How to generate an AWS4 signature (OB2)

This thread is based on the previous topic made for OB1 by @Ruri here

check his topic if you want to work on OB1

generate an AWS4 signature using blocks (OB2)

BLOCK:ConstantString
  value = "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY"
  => VAR @KEY
ENDBLOCK

BLOCK:ConstantString
  value = "20120215"
  => VAR @DATE
ENDBLOCK

BLOCK:ConstantString
  value = "us-east-1"
  => VAR @REGION
ENDBLOCK

BLOCK:ConstantString
  value = "iam"
  => VAR @SERVICE
ENDBLOCK

BLOCK:ConstantString
  value = "aws4_request"
  => VAR @REQ
ENDBLOCK

BLOCK:UTF8ToBase64
  input = $"AWS4<KEY>"
  => VAR @KSECRET_B64
ENDBLOCK

BLOCK:Base64StringToByteArray
  base64String = @KSECRET_B64
  => VAR @CON
ENDBLOCK

BLOCK:ByteArrayToHexString
  bytes = @CON
  => VAR @KSECRET_HEX
ENDBLOCK

BLOCK:Hmac
  input = @DATE
  key = @CON
  hashFunction = SHA256
  => VAR @DATEMAC
ENDBLOCK

BLOCK:ByteArrayToBase64String
  bytes = @DATEMAC
  => VAR @KDATE_B64
ENDBLOCK

BLOCK:Base64StringToByteArray
  base64String = @KDATE_B64
  => VAR @CON1
ENDBLOCK

BLOCK:ByteArrayToHexString
  bytes = @CON1
  => VAR @KDATE_HEX
ENDBLOCK

BLOCK:Hmac
  input = @REGION
  key = @CON1
  hashFunction = SHA256
  => VAR @REGIONMAC
ENDBLOCK

BLOCK:ByteArrayToBase64String
  bytes = @REGIONMAC
  => VAR @KREGION_B64
ENDBLOCK

BLOCK:Base64StringToByteArray
  base64String = @KREGION_B64
  => VAR @CON2
ENDBLOCK

BLOCK:ByteArrayToHexString
  bytes = @CON2
  => VAR @KREGION_HEX
ENDBLOCK

BLOCK:Hmac
  input = @SERVICE
  key = @CON2
  hashFunction = SHA256
  => VAR @SERVICEMAC
ENDBLOCK

BLOCK:ByteArrayToBase64String
  bytes = @SERVICEMAC
  => VAR @KSERVICE_B64
ENDBLOCK

BLOCK:Base64StringToByteArray
  base64String = @KSERVICE_B64
  => VAR @CON3
ENDBLOCK

BLOCK:ByteArrayToHexString
  bytes = @CON3
  => VAR @KSERVICE_HEX
ENDBLOCK

BLOCK:Hmac
  input = @REQ
  key = @CON3
  hashFunction = SHA256
  => VAR @SIGNINGMAC
ENDBLOCK

BLOCK:ByteArrayToBase64String
  bytes = @SIGNINGMAC
  => VAR @KSIGNING_B64
ENDBLOCK

BLOCK:Base64StringToByteArray
  base64String = @KSIGNING_B64
  => VAR @CON4
ENDBLOCK

BLOCK:ByteArrayToHexString
  bytes = @CON4
  => VAR @SIGNATURE
ENDBLOCK

Of course you will have to change the 5 variables declared at the beginning of the script according to your specific case.

Note: The BASE64 to HEX conversions aren’t actually useful for getting the signature (except for the last one) so you can skip them, they are just there to make sure every step matches with the ones given on the AWS example documentation.

Have a good one.

Original Post by @Ruri
Conversion to OB2 by @Fairy

4 Likes