[Koha] Amazon Secret key used to generate digital signature

Mike Mason mcmlists at people.net.au
Mon Feb 15 23:18:30 NZDT 2010


Nicole, as you showed, I was mistaken.  The 
secret key can be cut and pasted. I was fooled by 
having to select it like a line of graphics 
instead of it behaving like a line of print as the public key does.
Mike


At Monday 15/02/2010, you wrote:
>...snip ... I was able to copy and paste my secret key today using
>Firefox -- so I'm not sure what you mean about not being able to
>copy/paste.
>
>Nicole
>
>On Sat, Feb 13, 2010 at 9:33 PM,  <mcmlists at people.net.au> wrote:
> > Hi Nicole,
> >
> > Further to my last post, I should have quoted this Koha FAQ,
> > 
> http://koha.org/documentation/faq/why-do-i-need-a-awsprivatekey-for-amazon-content/?searchterm=secret
> > which states that the Private Access Key and Secret key are the same.  I
> > assumed you had written the FAQ.
> >
> > Why do I need a AWSPrivateKey for Amazon Content?
> >
> > Up to Table of Contents
> >
> > This FAQ applies to: 3.2
> > Why do I need the AWSPrivateKey as well as the AWSAccessKeyID to use Amazon
> > Content?
> >
> > After 2009-08-15, Amazon Web Services will expect that all requests to the
> > Product Advertising API, which is what Koha uses for retrieving reviews and
> > other enhanced content from Amazon, include signatures.  This patch and
> > subsequenct patches implement this functionality.
> >
> > What this means in practice (assuming the user has elected to use any
> > enhanced content from Amazon) is that
> >
> > The user must get a Amazon Secret Access Key.  This can be done by logging
> > in to the user's AWS account at (e.g.) http://aws.amazon.com/, going to the
> > 'Access Identifiers' page, and from there retrieving and/or creating a new
> > Secret Access Key.
> > The contents of the Secret Access Key should then be entered into the new
> > AWSPrivateKey system preference.
> >
> > Once that is done, grabbing reviews and table 
> of contents from Amazon should
> > work as normal.  If the user doesn't do this 
> before 2009-08-15, reviews and
> > TOCs will no longer be supplied from Amazon, although there should be no
> > crashes - the content will simply not show up.
> >
> > Note that the requirement to sign requests does *NOT* appear to apply to
> > simply displaying book covers from Amazon.
> >
> > END OF QUOTE FROM FAQ.
> >
> > This won't be so simple to implement because the Secret key is long and
> > complex and can't be cut and pasted from the Amazon site into the Koha
> > system prefs.
> >
> > Presumably the patch for 3.2 uses the Secret Key to create a digital
> > signature, as described in the following
> > Amazon description of access keys at
> > 
> http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#AccessKeys
> >
> > Secret Access Key­Each Access Key ID has a 
> Secret Access Key associated with
> > it. This key is just a long string of characters (and not a file) that you
> > use to calculate the digital signature that 
> you include in the request. Your
> > Secret Access Key is a secret, and only you and AWS should have it. Don't
> > e-mail it to anyone, include it any AWS requests, or post it on the AWS
> > Discussion Forums. No authorized person from AWS will ever ask for your
> > Secret Access Key.
> >
> > When you create a request, you create a digital signature with your secret
> > key and include it in the request along with 
> your Access Key ID. When we get
> > the request, we use your Access Key ID to look up the corresponding Secret
> > Access Key. We use the key to validate the 
> signature and confirm that you're
> > the request sender.
> >
> > END OF QUOTE FROM AMAZON SITE.
> >
> > Mike Mason
> >
> > Earlier today, I wrote:
> > ------------------------------------------------
> > My statement that "what we call the Amazon private key is really the Amazon
> > Secret Access Key" was based on the following: I have just set up my Amazon
> > associate ID and AWS access keys in Amazon, and the site described two keys
> > as follows: (this is cut and pasted from Amazon's Associates' "Manage your
> > account" page:)
> > You will need access identifiers to call the Product Advertising API,
> > authenticate requests and identify yourself as the sender of a request. Two
> > types of identifiers are available: AWS Access Key Identifiers (Public and
> > Secret Keys) and X.509 Certificates.
> >
> > The site guides you to set up the Public and Secret keys.  It does not
> > mention a "Private key".  So I assumed that 
> what you referred to in the 3.2
> > manual as a "Private Key" was meant to indicate Amazon's "Secret Key". But
> > perhaps you had something else in mind?
> >
> > Unfortunately I can't test this as I'm on Liblime's Koha Express, which is
> > still back in Koha 3.00.02.012 and has no system preference entries for
> > Amazon reviews or for the Secret/Private key.
> >
> > Mike Mason
> >
> > At Sunday 14/02/2010, you wrote:
> >
> > Hi all,
> >
> > I want to confirm that what we call the Amazon private key is really
> > the Amazon Secret Access Key.  If so I want to update the language in
> > the manual and the sys prefs page -but I want to be sure before I do
> > that.
> >
> > Nicole
> > _______________________________________________
> > Koha mailing list
> > Koha at lists.katipo.co.nz
> > http://lists.katipo.co.nz/mailman/listinfo/koha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20100215/15095a64/attachment-0001.htm 


More information about the Koha mailing list