AWS Encryption SDK Algorithms Reference
The information on this page is a reference for building your own encryption library that is compatible with the AWS Encryption SDK. If you are not building your own compatible encryption library, you likely do not need this information. To use the AWS Encryption SDK in one of the supported programming languages, see Programming Languages. 
To build your own library that can read and write ciphertexts that are compatible with the AWS Encryption SDK, you should understand how the SDK implements the supported algorithms to encrypt raw data. The SDK supports nine algorithm suites. An implementation specifies the encryption algorithm and mode, encryption key length, key derivation algorithm (if one applies), and signature algorithm (if one applies). The following table contains an overview of each implementation. By default, the SDK uses the first implementation in the following table. The list that follows the table provides more information.
AWS Encryption SDK Algorithm Suites
Algorithm ID (in 2byte hex)  Algorithm Name  Data Key Length (in bits)  Algorithm Mode  IV Length (in bytes)  Authentication Tag Length (in bytes)  Key Derivation Algorithm  Signature Algorithm 

03 78 
AES  256  GCM  12  16  HKDF with SHA384  ECDSA with P384 and SHA384 
03 46 
AES  192  GCM  12  16  HKDF with SHA384  ECDSA with P384 and SHA384 
02 14 
AES  128  GCM  12  16  HKDF with SHA256  ECDSA with P256 and SHA256 
01 78 
AES  256  GCM  12  16  HKDF with SHA256  Not applicable 
01 46 
AES  192  GCM  12  16  HKDF with SHA256  Not applicable 
01 14 
AES  128  GCM  12  16  HKDF with SHA256  Not applicable 
00 78 
AES  256  GCM  12  16  Not applicable  Not applicable 
00 46 
AES  192  GCM  12  16  Not applicable  Not applicable 
00 14 
AES  128  GCM  12  16  Not applicable  Not applicable 
 Algorithm ID

A 2byte value that uniquely identifies an algorithm's implementation. This value is stored in the ciphertext's message header.
 Algorithm Name

The encryption algorithm used. For all algorithm suites, the SDK uses the Advanced Encryption Standard (AES) encryption algorithm.
 Data Key Length

The length of the data key. The SDK supports 256bit, 192bit, and 128bit keys. The data key is generated by a master key. For some implementations, this data key is used as input to an HMACbased extractandexpand key derivation function (HKDF). The output of the HKDF is used as the data encryption key in the encryption algorithm. For more information, see Key Derivation Algorithm in this list.
 Algorithm Mode

The mode used with the encryption algorithm. For all algorithm suites, the SDK uses Galois/Counter Mode (GCM).
 IV Length

The length of the initialization vector (IV) used with AESGCM.
 Authentication Tag Length

The length of the authentication tag used with AESGCM.
 Key Derivation Algorithm

The HMACbased extractandexpand key derivation function (HKDF) used to derive the data encryption key. The SDK uses the HKDF defined in RFC 5869, with the following specifics:

The hash function used is either SHA384 or SHA256, as specified by the algorithm ID.

For the extract step:

No salt is used. Per the RFC, this means that the salt is set to a string of zeros. The string length is equal to the length of the hash function output; that is, 48 bytes for SHA384 and 32 bytes for SHA256.

The input keying material is the data key received from the master key provider.


For the expand step:

The input pseudorandom key is the output from the extract step.

The input info is a concatenation of the algorithm ID followed by the message ID.

The length of the output keying material is the Data Key Length described previously. This output is used as the data encryption key in the encryption algorithm.


 Signature Algorithm

The signature algorithm used to generate a signature over the ciphertext header and body. The SDK uses the Elliptic Curve Digital Signature Algorithm (ECDSA) with the following specifics:

The elliptic curve used is either the P384 or P256 curve, as specified by the algorithm ID. These curves are defined in FIPS PUB 1864.

The hash function used is SHA384 (with the P384 curve) or SHA256 (with the P256 curve).
