根据此页面:Examples of How to Derive a Signing Key for Signature Version 4

这段代码的结果:

$kSecret = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";

$kDate = hash_hmac('sha256', "20120215", "AWS4" . $kSecret);
echo "date: " . $kDate . "<br>";

$kRegion = hash_hmac('sha256', "us-east-1", $kDate);
echo "region: " . $kRegion . "<br>";

$kService = hash_hmac('sha256', "iam", $kRegion);
echo "service: " . $kService . "<br>";

$kSigning = hash_hmac('sha256', "aws4_request", $kService);
echo "signing: " . $kSigning . "<br>";

应该打印:
kDate    = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'

kRegion  = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'

kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'

kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'

因此,我得到的kDate是正确的。我得到值时kRegion不正确:
a59e30f9d899c47b3dd68ea1c0ab3bb529e03a8f4ed2f54cb64af547330a22a0

我尝试使用此网站来计算HMAC(hmac generator),并且得到相同的结果。

php - AWS4签名 key -本教程是否错误?-LMLPHP

我真的很想知道页面是否错误。谁能解释这是我的错还是AWS的错?

谢谢

最佳答案

  • 您应该了解这些值是二进制的并且以十六进制形式打印
  • 您正在通过十六进制传递日期。您应该在调用hash_hmac之前将其转换为二进制并传递给它。或将其存储在二进制文件中,并在十六进制
  • 中进行打印
  • 您从未提到您使用的语言。我不得不谷歌找出您正在使用什么语言。在PHP中,您可以传递: $ raw_output = true 以获取二进制字符串
  • 将字符串n存储为二进制,并在打印之前将其转换为hex

  • 由于我不熟悉PHP,因此我在Python中尝试了同样的方法,并且输出与预期输出匹配。看看我如何将其转换为十六进制并打印。
    import hmac
    import hashlib
    from base64 import b16encode as b16
    
    def sign(key, msg):
        return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
    
    def getSignatureKey(key, dateStamp, regionName, serviceName):
        kDate = sign(("AWS4" + key).encode("utf-8"), dateStamp)
        print b16(kDate)
        kRegion = sign(kDate, regionName)
        print b16(kRegion)
        kService = sign(kRegion, serviceName)
        print b16(kService)
        kSigning = sign(kService, "aws4_request")
        print b16(kSigning)
        return kSigning
    
    key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
    dateStamp = '20120215'
    regionName = 'us-east-1'
    serviceName = 'iam'
    
    getSignatureKey(key, dateStamp, regionName, serviceName)
    

    输出
    969FBB94FEB542B71EDE6F87FE4D5FA29C789342B0F407474670F0C2489E0A0D
    69DAA0209CD9C5FF5C8CED464A696FD4252E981430B10E3D3FD8E2F197D7A70C
    F72CFD46F26BC4643F06A11EABB6C0BA18780C19A8DA0C31ACE671265E3C87FA
    F4780E2D9F65FA895F9C67B32CE1BAF0B0D8A43505A000A1A9E090D414DB404D
    

    PHP
    string hash_hmac ( string $algo , string $data , string $key [, bool $raw_output = false ] )
    

    关于php - AWS4签名 key -本教程是否错误?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/40746016/

    10-11 06:31
    查看更多