AWS Signature 4 API Calls - BC Online

Hi all,

This question is for latest BC cloud implementation.

Has anyone had experience with calling an AWS API which requires a signing key for Signature 4 without using a .net dll?

It needs to use an algorithm of HMACSHA256. Which is fine, as it is possible to do this via the GenerateHash function within the Cryptography Management codeunit. However, it looks like due to the way it returns a text string it causes an issue when you need to reuse the return as a key to your next hash request.

For AWS you creating a signing key via the following (HMAC function param. is (Key, Value):

kSecret = your secret access key
kDate = HMAC(“AWS4” + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, “aws4_request”)

I have translated this in BC code as follows:

KDate := CryptographyManagement.GenerateHash(SignDate, Secret, HashAlgorithmType::HMACSHA256);
KRegion := CryptographyManagement.GenerateHash(Region, KDate, HashAlgorithmType::HMACSHA256);
KService := CryptographyManagement.GenerateHash(Service, KRegion, HashAlgorithmType::HMACSHA256);
KSigning := CryptographyManagement.GenerateHash(Signing, KService, HashAlgorithmType::HMACSHA256);

KDates gets the right return result, but this has been converted into a string rather than the Byte array required in the next call. When I call the next function to get “KRegion”, I get the incorrect result.

The AWS example is for the following data:

Secret = ‘AWS4’ + ‘wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY’
Date = ‘20120215’
Region = ‘us-east-1’
Service name= ‘iam’

KDate should return “969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d”, which is does, so I thought it would be all working.

However, when you call the next it does not match, it should return ‘69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c’.

In C# this works as expected, but this does not convert the result its return back when doing the next hash algorithm. So it could work if could call the correct .net library, but the mains one that “Generatehash” uses are not available on cloud version.

I’m starting to think an azure function will be required, but if anyone has any experience with this that would be of great help!

Thanks in advance!