Creating a String to Sign

You can create a string to sign which contains the information of your request and the hash of the canonical request you created in Creating a Canonical Request.

You need to use this string to sign and a signing key you create later on to calculate the signature in Calculating a Signature.

To create the string to sign, you need to concatenate the following elements:

  • The signing algorithm

  • The date and time

  • The credential information

  • The hash of the canonical request

You do not need to do this procedure if you use OSC CLI, AWS CLI, or an SDK for your API request.

Before you begin: Complete the Creating a Canonical Request procedure.

  1. Specify the signing algorithm following this syntax (where \n is a newline character):

    Example of algorithm
    AWS4-HMAC-SHA256\n

    The signing algorithm corresponds to the function you used to calculate the hash of the canonical request. For example, if you used the SHA-256 function, the algorithm is AWS4-HMAC-SHA256.

  2. Add the date of the request following this syntax (where \n is a newline character):

    Example of request date
    20180915T163400Z\n

    This date must match the one you specified in Creating a Canonical Request and follow this format: YYYYMMDD’T’HHMMSS’Z'.

  3. Add the credential information following this syntax (where \n is a newline character):

    Example of credential information
    20180915/eu-west-2/ec2/aws4_request\n

    This string must include the following elements, separated by slash characters (/):

    • the date, in the following format: YYYYMMDD

    • the Region to which you send the request

    • the service you are requesting

    • a termination string

  4. Add the hash of the canonical request you created in Creating a Canonical Request.

    Example of hash of a canonical request
    0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32

    The hashed canonical request must be lowercase base-16 encoded. For more information, see the section 8 of the RFC 4648.

    The string to sign is created.

    Example of string to sign
    AWS4-HMAC-SHA256
20180915T163400Z
20180915/eu-west-2/ec2/aws4_request
0547bdda2966fc9a3a76269a3193bed373a56072cfa77949936bc2a556016f32

    You must use the string to sign to create the signature in Calculating a Signature.

Related Pages

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.