Why AWS4 Signature Does Not Match?

Question

I am using AWS4 to generate signature and passing in request header. Generated signature is not getting validated.

const opts = {
        service: 's3',
        region: 'region-name',
        method: 'GET',
        host: 's3-{region-name}.amazonaws.com',
        path: '/',
    };

I am using following code snipped to generate signature

   var signature =  aws4.sign(opts, {
      accessKeyId: 'XXXXXX',
      secretAccessKey: 'XXXXXXXXXXXXXXXXXXXX',
    });

And updating request header for AutoUpdater(some module) which ultimately hits aws.

autoUpdater.requestHeaders = signature.headers;

Ending up with error message

<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

Any suggestion to get this worked ?

The most likely explanation is that the parameters you are using do not match what's actually in your request. There is no tolerance for inconsistencies. Is the request really for the path `/`? If so, that is a List Objects request, and you didn't mention what kind of request you are actually making. — Michael - sqlbot, Jul 26 '19 at 14:57
Just hit this exact same issue @SteadyReader - did you ever resolve? — JTInfinite, Oct 26 '19 at 20:24
@JTInfinite - Not yet. could not get enough to resolve it. so, still in my tech-parking area. — CoronaVirus, Nov 06 '19 at 09:32

score 0 · Answer 1 · answered Jul 26 '19 at 07:36

0

To Calculate a signature

1.Create a policy using UTF-8 encoding.

2.Convert the UTF-8-encoded policy to Base64. The result is the string to sign.

3.Create the signature as an HMAC-SHA256 hash of the string to sign. You will provide the signing key as key to the hash function.

4.Encode the signature by using hex encoding.

Hope this will help.

Thanks Mukesh

answered Jul 26 '19 at 07:36

Mukesh Prajapat

51
2

any reference available in nodejs ?? – CoronaVirus Jul 26 '19 at 07:38
Please use below links for reference https://nodejs.org/en/docs/ https://www.w3schools.com/nodejs/ref_modules.asp https://docs.launchdarkly.com/docs/node-sdk-reference – Mukesh Prajapat Jul 26 '19 at 07:44
S3 `GET` requests do not use a base64-encoded policy. – Michael - sqlbot Jul 26 '19 at 14:58

score 0 · Answer 2 · answered Jul 26 '19 at 07:39

Try this:

request(aws4.sign({
hostname: 'test.amazonAPI.com',
service: 'execute-api',
region: 'us-east-1',
method: 'POST',
url: 'https://test.amazonAPI.com/test/doThing', // this field is not 
recommended in the document.
  body: load
 },
{
accessKeyId: tempCreds.Credentials.AccessKeyId,
secretAccessKey: tempCreds.Credentials.SecretAccessKey,
sessionToken: tempCreds.Credentials.SessionToken
}))

Why AWS4 Signature Does Not Match?

2 Answers2