I have an iPhone application I’ve been using for some time that uses ASIHTTPRequest to upload videos to a bucket on Amazon S3. It has been functioning well without any problems. Recently, we decided to make use of the new “server-side encryption” that Amazon has implemented. This allows you to tell Amazon’s server to encrypt files that have been posted to a bucket automatically by including an additional HTTP request header.

I have added a single line of code to my application to implement this, but now my Amazon uploads are failing. The specific error message that is appearing is:

“The request signature we calculated does not match the signature you provided. Check your key and signing method.”

The name of the bucket I am using conforms to Amazon’s naming standards, so I am confident that is not the issue. I am also confident that the secret and public keys I am using are correct.

It would appear that adding this header is somehow breaking the signature calculation, I am assuming because it is being included in the calculation on one side of the transmission but not the other.

Am I doing this incorrectly? Or is this a bug in ASIHTTPRequest?

Here is my code for reference:

[ASIS3Request setSharedSecretAccessKey:@"mysecretkey"];
[ASIS3Request setSharedAccessKey:@"myaccesskey"];

NSString *bucketPath = [NSString stringWithFormat:@"mypath/filename"];

ASIS3ObjectRequest *request = [ASIS3ObjectRequest PUTRequestForFile:filepath withBucket:@"my-bucket" key:bucketPath];

// If the following line is commented, the upload completes successfully
[request addRequestHeader:@"x-amz-server-side-encryption" value:@"AES256"];
////

request.requestScheme = ASIS3RequestSchemeHTTPS;
[request setShouldContinueWhenAppEntersBackground:YES];
[request startSynchronous];

if ([request error])
{
  // The error messag is being displayed here
  NSLog(@"xmit error: [%@]",[[request error] localizedDescription]);
}