Looking into this it really seems like this can't be done directly from Javascript without potentially exposing your secret key. The only options I've discovered are:
- Host a server to do the work for you and talk directly to your server using Javascript
- Use a hosted service that will do the signing for you. One example I've found is http://apisigning.com/service.html - basically for a fee they appear to sign the request for you. Note that I haven't tested this.
Sadly, I think both of these options are a bit more than I'd planned on using so I've given up on my extension for now. It's a bit disappointing that Amazon don't allow easier access to their data but I guess they feel they have to protect it from competitors.