This is a sample script for “Examples of How to Derive a Signing Key for Signature Version 4” using Google Apps Script.
In order to use AWS SDKs, there are the sample scripts for the languages of Java, .NET (C#), Python, Ruby, JavaScript (Node.js). But the sample script of Google Apps Script is not prepared. I saw the question related to this at Stackoverflow. So I would like to also introduce the sample script here.
In the sample scripts, the input values are as follows.
key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
From above values, the following value is required to be retrieved.
f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d
In this report, above process is achieved with Google Apps Script.
Important points:
-
At Google Apps Script, the data which was encrypted by
Utilities.computeHmacSha256Signature()
is the bytes array of the signed hexadecimal. In the sample scripts, the bytes array is converted to the unsigned hexadecimal. So it is required to be converted.- But, when the byte array is created by
Utilities.computeHmacSha256Signature()
, the created byte array can be used forUtilities.computeHmacSha256Signature()
without converting.
- But, when the byte array is created by
From above situation, the sample script for Google Apps Script can be made as follows.
Sample script:
function myFunction() {
// These are the sample values of https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html
var key = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY";
var dateStamp = "20120215";
var regionName = "us-east-1";
var serviceName = "iam";
// I prepared the following script.
var kDate = Utilities.computeHmacSha256Signature(dateStamp, "AWS4" + key);
var kRegion = Utilities.computeHmacSha256Signature(
Utilities.newBlob(regionName).getBytes(),
kDate
);
var kService = Utilities.computeHmacSha256Signature(
Utilities.newBlob(serviceName).getBytes(),
kRegion
);
var kSigning = Utilities.computeHmacSha256Signature(
Utilities.newBlob("aws4_request").getBytes(),
kService
);
kSigning = kSigning
.map(function(e) {
return ("0" + (e < 0 ? e + 256 : e).toString(16)).slice(-2);
})
.join("");
Logger.log(kSigning); // Result
}
- About above script, for example,
kDate
is the byte array. SoregionName
is required to be converted to the byte array. Please be careful this.
Result:
When above script is run, the following value can be retrieved. This value is the same with the sample value.
f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d
References:
- computeHmacSha256Signature(value, key)
- map()
- How to HMAC SHA256 sign a string with a double array key or an hex string key using google apps script?