<html>
<body>
Nicole, as you showed, I was mistaken. The secret key <b>can</b> be
cut and pasted. I was fooled by having to select it like a line of
graphics instead of it behaving like a line of print as the public key
does.<br>
Mike<br><br>
<br>
At Monday 15/02/2010, you wrote:<br>
<blockquote type=cite class=cite cite="">...snip ... I was able to copy
and paste my secret key today using<br>
Firefox -- so I'm not sure what you mean about not being able to<br>
copy/paste.<br><br>
Nicole<br><br>
On Sat, Feb 13, 2010 at 9:33 PM, <mcmlists@people.net.au>
wrote:<br>
> Hi Nicole,<br>
><br>
> Further to my last post, I should have quoted this Koha FAQ,<br>
>
<a href="http://koha.org/documentation/faq/why-do-i-need-a-awsprivatekey-for-amazon-content/?searchterm=secret" eudora="autourl">
http://koha.org/documentation/faq/why-do-i-need-a-awsprivatekey-for-amazon-content/?searchterm=secret</a>
<br>
> which states that the Private Access Key and Secret key are the
same. I<br>
> assumed you had written the FAQ.<br>
><br>
> Why do I need a AWSPrivateKey for Amazon Content?<br>
><br>
> Up to Table of Contents<br>
><br>
> This FAQ applies to: 3.2<br>
> Why do I need the AWSPrivateKey as well as the AWSAccessKeyID to use
Amazon<br>
> Content?<br>
><br>
> After 2009-08-15, Amazon Web Services will expect that all requests
to the<br>
> Product Advertising API, which is what Koha uses for retrieving
reviews and<br>
> other enhanced content from Amazon, include signatures. This
patch and<br>
> subsequenct patches implement this functionality.<br>
><br>
> What this means in practice (assuming the user has elected to use
any<br>
> enhanced content from Amazon) is that<br>
><br>
> The user must get a Amazon Secret Access Key. This can be
done by logging<br>
> in to the user's AWS account at (e.g.)
<a href="http://aws.amazon.com/" eudora="autourl">
http://aws.amazon.com/</a>, going to the<br>
> 'Access Identifiers' page, and from there retrieving and/or creating
a new<br>
> Secret Access Key.<br>
> The contents of the Secret Access Key should then be entered into
the new<br>
> AWSPrivateKey system preference.<br>
><br>
> Once that is done, grabbing reviews and table of contents from
Amazon should<br>
> work as normal. If the user doesn't do this before
2009-08-15, reviews and<br>
> TOCs will no longer be supplied from Amazon, although there should
be no<br>
> crashes - the content will simply not show up.<br>
><br>
> Note that the requirement to sign requests does *NOT* appear to
apply to<br>
> simply displaying book covers from Amazon.<br>
><br>
> END OF QUOTE FROM FAQ.<br>
><br>
> This won't be so simple to implement because the Secret key is long
and<br>
> complex and can't be cut and pasted from the Amazon site into the
Koha<br>
> system prefs.<br>
><br>
> Presumably the patch for 3.2 uses the Secret Key to create a
digital<br>
> signature, as described in the following<br>
> Amazon description of access keys at<br>
>
<a href="http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#AccessKeys" eudora="autourl">
http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#AccessKeys</a>
<br>
><br>
> Secret Access KeyÂEach Access Key ID has a Secret Access Key
associated with<br>
> it. This key is just a long string of characters (and not a file)
that you<br>
> use to calculate the digital signature that you include in the
request. Your<br>
> Secret Access Key is a secret, and only you and AWS should have it.
Don't<br>
> e-mail it to anyone, include it any AWS requests, or post it on the
AWS<br>
> Discussion Forums. No authorized person from AWS will ever ask for
your<br>
> Secret Access Key.<br>
><br>
> When you create a request, you create a digital signature with your
secret<br>
> key and include it in the request along with your Access Key ID.
When we get<br>
> the request, we use your Access Key ID to look up the corresponding
Secret<br>
> Access Key. We use the key to validate the signature and confirm
that you're<br>
> the request sender.<br>
><br>
> END OF QUOTE FROM AMAZON SITE.<br>
><br>
> Mike Mason<br>
><br>
> Earlier today, I wrote:<br>
> ------------------------------------------------<br>
> My statement that "what we call the Amazon private key is
really the Amazon<br>
> Secret Access Key" was based on the following: I have just set
up my Amazon<br>
> associate ID and AWS access keys in Amazon, and the site described
two keys<br>
> as follows: (this is cut and pasted from Amazon's Associates'
"Manage your<br>
> account" page:)<br>
> You will need access identifiers to call the Product Advertising
API,<br>
> authenticate requests and identify yourself as the sender of a
request. Two<br>
> types of identifiers are available: AWS Access Key Identifiers
(Public and<br>
> Secret Keys) and X.509 Certificates.<br>
><br>
> The site guides you to set up the Public and Secret keys. It
does not<br>
> mention a "Private key". So I assumed that what you
referred to in the 3.2<br>
> manual as a "Private Key" was meant to indicate Amazon's
"Secret Key". But<br>
> perhaps you had something else in mind?<br>
><br>
> Unfortunately I can't test this as I'm on Liblime's Koha Express,
which is<br>
> still back in Koha 3.00.02.012 and has no system preference entries
for<br>
> Amazon reviews or for the Secret/Private key.<br>
><br>
> Mike Mason<br>
><br>
> At Sunday 14/02/2010, you wrote:<br>
><br>
> Hi all,<br>
><br>
> I want to confirm that what we call the Amazon private key is
really<br>
> the Amazon Secret Access Key. If so I want to update the
language in<br>
> the manual and the sys prefs page -but I want to be sure before I
do<br>
> that.<br>
><br>
> Nicole<br>
> _______________________________________________<br>
> Koha mailing list<br>
> Koha@lists.katipo.co.nz<br>
>
<a href="http://lists.katipo.co.nz/mailman/listinfo/koha" eudora="autourl">
http://lists.katipo.co.nz/mailman/listinfo/koha</a></blockquote></body>
</html>