Signing Requests

Many requests to ColdStack are authenticated on the service side and the user submitting the request must sign it.

Object Storage supports AWS Signature V4.

The signing process consists of the following stages:

  1. Generating a signing key

  2. Generating a signature line

  3. Signing a string with a key

For signing, you must use the HMAC mechanism with the SHA256 hashing function . Support for the corresponding methods is available in many programming languages. The examples assume that there is a function sign(KEY, STRING)that encodes an input string with a given key.

Generating a signing key

To generate a signing key, you need to have static ColdStack access keys. For information on how to get them, contact us.

Generating a signing key:

  1. Encode date using private key:

    DateKey = sign("AWS4" + "SecretKey", "yyyymmdd")
  2. Encode the region using the key obtained in the previous step DateKey:

    RegionKey = sign(DateKey, "ru-central1")
  3. Encode the service using the key obtained in the previous step RegionKey:

    ServiceKey = sign(RegionKey, "s3")
  4. Get the signing key:

    SigningKey = sign(ServiceKey, "aws4_request")

Generating a signature line

The signature line ( StringToSign) depends on the ColdStack usage scenario:

  • Accessing an Amazon S3-compatible API without the need for an SDK or specialized utilities.

  • Signing URLs using query parameters .

Signing a string with a key

To get the signature of a string, you must use a mechanism HMACwith a hashing function SHA256, and convert the resulting result to hexadecimal representation.

signature = Hex(sign(SigningKey, StringToSign))

Last updated