For some reason, I'm struggling with signing generation for my Amazon S3 boot policy. I swear it worked for me at some point, but no more. Any help is appreciated. I need a fresh set of eyes.
Compared to Amazon S3 Signature Tester , I donβt get the same signature. However, when I directly use the signature coming out of this tool, everything works fine. So the problem is definitely in my signing process. In addition, the "String to be signed", decoded in hexadecimal, exits from this tool, is identical to my input policy, signed.
AWS docs says the process of creating a policy signature should look like this:
- Policy encoding using UTF-8.
- Encode these UTF-8 bytes with Base64.
- Sign the policy using the private access key using the HMAC SHA-1.
- Encode SHA-1 signature with Base64.
It seems quite straightforward. The only place for ambiguity can be at No. 3. AWS docs show a sample fragment for generating HMAC-SHA1 , and this is consistent with other Java cryptography examples I've seen.
I am using v1.6 to implement Apache Commons Base64. My signing code basically looks like this:
import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64; private static final String UTF8 = "UTF-8"; private static final String HMACSHA1 = "HmacSHA1"; public static String sign(String secret, String data) { byte[] dataBytes = data.getBytes(UTF8); byte[] secretBytes = secret.getBytes(UTF8); SecretKeySpec signingKey = new SecretKeySpec(secretBytes, HMACSHA1); Mac mac = Mac.getInstance(HMACSHA1); mac.init(signingKey); byte[] signature = mac.doFinal(dataBytes); return Base64.encodeBase64String(signature); }
And then my use of this signing is as follows:
String signature = sign( , );
source share