Amazon S3 – Authenticating REST – bug in documentation

Document Amazon S3 – Authenticating REST says that you should generate authentication signature using following code:

"Authorization: AWS " + AWSAccessKeyId + ":"
   + base64(hmac-sha1(VERB + "\n"
   + CONTENT-MD5 + "\n"
   + CONTENT-TYPE + "\n"
   + DATE + "\n"
   + CanonicalizedAmzHeaders + "\n"
   + CanonicalizedResource))

In documentation you can find following instructions:
The string to be signed is formed by appending the REST verb, content-md5 value, content-type value, date value, canonicalized x-amz headers, and the resource; all separated by newlines.

I followed instructions, but server always responded in the same stubborn fashion:

Code: SignatureDoesNotMatch
Message: The request signature we calculated does not match the signature you provided. Check your key and signing method.

The problem was that my request didn’t contain any AmzHeader and therefore CanonicalizedAmzHeaders was empty string followed by new line. That’s wrong.

If CanonizalizedAmzHeaders is empty string then there MUST NOT be new line!

Correct string for signing in case when AmzHeader is empty:

"Authorization: AWS " + AWSAccessKeyId + ":"
   + base64(hmac-sha1(VERB + "\n"
   + CONTENT-MD5 + "\n"
   + CONTENT-TYPE + "\n"
   + DATE + "\n"
   + CanonicalizedResource))

31. January 2011 at 16:22 - Software engineering (Tags: , , , , , , , , , ).

  • Where’s the fish?

  • Further info

  • Twitter

    • I consider using delay/sleep in IoT methods as bad practice. It reminds me of goto in old days of C. Just try it without delay... Be async
    • I'd like to report IoT success: Temperature -> DHT -> ESP8266 -> WiFi -> MQTT -> Node Red -> Influx DB -> Grafana.
    • Lamp ESP8266 code updated and WiFiManager is working. Here you can read about some gotchas with WiFiManager: t.co/ZlAzCFE5dh

    Follow @jurajmichalek on twitter.

  • Tags

  • Topics

  • Comments