{"id":9449,"library":"alibabacloud-darabonba-signature-util","title":"Darabonba Signature Utility","description":"The `alibabacloud-darabonba-signature-util` library, version 0.0.4, is a low-level utility component of the Alibaba Cloud Python SDK ecosystem. It provides essential cryptographic functions for signing requests, including HMAC-SHA1 and HMAC-SHA256, and base64 encoding, based on the Darabonba framework. It's primarily designed for internal use by other Alibaba Cloud SDK modules rather than direct end-user application. The library currently has an infrequent release cadence, with the last significant update being over a year ago.","status":"active","version":"0.0.4","language":"en","source_language":"en","source_url":"https://github.com/aliyun/darabonba-crypto-util","tags":["Alibaba Cloud","Darabonba","Signature","Cryptography","Utility","SDK"],"install":[{"cmd":"pip install alibabacloud-darabonba-signature-util","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"note":"The actual Python package name installed by pip (`alibabacloud-darabonba-signature-util`) provides the module `alibabacloud_darabonba_signature_util_py`.","wrong":"from alibabacloud.darabonba.signature_util import Darabonba_SignatureUtil","symbol":"Darabonba_SignatureUtil","correct":"from alibabacloud_darabonba_signature_util_py.util import Darabonba_SignatureUtil"}],"quickstart":{"code":"import os\nimport base64\nfrom alibabacloud_darabonba_signature_util_py.util import Darabonba_SignatureUtil\n\n# These credentials would typically be loaded securely, e.g., from environment variables\naccess_key_id = os.environ.get(\"ALIBABA_CLOUD_ACCESS_KEY_ID\", \"YOUR_ACCESS_KEY_ID\")\naccess_key_secret = os.environ.get(\"ALIBABA_CLOUD_ACCESS_KEY_SECRET\", \"YOUR_ACCESS_KEY_SECRET\")\n\n# Example string to sign, often a canonicalized HTTP request string\nstring_to_sign = \"GET\\n\\n\\n1442129102\\n/oss/\"\n\n# The signing functions expect bytes, so convert strings to utf-8 bytes\ntry:\n    signed_bytes_sha1 = Darabonba_SignatureUtil.get_h_macsha1(\n        bytes(string_to_sign, 'utf-8'),\n        bytes(access_key_secret, 'utf-8')\n    )\n    signature_sha1 = base64.b64encode(signed_bytes_sha1).decode('utf-8')\n\n    signed_bytes_sha256 = Darabonba_SignatureUtil.get_h_macsha256(\n        bytes(string_to_sign, 'utf-8'),\n        bytes(access_key_secret, 'utf-8')\n    )\n    signature_sha256 = base64.b64encode(signed_bytes_sha256).decode('utf-8')\n\n    print(f\"String to Sign: '{string_to_sign}'\")\n    print(f\"HMAC-SHA1 Signature (Base64 Encoded): {signature_sha1}\")\n    print(f\"HMAC-SHA256 Signature (Base64 Encoded): {signature_sha256}\")\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\n    print(\"Please ensure ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET are set.\")","lang":"python","description":"This quickstart demonstrates how to use `Darabonba_SignatureUtil` to sign a string using HMAC-SHA1 and HMAC-SHA256, which are common requirements for authenticating requests to cloud services. It highlights the critical step of converting input strings to UTF-8 bytes before passing them to the signing functions, and then base64 encoding the resulting signature bytes."},"warnings":[{"fix":"Always use `from alibabacloud_darabonba_signature_util_py.util import Darabonba_SignatureUtil`.","message":"The actual Python module name for imports (`alibabacloud_darabonba_signature_util_py`) differs from the PyPI package name (`alibabacloud-darabonba-signature-util`). Forgetting this can lead to `ModuleNotFoundError`.","severity":"gotcha","affected_versions":"All versions (0.0.1+)"},{"fix":"Convert strings to bytes using `bytes(my_string, 'utf-8')` before passing them to signing functions.","message":"Signing functions like `get_h_macsha1` and `get_h_macsha256` expect `bytes` objects for both the string to sign and the secret key, not standard Python `str` objects. Passing `str` will result in a `TypeError`.","severity":"gotcha","affected_versions":"All versions (0.0.1+)"},{"fix":"Prefer using higher-level SDK functions for authentication if available, or consult security experts if implementing custom signing logic.","message":"This library provides low-level cryptographic primitives. It is primarily an internal component of the Alibaba Cloud SDK. Direct use by end-users for custom security implementations should be done with extreme caution, as incorrect usage of raw crypto can lead to severe security vulnerabilities.","severity":"gotcha","affected_versions":"All versions (0.0.1+)"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Change the import statement to `from alibabacloud_darabonba_signature_util_py.util import Darabonba_SignatureUtil`.","cause":"Incorrect import path used; the Python module name does not directly match the PyPI package name structure.","error":"ModuleNotFoundError: No module named 'alibabacloud.darabonba.signature_util'"},{"fix":"Ensure all string inputs (string to sign, secret key) are converted to UTF-8 bytes using `bytes(my_string, 'utf-8')` before passing them to the signing functions.","cause":"The signing functions (`get_h_macsha1`, `get_h_macsha256`) were called with `str` objects instead of `bytes` objects.","error":"TypeError: expected bytes, str found"}]}