diff --git a/keystone/contrib/s3/core.py b/keystone/contrib/s3/core.py
index 3c1eddc977..a71bcdc624 100644
--- a/keystone/contrib/s3/core.py
+++ b/keystone/contrib/s3/core.py
@@ -108,17 +108,15 @@ class S3Controller(controllers.Ec2Controller):
         """
         parts = string_to_sign.split(b'\n')
         if len(parts) != 4 or parts[0] != b'AWS4-HMAC-SHA256':
-            raise exception.Unauthorized(
-                message=_('Invalid EC2 signature.'))
+            raise exception.Unauthorized(message=_('Invalid EC2 signature.'))
         scope = parts[2].split(b'/')
         if len(scope) != 4 or scope[2] != b's3' or scope[3] != b'aws4_request':
-            raise exception.Unauthorized(
-                message=_('Invalid EC2 signature.'))
+            raise exception.Unauthorized(message=_('Invalid EC2 signature.'))
 
         def _sign(key, msg):
             return hmac.new(key, msg, hashlib.sha256).digest()
 
-        signed = _sign(six.b('AWS4' + secret_key), scope[0])
+        signed = _sign(('AWS4' + secret_key).encode('utf-8'), scope[0])
         signed = _sign(signed, scope[1])
         signed = _sign(signed, scope[2])
         signed = _sign(signed, b'aws4_request')
diff --git a/keystone/tests/unit/test_contrib_s3_core.py b/keystone/tests/unit/test_contrib_s3_core.py
index f850a1f8b1..c9706da745 100644
--- a/keystone/tests/unit/test_contrib_s3_core.py
+++ b/keystone/tests/unit/test_contrib_s3_core.py
@@ -29,7 +29,7 @@ class S3ContribCore(unit.TestCase):
 
     def test_good_signature_v1(self):
         creds_ref = {'secret':
-                     'b121dd41cdcc42fe9f70e572e84295aa'}
+                     u'b121dd41cdcc42fe9f70e572e84295aa'}
         credentials = {'token':
                        'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
                        'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
@@ -42,7 +42,7 @@ class S3ContribCore(unit.TestCase):
 
     def test_bad_signature_v1(self):
         creds_ref = {'secret':
-                     'b121dd41cdcc42fe9f70e572e84295aa'}
+                     u'b121dd41cdcc42fe9f70e572e84295aa'}
         credentials = {'token':
                        'UFVUCjFCMk0yWThBc2dUcGdBbVk3UGhDZmc9PQphcHB'
                        'saWNhdGlvbi9vY3RldC1zdHJlYW0KVHVlLCAxMSBEZWMgMjAxM'
@@ -56,7 +56,7 @@ class S3ContribCore(unit.TestCase):
 
     def test_good_signature_v4(self):
         creds_ref = {'secret':
-                     'e7a7a2240136494986991a6598d9fb9f'}
+                     u'e7a7a2240136494986991a6598d9fb9f'}
         credentials = {'token':
                        'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
                        'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
@@ -71,7 +71,7 @@ class S3ContribCore(unit.TestCase):
 
     def test_bad_signature_v4(self):
         creds_ref = {'secret':
-                     'e7a7a2240136494986991a6598d9fb9f'}
+                     u'e7a7a2240136494986991a6598d9fb9f'}
         credentials = {'token':
                        'QVdTNC1ITUFDLVNIQTI1NgoyMDE1MDgyNFQxMTIwNDFaCjIw'
                        'MTUwODI0L1JlZ2lvbk9uZS9zMy9hd3M0X3JlcXVlc3QKZjIy'
@@ -85,7 +85,7 @@ class S3ContribCore(unit.TestCase):
 
     def test_bad_token_v4(self):
         creds_ref = {'secret':
-                     'e7a7a2240136494986991a6598d9fb9f'}
+                     u'e7a7a2240136494986991a6598d9fb9f'}
         # token has invalid format of first part
         credentials = {'token':
                        'QVdTNC1BQUEKWApYClg=',