使用R的摘要包向Amazon Dynamodb的API签署HTTP请求

Question

我尝试使用Rs Digest包为亚马逊的Dynamodb API创建签名。签名需要sha256。目前，我正在测试R的摘要包，看看它的输出结果是否正确。

根据亚马逊网站示例，如果我的输入是：

输入："iam"

然后我的输出应该是：

有针对性的输出：'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'

当我使用以下R命令时：

digest("iam", algo="sha256", serialize=FALSE)

我得到以下输出：

"d457e3a99392a03f47057f50ac1cbc5d0365131575477971bf85177a0c0fed22"

我尝试了各种输入组合（设置serialize = TRUE等），但没有运气。

更新

Per Rohit的回复，我更新了我的R功能和方法，但我还没有得到正确的样本签名。以下是我的步骤：

1. 基于亚马逊Calculate AWS Signature Example

2. 现在使用以下R公式/脚本：

hmac（hmac（hmac（＆＃34; AWS4wJalrXUtnFEMI / K7MDENG + bPxRfiCYEXAMPLEKEY＆＃34;，＆＃34; 20110909＆＃34;，＆＃34; sha256＆＃34 ;, serialize = FALSE，raw = FALSE） ，＆＃34; us-east-1＆＃34;，＆＃34; sha256＆＃34;，serialize = FALSE，raw = FALSE），＆＃34; iam＆＃34;，＆＃34; sha256＆＃34;， serialize = FALSE，raw = FALSE），＆＃34; aws4_request＆＃34;，＆＃34; sha256＆＃34;，serialize = TRUE，raw = TRUE）

1. 获得此结果：

   fe bd 1​​5 b6 ac 8d 68 7a 93 f9 1c 9c dc 9e f8 d9 f1 79 fb a8 62 71 14 98 3a 35 0c 09 a0 ea 2e f5

与亚马逊示例中的示例签名不匹配：

152 241 216 137 254 196 244 66 26 220 82 43 171 12 225 248 46 105 41 194 98 237 21 229 169 76 144 239 209 227 176 231

我尝试在R函数上更改参数，但似乎无法匹配Amazon示例。如果有人对此有一些经验，或者看起来我做错了，我会感激你的意见。感谢

Answer 1

I think there are two places where the problem lies.

Firstly, the AWS v4 Signature is an HMAC using the AWS secret key as a secret (among other things). The HMAC process uses a cryptographic hash like MD5 or SHA256, but it not just a hash of a single piece of data ("iam" in your case) - it also needs a 'secret'. I guess you would be more interested in the hmac function in R - it can use SHA256 as an 'algo'.

Secondly, if you look at the Java example of how a signature is calculated and the expected values:

static byte[] HmacSHA256(String data, byte[] key) throws Exception  {
    String algorithm="HmacSHA256";
    Mac mac = Mac.getInstance(algorithm);
    mac.init(new SecretKeySpec(key, algorithm));
    return mac.doFinal(data.getBytes("UTF8"));
}

static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName) throws Exception  {
    byte[] kSecret = ("AWS4" + key).getBytes("UTF8");
    byte[] kDate    = HmacSHA256(dateStamp, kSecret);
    byte[] kRegion  = HmacSHA256(regionName, kDate);
    byte[] kService = HmacSHA256(serviceName, kRegion);
    byte[] kSigning = HmacSHA256("aws4_request", kService);
    return kSigning;
}

Expected Values

kSecret  = '41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559'
kDate    = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion  = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'

You see that the kService is calculated using kRegion, which calculated using kDate, which itself is calculated using the AWS secret key. So you would have to do something similar to calculate the signature.