Certified Security - Specialty

Sign Up Free or Log In to participate!

Digest/hash value calculation of CloudTrail Log Files in S3 Bucket

Around 13:20, it is mentioned that hash (digest) is being created using a private key which AWS has. This sounds incorrect as hash calculation does not require any kind of key. Was this a mistake?

1 Answers

The hash is taken of the log file itself, then Cloudtrail itself is uses a region specific private key to sign the digest. You/we have access to the public key for the region to validate the digest. Source: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?