fbpx

Indication Amazon SNS messages with SHA256 hashing for HTTP subscriptions

 <div>          <img src="https://www.infracom.com.sg/wp-content/uploads/2022/09/Amazon-SNS-hash-ForSocial.jpg" class="ff-og-image-inserted" />          </div>     

 <a href="https://aws.amazon.com/sns/" target="_blank" rel="noopener noreferrer">     Amazon Basic Notification Services (Amazon SNS)     </a>      now supports information signatures based on Protected Hash Algorithm 256 (SHA256) hashing. Amazon SNS signs the messages which are delivered from your own Amazon SNS topic in order that subscribed HTTP endpoints can verify the authenticity of the text messages. In this website post, you may be showed by us how exactly to enable message signatures predicated on SHA256 for the Amazon SNS topics.

 <pre>          <code>        &lt;h2&gt;Message signing verification&amp;lt about;/h2&gt; 

<p>To verify the authenticity of a note delivered to your HTTP endpoint by Amazon SNS, it is possible to verify the information signature. You can find two cases where we recommend verifying the authenticity of the information. The foremost is when Amazon SNS transmits a note to an HTTP endpoint that you registered to a topic. The second reason is when Amazon SNS transmits a confirmation information to your HTTP endpoint following the <period>Subscribe</period> or the <period>Unsubscribe</period> API actions. To learn more, find <a href=”https://docs.aws.amazon.com/sns/most recent/dg/sns-verify-signature-of-message.html” focus on=”_blank” rel=”noopener noreferrer”>Verifying the signatures associated with Amazon SNS messages</the> in the Amazon SNS Programmer Guide.</p>
<p>Amazon SNS now works with two message signature variations:</p>
<ul>
<li><strong>Signature edition 1</strong> – Amazon SNS creates the signature in line with the SHA1 hash of the information.</li>
<li><strong>Signature edition 2</strong> – Amazon SNS creates the signature in line with the SHA256 hash of the information.</li>
</ul>
<p>Amazon SNS offers the <period>SignatureVersion</period> home to the JSON payload of communications sent to HTTP endpoints, as proven in the next code snippet. To find out more on the JSON payload structure, observe <a href=”https://docs.aws.amazon.com/sns/newest/dg/sns-message-and-json-formats.html” focus on=”_blank” rel=”noopener noreferrer”>Parsing message formats</the> in the Amazon SNS Programmer Guide.</p>
<div course=”hide-language”>
<pre><code class=”lang-text”>

“Type” : “Notification”,
“MessageId” : “22b80b92-fdea-4c2c-8f9d-bdfb0c7bf324”,
“TopicArn” : “arn:aws:sns:us-west-2:123456789012:MyTopic”,
“Subject” : “My First Information”,
“Message” : “Hello world!”,
“Timestamp” : “2022-08-02T00:54:06.655Z”,
“SignatureVersion” : “2”,
“Signature” : “EXAMPLEw6JRN…”,
“SigningCertURL” : “https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem”,
“UnsubscribeURL” : “https://sns.us-west-2.amazonaws.com/?Activity=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:123456789012:MyTopic:c9135db0-26c4-47ec-8998-413945fb5a96”

 <pre>          <code>        &lt;h2&gt;What things to consider before you enable information signatures predicated on SHA256 for the Amazon SNS subject&lt;/h2&gt; 

Being an Amazon SNS subject proprietor, before you enable SHA256 support for the subject, we recommend interacting with the proprietors of the HTTP endpoints which are subscribed to your subject. They may have to update their message signature verification logic to support the brand new signature version. If the endpoint proprietors are employing the AWS SDK function for verifying the Amazon SNS information signatures, they have to make certain that they’re using among the following variations of the AWS SDK: <a href=”https://lookup.maven.org/artifact/com.amazonaws/aws-java-sdk-sns” focus on=”_blank” rel=”noopener noreferrer”>Java 1.12.285</the>, <a href=”https://www.npmjs.com/package/sns-validator” focus on=”_blank” rel=”noopener noreferrer”>JavaScript 0.3.5</the>, <a href=”https://rubygems.org/gems/aws-sdk-sns/versions/1.54.0″ focus on=”_blank” rel=”noopener noreferrer”>Ruby 1.54.0</the>, <a href=”https://packagist.org/deals/aws/aws-php-sns-message-validator” focus on=”_blank” rel=”noopener noreferrer”>PHP 1.8.0</the> or <a href=”https://www.nuget.org/packages/AWSSDK.SimpleNotificationService” focus on=”_blank” rel=”noopener noreferrer”>.Internet 3.7.3.96</the>.</p>
<h2>How exactly to enable message signatures predicated on SHA256 for the Amazon SNS subject</h2>
<p>Automagically, Amazon SNS topics use SHA1 for hashing the information signature. It is possible to enable SHA256 support for the topic by setting this issue attribute <period>SignatureVersion</period> to 2 utilizing the <a href=”https://aws.amazon.com/programmer/tools/” focus on=”_blank” rel=”noopener noreferrer”>AWS Software Growth Package (AWS SDK)</the>, or <a href=”https://aws.amazon.com/cli/” focus on=”_blank” rel=”noopener noreferrer”>AWS Command Range User interface (AWS CLI)</the>.</p>
<p>The next code example shows how exactly to set this issue attribute <period>SignatureVersion</period> utilizing the AWS CLI.</p>
<div course=”hide-language”>
<pre><code class=”lang-text”>aws sns set-topic-attributes
–topic-arn arn:aws:sns:us-west-2:123456789012:MyTopic
–attribute-name SignatureVersion
–attribute-value 2

 </code>          </pre>      
        </div>      
        <p>     The next code example exhibits how to established the      <span>     SignatureVersion     </span>      attribute utilizing the AWS SDK for Java.     </p>      
        <div class="hide-language">      
         <pre>          <code class="lang-text">     open public static void enableSHA256Help(SnsClient snsClient, String topicArn) 

 <pre>          <code>         try 

    SetTopicAttributesRequest demand = SetTopicAttributesRequest.builder()
        .attributeName("SignatureVersion")
        .attributeValue("2")
        .topicArn(topicArn)
        .build();

    SetTopicAttributesResponse outcome = snsClient.setTopicAttributes(request);
    System.out there.println("nnStatus was " + outcome.sdkHttpResponse().statusCode() + "nnTopic " + demand.topicArn()
        + " updated " + demand.attributeName() + " to " + demand.attributeValue());

 catch (SnsException e) 
    System.err.println(electronic.awsErrorDetails().errorMessage());


 </code>          </pre>     

 </code>          </pre>      
        </div>      
        <h2>     Conclusion     </h2>      
        <p>     Amazon SNS topic owners may enable message signatures predicated on SHA256 hashing now. In this article, you discovered choosing the hashing algorithm, either SHA1 or SHA256, for the SNS topic. To learn more, notice      <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html" target="_blank" rel="noopener noreferrer">     Verifying the signatures of Amazon SNS text messages     </a>      in the Amazon SNS Developer Guideline, and      <a href="https://docs.aws.amazon.com/sns/latest/api/API_SetTopicAttributes.html" target="_blank" rel="noopener noreferrer">     SetTopicAttributes     </a>      in the Amazon SNS API Reference.     </p>      
        <p>     For even more serverless understanding resources, go to      <a href="http://serverlessland.com/" target="_blank" rel="noopener noreferrer">     Serverless Property     </a>     .     </p>      
        <p>     When you have feedback concerning this post, submit remarks in the      <strong>     Comments     </strong>      area below. Should you have questions concerning this post,      <a title="contact AWS Support" href="https://console.aws.amazon.com/support/home" target="_blank" rel="noopener noreferrer">     get in touch with AWS Help     </a>     .     </p>      
        <p>          <strong>     Want more AWS Safety how-to content, information, and feature announcements? Stick to us on      <a title="Twitter" href="https://twitter.com/AWSsecurityinfo" target="_blank" rel="noopener noreferrer">     Twitter     </a>     .     </strong>     

 <pre>          <code>        &lt;!-- '"` --&gt; 
 </code>          </pre>