我正在尝试通过 REST Web API 连接到 DynamoDB,它要求我使用 HMAC-SHA256 生成签名。我已经让 SHA-256 工作了,但我似乎无法让 HMAC 工作,这里是 C++ 代码(使用 OpenSSL)
string hmac(string key, string msg)
{
unsigned char hash[32];
HMAC_CTX hmac;
HMAC_CTX_init(&hmac);
HMAC_Init_ex(&hmac, &key[0], key.length(), EVP_sha256(), NULL);
HMAC_Update(&hmac, (unsigned char*) &msg[0], msg.length());
unsigned int len = 32;
HMAC_Final(&hmac, hash, &len);
HMAC_CTX_cleanup(&hmac);
stringstream ss;
for (int i = 0; i < len; i++)
{
ss << hex << ( unsigned int )hash[i];
}
return ss.str();
}
这是对 hmac 的调用
/*********************************************CALCULATE SIGNATURE****************************************************************/
string AWS4 = "AWS4" + secretKey;
string Kdate = hmac(AWS4.data(), dateStamp);
string Kregion = hmac(Kdate.data(), region);
string Kservice = hmac(Kregion.data(), service);
string signingkey = hmac(Kservice.data(), "aws4_request");
string signature = hmac(signingkey.data(), stringToSign);
string authoritzationHeader = algorithm + " Credential=" + accessKey + "/" + credential_scope + ", SignedHeaders=" + signedHeaders + ", Signature=" + signature;
这是我基于的 Python 代码:
def sign(key, msg):
return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def getSignatureKey(key, date_stamp, regionName, serviceName):
kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)
kRegion = sign(kDate, regionName)
kService = sign(kRegion, serviceName)
kSigning = sign(kService, 'aws4_request')
print 'Kdate: ' + kDate
print 'Kregion: ' + kRegion
print 'Kservice: ' + kService
return kSigning
给定相同的值,它们会产生不同的结果。谁能帮我解释这是为什么吗?谢谢。