AWS4签名密钥-本教程是否错误? [英] AWS4 Signature key - is this tutorial wrong?
本文介绍了AWS4签名密钥-本教程是否错误?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
根据此页面:
我真的很想知道页面是否错误.谁能解释这是我的错还是AWS的错?
谢谢
解决方案
- 您应该了解这些值是二进制且以十六进制形式打印
- 您正在以十六进制形式传递日期.您应该在调用
hash_hmac
之前将其转换为二进制文件并通过.或将其存储为二进制文件并以十六进制格式打印 - 您从未提到您使用的语言.我不得不谷歌找出您正在使用什么语言.在PHP中,您可以传递: $ raw_output = true 以获取二进制字符串
- 将字符串n存储为二进制,并在打印之前将其转换为
hex
.
由于我不熟悉PHP,因此我在Python中尝试了相同的操作,并且输出与预期输出匹配.看看我如何将其转换为十六进制并打印.
导入hmac导入hashlib从base64导入b16encode为b16def sign(key,msg):返回hmac.new(key,msg.encode("utf-8"),hashlib.sha256).digest()def getSignatureKey(key,dateStamp,regionName,serviceName):kDate = sign(("AWS4" + key).encode("utf-8"),dateStamp)打印b16(kDate)kRegion =符号(kDate,regionName)打印b16(kRegion)kService =符号(kRegion,serviceName)打印b16(kService)kSigning =符号(kService,"aws4_request")打印b16(kSigning)返回kSigning键='wJalrXUtnFEMI/K7MDENG + bPxRfiCYEXAMPLEKEY'dateStamp ='20120215'regionName ='us-east-1'serviceName ='iam'getSignatureKey(key,dateStamp,regionName,serviceName)
输出
<代码> 969FBB94FEB542B71EDE6F87FE4D5FA29C789342B0F407474670F0C2489E0A0D69DAA0209CD9C5FF5C8CED464A696FD4252E981430B10E3D3FD8E2F197D7A70CF72CFD46F26BC4643F06A11EABB6C0BA18780C19A8DA0C31ACE671265E3C87FAF4780E2D9F65FA895F9C67B32CE1BAF0B0D8A43505A000A1A9E090D414DB404D
PHP
string hash_hmac(字符串$ algo,字符串$ data,字符串$ key [,bool $ raw_output = false])
According to this page: Examples of How to Derive a Signing Key for Signature Version 4
The result of this code:
$kSecret = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
$kDate = hash_hmac('sha256', "20120215", "AWS4" . $kSecret);
echo "date: " . $kDate . "<br>";
$kRegion = hash_hmac('sha256', "us-east-1", $kDate);
echo "region: " . $kRegion . "<br>";
$kService = hash_hmac('sha256', "iam", $kRegion);
echo "service: " . $kService . "<br>";
$kSigning = hash_hmac('sha256', "aws4_request", $kService);
echo "signing: " . $kSigning . "<br>";
should print:
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'
So, kDate I get is correct. kRegion is not correct as I get the value:
a59e30f9d899c47b3dd68ea1c0ab3bb529e03a8f4ed2f54cb64af547330a22a0
I have tried using this website to calculate the HMAC (hmac generator) and I get the same result.
I really wonder if the page is wrong. Can anyone explain if it's my fault or AWS fault?
Thank you
解决方案
- You should understand the values are binary and printed in hexadecimal form
- You are passing date in hexadecimal. You should convert it to binary and pass it before calling
hash_hmac
. Or store it in binary and print the same in hexadecimal - You never mentioned the language you are using. I had to google to find out what language you are using. In PHP, you can pass: $raw_output = true to get the binary string
- Store the strings n binary and convert them to
hex
before printing.
Since I am not familiar with PHP, I tried the same in Python and the output matched the expected output. See how I convert it to hex and print.
import hmac
import hashlib
from base64 import b16encode as b16
def sign(key, msg):
return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, dateStamp, regionName, serviceName):
kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
print b16(kDate)
kRegion = sign(kDate, regionName)
print b16(kRegion)
kService = sign(kRegion, serviceName)
print b16(kService)
kSigning = sign(kService, "aws4_request")
print b16(kSigning)
return kSigning
key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
getSignatureKey(key, dateStamp, regionName, serviceName)
Output
969FBB94FEB542B71EDE6F87FE4D5FA29C789342B0F407474670F0C2489E0A0D
69DAA0209CD9C5FF5C8CED464A696FD4252E981430B10E3D3FD8E2F197D7A70C
F72CFD46F26BC4643F06A11EABB6C0BA18780C19A8DA0C31ACE671265E3C87FA
F4780E2D9F65FA895F9C67B32CE1BAF0B0D8A43505A000A1A9E090D414DB404D
PHP
string hash_hmac ( string $algo , string $data , string $key [, bool $raw_output = false ] )
这篇关于AWS4签名密钥-本教程是否错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文