Convert IAM Secret Access Key to SES SMTP Password in Bash

Obtaining Amazon SES SMTP credentials by converting AWS credentials in Bash.

Using Debian Wheezy

Install OpenSSL and git:

# apt-get update && apt-get install openssl git

Get a bash SES SMTP converter from GitHub:

$ git clone https://github.com/lisenet/aws-scripts.git

Change to folder and make the script executable:

$ cd ./aws-scripts
$ chmod u+x ./ses-smtp-conv.sh

Convert an IAM secret access key to a SES SMTP password:

$ ./ses-smtp-conv.sh AWSAccessKeyID AWSSecretAccessKey

Where AWSAccessKeyID is your AWS access key ID and AWSSecretAccessKey is your AWS secret access key.

Bash Code That Does All the Magic

IAMSECRET="$2";
MSG="SendRawEmail";
VerInBytes="2";
VerInBytes=$(printf \\$(printf '%03o' "$VerInBytes"));

SignInBytes=$(echo -n "$MSG"|openssl dgst -sha256 -hmac "$IAMSECRET" -binary);
SignAndVer=""$VerInBytes""$SignInBytes"";
SmtpPass=$(echo -n "$SignAndVer"|base64);

9 thoughts on “Convert IAM Secret Access Key to SES SMTP Password in Bash

    • In this case OpenSSL hashes a string from standard input using HMAC-SHA256 with its output in binary form (no ASCII or encoded characters printed). SHA256 and HMAC are a MAC/keyed hash, not a cipher, they are not designed to be decrypted. It is possible to retrieve binary data though if you decoded the base64 string.

Leave a Reply

Your email address will not be published. Required fields are marked *