Calculating a Signature

You can create a signature that enables you to secure and authenticate your API requests.

To calculate this signature, you first need to create a signing key from your secret key. The signing key is more secure since it is specific to the date, the service and the Region.

You must hash this signing key and the string to sign created in Creating a String to Sign with a cryptographic hash function. The result of this hash is the signature.

You can then add the signature to your request in Adding a Signature to Your API Request.

You do not need to do this procedure if you use OSC CLI, AWS CLI, or an SDK for your API request.

Before you begin: Complete the Creating a String to Sign procedure.

  1. Create the signing key. To do so, refer to the following pseudocode:

    Example of creation of a signing key
    kSecret = your secret key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
    Example of creation of a signing key with the example parameters
    HMAC(HMAC(HMAC(HMAC("AWS4" + kSecret,"20180915"),"eu-west-2"),"ec2"),"aws4_request")

    To create the signing key, you hash your secret key with a cryptographic hash function in order to create authentication messages (HMAC).

    Ensure you comply with the following rules:

    • The date must be in the YYYYMMDD format. The time is not included.

    • The order of the parameters can change depending on the function you use. Ensure you specify the parameters in the correct order.

    • The hash function must calculate a binary format hash.

    The signing key is created.

    Example of signing key
    94ba451c3de6da68ea51d42482c5c51b7503b74e4933a36717817d7c5c1fa4bc

  2. Calculate the signature. To do so, refer to the following pseudocode:

    signature = HexEncode(HMAC(signing key, string to sign))

    • To calculate the signature, you hash the signing key that you have created and the string to sign created in Creating a String to Sign with a cryptographic hash function.

    • The order of the parameters can change depending on the function that you use. Ensure you specify the parameters in the correct order.

    The signature is created.

    Example of signature
    8522c3bcf28f7c39dd7667ccf86a8d31718ca04d56d39d48649119d48021f567

    You can add the signature to your request in Adding a Signature to Your API Request.

Related Pages

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.

Export to PDF