list_public_keys

list_public_keys(**kwargs)

Returns all public keys whose private keys were used to sign the digest files within the specified time range. The public key is needed to validate digest files that were signed with its corresponding private key.

Note

CloudTrail uses different private and public key pairs per region. Each digest file is signed with a private key unique to its region. When you validate a digest file from a specific region, you must look in the same region for its corresponding public key.

See also: AWS API Documentation

Request Syntax

response = client.list_public_keys(
    StartTime=datetime(2015, 1, 1),
    EndTime=datetime(2015, 1, 1),
    NextToken='string'
)
Parameters
  • StartTime (datetime) -- Optionally specifies, in UTC, the start of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used, and the current public key is returned.
  • EndTime (datetime) -- Optionally specifies, in UTC, the end of the time range to look up public keys for CloudTrail digest files. If not specified, the current time is used.
  • NextToken (string) -- Reserved for future use.
Return type

dict

Returns

Response Syntax

{
    'PublicKeyList': [
        {
            'Value': b'bytes',
            'ValidityStartTime': datetime(2015, 1, 1),
            'ValidityEndTime': datetime(2015, 1, 1),
            'Fingerprint': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    Returns the objects or data listed below if successful. Otherwise, returns an error.

    • PublicKeyList (list) --

      Contains an array of PublicKey objects.

      Note

      The returned public keys may have validity time ranges that overlap.

      • (dict) --

        Contains information about a returned public key.

        • Value (bytes) --

          The DER encoded public key value in PKCS#1 format.

        • ValidityStartTime (datetime) --

          The starting time of validity of the public key.

        • ValidityEndTime (datetime) --

          The ending time of validity of the public key.

        • Fingerprint (string) --

          The fingerprint of the public key.

    • NextToken (string) --

      Reserved for future use.

Exceptions

  • CloudTrail.Client.exceptions.InvalidTimeRangeException
  • CloudTrail.Client.exceptions.UnsupportedOperationException
  • CloudTrail.Client.exceptions.OperationNotPermittedException
  • CloudTrail.Client.exceptions.InvalidTokenException