By using AWS re:Post, you agree to the Terms of Use

getSignedUrl - SignatureDoesNotMatch wit SSE-C encryption

0

my AWS config

AWS.config.update({
  accessKeyId: 'accessKeyId',
  secretAccessKey: 'secretAccessKey,
  signatureVersion: 'v4' 
});

Function upload and generate getSignedUrl

let sseKey = '12345678901234567890121234567890';
let md5 = crypto.createHash('md5').update(sseKey.toString(), 'utf8').digest('hex').toUpperCase();

       S3.putObject({
            Bucket: 'Bucket',
            Body: buff,
            Key: 'test_file.jpg',
            SSECustomerAlgorithm: 'AES256',
            SSECustomerKey: sseKey,
            SSECustomerKeyMD5: md5
        }, (err,data) => {
          console.log("🚀  file: aws.js  line 203  returnnewPromise  data", data)
            if (err) return console.error(err.stack)

            S3.getSignedUrl('getObject', {
              Bucket: 'Bucket',
              Key: 'test_file.jpg',
              Expires: 6000,
              SSECustomerAlgorithm: 'AES256',
              SSECustomerKey: sseKey,
              SSECustomerKeyMD5: md5
            }, (err, data) => {
              if (err) return console.error(err.stack)

              console.log(data)
              resolve(data)
            })
          })

I got the link like this

https://$BUCKET_PATH/test_file.jpg?
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=$SECRECT_CRE%2F20220821%2Fus-west-2%2Fs3%2Faws4_request&
X-Amz-Date=20220821T022426Z&
X-Amz-Expires=6000&
X-Amz-Signature=5e7cd0362b2543140b46c025044c11c2da2202e7ca59811fecf1837b6cdd4713&
X-Amz-SignedHeaders=host%3Bx-amz-server-side-encryption-customer-algorithm%3Bx-amz-server-side-encryption-customer-key%3Bx-amz-server-side-encryption-customer-key-md5&
x-amz-server-side-encryption-customer-algorithm=AES256&
x-amz-server-side-encryption-customer-key=MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjEyMzQ1Njc4OTA%3D&
x-amz-server-side-encryption-customer-key-MD5=tbeqTQ80K9Hdr45q0i%2FNNQ%3D%3D

copy link to browser get error

<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>

I also use https://www.npmjs.com/package/request POST and set header params but not work

  headers: {
    'x-amz-server-side-encryption-customer-algorithm': 'AES256',
    'x-amz-server-side-encryption-customer-key': encryptKey.toString('base64'),
  },

Please help me , i dont know where problem . Thank you

1 Answer
0

Hello,

In the above code, you are using AES256. You can try following the steps in the article below:

https://aws.amazon.com/blogs/developer/generating-amazon-s3-pre-signed-urls-with-sse-kms-part-2/

S3.putObject({ Bucket: 'Bucket', Body: buff, Key: 'test_file.jpg', SSECustomerAlgorithm: 'AES256', <---- This part SSECustomerKey: sseKey, SSECustomerKeyMD5: md5 }, (err,data) => {

SUPPORT ENGINEER
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions