Skip to content

Calculate the Signature

Before generating a signature, it's crucial to derive a signing key from your secret key. This derived signing key provides enhanced security as it is specific to the date, service, and region. The signature isn't formed solely using your secret key; rather, it's a result of employing the signing key and the 'string to sign' created as inputs to a keyed hash function. The hex-encoded outcome from this function becomes the signature.

Follow these steps to calculate a signature.

  1. To derive your signing key, use your secret key to create a sequence of hash-based message authentication codes (HMACs) as demonstrated below:

    kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")

    Note

    Ensure the date used in the hashing process adheres to the YYYYMMDD format (e.g., 20150830) and does not include the time. It should match the date used in the previous steps.

  2. Use the derived signing key and the 'string to sign' as inputs to the keyed hash function. After obtaining the signature, encode it using base64url encoding. Employ the following pseudocode:

    signature = HexEncode(HMAC(derived signing key, string to sign))

This process ensures the accurate calculation of the signature, enhancing the security and integrity of the request.