While building SNS-Twilio, I had to verify the signature of the SNS notification received by the application. Amazon SNS uses a X509 certificate to sign its messages, so on my end I had to load AWS’s public certificate, build the message, and verify that the provided signature was indeed valid.
Unless you want to fall back to
openssl and the
subprocess module, you will need to use the awesome
M2Crypto module. I spent some time playing with it and looking at other people’s attempts until I could do it right, so here it is:
Please do note that the public certificate is loaded from a string, and that AWS uses the
SHA1withRSA hashing algorithm.