AWS Signing Signature

waseem5
Kilo Expert

‎01-29-2016 03:11 AM

Hi,

We are trying to invoke AWS from ServiceNow and need to get signature by using HMAC-SHA26. We want to imitate the methods of encryption from crypto-js. For example, below needs to be coded in ServiceNow scripts: Crypto.HMAC(Crypto.SHA256, dateStamp, "AWS4" + key, { asBytes: true}

We have found below Script Include but unable to locate the exact method within:

  1. AWSRequestSigner
  2. AWSRESTMessage
  3. AWSRESTPostMessage
  4. AWSRESTRequestSigningUtil
  5. FormationRESTActivityBase

If anybody here has any input, it will be of great help!

Thanks in anticipation

Waseem

Labels:
  • 2,965 Views
12 REPLIES 12

david631
Giga Expert

‎09-20-2018 11:31 AM

Maybe this would work?

var mac = new CertificateEncryption;
mac.generateMac("sample_key", "HmacSHA256", "sample_data");

Source: https://developer.servicenow.com/app.do#!/api_doc?v=kingston&id=r_SCE-generateMac_S_S_S

 

0 Helpfuls

david631
Giga Expert
In response to david631

‎09-26-2018 11:47 AM

For the record, CertificateEncryption does not work for AWS signatures. CertificateEncryption returns MAC values in base64 format, and Amazon requires binary values (see https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html). AWSRESTRequestSigningUtil looks like the right alternative, though I've not tested it yet.

0 Helpfuls

tantony
Mega Guru
In response to david631

‎08-20-2020 12:58 PM

This is not AWS related, but hope you can help me in this.I need a signature for authorization header for a REST call, Pseudocode will be :

signature = Base64( HMAC-SHA256( UTF-8-Encoding-Of( shared_secret, authentication_string ) ) );

Though in Python and Java it looks pretty straight forward, in Javascript I am not able to find a solution.CertificateEncryption.generateMac did not help since key needs to be base64 format while our requirement is UTF-8.

Any help is appreciated

0 Helpfuls

Inactive_Use408
Kilo Expert
In response to tantony

‎08-21-2020 06:53 AM

This makes no sense: "key needs to be base64 format while our requirement is UTF-8". UTF-8 and base64 are completely different concepts. UTF-8 encodes strings to byte sequences. Base64 encodes a byte sequence to a string. See here: whats-the-difference-between-utf8-utf16-and-base64-in-terms-of-encoding.

var mac = new GlideCertificateEncryption(),
    shared_secret = "shared_secret",
    util = new GlideStringUtil(),
    signature = util.base64Encode(mac.generateMac(shared_secret, "HmacSHA256", "authentication_string"));