AWS Signature Version 4 - BC Cloud for AWS API
JonB
Member Posts: 6
Hi all,
This question is for latest BC cloud implementation.
Has anyone had experience with calling an AWS API which requires a signing key for Signature 4 without using a .net dll?
It needs to use an algorithm of HMACSHA256. Which is fine, as it is possible to do this via the GenerateHash function within the Cryptography Management codeunit. However, it looks like due to the way it returns a text string it causes an issue when you need to reuse the return as a key to your next hash request.
For AWS you creating a signing key via the following (HMAC function param. is (Key, Value):
kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
I have translated this in BC code as follows:
KDate := CryptographyManagement.GenerateHash(SignDate, Secret, HashAlgorithmType::HMACSHA256);
KRegion := CryptographyManagement.GenerateHash(Region, KDate, HashAlgorithmType::HMACSHA256);
KService := CryptographyManagement.GenerateHash(Service, KRegion, HashAlgorithmType::HMACSHA256);
KSigning := CryptographyManagement.GenerateHash(Signing, KService, HashAlgorithmType::HMACSHA256);
KDates gets the right return result, but this has been converted into a string rather than the Byte array required in the next call. When I call the next function to get "KRegion", I get the incorrect result.
The AWS example is for the following data:
Secret = 'AWS4' + 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
KDate should return "969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d", which is does, so I thought it would be all working.
However, when you call the next it does not match, it should return '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'.
In C# this works as expected, but this does not convert the result its return back when doing the next hash algorithm. So it could work if could call the correct .net library, but the mains one that "Generatehash" uses are not available on cloud version.
I'm starting to think an azure function will be required, but if anyone has any experience with this that would be of great help!
Thanks in advance!
This question is for latest BC cloud implementation.
Has anyone had experience with calling an AWS API which requires a signing key for Signature 4 without using a .net dll?
It needs to use an algorithm of HMACSHA256. Which is fine, as it is possible to do this via the GenerateHash function within the Cryptography Management codeunit. However, it looks like due to the way it returns a text string it causes an issue when you need to reuse the return as a key to your next hash request.
For AWS you creating a signing key via the following (HMAC function param. is (Key, Value):
kSecret = your secret access key
kDate = HMAC("AWS4" + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, "aws4_request")
I have translated this in BC code as follows:
KDate := CryptographyManagement.GenerateHash(SignDate, Secret, HashAlgorithmType::HMACSHA256);
KRegion := CryptographyManagement.GenerateHash(Region, KDate, HashAlgorithmType::HMACSHA256);
KService := CryptographyManagement.GenerateHash(Service, KRegion, HashAlgorithmType::HMACSHA256);
KSigning := CryptographyManagement.GenerateHash(Signing, KService, HashAlgorithmType::HMACSHA256);
KDates gets the right return result, but this has been converted into a string rather than the Byte array required in the next call. When I call the next function to get "KRegion", I get the incorrect result.
The AWS example is for the following data:
Secret = 'AWS4' + 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'
KDate should return "969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d", which is does, so I thought it would be all working.
However, when you call the next it does not match, it should return '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'.
In C# this works as expected, but this does not convert the result its return back when doing the next hash algorithm. So it could work if could call the correct .net library, but the mains one that "Generatehash" uses are not available on cloud version.
I'm starting to think an azure function will be required, but if anyone has any experience with this that would be of great help!
Thanks in advance!
0
Answers
-
Hy JonB
I have the very same problem.
Did you find a soluction?
Dis you manage to connect to Amazon?
Cheers0 -
Hi JJMc,
I had to create an Azure function in the end to do the hashing algorithm. So my routines would call this before calling the Amazon APIs.
Due to the fact the BC function converts to text on return, you cannot use it when you need to call it multiple times.
Good luck!0 -
Thank you for your answer JonB. But, what do you mean with "BC function converts to text on return"? What kind of data is expected?
Thank you again0 -
It took the hell time of the research in order to fix this problem but one can find the perfect solution with this AWS course with all the AWS problem questions and answer.-2
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions