Here's a description from Amazon's documentation regarding how to verify the signature.
http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.verify.signature.html
As helpful as that might seem, I got stuck on steps 7 & 8.
7. Generate the derived hash value of the Amazon SNS message. Submit the Amazon SNS message, in canonical format, to the same hash function used to generate the signature.
8. Generate the asserted hash value of the Amazon SNS message. The asserted hash value is the result of using the public key value (from step 3) to decrypt the signature delivered with the Amazon SNS message.
Seems straightforward, but what is the same hash function used to generate the signature? I think there is an answer, but it turned out easier to use the verify() method of the Crypt::OpenSSL::RSA module.
Here's the Perl module that implements a Bedrock plugin compatible component for verifying signatures.
It's also available from the Bedrock yum repository.
$ sudo yum install 'perl(Amazon::SNS::VerifySignature)'
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.