How to generate an AWS4 signature


  • Admin

    Hello guys, so people don't seem to understand how to generate an AWS4 signature using blocks.

    This is the LoliScript code for the example given here https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html

    SET VAR "KEY" "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
    SET VAR "DATE" "20120215"
    SET VAR "REGION" "us-east-1"
    SET VAR "SERVICE" "iam"
    
    UTILITY Conversion UTF8 BASE64 "AWS4<KEY>" -> VAR "KSECRET_B64" 
    UTILITY Conversion BASE64 HEX "<KSECRET_B64>" -> VAR "KSECRET_HEX" 
    FUNCTION HMAC SHA256 "<KSECRET_B64>" HmacBase64=TRUE KeyBase64=TRUE "<DATE>" -> VAR "KDATE_B64" 
    UTILITY Conversion BASE64 HEX "<KDATE_B64>" -> VAR "KDATE_HEX" 
    FUNCTION HMAC SHA256 "<KDATE_B64>" HmacBase64=TRUE KeyBase64=TRUE "<REGION>" -> VAR "KREGION_B64" 
    UTILITY Conversion BASE64 HEX "<KREGION_B64>" -> VAR "KREGION_HEX" 
    FUNCTION HMAC SHA256 "<KREGION_B64>" HmacBase64=TRUE KeyBase64=TRUE "<SERVICE>" -> VAR "KSERVICE_B64" 
    UTILITY Conversion BASE64 HEX "<KSERVICE_B64>" -> VAR "KSERVICE_HEX" 
    FUNCTION HMAC SHA256 "<KSERVICE_B64>" HmacBase64=TRUE KeyBase64=TRUE "aws4_request" -> VAR "KSIGNING_B64" 
    UTILITY Conversion BASE64 HEX "<KSIGNING_B64>" -> VAR "KSIGNING_HEX" 
    FUNCTION ToLowercase "<KSIGNING_HEX>" -> VAR "SIGNATURE" 
    

    Of course you will have to change the 4 variables declared at the beginning of the script according to your specific case.

    Note: The BASE64 to HEX conversions aren't actually useful for getting the signature (except for the last one) so you can skip them, they are just there to make sure every step matches with the ones given on the AWS example documentation.

    Have a good one,

    Ruri



  • Thanks, bro really cool, but i don't understand how we can get the key ?


  • Admin

    I guess it's given to you by AWS?


  • Banned

    i got confused, this is only to generate the signing_key, right? and not the signature

    alt text


  • Admin

    Yeah that's right


  • Banned

    my problem is the string to sign

    AWS4-HMAC-SHA256\n20150830T123600Z\n20150830/us-east-1/iam/aws4_request\nf536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

    i put this sample as constant and output should be
    like:
    AWS4-HMAC-SHA256
    20150830T123600Z
    20150830/us-east-1/iam/aws4_request
    f536975d06c0309214f805bb90ccff089219ecd68b2577efef23edd43b7e1a59

    but its not doable on OB, any suggestion?


  • Admin

    If you want to send \n in the post data you have to write \\n otherwise it interprets it as a new line. If you want to actually have new lines, just write \n in the post data


  • Banned

    actually that is not from post data 😞
    i thought OB will interpret \n as new line even on FUNCTION constant.


  • Admin

    No I only added it for the post data, sorry. Post a feature request on github if you want that


  • Banned


Log in to reply