Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Instructions for generating signed URLs are incorrect. #3567

Open
ferminolr opened this issue Dec 5, 2024 · 2 comments
Open

Instructions for generating signed URLs are incorrect. #3567

ferminolr opened this issue Dec 5, 2024 · 2 comments
Labels
documentation This is a problem with documentation. module/sdk-custom needs-review p3 This is a minor priority issue

Comments

@ferminolr
Copy link

ferminolr commented Dec 5, 2024
edited
Loading

Hi
Following the guide of this url:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
The generated private key did not work for me using
AmazonCloudFrontUrlSigner.GetCannedSignedURL(url, privateKeyReader, keyPair, expiresOn);
throw a exception Invalid Key

The solution is to add the -traditional parameter to the creation, it would look like this:
openssl genrsa -out private_key.pem -traditional 2048
So it works correctly in c#
If you already have the generated private key you can transform it to the correct format using:
openssl rsa -in private_key.pem -out private_key_traditional.pem -traditional
The step of generating the public key has worked correctly for me and the generated urls work correctly.
I use, on ubuntu in wsl
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Originally posted by @ferminolr in #3221 (comment)
@dscpinheiro
Copy link
Contributor

dscpinheiro commented Dec 5, 2024
edited
Loading

What package are you using? As mentioned on the other issue AWSSDK.CloudFront doesn't support OpenSSL3, you need to use the new AWSSDK.Extensions.CloudFront.Signers package instead: https://www.nuget.org/packages/AWSSDK.Extensions.CloudFront.Signers

For example, this works for me:

$ openssl version
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net8.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="AWSSDK.Extensions.CloudFront.Signers" Version="4.0.0-preview.4" />
  </ItemGroup>
</Project>

using Amazon.CloudFront;

// Key generated using the OpenSSL version above
var privateKeyReader = new StreamReader(@"private_key_openssl3.pem");
var url = AmazonCloudFrontUrlSigner.GetCannedSignedURL(
    "https://example.com/my-content", 
    privateKeyReader, 
    "my-key-id", 
    DateTime.UtcNow.AddHours(1)
);
Console.WriteLine(url);

@dscpinheiro dscpinheiro added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 5, 2024
@ashishdhingra ashishdhingra added module/sdk-custom p3 This is a minor priority issue labels Dec 5, 2024
@ferminolr
Copy link
Author

ferminolr commented Dec 9, 2024
edited
Loading

I use
<PackageReference Include="AWSSDK.CloudFront" Version="3.7.403.3" />
But if using -traditional parameter in openssl, it work, because the generate file is compatible with openssl 1.x.x, then works with then api.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 10, 2024
@ashishdhingra ashishdhingra added documentation This is a problem with documentation. needs-review labels Dec 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation This is a problem with documentation. module/sdk-custom needs-review p3 This is a minor priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dscpinheiro @ferminolr @ashishdhingra