Signing CloudFront URLs with KMS

0

CloudFront uses RSA/PKCS-1.5/SHA1 algorithm for its signatures. KMS, for signing, requires minimum SHA2. That sounds like a serious gap (plus use of SHA1 is questionable all together) Is there a way to make CloudFront accept signatures of a different algorithm, or have KMS sign SHA1 digests?

P.S. This is different than https://repost.aws/questions/QUcCvy-SqtRQC3xfTbl_RXQQ/signing-cloud-front-ur-ls-with-aws-kms-encryption, I have my own code that I want to sign URLs with, and I want to use KMS, instead of disclosing private key to that code directly.

Topics

Security, Identity, & Compliance Networking & Content Delivery

Tags

AWS Key Management Service Amazon CloudFront

Language

English

asked 2 years ago150 views

No Answers

Newest
Most votes
Most comments

Relevant content

Is it possible to create a signed URL for unique usage in AWS CloudFront ?
Stephane
asked a day ago
Cloudfront Signed URLs for Static Website?
Accepted Answer
Avi
asked 7 months ago
Is it possible to use KMS for web3 signing?
Simon Lee
asked 10 months ago
Signing CloudFront URLs with aws:kms encryption
StevenMills
asked 6 years ago
How do I get CloudFront to comply with my organization’s requirement to use DNSSEC?
AWS OFFICIALUpdated 9 months ago
How can I troubleshoot issues with using a custom SSL certificate for my CloudFront distribution?
AWS OFFICIALUpdated a year ago
How can I sign or share a compliance report that requires an NDA using AWS Artifact?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot issues related to a signed URL or signed cookies in CloudFront?
AWS OFFICIALUpdated 3 months ago
AWS Transfer Family supports self-signed TLS certificates and 3DES encryption for sending AS2 messages
EXPERT
AWS
published 7 days ago
How to use JWT tokens for authorization with AWS KMS in NodeJs Lambdas
EXPERT
Antonio_Lagrotteria
published a month ago