sign a string in java and SHA256

Question

I am trying for days(!) to sign the following string with SHA256 with a secret key: "aaa" the result should be (URL endcoded) : kvoJVZMPomuGyYP3cmiJkYz2L3usuZNfh2f9LaUxO3U%3D

Can anyone help please ?

GET
sellercentral.amazon.com
/gp/mws/registration/register.html
AWSAccessKeyId=AKIAFJPPO5KLY6G4XO7Q&SignatureMethod=HmacSHA256&SignatureVersion=2&id=1014f5ad-c359-4e86-8e50-bb8f8e431a9e&returnPathAndParameters=%2Forders%2FlistRecentOrders.jsp%3FsessionId%3D123

This is the code I am using but I can't get the same result:

private static final String QUERY = "GET\n"+
        "sellercentral.amazon.com\n"+
        "/gp/mws/registration/register.html\n"+
        "AWSAccessKeyId=AKIAFJPPO5KLY6G4XO7Q&SignatureMethod=HmacSHA256&SignatureVersion=2&id=1014f5ad-c359-4e86-8e50-bb8f8e431a9e&returnPathAndParameters=%2Forders%2FlistRecentOrders.jsp%3FsessionId%3D123";


    public static void main(String[] args) throws Exception {
         System.out.println(encode("aaa", QUERY));
    }

public static String encode(String key, String data) throws Exception {
      Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
      SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(), "HmacSHA256");
      sha256_HMAC.init(secret_key);
      return Base64.encodeBase64String(sha256_HMAC.doFinal(data.getBytes()));
}

are you sure and are you not instead wanting to hash it? http://stackoverflow.com/questions/3103652/hash-string-via-sha-256-in-java http://stackoverflow.com/questions/5531455/how-to-hash-some-string-with-sha256-in-java — Redlab, Feb 01 '17 at 12:50
I actually thought its the same thing. Looking at the link you gave , it seems that hashing doesn't use a private\secret key. — Yinon Shiryan, Feb 01 '17 at 13:45
[It is similar, but not the same thing](http://crypto.stackexchange.com/questions/6493/what-is-the-difference-between-a-hmac-and-a-hash-of-data). Re: *the result should be....* How do you know what the result should be? If you are following an example, can you please post the link you are using? — Leigh, Feb 08 '17 at 02:19
Apparently the example I was following had wrong result. The example was actually sent from giant amazon. I just can't believe they have such a mistake result on their documentation. — Yinon Shiryan, Feb 09 '17 at 05:43

score 0 · Answer 1 · answered Feb 09 '17 at 05:46

0

Just to help others if they get Amazon documentation for the IRP (integrated registration pipeline) - note that their example result for signing a query string is wrong.

answered Feb 09 '17 at 05:46

Yinon Shiryan

101
1
7

Joy.. always nice when the examples do not work (not). Might be helpful to the next guy to include a link to the example you are using, as well as the correct result. – Leigh Feb 09 '17 at 21:10

sign a string in java and SHA256

1 Answers1