Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 304 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
AWS Signature Version 4 - BC Cloud for AWS API
JonB
Member Posts: 6
Hi all,
This question is for latest BC cloud implementation.
Has anyone had experience with calling an AWS API which requires a signing key for Signature 4 without using a .net dll?
It needs to use an algorithm of HMACSHA256. Which is fine, as it is possible to do this via the GenerateHash function within the Cryptography Management codeunit. However, it looks like due to the way it returns a text string it causes an issue when you need to reuse the return as a key to your next hash request.
For AWS you creating a signing key via the following (HMAC function param. is (Key, Value):
kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
I have translated this in BC code as follows:
KDate := CryptographyManagement.GenerateHash(SignDate, Secret, HashAlgorithmType::HMACSHA256);
KRegion := CryptographyManagement.GenerateHash(Region, KDate, HashAlgorithmType::HMACSHA256);
KService := CryptographyManagement.GenerateHash(Service, KRegion, HashAlgorithmType::HMACSHA256);
KSigning := CryptographyManagement.GenerateHash(Signing, KService, HashAlgorithmType::HMACSHA256);
KDates gets the right return result, but this has been converted into a string rather than the Byte array required in the next call. When I call the next function to get "KRegion", I get the incorrect result.
The AWS example is for the following data:
Secret = 'AWS4' + 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
KDate should return "969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d", which is does, so I thought it would be all working.
However, when you call the next it does not match, it should return '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'.
In C# this works as expected, but this does not convert the result its return back when doing the next hash algorithm. So it could work if could call the correct .net library, but the mains one that "Generatehash" uses are not available on cloud version.
I'm starting to think an azure function will be required, but if anyone has any experience with this that would be of great help!
Thanks in advance!
This question is for latest BC cloud implementation.
Has anyone had experience with calling an AWS API which requires a signing key for Signature 4 without using a .net dll?
It needs to use an algorithm of HMACSHA256. Which is fine, as it is possible to do this via the GenerateHash function within the Cryptography Management codeunit. However, it looks like due to the way it returns a text string it causes an issue when you need to reuse the return as a key to your next hash request.
For AWS you creating a signing key via the following (HMAC function param. is (Key, Value):
kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
I have translated this in BC code as follows:
KDate := CryptographyManagement.GenerateHash(SignDate, Secret, HashAlgorithmType::HMACSHA256);
KRegion := CryptographyManagement.GenerateHash(Region, KDate, HashAlgorithmType::HMACSHA256);
KService := CryptographyManagement.GenerateHash(Service, KRegion, HashAlgorithmType::HMACSHA256);
KSigning := CryptographyManagement.GenerateHash(Signing, KService, HashAlgorithmType::HMACSHA256);
KDates gets the right return result, but this has been converted into a string rather than the Byte array required in the next call. When I call the next function to get "KRegion", I get the incorrect result.
The AWS example is for the following data:
Secret = 'AWS4' + 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
KDate should return "969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d", which is does, so I thought it would be all working.
However, when you call the next it does not match, it should return '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'.
In C# this works as expected, but this does not convert the result its return back when doing the next hash algorithm. So it could work if could call the correct .net library, but the mains one that "Generatehash" uses are not available on cloud version.
I'm starting to think an azure function will be required, but if anyone has any experience with this that would be of great help!
Thanks in advance!
0
Answers
I have the very same problem.
Did you find a soluction?
Dis you manage to connect to Amazon?
Cheers
I had to create an Azure function in the end to do the hashing algorithm. So my routines would call this before calling the Amazon APIs.
Due to the fact the BC function converts to text on return, you cannot use it when you need to call it multiple times.
Good luck!
Thank you again