amazon s3 - Download private file from S3 using bash

Question

I am trying to get the following bash script to work (copied from http://curl.haxx.se/mail/archive-2014-10/0006.html#replies):

#!/bin/sh 
file=path/to/file 
bucket=your-bucket 
resource="/${bucket}/${file}" 
contentType="application/x-compressed-tar" 
dateValue="`date +'%a, %d %b %Y %H:%M:%S %z'`" 
stringToSign="GET 
${contentType} 
${dateValue} 
${resource}" 
s3Key=xxxxxxxxxxxxxxxxxxxx 
s3Secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
signature=`/bin/echo -n "$stringToSign" | openssl sha1 -hmac ${s3Secret} -binary |      base64` 
curl -H "Host: ${bucket}.s3.amazonaws.com" 
-H "Date: ${dateValue}" 
-H "Content-Type: ${contentType}"  
-H "Authorization: AWS ${s3Key}:${signature}"  
https://${bucket}.s3.amazonaws.com/${file}

I am getting a SignatureDoesNotMatch error no matter what I do.

Any ideas on how to fix this will be greatly appreciated.

Answer 1

After way too much time spent on this I finally got it to work:

This line:

signature=`/bin/echo -n "$stringToSign" | openssl sha1 -hmac ${s3Secret} -binary | base64`

is missing an 'e':

signature=`/bin/echo -en "$stringToSign" | openssl sha1 -hmac ${s3Secret} -binary | base64`

In other words, characters weren't being escaped before the string was signed.

As an aside, I also learned that for get requests, the content type is meaningless.