If you want to use ApsaraMQ for MQTT you can obtain a signature based on the signature calculation method described in this topic, and then check whether the calculated signature is correct in the apsaravideo for VOD console.
Signature calculation method
Follow Authentication overview if signature verification is selected, when the MQTT client connects to the MQTT message server, connect the Username and Password must be set according to the specifications agreed in this article. The specific settings and calculation methods are as follows.
- Username
The Username parameter consists of the authentication mode, AccessKeyId, and InstanceId, which are separated by vertical bar (|). Set authentication to Signature.
For example, if the Client ID is GID_Test @, the instance ID used is none, and the accesskey ID used is yyyyyyy, the UserName for the signature authentication mode must be set to Signature|YYYYY|mqtt-xxxxx.
For more information about Client IDs, see Terms.
- Password
The Password parameter indicates the result of client ID signing. The calculation method is as follows:
For example, the Client ID of a Client is GID_Test @, and the certificate used is XXXXX.
With XXXXX as the key, use the signature method to treat the signature string GID_Test @ to calculate the signature to obtain a binary array, and then perform Base64 encoding on the binary array to obtain the final Password signature string.
Each language provides a function library to support the implementation of HMAC-SHA1 algorithms. You can also refer to message Queue for MQTT uses the signature mode to send and receive messages Username and Password parameters in the sample code of.
To verify the signature using the console
ApsaraMQ for MQTT Console A signature calculation tool is provided to help you check whether your signature calculation is correct.
- Login ApsaraMQ for MQTT console from the top navigation bar, select a Region.
- In the left-side navigation pane, choose signature Verification.
- In signature Verification page, enter the AccessKeyId, AccessKeySecret, and Client ID of the account that is used by the program, and click signature calculation in this way, you can obtain the Username and Password parameters that need to be set in the program.
The tool uses only frontend JavaScript of the browser for calculation and does not transmit AccessKeySecret to ApsaraMQ for RocketMQ backend, so there is no need to worry about the risk of AccessKeySecret leakage. In the actual situation, the tool is only used by the console for troubleshooting and data comparison.
Calculate the signature on the MQTT client. Alternatively, calculate on the MQTT broker and then send the result to the MQTT client for security purposes.