The signing process is used to add authentication information to the requests sent to Outscale in order to ensure their integrity and authenticity.
The creation of signatures is based on the Hash-based Message Authentication Code (HMAC) protocol, a mechanism for message authentication codes which involves cryptographic hash functions.
When you create requests to Outscale manually, you need to sign your requests yourself. However, you do not need to sign your requests when you use tools such as the AWS Command Line Interface (AWS) or a Software Development Kit (SDK). These tools sign requests automatically with the access key that you specify when you configure them. For more information about AWS CLI, see Using AWS CLI in the Outscale Cloud.
The signing process makes requests more secure as it provides the following:
To sign a request, you first need to use a cryptographic hash function (HMAC) to calculate a hash of the request. You then need to use the value of this hash, your secret key and other information to calculate another hash whose result is the signature. Finally, you add the signature to the request, either in the HTTP
Authorization header or as a value in the query string. In that last case, the signature is part of the URL, which becomes a pre-signed URL. For more information about the creation process of a signature, see the Creation of a Signature section below.
Outscale supports both Signature Version 2 and Signature Version 4. However, we recommend using Signature Version 4 for all Outscale services.
A signature is calculated as follows:
After Outscale receives the request, it recalculates the signature with the same information and the same hash function you used to sign your request. If the signature calculated by Outscale matches yours, Outscale processes the request. Otherwise, Outscale denies the request.