Signature Does Not Match....

[oimken]

{"Recommend":"https://error-center.aliyun.com/status/search?Keyword=SignatureDoesNotMatch&source=PopGw","Message":"Specified signature is not matched with our calculation. server string to sign is:GET&%2F&AccessKeyId%.........%26Action%3DDescribeDomainRecords%26DomainName%3Dsaxsss.com%26Format%3DJSON%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D0a20241b9f5dbs706e7f933551c2140b%26SignatureVersion%3D1.0%26Timestamp%3D2018-05-31T05%253A47%253A56Z%26Version%3D2015-01-09","RequestId":"A80921C7-58E2-4AAD-9D7E-F3D8C10CD931","HostId":"alidns.aliyuncs.com","Code":"SignatureDoesNotMatch"}HttpCode:400

[h46incon]

检查一下 AccessKeyId 和 AccessKeySec 是否有误

[oimken]

无误。。有个 python版本 同样 AccessKeyId 和 AccessKeySec 是可以成功使用的。

[h46incon]

方便贴一下 debug 输出的 > Query String 吗？

[h46incon]

回复看到了。里面有些地方的 AccessKeyId 没去掉，我先帮你把评论删掉了，见谅。

[oimken]

谢谢。希望可以帮到你~

[h46incon]

我改了签名原串的生成方法，更加严谨一些。
如果还是报签名错误的话，检查下输出的 > String to Signed 是否和返回的一致。如果一致，那可能就是 216 行 openssl 的用法有什么坑了。

[oimken]

试了，还是不行，真是有坑。。。

关于openssl, 我是在mac上用的:

$ openssl version
OpenSSL 1.0.2o  27 Mar 2018

输出如下：

> time_stamp: 2018-06-02T14:18:52Z
> rand_num: f51dc3836bb78a6d378b45c406295356
> Query String: AccessKeyId=LTxxxxxxxxxxxADj&Action=DescribeDomainRecords&DomainName=mydomain.com&Format=JSON&SignatureMethod=HMAC-SHA1&SignatureNonce=f51dc3836bb78a6d378b45c406295356&SignatureVersion=1.0&Timestamp=2018-06-02T14%3A18%3A52Z&Version=2015-01-09
> String to Signed: GET&%2F&AccessKeyId%3DLTxxxxxxxxxxxADj%26Action%3DDescribeDomainRecords%26DomainName%3Dmydomain.com%26Format%3DJSON%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3Df51dc3836bb78a6d378b45c406295356%26SignatureVersion%3D1.0%26Timestamp%3D2018-06-02T14%253A18%253A52Z%26Version%3D2015-01-09
> Request addr: alidns.aliyuncs.com/?Format=JSON&Version=2015-01-09&AccessKeyId=LTxxxxxxxxxxxADj&SignatureMethod=HMAC-SHA1&SignatureVersion=1.0&Timestamp=2018-06-02T14%3A18%3A52Z&SignatureNonce=f51dc3836bb78a6d378b45c406295356&Action=DescribeDomainRecords&DomainName=mydomain.com&Signature=xlJ4EdgCOlAGQ6ke5t1tcgFx554%3D
{"Recommend":"https://error-center.aliyun.com/status/search?Keyword=SignatureDoesNotMatch&source=PopGw","Message":"Specified signature is not matched with our calculation. server string to sign is:GET&%2F&AccessKeyId%3DLTxxxxxxxxxxxADj%26Action%3DDescribeDomainRecords%26DomainName%3Dmydomain.com%26Format%3DJSON%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3Df51dc3836bb78a6d378b45c406295356%26SignatureVersion%3D1.0%26Timestamp%3D2018-06-02T14%253A18%253A52Z%26Version%3D2015-01-09","RequestId":"9654F37F-95FB-416E-A51B-F78813AB99A8","HostId":"alidns.aliyuncs.com","Code":"SignatureDoesNotMatch"}HttpCode:400

[h46incon]

OSX 的机器不好找，我找了台装了 LibreSSL 2.2.7 的机器，运行是没问题的。

[jupitersundev]

把216行的 echo 改为 /bin/echo 试试。我这样改了以后就ok了。

(受这篇文章启发：https://blog.csdn.net/github_33873969/article/details/77728017 )

[h46incon]

@Sunliming 感谢告知，我修改了下。
@oimken 试一下？

[JJJJJJJerk]

{"Recommend":"https://error-center.aliyun.com/status/search?Keyword=SignatureDoesNotMatch&source=PopGw","Message":"Specified signature is not matched with our calculation. server string to sign is:GET&%2F&AccessKeyId%.........%26Action%3DDescribeDomainRecords%26DomainName%3Dsaxsss.com%26Format%3DJSON%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D0a20241b9f5dbs706e7f933551c2140b%26SignatureVersion%3D1.0%26Timestamp%3D2018-05-31T05%253A47%253A56Z%26Version%3D2015-01-09","RequestId":"A80921C7-58E2-4AAD-9D7E-F3D8C10CD931","HostId":"alidns.aliyuncs.com","Code":"SignatureDoesNotMatch"}HttpCode:400

我也是放回这个错误, 我的系统是树莓派 rasberry pi3b
uname -a

Linux homePi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux

pi@homePi:~ $ ./ali_ddns.sh 
> My IP: 58.48.225.239
./ali_ddns.sh: 138: [: home: unexpected operator
> Current Domain IP: 111.175.34.59
./ali_ddns.sh: 262: [: 58.48.225.239: unexpected operator
> time_stamp: 2019-04-18T15:44:35Z
> rand_num: b5e7786ca640f9d938baec7e66129ec4

pi@homePi:~ $ bash ali_ddns.sh 
> My IP: 58.48.225.239
> Current Domain IP: 111.175.34.59
> time_stamp: 2019-04-18T15:45:00Z
> rand_num: 4a4858c236d7425d7c17c247737fcc33
> Query String: AccessKeyId=RJ87svfbREW2YGpZ&Action=UpdateDomainRecord&Format=JSON&RR=home&RecordId=00000&SignatureMethod=HMAC-SHA1&SignatureNonce=4a4858c236d7425d7c17c247737fcc33&SignatureVersion=1.0&Timestamp=2019-04-18T15%3A45%3A00Z&Type=A&Value=58.48.225.239&Version=2015-01-09
> String to Signed: GET&%2F&AccessKeyId%3DRJ87svfbREW2YGpZ%26Action%3DUpdateDomainRecord%26Format%3DJSON%26RR%3Dhome%26RecordId%3D00000%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D4a4858c236d7425d7c17c247737fcc33%26SignatureVersion%3D1.0%26Timestamp%3D2019-04-18T15%253A45%253A00Z%26Type%3DA%26Value%3D58.48.225.239%26Version%3D2015-01-09
> Request addr: alidns.aliyuncs.com/?Format=JSON&Version=2015-01-09&AccessKeyId=RJ87svfbREW2YGpZ&SignatureMethod=HMAC-SHA1&SignatureVersion=1.0&Timestamp=2019-04-18T15%3A45%3A00Z&SignatureNonce=4a4858c236d7425d7c17c247737fcc33&Action=UpdateDomainRecord&RR=home&RecordId=00000&Type=A&Value=58.48.225.239&Signature=rf2Y4WYHF0dvXsiYWgWYbR9fipE%3D
{"RequestId":"4D7CD224-D445-4BC5-BD4A-2C7B2F100F72","HostId":"alidns.aliyuncs.com","Code":"DomainRecordNotBelongToUser","Message":"The DNS record does not exist in your account."}HttpCode:400
pi@homePi:~ $ 

[h46incon]

{"Recommend":"https://error-center.aliyun.com/status/search?Keyword=SignatureDoesNotMatch&source=PopGw","Message":"Specified signature is not matched with our calculation. server string to sign is:GET&%2F&AccessKeyId%.........%26Action%3DDescribeDomainRecords%26DomainName%3Dsaxsss.com%26Format%3DJSON%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D0a20241b9f5dbs706e7f933551c2140b%26SignatureVersion%3D1.0%26Timestamp%3D2018-05-31T05%253A47%253A56Z%26Version%3D2015-01-09","RequestId":"A80921C7-58E2-4AAD-9D7E-F3D8C10CD931","HostId":"alidns.aliyuncs.com","Code":"SignatureDoesNotMatch"}HttpCode:400

我也是放回这个错误, 我的系统是树莓派 rasberry pi3b
uname -a

Linux homePi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux

pi@homePi:~ $ ./ali_ddns.sh 
> My IP: 58.48.225.239
./ali_ddns.sh: 138: [: home: unexpected operator
> Current Domain IP: 111.175.34.59
./ali_ddns.sh: 262: [: 58.48.225.239: unexpected operator
> time_stamp: 2019-04-18T15:44:35Z
> rand_num: b5e7786ca640f9d938baec7e66129ec4

pi@homePi:~ $ bash ali_ddns.sh 
> My IP: 58.48.225.239
> Current Domain IP: 111.175.34.59
> time_stamp: 2019-04-18T15:45:00Z
> rand_num: 4a4858c236d7425d7c17c247737fcc33
> Query String: AccessKeyId=RJ87svfbREW2YGpZ&Action=UpdateDomainRecord&Format=JSON&RR=home&RecordId=00000&SignatureMethod=HMAC-SHA1&SignatureNonce=4a4858c236d7425d7c17c247737fcc33&SignatureVersion=1.0&Timestamp=2019-04-18T15%3A45%3A00Z&Type=A&Value=58.48.225.239&Version=2015-01-09
> String to Signed: GET&%2F&AccessKeyId%3DRJ87svfbREW2YGpZ%26Action%3DUpdateDomainRecord%26Format%3DJSON%26RR%3Dhome%26RecordId%3D00000%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3D4a4858c236d7425d7c17c247737fcc33%26SignatureVersion%3D1.0%26Timestamp%3D2019-04-18T15%253A45%253A00Z%26Type%3DA%26Value%3D58.48.225.239%26Version%3D2015-01-09
> Request addr: alidns.aliyuncs.com/?Format=JSON&Version=2015-01-09&AccessKeyId=RJ87svfbREW2YGpZ&SignatureMethod=HMAC-SHA1&SignatureVersion=1.0&Timestamp=2019-04-18T15%3A45%3A00Z&SignatureNonce=4a4858c236d7425d7c17c247737fcc33&Action=UpdateDomainRecord&RR=home&RecordId=00000&Type=A&Value=58.48.225.239&Signature=rf2Y4WYHF0dvXsiYWgWYbR9fipE%3D
{"RequestId":"4D7CD224-D445-4BC5-BD4A-2C7B2F100F72","HostId":"alidns.aliyuncs.com","Code":"DomainRecordNotBelongToUser","Message":"The DNS record does not exist in your account."}HttpCode:400
pi@homePi:~ $ 

"Code":"DomainRecordNotBelongToUser","Message":"The DNS record does not exist in your account."

这是设置的域名有问题吧？烦请对着ReadMe检查下。

[fraee]

作者好！我用的树莓派4b，报同样的错误

pi@raspberrypi:~/ddns $ uname -a
Linux raspberrypi 4.19.97-v7l+ #1294 SMP Thu Jan 30 13:21:14 GMT 2020 armv7l GNU/Linux

pi@raspberrypi:~/ddns $ ./aliyundns.sh 
> My IP: 114.240.xxx.xx
> Current Domain IP: 114.253.xx.xx
> time_stamp: 2020-04-02T06:54:02Z
> rand_num: bbf24824e3e2ead6f3a7767eaa078a2c
> Query String: AccessKeyId=LTAI4FquaQ9kKhgdpUoHF&Action=UpdateDomainRecord&Format=JSON&RecordId=192973328454048&RR=h&SignatureMethod=HMAC-SHA1&SignatureNonce=bbf24824e3e2ead6f367eaa078a2c&SignatureVersion=1.0&Timestamp=2020-04-02T06%3A54%3A02Z&Type=A&Value=114.240.226.21&Version=2015-01-09
> String to Signed: GET&%2F&AccessKeyId%3DLTAI4FquaQ9kKhgdpou2THF%26Action%3DUpdateDomainRecord%26Format%3DJSON%26RecordId%3D1929733245442048%26RR%3Dh%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3Dbbf24824e3e2ead6f37767eaa078a2c%26SignatureVersion%3D1.0%26Timestamp%3D2020-04-02T06%253A54%253A02Z%26Type%3DA%26Value%3D114.240.226.21%26Version%3D2015-01-09
> Request addr: alidns.aliyuncs.com/?Format=JSON&Version=2015-01-09&AccessKeyId=LTAI4FquQkKhgdpUou2THF&SignatureMethod=HMAC-SHA1&SignatureVersion=1.0&Timestamp=2020-04-02T06%3A54%3A02Z&SignatureNonce=bbf24824e3e2ead6f3a7767eaa078a2c&Action=UpdateDomainRecord&RR=h&RecordId=19297332845442048&Type=A&Value=114.240.226.21&Signature=lX8N9CNuLqB6pyMjj%2B3syMSMg%3D
{"RequestId":"B464D69F-FAEE-4135-B2B8-2A0312FF88CA","Message":"Specified signature is not matched with our calculation. server string to sign is:GET&%2F&AccessKeyId%3DLTAI4Fqu9kKhgdpUou2THF%26Action%3DUpdateDomainRecord%26Format%3DJSON%26RR%3Dh%26RecordId%3D19297332845442048%26SignatureMethod%3DHMAC-SHA1%26SignatureNonce%3Dbbf24824e3e2d6f3a7767eaa078a2c%26SignatureVersion%3D1.0%26Timestamp%3D2020-04-02T06%253A54%253A02Z%26Type%3DA%26Value%3D114.240.226.21%26Version%3D2015-01-09","Recommend":"https://error-center.aliyun.com/status/search?Keyword=SignatureDoesNotMatch&source=PopGw","HostId":"alidns.aliyuncs.com","Code":"SignatureDoesNotMatch"}HttpCode:400

[fraee]

同样的脚本在macos上可以执行，树莓派4b出问题

[mjysci]

和 @fraee 的情况类似。同样的脚本在x86上更新成功，树莓派4b报错"Specified signature is not matched with our calculation."。
对比了两边的输出，String to Signed和Request addr中，除了应该不一样的内容：SignatureNonce和Timestamp（后者还有Signature），其他都一致。
两边执行同样的命令：

/bin/echo -n "testid" | openssl dgst -binary -sha1 -hmac "testsecret&" | openssl enc -base64

生成的编码一致，故应该不是openssl的问题。

另外，两个系统的时间是一致的。

[h46incon]

和 @fraee 的情况类似。同样的脚本在x86上更新成功，树莓派4b报错"Specified signature is not matched with our calculation."。
对比了两边的输出，String to Signed和Request addr中，除了应该不一样的内容：SignatureNonce和Timestamp（后者还有Signature），其他都一致。
两边执行同样的命令：

/bin/echo -n "testid" | openssl dgst -binary -sha1 -hmac "testsecret&" | openssl enc -base64

生成的编码一致，故应该不是openssl的问题。

另外，两个系统的时间是一致的。

String to Signed 一致，Sign 不一致就恰好说明是 openssl 的问题了，String to Signed 是脚本计算的，Sign 是使用 openssl 算的。

[mjysci]

String to Signed 一致，Sign 不一致就恰好说明是 openssl 的问题了，String to Signed 是脚本计算的，Sign 是使用 openssl 算的。

不过以下命令在两个系统中的输出一致：

/bin/echo -n "testid" | openssl dgst -binary -sha1 -hmac "testsecret&" | openssl enc -base64

另一个用到openssl的地方是随机数生成SignatureNonce，这个只要不重复就行了。

附openssl版本：
arm: 1.1.1d-0+deb10u3+rpt1
x86: 1.1.1-1ubuntu2.1~18.04.6