Python Generated Signature for S3 Post


I think I’ve read nearly everything there is to read on base-64 encoding of a signature for in-browser, form-based post to S3: old docs and new docs. For instance:

And even found this:

Rather than using the above or Amazon’s newer policy generator, or fiddle around with Boto, I’m trying to draft a simpler .py script that pulls the policy JSON from a plaintext file (policy.txt), and then generates the necessary base-64 encoded signature to help me draft the HTML form.

The signature itself (which is reliant on the encoded policy) is NOT being encoded correctly…maybe due to some sort of utf-8 vs. ascii or \n (newline) issue?

The script I’m working with is below, the policy and the AWS Secret Key private_key are from an AWS test case I’m using to see if this script works. The correctly encoded signature–as quoted by Amazon–is included in the script below for reference.

Can anyone tell me why the signature as calculated below does not match the reference signature provided by Amazon?:

In other words:

Why this is correctly encoded:

but this one is NOT:

PYTHON signature calculator…

JSON Policy (policy.txt–UTF-8)


I think this is down to the contents of your policy.txt file.

I took the policy from the referenced link ( and saved it as policy.txt

In order to get the exact same signature, this file must have the exact same contents.

For reference, when I copied and pasted:
MD5 (policy.txt) = 5bce89d9ff799e2064c136d76bc7fc7a

If I use the following script (same as yours, just adjust filename and remove args)

Output I get:

So, your code works, I just think you’re signing a slightly different policy (whitespace differences)

Leave a Reply