AWS Signature Version 4 - BC Cloud for AWS API

JonBJonB Member Posts: 6
Hi all,

This question is for latest BC cloud implementation.

Has anyone had experience with calling an AWS API which requires a signing key for Signature 4 without using a .net dll?

It needs to use an algorithm of HMACSHA256. Which is fine, as it is possible to do this via the GenerateHash function within the Cryptography Management codeunit. However, it looks like due to the way it returns a text string it causes an issue when you need to reuse the return as a key to your next hash request.

For AWS you creating a signing key via the following (HMAC function param. is (Key, Value):

kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")

I have translated this in BC code as follows:

KDate := CryptographyManagement.GenerateHash(SignDate, Secret, HashAlgorithmType::HMACSHA256);
KRegion := CryptographyManagement.GenerateHash(Region, KDate, HashAlgorithmType::HMACSHA256);
KService := CryptographyManagement.GenerateHash(Service, KRegion, HashAlgorithmType::HMACSHA256);
KSigning := CryptographyManagement.GenerateHash(Signing, KService, HashAlgorithmType::HMACSHA256);

KDates gets the right return result, but this has been converted into a string rather than the Byte array required in the next call. When I call the next function to get "KRegion", I get the incorrect result.

The AWS example is for the following data:

dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'

KDate should return "969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d", which is does, so I thought it would be all working.

However, when you call the next it does not match, it should return '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'.

In C# this works as expected, but this does not convert the result its return back when doing the next hash algorithm. So it could work if could call the correct .net library, but the mains one that "Generatehash" uses are not available on cloud version.

I'm starting to think an azure function will be required, but if anyone has any experience with this that would be of great help!

Thanks in advance!


  • JJMcJJMc Member Posts: 51
    Hy JonB

    I have the very same problem.
    Did you find a soluction?
    Dis you manage to connect to Amazon?
  • JonBJonB Member Posts: 6
    Hi JJMc,

    I had to create an Azure function in the end to do the hashing algorithm. So my routines would call this before calling the Amazon APIs.

    Due to the fact the BC function converts to text on return, you cannot use it when you need to call it multiple times.

    Good luck!
  • JJMcJJMc Member Posts: 51
    edited 2021-05-18
    Thank you for your answer JonB. But, what do you mean with "BC function converts to text on return"? What kind of data is expected?

    Thank you again
  • janakcsjanakcs Member Posts: 1
    edited 2021-10-30
    It took the hell time of the research in order to fix this problem but one can find the perfect solution with this AWS course with all the AWS problem questions and answer.
Sign In or Register to comment.