0

我用来签名的字符串如下

GET
sqs.us-east-1.amazonaws.com
/XXXXXXXXXXX/Localhost
AWSAccessKeyId=XXXXXNGOTNJCTGAXXXXX&Action=ReceiveMessage&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-12-26T07%3A56%3A37Z&Version=2012-11-05

前 3 行后面有 '\n' 字符,但最后没有,我也试过在最后加上 '\n',但结果是一样的

我是他们计算

HMAC_SHA256(AWSKey,string)

我已经分别验证了 HMAC_SHA256 的正确性,最后我调用了 HMAC Base 64 编码的 URL

https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXX/Localhost?AWSAccessKeyId=XXXXXNGOTNJCTGAXXXXX&Action=ReceiveMessage&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-12-26T07%3A56%3A38Z&Version=2012-11-05&Signature=06nzru1EroDLJTJDjExLbyUyQzEcct3wAp%2Bm7TOBTjb0aPWSJTIXXXXX

XX..XX 是我添加的。

在浏览了几次文档之后,我没有发现相同的错误,但我收到了一个签名不匹配错误。

<Code>SignatureDoesNotMatch</Code>
<Message>
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
</Message>
4

1 回答 1

0

Could the problem be the slash between the queue name and the question mark at the beginning of the query string in the URL? I don't think that should be there.

...Localhost/?AWSAccessKeyId...
            ^ remove this

Hmmm, wasn't that, eh? Okay, here is another thought:

You say you verified the HMAC_SHA256 correctness, but are you sure this is the correct order for the arguments? Some implementations use this convention:

HMAC_SHA256($data,$key)

You're doing the opposite.

于 2012-12-27T04:34:15.630 回答