How to specify Server side encryption with S3 pre signed urls?

Question

This is a S3 issue so I am posting this here and not in the Salesforce stackexchange.

Basically my Salesforce code generates pre-signed urls for S3. These are consumed by the front end to upload and download files.

This is working perfectly. Now we need to specify SSE (server side encryption). Based on the documentation, SSE-S3 does not work with pre signed urls.

http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

So I have to use SSE with customer generated keys. http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html

Here the text says this: When creating a presigned URL, you must specify the algorithm using the x-amz-server-side​-encryption​-customer-algorithm in the signature calculation.

This is how I am calculating my signature and it is working fine with upload and download of files into the bucket sans the encryption.

public string getStringToSign() {
        // ==== CONSTRUCT THE STRING TO SIGN ====
        string stringToSign = S3Connection.AWS_HEADER_ENCRYPTION_SCHEME + '\n'
            + this.dateStampISO + '\n'
            + this.dateStampYYYYMMDD + '/' + this.awsRegion + '/s3/aws4_request' + '\n'
            + EncodingUtil.convertToHex(Crypto.generateDigest(S3Connection.AWS_ENCRYPTION_SCHEME, blob.valueOf(this.getRequestString())));
        return stringToSign;
    }

    public blob getSigningKey() {
        // ==== GENERATE THE SIGNING KEY ====
        Blob dateKey = Crypto.generateMac('hmacSHA256', Blob.valueOf(this.dateStampYYYYMMDD), Blob.valueOf('AWS4' + this.accessSecret));
        Blob dateRegionKey = Crypto.generateMac('hmacSHA256', Blob.valueOf(this.awsRegion), dateKey);
        Blob dateRegionServiceKey = Crypto.generateMac('hmacSHA256', blob.valueOf(this.awsServiceName), dateRegionKey);
        Blob signingKey = Crypto.generateMac('hmacSHA256', blob.valueOf('aws4_request'), dateRegionServiceKey);
        //Blob signingKey2 = Crypto.generateMac('hmacSHA256', blob.valueOf('x-amz-server-side​-encryption​-customer-algorithm'), signingKey);
        return signingKey;
    }
    public string getSignature() {
        // ==== GENERATE THE SIGNATURE ====
        return this.generateSignature(this.getStringToSign(), this.getSigningKey());
    }

    public string generateSignature(string stringToSign, blob signingKey) {
        blob signatureBlob = Crypto.generateMac('hmacSHA256', blob.valueOf(stringToSign), signingKey);
        return EncodingUtil.convertToHex(signatureBlob);
    }

So my question is how do I add "x-amz-server-side​-encryption​-customer-algorithm" in this signature calculation.

Thanks in advance!