Archived Forum Post

Index of archived forum posts

Question:

Help with AWS signature version 4 using chilkat's crypt2 ActiveX component

Feb 15 '16 at 11:40

Hi

I've been trying to sign AWS requests using Chilkat's crypt2 ActiveX object

Amazon have a python example here:

http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html

I'm trying to re-write this in VBscript using crypt2, however I can't get these Python functions working in VBScript:

def sign(key, msg):
    return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

Here's my (not working) VBScript functions:

function sign_KeyBytes(bytekey, msg)
  crypt.HashAlgorithm = "sha256"
  crypt.Charset = "utf-8"
  crypt.SetHmacKeyBytes bytekey
  sign_KeyBytes = crypt.HashString(msg)
end function

function sign_KeyString(key, msg)
  crypt.HashAlgorithm = "sha256"
  crypt.Charset = "utf-8"
  crypt.SetHmacKeyString key
  sign_KeyString = crypt.HashString(msg)
end function

function getSignatureKey(key, dateStamp, regionName, serviceName)
  dim kDate : kDate = sign_KeyString("AWS4" + key, dateStamp)
  dim kRegion : kRegion = sign_KeyBytes(kDate, regionName)
  dim kService : kService = sign_KeyBytes(kRegion, serviceName)
  dim kSigning : kSigning = sign_KeyBytes(kService, "aws4_request")
  getSignatureKey = kSigning
end function

The VBScript only works if the required output is hex.

Can anybody help?

Cheers

Dave


Answer

Hi! If you're needing the Signature V4 for S3 requests via Chilkat HTTP, then it's already been implemented for the next Chilkat version release. Here's a pre-release download:

32-bit Download: http://www.chilkatsoft.com/download/preRelease/ChilkatAx-9.5.0-win32.zip
64-bit Download: http://www.chilkatsoft.com/download/preRelease/ChilkatAx-9.5.0-x64.zip

Computing the SignatureV4 is somewhat laborious and easy to get wrong. Here's my dilemma: I would like to help immediately, but I'm in the midst of designing potential new Chilkat classes relating to the subject matter, one of which may be a utility class to do the AWS SignatureV4 computation. If I spend time trying to do the SignatureV4 using Chilkat Crypt2, it delays the new development. If I rush and provide an AWS SignatureV4 object without careful thought and design, Chilkat would be stuck with a problematic API that plagues future development. So for now, I can't provide the immediate help, but I'm actually working on something that will be better in the long run.