ListPublicKeys - Amazon CloudTrail
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ListPublicKeys

Returns all public keys whose private keys were used to sign the digest files within the specified time range. The public key is needed to validate digest files that were signed with its corresponding private key.

Note

CloudTrail uses different private and public key pairs per Region. Each digest file is signed with a private key unique to its Region. When you validate a digest file from a specific Region, you must look in the same Region for its corresponding public key.

Request Syntax

{ "EndTime": number, "NextToken": "string", "StartTime": number }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

EndTime

Optionally specifies, in UTC, the end of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used.

Type: Timestamp

Required: No

NextToken

Reserved for future use.

Type: String

Required: No

StartTime

Optionally specifies, in UTC, the start of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used, and the current public key is returned.

Type: Timestamp

Required: No

Response Syntax

{ "NextToken": "string", "PublicKeyList": [ { "Fingerprint": "string", "ValidityEndTime": number, "ValidityStartTime": number, "Value": blob } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken

Reserved for future use.

Type: String

PublicKeyList

Contains an array of PublicKey objects.

Note

The returned public keys may have validity time ranges that overlap.

Type: Array of PublicKey objects

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidTimeRangeException

Occurs if the timestamp values are not valid. Either the start time occurs after the end time, or the time range is outside the range of possible values.

HTTP Status Code: 400

InvalidTokenException

Reserved for future use.

HTTP Status Code: 400

OperationNotPermittedException

This exception is thrown when the requested operation is not permitted.

HTTP Status Code: 400

UnsupportedOperationException

This exception is thrown when the requested operation is not supported.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: