Hi all,
This question is for latest BC cloud implementation.
Has anyone had experience with calling an AWS API which requires a signing key for Signature 4 without using a .net dll?
It needs to use an algorithm of HMACSHA256. Which is fine, as it is possible to do this via the GenerateHash function within the Cryptography Management codeunit. However, it looks like due to the way it returns a text string it causes an issue when you need to reuse the return as a key to your next hash request.
For AWS you creating a signing key via the following (HMAC function param. is (Key, Value):
kSecret = your secret access key
kDate = HMAC(âAWS4â + kSecret, Date)
kRegion = HMAC(kDate, Region)
kService = HMAC(kRegion, Service)
kSigning = HMAC(kService, âaws4_requestâ)
I have translated this in BC code as follows:
KDate := CryptographyManagement.GenerateHash(SignDate, Secret, HashAlgorithmType::HMACSHA256);
KRegion := CryptographyManagement.GenerateHash(Region, KDate, HashAlgorithmType::HMACSHA256);
KService := CryptographyManagement.GenerateHash(Service, KRegion, HashAlgorithmType::HMACSHA256);
KSigning := CryptographyManagement.GenerateHash(Signing, KService, HashAlgorithmType::HMACSHA256);
KDates gets the right return result, but this has been converted into a string rather than the Byte array required in the next call. When I call the next function to get âKRegionâ, I get the incorrect result.
The AWS example is for the following data:
Secret = âAWS4â + âwJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEYâ
Date = â20120215â
Region = âus-east-1â
Service name= âiamâ
KDate should return â969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0dâ, which is does, so I thought it would be all working.
However, when you call the next it does not match, it should return â69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70câ.
In C# this works as expected, but this does not convert the result its return back when doing the next hash algorithm. So it could work if could call the correct .net library, but the mains one that âGeneratehashâ uses are not available on cloud version.
Iâm starting to think an azure function will be required, but if anyone has any experience with this that would be of great help!
Thanks in advance!