login about faq

Hi - is there an automatic way to generate a temporary URL for private S3 files (which require HMAC SHA1 encryption)?

asked Oct 14 '14 at 19:57

bluesix's gravatar image

bluesix
16236


if you have a solution, please tell me ;)

link

answered Oct 15 '14 at 07:22

leon_20v's gravatar image

leon_20v
62610

Here's a C++ example that worked for me. I'll try to make this an example for all languages on example-code.com

    CkCrypt2 crypt;

const char *awsSecretKey = "***";
    const char *accessKey = "***";
    const char *bucket = "chilkat100";
    const char *path = "starfish.jpg";

CkDateTime dt;
    dt.SetFromCurrentSystemTime();
    CkString strDt;
    bool bGetAsLocalTime = false;
    strDt.appendInt((int)dt.GetAsUnixTime(bGetAsLocalTime) + 3600); // 1 hour in the future.

CkString strUrl;
    strUrl.append("https://s3.amazonaws.com/#{S3_BUCKET}/#{path}?AWSAccessKeyId=#{S3_ACCESS_KEY_ID}&Expires=#{expire_date}&Signature=#{signature}");

strUrl.replaceFirstOccurance("#{S3_ACCESS_KEY_ID}",accessKey);
    strUrl.replaceFirstOccurance("#{S3_BUCKET}",bucket);
    strUrl.replaceFirstOccurance("#{path}",path);
    strUrl.replaceFirstOccurance("#{expire_date}",strDt.getString());

// Now for the signature.
    CkString strCan;
    strCan.append("GET\n\n\n#{expire_date}\n/#{S3_BUCKET}/#{path}");

strCan.replaceFirstOccurance("#{S3_BUCKET}",bucket);
    strCan.replaceFirstOccurance("#{path}",path);
    strCan.replaceFirstOccurance("#{expire_date}",strDt.getString());

CkString strHmac;
    crypt.SetHmacKeyString(awsSecretKey);
    crypt.HmacStringENC(strCan.getString(),strHmac);
    strHmac.urlEncode("ansi");

strUrl.replaceFirstOccurance("#{signature}",strHmac.getString());

printf("%s\n",strUrl.getString());
link

answered Oct 15 '14 at 12:36

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

My ASP function

' #########################################################
' Generates a temporary S3 SHA-1 signed request.
' PARAMETERS
' s3FilePath = relative S3 file path e.g. "/path/to/file"
' ttlMin = number of minutes
' AWS_BUCKET, AWS_SECRET, AWS_ACCESS_KEY need to be declared globally
function getAWSLink(s3FilePath, ttlMin)

    expires = dateDiff("s","01/01/1970 00:00:00", dateAdd("n",ttlMin,now())) '-- get Unix time
    strToSign = "GET" & vbLf & vbLf & vbLf & expires & vbLf & "/" & AWS_BUCKET & s3FilePath
    set crypt = Server.CreateObject("Chilkat.Crypt2")
    success = crypt.UnlockComponent("license-key")
    crypt.HashAlgorithm = "sha1"
    crypt.EncodingMode = "base64"
    crypt.charset = "utf-8"
    crypt.SetHmacKeyString AWS_SECRET
    signature = crypt.HmacStringENC(strToSign)
    set crypt = nothing

    output = "http://" & AWS_BUCKET & ".s3.amazonaws.com" & s3FilePath & "?AWSAccessKeyId=" & AWS_ACCESS_KEY & "&Expires=" & expires & "&Signature=" & server.urlencode(signature)
    getAWSLink = output

end function
link

answered Oct 16 '14 at 19:39

bluesix's gravatar image

bluesix
16236

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×186
×35
×15

Asked: Oct 14 '14 at 19:57

Seen: 1,663 times

Last updated: Oct 17 '14 at 16:17

powered by OSQA