WinSCP sends this header:
Authorization: AWS4-HMAC-SHA256 Credential=__ACCESS_KEY__/st01/s3/aws4_reque__SIGN__,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=__SIGN__
a valid header would look like this:
Authorization: AWS4-HMAC-SHA256 Credential=__ACCESS_KEY__/20201016/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=__SIGN__
So the Credential value sent is truncated and also includes the signature (most probably because of a buffer overflow, cause it works when using shorter access keys)
Access key and Secret key lenght is 64-characters both in this case.
//edit: looks like key-length is hardcoded to 32 (!)
WinSCP 5.17.8 b10803 on Win10 1909