Bash script to convert AWS Secret Access Key to an Amazon SES SMTP password.

aws-ses-smtp-password.sh

#!/usr/bin/env bash
# Convert AWS Secret Access Key to an Amazon SES SMTP password
# using the following pseudocode:
#
#   key = AWS Secret Access Key;
#   message = "SendRawEmail";
#   versionInBytes = 0x02;
#   signatureInBytes = HmacSha256(message, key);
#   signatureAndVer = Concatenate(versionInBytes, signatureInBytes);
#   smtpPassword = Base64(signatureAndVer);
#
# Usage:
#   chmod u+x aws-ses-smtp-password.sh
#   ./aws-ses-smtp-password.sh secret-key-here
# See: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
#

if [ "$#" -ne 1 ]; then
  echo "Usage: ./aws-ses-smtp-password.sh secret-key-here"
  exit 1
fi

KEY="${1}"
MESSAGE="SendRawEmail"
VERSION_IN_BYTES=$(printf \\$(printf '%03o' "2"));
SIGNATURE_IN_BYTES=$(echo -n "${MESSAGE}" | openssl dgst -sha256 -hmac "${KEY}" -binary);
SIGNATURE_AND_VERSION="${VERSION_IN_BYTES}${SIGNATURE_IN_BYTES}"
SMTP_PASSWORD=$(echo -n "${SIGNATURE_AND_VERSION}" | base64);

echo "${SMTP_PASSWORD}"

how to use it ?

how to use it ?

"Usage: ./aws-ses-smtp-password.sh secret-key-here"`

it literally says so in the code comment

does this utility supports v4 version , its is not working and reports error

nested exception is javax.mail.AuthenticationFailedException: 535 Signature Version 2 is deprecated for use with SES from March 26, 2021. From that date on, we are progressively rejecting such requests. To resolve the issue, you must migrate to Signature Version 4. If you created your SMTP credentials in the SES Console, please create new credentials and replace the former ones. If you are deriving Signature Version 2 credentials from a IAM user, please start using the Signature Version 4 algorithm:

I did adapt this code to make it work with v4 signature, you can found it here : https://stackoverflow.com/questions/45653939/amazon-ses-535-authentication-credentials-invalid-trying-to-rotate-access-key