Constructing AWS S4 authentication in python

Question

I'm trying to create S4 signatures as outlined here using the python code snippet. The documentation is confusing me so I wanted some clarity on the following

1) The getSignatureKey method is signing 4 inputs, but the output they have shown has an extra kSecret. What is this kSecret?

2) When I run the program, the output I get is like this:

kDate = '\x96\x9f\xbb\x94\xfe\xb5B\xb7\x1e\xdeo\x87\xfeM_\xa2\x9cx\x93B\xb0\xf4\x07GFp\xf0\xc2H\x9e\n\r'

whereas the output as per the documentation is like this:

kDate    = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'

Which is the correct format to be used? How to get one from the other?

3) It appears that the output values are also different (if I strip away the \x). Is this a documentation error?

I am using python 2.7

Answer 1

kSecret is the hex-encoded representation of your original aws-access-key-secret. Some of the other language examples have an intermediate variable for this.

The output shown for the various keys is only shown for convenience:

Note that these are hex-encoded representations of the binary data; the key itself and the intermediate values should be in binary format.

I am not versed in python 2, but it looks like binascii.hexlify would be a way to accomplish the conversion. Just remember this conversion is only for the benefit of your eyeballs. The actual code uses the binary representations of the intermediate keys.