Hi,
I am following this php code and am trying to reproduce it with nL.
http://webtutsdepot.com/2009/10/13/amazon-signed-request-php/
I cannot figure out if this is a two part transaction or just a single query.
Would anyone know if I need an initial aws server response from the get-url command in order to complete the rest of building the url that will make the request with the aws signature?
Like do I need to say 'knock knock', and use part of their 'whos there' response in order to generate my signature?
Thanks for help!
joejoe
I'm no expert on AWS API, but from reading the PHP, it looks like it's a single handshake, but it relies on a prior agreement between you and Amazon about the thingies called "$publicKey" and "$privateKey". Basically it seems to be a matter of scrambling the original request with the private key, then issue the compound request of that scramble together with the public key, for getting the request to be serviced.
Ok great, that is what I had hoped, thank you very much Ralph!
And would I be correct to use this module that Lutz has already created?
http://www.newlisp.org/code/modules/crypto.lsp.html#crypto_hmac
or just use the
http://www.newlisp.org/code/modules/crypto.lsp.html#crypto_sha256
Thanks again!
I'm pretty sure it'd be the
Then it needs
Got it, thanks Ralph! Much appreciated!! :D
Hi and thanks!
I think I got to the signature:
("131 37 166 173 32 246 42 23 198 156 244 102 148 91 171 80 252 115 124 141 246 64
19 94 85 112 145 181 2 189 98 73")
When I use an online hex decoder I get this: qf3"FB#V$Aq%!AA$fAHQQ!s
Looks like a signature!
How would I decode the hex in nL to produce this signature?
I have tried different things with char and format but am still swinging at it.
Thank you very much for the help! :D
If I helps anyone, here is how I have gotten this far:
(module "crypto.lsp")
(set 'output1 (crypto:hmac crypto:sha256 "GET
ecs.amazonaws.com
/onca/xml
AWSAccessKeyId= AAAAAAAAAAAAAAAAAAA&AssociateTag=PutYourAssociateTagHere&Keywords=newlisp&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2016-11-05T10%3A25%3A14.000Z&Version=2011-08-01" "BBBBBBBBBBBBBBBBBBBBBBBBBBBBB"))
(set 'output2 (unpack (dup "b" (length output1)) output1))
(set 'output3 (crypto:hmac crypto:sha256 "GET
ecs.amazonaws.com
/onca/xml
AWSAccessKeyId= AAAAAAAAAAAAAAAAAAA&AssociateTag=PutYourAssociateTagHere&Keywords= newlisp&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2016-11-05T10%3A25%3A14.000Z&Version=2011-08-01" (string output2)))
(set 'signature-hex (unpack (dup "b" (length output3)) output3))
(println signature-hex)
(exit)
Wouldn't the "hexdigest" merely be something like this?
Hi and thank you for help,
Here is what I am running:
(module "crypto.lsp")
(set 'pubkey "aa")
(set 'privkey "bb")
(set 'timestamp (string (date (date-value) 320 "%Y") "-" (date (date-value) 320 "%m") "-" (date (date-value) 320 "%d") "T" (date (date-value) 320 "%H") "%3A" (date (date-value) 0 "%M") "%3A" (date (date-value) 320 "%S") "Z"))
(println timestamp)
(set 'output1 (crypto:hmac crypto:sha256 "GET
ecs.amazonaws.com
/onca/xml
AWSAccessKeyId=" (silent pubkey) "&Keywords=newlisp&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=" (silent timestamp) "&Version=2011-08-01" (silent privkey)))
(set 'output2 (unpack (dup "b" (length output1)) output1))
(set 'output3 (crypto:hmac crypto:sha256 "GET
ecs.amazonaws.com
/onca/xml
AWSAccessKeyId=" (silent pubkey) "&Keywords= newlisp&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=" (silent timestamp) "&Version=2011-08-01" (string output2)))
(set 'signature-hex (unpack (dup "b" (length output3)) output3))
(println (join (map (curry format "%02x") signature-hex)))
(exit)
I get a new timestamp but the signature doesn't change when I re-execute it.
Thanks for any tip!
Maybe you meant to have
Hi and thanks,
I want to back up to make sure I have the HMAC SHA256 signature calculating correctly.
I am trying this:
webservices.amazon.co.uk
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Actor=Johnny%20Depp&AssociateTag=mytag-20&Operation=ItemSearch&Operation=ItemSearch&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews%2CVariations&SearchIndex=DVD&Service=AWSECommerceService&Sort=salesrank&Timestamp=2016-12-15T01%3A42%3A01.000Z&Version=2013-08-01") "1234567890"))
(set 'signature-hex (unpack (dup "b" (length output1)) output1))
(println (join (map (curry format "%02x") signature-hex)))
I get this:
On the AWS tester tool[1], it says the HMAC signature should be this:
With an online HMAC generator tester tool[2] set to SHA256, it says I should get this signature:
Anyone know which is correct? Thanks! :D
[1] https://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html
[2] https://www.freeformatter.com/hmac-generator.html#ad-output
I think the issue may be with line breaks.
When I do this:
(set 'signature-hex (unpack (dup "b" (length output1)) output1))
(println (join (map (curry format "%02x") signature-hex)))
I get this:
The online HMAC generator tester confirms the same:
However, when I try to put a line break in the string with:
two" "1234567890"))
I get this:
However, the online HMAC tool shows this:
And in the online HMAC tool I am inputting in the string so it has the line break:
two
Getting close!!
Would there be any clues out there?
Thank you!!!
An online tool, using a form, would typically digest line ends as rj, whereas a *nix system would prefer using j only, and a mac system would rather favour r for line endings. The AWS tool you pointed at some posts earlier appears to compute the signature using j line endings. And it also scrambles the hmac output by both base64 encoding then url-encoding.
Ok gotcha thanks.
I got the signatures generating correctly with your message help, Ralph.
This did it and a few tweaks to finalize the url formatting got successful api calls.
Thanks all for the help!