Obtaining Amazon SES SMTP credentials by converting AWS credentials in Bash.
Using Debian Wheezy
Install OpenSSL and git:
# apt-get update && apt-get install openssl git
Get a bash SES SMTP converter from GitHub:
$ git clone https://github.com/lisenet/aws-scripts.git
Change to folder and make the script executable:
$ cd ./aws-scripts $ chmod u+x ./ses-smtp-conv.sh
Convert an IAM secret access key to a SES SMTP password:
$ ./ses-smtp-conv.sh AWSAccessKeyID AWSSecretAccessKey
Where AWSAccessKeyID is your AWS access key ID and AWSSecretAccessKey is your AWS secret access key.
Bash Code That Does All the Magic
IAMSECRET="$2"; MSG="SendRawEmail"; VerInBytes="2"; VerInBytes=$(printf \\$(printf '%03o' "$VerInBytes")); SignInBytes=$(echo -n "$MSG"|openssl dgst -sha256 -hmac "$IAMSECRET" -binary); SignAndVer=""$VerInBytes""$SignInBytes""; SmtpPass=$(echo -n "$SignAndVer"|base64);
Thanks Tomas, this helped me a lot!
You’re welcome Mark!
Hi, is it possible to change the aws_secret_key into a smaller string?
Your aws_secret_key will be whatever Amazon gives you.
how to reverse this?
In this case OpenSSL hashes a string from standard input using HMAC-SHA256 with its output in binary form (no ASCII or encoded characters printed). SHA256 and HMAC are a MAC/keyed hash, not a cipher, they are not designed to be decrypted. It is possible to retrieve binary data though if you decoded the base64 string.
This is no longer how it works. The new algorithm (v4) incorporates the region into the SMTP password. There is a perl script to do the conversion on this page (“Obtaining Amazon SES SMTP credentials by converting existing AWS credentials”) :
https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html
Thanks! I think you meant a Python script, not Perl.
is this still working?