I am trying to create a signed S3 URL using Javascript and NodeJS. I used this specification.
var crypto = require('crypto'), date = 1331290899, resource = '/myfile.txt', awskey = "XXXX", awssecret = "XXXX"; var stringToSign ='GET\n\n\n' + date + '\n\n' + resource; var sig = encodeURIComponent(crypto.createHmac('sha1', awssecret).update(stringToSign ).digest('base64')); var url = "https://s3-eu-west-1.amazonaws.com/mybucket" + resource + "?AWSAccessKeyId=" + awskey + "&Expires="+ date + "&Signature="+ sig
This creates a URL similar to this:
https://s3-eu-west-1.amazonaws.com/mybucket/test.txt?AWSAccessKeyId=XXXXXX&Expires=1331290899&Signature=EciGxdQ1uOqgFDCRon4vPqTiCLc%3D
However, when accessing it, the following error appears:
SignatureDoesNotMatch The request signature we calculated does not match the signature you provided. Check your key and signing method.
What am I doing wrong when creating a signature?
EDIT - AN ATTEMPT WITH KNOX
Now I'm trying to use Knox to create a signed URL. I need to add headers asking me to force download. I edited the following:
Added amazonHeaders: 'response-content-disposition:attachment', in client.signedUrl- http://jsfiddle.net/BpGNM/1/
Added options.amazonHeaders + '\n' + to auth.queryStringToSign - http://jsfiddle.net/6b8Tm/
The message that is now sent to auth.hmacSha1 to create the whitefish:
'GET\n\n\n1321374212\nresponse-content-disposition:attachment\n/meshmesh-dev/test/Readme.md'
Then I tried to access the new URL using response-content-disposition=attachment , added as GET var. However, I still get the same error that was mentioned above.