Many requests to ColdStack are authenticated on the service side and the user submitting the request must sign it.
Object Storage supports AWS Signature V4.
The signing process consists of the following stages:
- 1.Generating a signing key
- 2.Generating a signature line
- 3.Signing a string with a key
To generate a signing key, you need to have static ColdStack access keys. For information on how to get them, contact us.
Generating a signing key:
- 1.Encode date using private key:DateKey = sign("AWS4" + "SecretKey", "yyyymmdd")
- 2.Encode the region using the key obtained in the previous step
DateKey:RegionKey = sign(DateKey, "ru-central1")
- 3.Encode the service using the key obtained in the previous step
RegionKey:ServiceKey = sign(RegionKey, "s3")
- 4.Get the signing key:SigningKey = sign(ServiceKey, "aws4_request")
The signature line (
StringToSign) depends on the ColdStack usage scenario:
- Accessing an Amazon S3-compatible API without the need for an SDK or specialized utilities.
- Signing URLs using query parameters .
To get the signature of a string, you must use a mechanism
HMACwith a hashing function
SHA256, and convert the resulting result to hexadecimal representation.
signature = Hex(sign(SigningKey, StringToSign))