result from the keyed hash function is the signature.
To calculate a signature
Derive your signing key by using your secret access key to create a series of Hash-based
Message Authentication Codes (HMACs) as shown by the following pseudocode,
HMAC(key, data) represents an HMAC-SHA256 function that
returns output in binary format.
Pseudocode for deriving a signing key
Your AWS Secret Access KeykDate = HMAC("AWS4" + kSecret, Date) kRegion = HMAC(kDate, Region) kService = HMAC(kRegion, Service) kSigning = HMAC(kService, "aws4_request")
Ensure that you specify the HMAC parameters in the correct order (the key is the first parameter and the content is the second parameter). Some languages might reverse the order of these parameters.
Use the digest for the key derivation. Most languages have functions to compute either a binary format hash, commonly called digest, or a hex encoded hash, called hexdigest. The key derivation requires that you use digest.
As an example of a signing key, the follow two samples show sample inputs to deriving a
signing key and the resulting output, where kSecret =
The following example uses the same parameters from the sample request in
Task 1 and Task 2 (a request to IAM in the
on September 09, 2011).
The follow example is the resulting signing key:
Sample signing key
kSigning = \x98\xf1\xd8\x89\xfe\xc4\xf4B\x1a\xdcR+\xab\x0c\xe1\xf8.i)\xc2b\xed\x15\xe5\xa9L\x90\xef\xd1\xe3\xb0\xe7
Use your derived signing key and your string to sign as inputs to the keyed hash function that you use to calculate the signature.
The following pseudocode shows how to calculate the signature.
signature = HexEncode(HMAC(
The following example shows the resulting signature if you use the sample signing key and the sample string to sign from Task 2: