The signing function is as follows,
$sig = base64_encode(hash_hmac('sha256', "{$method}\n{$server}\n{$uri}\n{$query_string}", MY_PRIVATE_KEY, true));
$signature = str_replace("%7E", "~", rawurlencode($sig));
How can I deduce MY_PRIVATE_KEY, when I have all these parts
{$method}\n{$server}\n{$uri}\n{$query_string}
and $signature
, if possible at all?
You can't.*
*
except with massive pools of servers to run a cracking operation. As this quora answer states when talking about SHA256, "If this is the case, your MacBook Pro will have dissipated into nothingness as part of the heat death of the universe before it finishes cracking that password".