Amazon CloudFront
Developer Guide (API Version 2016-09-29)

Using a Linux Command and OpenSSL for Base64-Encoding and Encryption

You can use the following Linux command-line command and OpenSSL to hash and sign the policy statement, base64-encode the signature, and replace characters that are not valid in URL query string parameters with characters that are valid.

For information about OpenSSL, go to http://www.openssl.org.


						1
					cat policy | 
						3
					tr -d "\n" | tr -d " \t\n\r" | 
						3
					openssl sha1 -sign private-key.pem | 
						4
					openssl base64 | 
						5
					tr -- '+=/' '-_~'

where:


					1
				cat reads the policy file.


					2
				tr -d "\n" | tr -d " \t\n\r" removes the white spaces and newline character that were added by cat.


					3
				OpenSSL hashes the file using SHA-1 and signs it using RSA and the private key file private-key.pem.


					4
				OpenSSL base64-encodes the hashed and signed policy statement.


					5
				tr replaces characters that are not valid in URL query string parameters with characters that are valid.

For code examples that demonstrate creating a signature in several programming languages see Code Examples for Creating a Signature for a Signed URL.