{"id":29482174,"url":"https://github.com/amwolff/awsig","last_synced_at":"2026-07-02T18:32:52.662Z","repository":{"id":301215622,"uuid":"1000373610","full_name":"amwolff/awsig","owner":"amwolff","description":"A Go library for server-side verification of AWS Signature Version 4 \u0026 2 for AWS clones.","archived":false,"fork":false,"pushed_at":"2026-04-27T20:52:42.000Z","size":167,"stargazers_count":2,"open_issues_count":1,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-23T01:24:24.720Z","etag":null,"topics":["aws","go","golang","sigv4"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amwolff.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-11T17:19:18.000Z","updated_at":"2026-05-02T13:09:15.000Z","dependencies_parsed_at":"2025-08-18T15:12:08.518Z","dependency_job_id":"777c4d77-dd3e-4ac6-8187-14555776ffd8","html_url":"https://github.com/amwolff/awsig","commit_stats":null,"previous_names":["amwolff/awsig"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/amwolff/awsig","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amwolff%2Fawsig","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amwolff%2Fawsig/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amwolff%2Fawsig/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amwolff%2Fawsig/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amwolff","download_url":"https://codeload.github.com/amwolff/awsig/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amwolff%2Fawsig/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35059245,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-02T02:00:06.368Z","response_time":173,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","go","golang","sigv4"],"created_at":"2025-07-15T01:20:31.564Z","updated_at":"2026-07-02T18:32:52.647Z","avatar_url":"https://github.com/amwolff.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"awsig is a Go library implementing server-side verification of AWS\nSignature Version 4 (SigV4) and AWS Signature Version 2 (SigV2) meant\nfor building AWS-compatible services.\n\n## compatibility\n\n|       | regular signed requests | UNSIGNED-PAYLOAD | STREAMING-UNSIGNED-PAYLOAD-TRAILER | STREAMING-AWS4-HMAC-SHA256-PAYLOAD | STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER | STREAMING-AWS4-ECDSA-P256-SHA256-PAYLOAD | STREAMING-AWS4-ECDSA-P256-SHA256-PAYLOAD-TRAILER | presigned | presigned (POST) |\n|:-----:|:-----------------------:|:----------------:|:----------------------------------:|:----------------------------------:|:------------------------------------------:|:----------------------------------------:|:------------------------------------------------:|:---------:|:----------------:|\n| SigV2 |            ✓            |        n/a       |                 n/a                |                 n/a                |                     n/a                    |                    n/a                   |                        n/a                       |     ✓     |         ✓        |\n| SigV4 |            ✓            |         ✓        |                  ✓                 |                  ✓                 |                      ✓                     |              _unimplemented_             |                  _unimplemented_                 |     ✓     |         ✓        |\n\nThis package was written with S3 and certain security and performance\ncharacteristics in mind, but it should work for other service clones as\nwell.\n\n### TODO\n\n- [x] verify the returned errors (error codes) with the real AWS (preferably S3) or a close clone, like Ceph\n- [ ] do shallow test runs with all publicly available AWS SDKs\n    - [ ] SDKs act differently with and without TLS and with different checksum options\n\n## example usage\n\n```go\npackage …\n\nimport (\n\t…\n\t\"github.com/amwolff/awsig\"\n)\n\n// (1) Implement awsig.CredentialsProvider:\ntype MyCredentialsProvider struct {\n\tsecretAccessKeys map[string]string\n}\n\nfunc (p *MyCredentialsProvider) Provide(ctx context.Context, accessKeyID string) (secretAccessKey string, _ error) {\n\tsecretAccessKey, ok := p.secretAccessKeys[accessKeyID]\n\tif !ok {\n\t\treturn \"\", awsig.ErrInvalidAccessKeyID\n\t}\n\treturn secretAccessKey, nil\n}\n\nfunc NewMyCredentialsProvider() *MyCredentialsProvider {\n\treturn \u0026MyCredentialsProvider{\n\t\tsecretAccessKeys: map[string]string{\n\t\t\t\"AKIAIOSFODNN7EXAMPLE\": \"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\",\n\t\t},\n\t}\n}\n\n// (2) Create a combined V2/V4 verifier for S3 in us-east-1.\n// You can also create a standalone V2-only or V4-only verifier:\nv2v4 := awsig.NewV2V4(NewMyCredentialsProvider(), awsig.V4Config{\n\tRegion:  \"us-east-1\",\n\tService: \"s3\",\n})\n\nfunc …(w http.ResponseWriter, r *http.Request) {\n\t// (3) Verify the incoming request:\n\tvr, err := v2v4.Verify(r, \"virtual-hosted-bucket-indication-for-v2\")\n\tif err != nil {\n\t\t…\n\t}\n\t// (4) If the request is a multipart/form-data POST, you can access the parsed form values:\n\tform := vr.PostForm()\n\t//\n\t// Important: if you intend to read the body, use vr.Reader() instead of r.Body.\n\t//\n\t// (5) Declare which checksums you want to be verified/computed:\n\tsha1Req, err := awsig.NewChecksumRequest(awsig.AlgorithmSHA1, \"ziEPrgmMDfQDTAAAQZuYfMjU4uc=\")\n\tif err != nil {\n\t\t…\n\t}\n\tcrc32Req, err := awsig.NewTrailingChecksumRequest(awsig.AlgorithmCRC32)\n\tif err != nil {\n\t\t…\n\t}\n\t// (6) Read the body. Notes:\n\t//\n\t// - requested checksums are verified automatically\n\t// - if the request includes a trailing checksum header, at least one checksum must be requested\n\t// - if not explicitly requested:\n\t//   - MD5 is always computed and available after reading\n\t//   - SHA256 is computed and available after reading, depending on the request type\n\tbody, err := vr.Reader(sha1Req, crc32Req)\n\tif err != nil {\n\t\t…\n\t}\n\n\t_, err = io.Copy(…, body) // copy or do something else with the body\n\tif err != nil {\n\t\t…\n\t}\n\n\t// (7) Access computed/verified checksums as needed:\n\tchecksums, err := body.Checksums()\n\tif err != nil {\n\t\t…\n\t}\n\tfor algo, sum := range checksums {\n\t\tlog.Printf(\"%s: %x\", algo, sum)\n\t}\n\n\t// Perform additional application logic as needed…\n}\n```\n\nA complete working example can be found in `awsig_test.go` (`Example`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famwolff%2Fawsig","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famwolff%2Fawsig","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famwolff%2Fawsig/lists"}