This topic describes how to calculate signatures and verify signatures in the console when signature authentication is used by Message Queue for MQTT.

Calculate signatures

If signature authentication is used, in the connect message that the Message Queue for MQTT client sends for connecting to the Message Queue for MQTT broker, the Username and Password parameters must be set based on the specifications described in this topic. For more information, see Authentication overview. The following information describes the setting and calculation methods:

  • Username

    The Username parameter consists of the authentication mode, AccessKey ID, and instance ID, which are separated with vertical bars (|). The authentication mode is set to Signature in signature authentication mode.

    For example, if a Message Queue for MQTT client whose client ID is GID_Test@@@0001 uses the instance ID mqtt-xxxxx and the AccessKey ID YYYYY, the Username parameter for connecting this Message Queue for MQTT client must be set to Signature|YYYYY|mqtt-xxxxx.

    For more information about client IDs, see Terms.

  • Password

    The Password parameter indicates the result of client ID signing. The following information describes the calculation method:

    For example, the Message Queue for MQTT client whose client ID is GID_Test@@@0001 uses the AccessKey secret XXXXX.

    Calculate the signature of the string-to-sign GID_Test@@@0001 by using HMAC SHA-1 to obtain a binary array. The AccessKey secret XXXXX is used as the key for the HMAC calculation. Encode the binary array in Base64 to obtain the final signature string Password.

    Function libraries are available for the implementation of the HMAC SHA-1 algorithm in different languages. You can search for one as required. For more information, see Username and Password settings in sample code in Send and receive messages.

Verify signatures in the console

The Message Queue for MQTT console provides the signature calculation tool, allowing you to verify your signature calculation.

  1. Log on to the Message Queue for MQTT console and select a region in the top navigation bar.
  2. In the left-side navigation pane, click Signature Verification.
  3. On the Signature Verification page, set Signature Content, Access Key, and Secret Key, and click Calculate Signature to obtain the Username and Password parameters to be set in the application.console_signature_tool
Note

The tool uses only frontend JavaScript of the web browser for calculation and does not transmit the AccessKey secret to the backend of Message Queue for Apache RocketMQ, removing the risk of AccessKey secret disclosure. In the actual situation, the tool is only used by the console for troubleshooting and data comparison.

Calculate the signature on the Message Queue for MQTT client. Alternatively, calculate on the Message Queue for MQTT broker and then send the result to the Message Queue for MQTT client for security purposes.