On 19 Jun 2014, at 15:52, François Stephany <[email protected]> wrote:
> > > > > You might want to have a look at the code in Zinc-AWS (group AWS in > > ConfigurationOfZincHTTPComponents), in particular ZnAWSS3Client and > > ZnAWSS3RequestSignatureTool - it is using similar request signing but does > > HMAC-SHA1. > > > > Thanks! I wasn't aware of the existence of ZnAWS. > > Actually, i'm currently using the HMAC-SHA256 implementation of the > > CloudFork. > > Is that an all Smalltalk implementation ? > Because it would be really good to have SHA256 in the image. > > Yes it is. The class comment says: > > " > http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf > This class represnets the implementation of CFSHA256 as describied above. > Please direct questions or comments about this implementation to Ron > Teitelbaum: [email protected] > This code was extensively coppied from SHA1 by Luciano Notarfrancesco > [email protected] > " > > It seems to work for AWS, I wonder what I'm doing wrong here... You have to be 100% sure that the SHA256, HMAC-SHA256 code works (as opposed to the SHA1, HMAC-SHA1 code) then you absolutely need examples: a known canonical string and keys with a Base64 signature output. Start by making sure you can replicate this in your reference implementation (Ruby, Java, C#) and then start to go to Pharo. Look *very* carefully at each element of the canonical string, one letter difference, one header, punctuation, whitespace, case, date or time format difference will break the whole thing - that is the point of being a signature.
