Databases
StackOverflow2013
Postsdbo
POHow to encrypt Amazon CloudFront signature for private content access using canned policy
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to encrypt Amazon CloudFront signature for private content access using canned policy
    primarykey
    data
    text
    <p>Has anyone using .net actually worked out how to successfully sign a signature to use with CloudFront private content? After a couple of days of attempts all I can get is Access Denied.</p> <p>I have been working with variations of the following code and also tried using OpenSSL.Net and AWSSDK but that does not have a sign method for RSA-SHA1 yet.</p> <p>The signature (data) looks like this</p> <pre><code>{"Statement":[{"Resource":"http://xxxx.cloudfront.net/xxxx.jpg","Condition":​{"DateLessThan":​{"AWS:EpochTime":1266922799}}}]} </code></pre> <p><b>Update: Solved all of this by removing a single space in the above signature. </p> <p>If only I had noticed it earlier!</b></p> <p>This method attempts to sign the signature for use in the canned url. So of the variations have included chanding the padding used in the has and also reversing the byte[] before signing as apprently OpenSSL do it this way.</p> <pre><code>public string Sign(string data) { using (SHA1Managed SHA1 = new SHA1Managed()) { RSACryptoServiceProvider provider = new RSACryptoServiceProvider(); RSACryptoServiceProvider.UseMachineKeyStore = false; // Amazon PEM converted to XML using OpenSslKey provider.FromXmlString("&lt;RSAKeyValue&gt;&lt;Modulus&gt;....."); byte[] plainbytes = System.Text.Encoding.UTF8.GetBytes(data); byte[] hash = SHA1.ComputeHash(plainbytes); //Array.Reverse(sig); // I have see some examples that reverse the hash byte[] sig = provider.SignHash(hash, "SHA1"); return Convert.ToBase64String(sig); } } </code></pre> <p>Its useful to note that I have verified the content is setup correctly in S3 and CloudFront by generating a CloudFront canned policy url using my CloudBerry Explorer. How do they do it?</p> <p>Any ideas would be much appreciated. Thanks</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USChet
    1. USChet
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POHow to encrypt Amazon CloudFront signature for private content access using canned policy
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POHow to encrypt Amazon CloudFront signature for private content access using canned policy
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POHow to encrypt Amazon CloudFront signature for private content access using canned policy
      1. This table or related slice is empty.
      1. VTUpMod
    1. COChet, Could elaborate on your solution? I would like to implement private content on the PostSharp download manager (now using S3+CloudFront public content). I am especially intrigued by how you convert the Amazon PEM into XML with OpenSslKey. Could you share a some link to this? Thanks. -gael
      singulars
      1. POHow to encrypt Amazon CloudFront signature for private content access using canned policy
      1. USGael Fraiteur
    2. COTo convert the PEM to XML you can either grab the source or comiled version of OpenSSLKey from http://www.jensign.com/opensslkey/index.html If you download then just run opensslkey.exe from the cmd line and follow the prompts
      singulars
      1. POHow to encrypt Amazon CloudFront signature for private content access using canned policy
      1. USChet
    3. COThanks - It was not too difficult to implement with that info. However, I recommend testing that S3/CloudFront is properly configured using some GUI, and then only try to do the same thing with code.
      singulars
      1. POHow to encrypt Amazon CloudFront signature for private content access using canned policy
      1. USGael Fraiteur
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload