How to "Verify the AWS Signature" #24735
-
|
Thanks for asking. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Okay.
|
Beta Was this translation helpful? Give feedback.
{{ message }}
Answered by
UniPlatformTech
Dec 23, 2025
0 replies
Answer selected by
UniWASMTech
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Okay.
This is an automated process done by the service (like KMS).
The attestation document from the enclave comes with a digital signature from the Nitro Hypervisor.
KMS has a copy of AWS's public certificate (like a public master key that everyone can trust).
KMS uses this public certificate to mathematically verify that the signature on the document is genuine. This proves two things:
The document was created by a real AWS Nitro Hypervisor.
The document was not tampered with after it was signed.