AWS Signature 4 SHA256 Key Hashing

Question

Hi All, 
 I've been trying to sign an AWS Signature 4 http request using both the Java Cryptography Library plugin and the Cryptography tools plugin. The Appian code near the bottom is using the latter, but I've been getting the same results using the macsignature function from the Java library. 
 AWS has sample data to validate the process here: https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html 
 The pertinent part is.. 
 key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY' 
 kSecret = '41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559' which is Hexencode("AWS4" + key) 
 kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d' 
 kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c' 
 kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa' 
 kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d' 
 Your program should generate the following values for the values in getSignatureKey . Note that these are hex-encoded representations of the binary data; the key itself and the intermediate values should be in binary format. 
 Using the below code I get the right result for kDate, but nothing is right after that. I'm assuming the reason is that I'm getting hex string back and I need to input a binary value, but I've tried encoding the subsequent keys to base64, but I still don't get the right values. To be honest I've tried just about everything I can think of in terms of hex-text binary encoding of the keys and values and I can't get the right values. I was able to solve this with a SQL Server Function before, but that isn't an option now. Can anybody help determine if A) this is possible with Appian's Collating and Charater Encoding and B) If so how? 
 Please and thank you SO much for any guidance! 
 load( local!key: "AWS4wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY", local!date: "20120215", local!region: "us-east-1", local!service: "iam", local!request: "aws4_request", local!kdate: hmacsha256hash(local!key, local!date), local!kRegion: hmacsha256hash(local!kdate, local!region), local!kService: hmacsha256hash(local!kRegion, local!service), local!signing: hmacsha256hash(local!kService, local!request), local!signing )

-JJ

Eliot Gerson · Accepted Answer

Alright, so, final update for now: the 2.0.0 version, with the getSignatureKey method, should be available within 24 hours or so for download from the App Market, and/or installation to Cloud Sites through the Admin Console. The 2.1.0 release, which has support for the secure credentials store, will likely be available at some point on Monday or Tuesday. 
 Once the plugin is installed, the function tooltip (the function will be "getSignatureKey", under the cryptography functions category) should answer most questions, but if any questions or concerns do come up, just let me know. jeffreyl946 , fyi as well.

Tejas Sakhardande · Answer

As an update to this post, we're excited to announce that we've added support for AWS Signature Version 4 authentication to HTTP connected systems in Appian. You should no longer require the plugins in order to connect Appian to an Amazon service which uses the AWS Signature Version 4 authentication. 
 Let us know if you have any questions or concerns!

AWS Signature 4 SHA256 Key Hashing

Top Replies