Downloads for AWS CloudHSM Client SDK - AWS CloudHSM

Downloads for AWS CloudHSM Client SDK

Downloads

In March 2021, AWS CloudHSM released Client SDK version 5.0.0, which introduces an all-new Client SDK with different requirements, capabilities, and platform support. You now have two versions of the Client SDK to choose from, Client SDK 5 and Client SDK 3. For more information, see Previous Client SDK versions.

Latest releases

This section includes the latest version of each Client SDK.

Client SDK 5 is fully supported for production environments, but it does not offer every component or the same level of support for cryptographic operations as Client SDK 3. For more information, see Client SDK component comparison.

Latest Client SDK 5 release: Version 5.10.0

Amazon Linux

Download version 5.10.0 software for Amazon Linux on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum d63adf3e96c19c2d894b2defcbadd916dbb0398993050b1358bd93a36aa5acab)

  • OpenSSL Dynamic Engine (SHA256 checksum 4daa3e591ffd5f7ce8ef3759c41deaa38867f5e5d21f15927aea83afb1678ac5)

  • JCE provider (SHA256 checksum 6c1ac94d3080f1c609d9dafbcb14480911beef3a488c4ed6f2b11b377da9b477)

  • CloudHSM CLI (SHA256 checksum c12617fcd7990ba53e96f477979b410e3a5f17842ca7a912861b8b820809b5b5)

Amazon Linux 2

Download version 5.10.0 software for Amazon Linux 2 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum fc47e705e57a0bfd433f7b46c9477a70df5c442a8ad9c2969bcef38e328e4933)

  • OpenSSL Dynamic Engine (SHA256 checksum 0aca262df6780995c9b884fcb8765bbd64acaf21b2286ec4d05a9a90edb3d4cb)

  • JCE provider (SHA256 checksum b5be7f73c4bcffc5da6f89f324e6b3db5b091610464c8bd38dbddfff0484b2c2)

  • CloudHSM CLI (SHA256 checksum e8cf09966890b88a61e695dc034874a445093300359d5d6a86b5a546803920bb)

Download version 5.10.0 software for Amazon Linux 2 on ARM64 architecture:

  • PKCS #11 library (SHA256 checksum 5d8dfd835f1ed5a7f5a4fcc8ecf81cfa29883aca7e2985de69b5db723ab663db)

  • OpenSSL Dynamic Engine (SHA256 checksum 91fb8efe2646bf0dbd9087554baa09554714e9d56e9bfd5c0dc3023a9f485574)

  • JCE provider (SHA256 checksum 99f6e55c37fdf00085a816d46835aeff54470797b3b71f4d28a70dc79c9caf44)

  • CloudHSM CLI (SHA256 checksum 4a88ba9b4cf0dd5573f3dd88ab9dc257e4c486069cb529c5d554979ee2dd83af)

CentOS 7

Download version 5.10.0 software for CentOS 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum fc47e705e57a0bfd433f7b46c9477a70df5c442a8ad9c2969bcef38e328e4933)

  • OpenSSL Dynamic Engine (SHA256 checksum 0aca262df6780995c9b884fcb8765bbd64acaf21b2286ec4d05a9a90edb3d4cb)

  • JCE provider (SHA256 checksum b5be7f73c4bcffc5da6f89f324e6b3db5b091610464c8bd38dbddfff0484b2c2)

  • CloudHSM CLI (SHA256 checksum e8cf09966890b88a61e695dc034874a445093300359d5d6a86b5a546803920bb)

RHEL 7

Download version 5.10.0 software for RHEL 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum fc47e705e57a0bfd433f7b46c9477a70df5c442a8ad9c2969bcef38e328e4933)

  • OpenSSL Dynamic Engine (SHA256 checksum 0aca262df6780995c9b884fcb8765bbd64acaf21b2286ec4d05a9a90edb3d4cb)

  • JCE provider (SHA256 checksum b5be7f73c4bcffc5da6f89f324e6b3db5b091610464c8bd38dbddfff0484b2c2)

  • CloudHSM CLI (SHA256 checksum e8cf09966890b88a61e695dc034874a445093300359d5d6a86b5a546803920bb)

RHEL 8

Download version 5.10.0 software for RHEL 8 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 96afb7042a148ddc7a60ab6235b49e176d0460d1c2957bd76ca3d8406ac1cb03)

  • OpenSSL Dynamic Engine (SHA256 checksum 2caad2bffea8aef73c91ad422d09772ef830fe7f80a7be19020e6a107eadfbe8)

  • JCE provider (SHA256 checksum 3543551f08fbe3900821ea2d4ea148b4e86e2334bc94d7ffef6f3b831457cd71)

  • CloudHSM CLI (SHA256 checksum 812eccaadfc490f13bcd0b0a835ef58f3a3d4344ad7e0a237de476dd24509525)

Ubuntu 18.04 LTS

Download version 5.10.0 software for Ubuntu 18.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum be4c61766b8b46e1f6c14c3dcf90aaab9f38240fcd9c68b4009704276c5f6f4a)

  • OpenSSL Dynamic Engine (SHA256 checksum 64bd8af827b6dc3786e8ad28858cbc4ef6a0fd42164a0945f427eddcf5f02858)

  • JCE provider (SHA256 checksum 9fcbdf08e93641468588b608173f26f18781bbc029ed95b2e086da29a968cc00)

  • CloudHSM CLI (SHA256 checksum 13808bddddb7eedeb2b8486d23a9976c7fa8d9220149a6b9400626bcaff3b513)

Note

Due to the recent end of life for Ubuntu 18.04 LTS, we will no longer be able to support this platform with the next release.

Ubuntu 20.04 LTS

Download version 5.10.0 software for Ubuntu 20.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 99ae96504580ff85ed4958a582903a847f666bdaafafbe887a5a76db58f24500)

  • OpenSSL Dynamic Engine (SHA256 checksum 13e3f6fe086acf9617b163f66e3941f973daa583fb9322d16c396aa29fc3611d)

  • JCE provider (SHA256 checksum 44562cebd9af1aa965840cd9bcb237e518d24c715b3c8bca1405c9c1871835e2)

  • CloudHSM CLI (SHA256 checksum ab71b4ec531c5e6d05c91539c7edc1c07e6c748052ebf6200f148cb6812538c5)

Ubuntu 22.04 LTS

Download version 5.10.0 software for Ubuntu 22.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum ee331a44fbe4936ec98a3ae55d58e67ed38e8bbff0a4f4ce8b1bd8239b75877b)

  • Support for OpenSSL Dynamic Engine is not yet available for this platform.

  • JCE provider (SHA256 checksum 9e44d14dd33624f6fe36711633013e47e4a93f4d4635e08900546113ded56e3d)

  • CloudHSM CLI (SHA256 checksum 2df361546848cd3f8965b1007dca42a0c959eb10d9e3f4995e8e1c852406751d)

Windows Server 2016

Download version 5.10.0 software for Windows Server 2016 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 7aae9bfd99a6dd0f4d376c227c206c01847f83a9efd774d1063d76cc6fdaa89f)

  • JCE provider (SHA256 checksum 1c58fd651e51be2ba59051a87aceca0452990b29837b8a7efabcd510ccbf8c1f)

  • CloudHSM CLI (SHA256 checksum f745a2236c9eb9f6f128313eddc35795bd5e47fdf67332bedeb2554201b61a24)

Windows Server 2019

Download version 5.10.0 software for Windows Server 2019 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 7aae9bfd99a6dd0f4d376c227c206c01847f83a9efd774d1063d76cc6fdaa89f)

  • JCE provider (SHA256 checksum 1c58fd651e51be2ba59051a87aceca0452990b29837b8a7efabcd510ccbf8c1f)

  • CloudHSM CLI (SHA256 checksum f745a2236c9eb9f6f128313eddc35795bd5e47fdf67332bedeb2554201b61a24)

Client SDK 5.10.0 improves stability and includes bug fixes for all SDKs.

CloudHSM CLI
  • Added new commands that allow customers to manage keys using CloudHSM CLI, including:

    • Create symmetric keys and asymmetric key pairs

    • Share and unshare keys

    • List and filter keys using key attributes

    • Set key attributes

    • Generate key reference files

    • Delete keys

  • Improved error logging.

  • Added support for multi-line unicode commands in interactive mode.

Bug fixes/Improvements
  • Improved performance for importing, unwrapping, deriving, and creating sessions keys for all SDKs.

  • Fixed a bug in the JCE Provider that prevented temp files to be removed on exit.

  • Fixed a bug that caused a connection error under certain conditions after HSMs in the cluster are replaced.

  • Modified JCE getVersion output format to handle large minor version numbers and include patch number.

Platform support
  • Added support for Ubuntu 22.04 with JCE, PKCS #11, and CloudHSM CLI (support for OpenSSL Dynamic Engine is not yet available).

Latest Client SDK 3 release: Version 3.4.4

To upgrade Client SDK 3 on Linux platforms, you must use a batch command that upgrades the client daemon and all the libraries at the same time. For more information about upgrade, see Client SDK 3 Upgrade.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.4 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum 900de424d70f41e661aa636f256a6a79cc43bea6b0fe6eb95c2aaa63e5289505)

  • PKCS #11 library (SHA256 checksum a3f93f084d59fee5d7c859292bc02cb7e7f15fb06e971171ebf9b52bbd229c30)

  • OpenSSL Dynamic Engine (SHA256 checksum 8db07b9843d49016b0b6fec46d39881d94e426fcaae1cee2747be14af9313bb0)

  • JCE provider (SHA256 checksum 360617c55bf4caa8e6e78ede079ca68cf9ef11473e7918154c22ba908a219843)

  • AWS CloudHSM Management Utility (SHA256 checksum c9961ffe38921131bd6f3702e10d73588e68b8ab10fbb241723e676f4fa8c4fa)

Amazon Linux 2

Download the version 3.4.4 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 7d61d835ae38c6ce121d102b516527f342a76ac31733768097d5cab8bc482610)

  • PKCS #11 library (SHA256 checksum 2099f324ff625e1a46d96c1d5084263ca1d650424d7465ead43fe767d6687f36)

  • OpenSSL Dynamic Engine (SHA256 checksum 6d8e81ad1208652904fe4b6abc4f174e866303f2302a6551c3fbef617337e663)

  • JCE provider (SHA256 checksum 70e3cdce143c45a76e155ffb5969841e0153e011f59eb9f2c6e6be0707030abf)

  • AWS CloudHSM Management Utility (SHA256 checksum 5a702fe5e50dc6055daa723df71a0874317c9ff5844eea30104587a61097ecf4)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.4.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.4 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 7d61d835ae38c6ce121d102b516527f342a76ac31733768097d5cab8bc482610)

  • PKCS #11 library (SHA256 checksum 2099f324ff625e1a46d96c1d5084263ca1d650424d7465ead43fe767d6687f36)

  • OpenSSL Dynamic Engine (SHA256 checksum 6d8e81ad1208652904fe4b6abc4f174e866303f2302a6551c3fbef617337e663)

  • JCE provider (SHA256 checksum 70e3cdce143c45a76e155ffb5969841e0153e011f59eb9f2c6e6be0707030abf)

  • AWS CloudHSM Management Utility (SHA256 checksum 5a702fe5e50dc6055daa723df71a0874317c9ff5844eea30104587a61097ecf4)

CentOS 8

Download the version 3.4.4 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 81639c9ec83e501709c4117ba9d98b23dea7838a206ed244c9c6cc0d65130f8c)

  • PKCS #11 library (SHA256 checksum 9a15daa87b8616cf03a6bf6b375f53451ef448dbc54bf2c27fbc2be7823fc633)

  • JCE provider (SHA256 checksum 2b1c4208992903cf7bcc669c1392c59a64fbfc82e010c626ffa58d0cb8e9126b)

  • AWS CloudHSM Management Utility (SHA256 checksum 3adbecc802e0854c23aa4b8d80540d1748903c8dba93b6c8042fb7885051c360)

Note

Due to the recent End of Life of CentOS 8, we will no longer be able to support this platform with next release.

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.4.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.4 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 7d61d835ae38c6ce121d102b516527f342a76ac31733768097d5cab8bc482610)

  • PKCS #11 library (SHA256 checksum 2099f324ff625e1a46d96c1d5084263ca1d650424d7465ead43fe767d6687f36)

  • OpenSSL Dynamic Engine (SHA256 checksum 6d8e81ad1208652904fe4b6abc4f174e866303f2302a6551c3fbef617337e663)

  • JCE provider (SHA256 checksum 70e3cdce143c45a76e155ffb5969841e0153e011f59eb9f2c6e6be0707030abf)

  • AWS CloudHSM Management Utility (SHA256 checksum 5a702fe5e50dc6055daa723df71a0874317c9ff5844eea30104587a61097ecf4)

RHEL 8

Download the version 3.4.4 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 81639c9ec83e501709c4117ba9d98b23dea7838a206ed244c9c6cc0d65130f8c)

  • PKCS #11 library (SHA256 checksum 9a15daa87b8616cf03a6bf6b375f53451ef448dbc54bf2c27fbc2be7823fc633)

  • JCE provider (SHA256 checksum 2b1c4208992903cf7bcc669c1392c59a64fbfc82e010c626ffa58d0cb8e9126b)

  • AWS CloudHSM Management Utility (SHA256 checksum 3adbecc802e0854c23aa4b8d80540d1748903c8dba93b6c8042fb7885051c360)

Ubuntu 16.04 LTS

Download the version 3.4.4 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 317c92c2e0b5d60afab1beb947f053d13ddaacb994cccc2c2b898e997ece29b9)

  • PKCS #11 library (SHA256 checksum 91451c420c51488a022569fd32f052a3b988a2883ea4c2ac952acb61a2fea37c)

  • OpenSSL Dynamic Engine (SHA256 checksum 4098771ad0e38df9bf14d50520ca49b9395f819f0387e2bc3b0e61abb5888e66)

  • JCE provider (SHA256 checksum e136ff183271c2f9590a9fccb8261a7eb809506686b070e3854df1b8686c6641)

  • AWS CloudHSM Management Utility (SHA256 checksum cbf24a4032f393a913a9898b1b27036392104e8e05d911cab84049b2bcca2541)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.4 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum cf57d5e0e95efbf032aac8887aebd59ac8cc80e97c69e7c39fdad40873374fe8)

  • PKCS #11 library (SHA256 checksum 428f8bdad7925db5401112f707942ee8f3ca554f4ab53fa92237996e69144d2f)

  • JCE provider (SHA256 checksum 1ff17b8f7688e84f7f0bfc96383564dca598a1cab2f2c52c888d0361682f2b9e)

  • AWS CloudHSM Management Utility (SHA256 checksum afe253046146ed6177c520b681efc680dac1048c4a95b3d8ad0f305e79bbe93e)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. The AWS CloudHSM 3.4.4 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.4) software for Windows Server:

Version 3.4.4 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.17.1.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

Previous Client SDK 5 releases

This section lists previous Client SDK 5 releases. For the current Client SDK 5 release, see Latest releases.

Amazon Linux

Download version 5.9.0 software for Amazon Linux on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 4f368be41f006b751ac41b14e1435c27841f60bbde0f032ec02a359fea637dcf)

  • OpenSSL Dynamic Engine (SHA256 checksum 81af0d34683825cd6ff844ccacf9c8f4842a4ba76e3875a89121d09a286b4490)

  • JCE provider (SHA256 checksum e8e5bc09d8e0b3cb24f30ab420fe08902a19073012335ac94382ec55fcc45abd)

  • CloudHSM CLI (SHA256 checksum 17284144b45043204ce012fe8b62b1973f10068950abedbd9c2c6172ed0979c6)

Amazon Linux 2

Download version 5.9.0 software for Amazon Linux 2 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum e5affca37abc4ff76369237649830feb32fccd3fa05199cc2021230137093c56)

  • OpenSSL Dynamic Engine (SHA256 checksum 848a2e31550bbc2b0223468877baa2a8cda3131ef8537856b31db226d55c4170)

  • JCE provider (SHA256 checksum 884f483ef3e9c7def92e3ff01b226e5cbf276d96dcb2f6f56009516f19d41dc0)

  • CloudHSM CLI (SHA256 checksum 2e62d5a27cff46d9fb47d656afeccd9dbfb5413bfd2267dd3c8fb7960fef7f26)

Download version 5.9.0 software for Amazon Linux 2 on ARM64 architecture:

  • PKCS #11 library (SHA256 checksum 4337dca5a08c5194b1118fa197bb4a4f7988df4e1b961e6f2e367295ba99d61d)

  • OpenSSL Dynamic Engine (SHA256 checksum 4f08689934e877662a7ce64554fb04eb4b2c213b936018609ff187d100e34a85)

  • JCE provider (SHA256 checksum b337b80271a2d308949d5911971fe6ad35df4e34876a481fcac347f1d897fe39)

  • CloudHSM CLI (SHA256 checksum a4d466e6b5f74dcd283ba32c9dd87441941d5e5a05936b7c2b4cc7ef85eb1071)

CentOS 7

Download version 5.9.0 software for CentOS 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum e5affca37abc4ff76369237649830feb32fccd3fa05199cc2021230137093c56)

  • OpenSSL Dynamic Engine (SHA256 checksum 848a2e31550bbc2b0223468877baa2a8cda3131ef8537856b31db226d55c4170)

  • JCE provider (SHA256 checksum 884f483ef3e9c7def92e3ff01b226e5cbf276d96dcb2f6f56009516f19d41dc0)

  • CloudHSM CLI (SHA256 checksum 2e62d5a27cff46d9fb47d656afeccd9dbfb5413bfd2267dd3c8fb7960fef7f26)

RHEL 7

Download version 5.9.0 software for RHEL 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum e5affca37abc4ff76369237649830feb32fccd3fa05199cc2021230137093c56)

  • OpenSSL Dynamic Engine (SHA256 checksum 848a2e31550bbc2b0223468877baa2a8cda3131ef8537856b31db226d55c4170)

  • JCE provider (SHA256 checksum 884f483ef3e9c7def92e3ff01b226e5cbf276d96dcb2f6f56009516f19d41dc0)

  • CloudHSM CLI (SHA256 checksum 2e62d5a27cff46d9fb47d656afeccd9dbfb5413bfd2267dd3c8fb7960fef7f26)

RHEL 8

Download version 5.9.0 software for RHEL 8 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 081887f6ea1d9df9d1e409b2b5bde83e965c42229acbeb1f950c8fe478361edc)

  • OpenSSL Dynamic Engine (SHA256 checksum 6b0500a42fd57c39f076f14e5079f80145b6ebd2c441395761eb04600c07bda5)

  • JCE provider (SHA256 checksum 2bc7ac26b259af92a65fbd5a30d5eb2a92ce0e70efe41feb53bf82f168aa90bb)

  • CloudHSM CLI (SHA256 checksum 79ecbe9b4c5316ccf447d8c59b76b5ac2cc854bd79cd50c1f29197aa8cb080db)

Ubuntu 18.04 LTS

Download version 5.9.0 software for Ubuntu 18.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum bc6d2227edd7b5a83fed32741fbacbb1756d5df89ebb3435d96f0609a180db65)

  • OpenSSL Dynamic Engine (SHA256 checksum 2d6a26434fa6faf337f1dfb42de033220fa405a82d4540e279639a03b3ee6e9d)

  • JCE provider (SHA256 checksum e12aef122f490e9026452ce31c25625b1accb9a5866b3d470488f10f047f1873)

  • CloudHSM CLI (SHA256 checksum f0bcabe594db3e8ff86cc0f65c2a10858d34452eb6b9fc33d7aac05c0f5f4f30)

Ubuntu 20.04 LTS

Download version 5.9.0 software for Ubuntu 20.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 15dde8182f432de9e7d369b05e384e1f2d80dcca85db3b16ecc26cdef1a34bb9)

  • OpenSSL Dynamic Engine (SHA256 checksum c8ba94a999038af87d4905b7c1feb4cc87e20d1776a32ef6f6d11ee000b5a896)

  • JCE provider (SHA256 checksum de33cd3e8130a06d9da5207079533aac8276a1319ac435a3737b4f65bd8fb972)

  • CloudHSM CLI (SHA256 checksum cfa31535ad9a99a5113496c06fbace38e9593491aca9bb031a18b51075973e68)

Windows Server 2016

Download version 5.9.0 software for Windows Server 2016 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum ab5380805b0e17dd89dbbefd3fbda8b54da3c140f82e9f3d021850c31837bbe3)

  • JCE provider (SHA256 checksum f0941d7a20193818133de8a742d3b848ea19abaf25f5a71ac65949ce5a37c533)

  • CloudHSM CLI (SHA256 checksum 131530ffe5caff963d483f440d06dcfb41dc11b0f8d78f1dd07bb07f76aeb6d2)

Windows Server 2019

Download version 5.9.0 software for Windows Server 2019 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum ab5380805b0e17dd89dbbefd3fbda8b54da3c140f82e9f3d021850c31837bbe3)

  • JCE provider (SHA256 checksum f0941d7a20193818133de8a742d3b848ea19abaf25f5a71ac65949ce5a37c533)

  • CloudHSM CLI (SHA256 checksum 131530ffe5caff963d483f440d06dcfb41dc11b0f8d78f1dd07bb07f76aeb6d2)

Client SDK 5.9.0 improves stability and includes bug fixes for all SDKs. An optimization has been made for all SDKs to inform applications of operation failure immediately when an HSM is determined unavailable. This release includes performance enhancements for JCE.

JCE provider
  • Enhanced performance

Amazon Linux

Download version 5.8.0 software for Amazon Linux on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 6d8f3b173488bd4d4837639c0d7bac9c800a7c8748540cd36bab6a5c55e17ea5)

  • OpenSSL Dynamic Engine (SHA256 checksum fed2060bbed632cbbca6792e41c41b3643e82a147e0eb9d5ffa647bb4484bb1b)

  • JCE provider (SHA256 checksum d8a3bcd9b685700146b96286d970c88fa370732b0437f16990cd94efcbd96a7b)

  • CloudHSM CLI (SHA256 checksum 41d28867f7f84832bfa42b045abd27bb6fc71bd338302a12ac680174fa58d91c)

Amazon Linux 2

Download version 5.8.0 software for Amazon Linux 2 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum f6724da43fff65b9a40dacdb0650bd080a184250c3d97f347e080b57565d9810)

  • OpenSSL Dynamic Engine (SHA256 checksum b5a77ab04dcb3e4dec521b8cfd11be59e518f4ee4c2b2185eeba665df05724be)

  • JCE provider (SHA256 checksum b54184cf7f68687c838fd13b9ccaf2ff33d5ee5bddf6521b55e93bad1fabe1ee)

  • CloudHSM CLI (SHA256 checksum c8e5182accafed0d42c78806e7e64ce77ee37d62713be8f5ac97ee0339083ae1)

Download version 5.8.0 software for Amazon Linux 2 on ARM64 architecture:

  • PKCS #11 library (SHA256 checksum f01231b2507ec4b4c985225d9276c3f66e79e57845317b42ee004702eead369f)

  • OpenSSL Dynamic Engine (SHA256 checksum 8189507d95f3e1769cd63712209ef7eff2c2841b3db9fd6e4ecc572d7874e0ec)

  • JCE provider (SHA256 checksum 3e4626a81ea1bba432f473ccc19171cd1f74b135679febc820978351acf54c9f)

  • CloudHSM CLI (SHA256 checksum 3e1256d67e02d3d877625b275df32657b259d76a1ec4ce5796220aacfae343c8)

CentOS 7

Download version 5.8.0 software for CentOS 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum f6724da43fff65b9a40dacdb0650bd080a184250c3d97f347e080b57565d9810)

  • OpenSSL Dynamic Engine (SHA256 checksum b5a77ab04dcb3e4dec521b8cfd11be59e518f4ee4c2b2185eeba665df05724be)

  • JCE provider (SHA256 checksum b54184cf7f68687c838fd13b9ccaf2ff33d5ee5bddf6521b55e93bad1fabe1ee)

  • CloudHSM CLI (SHA256 checksum c8e5182accafed0d42c78806e7e64ce77ee37d62713be8f5ac97ee0339083ae1)

RHEL 7

Download version 5.8.0 software for RHEL 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum f6724da43fff65b9a40dacdb0650bd080a184250c3d97f347e080b57565d9810)

  • OpenSSL Dynamic Engine (SHA256 checksum b5a77ab04dcb3e4dec521b8cfd11be59e518f4ee4c2b2185eeba665df05724be)

  • JCE provider (SHA256 checksum b54184cf7f68687c838fd13b9ccaf2ff33d5ee5bddf6521b55e93bad1fabe1ee)

  • CloudHSM CLI (SHA256 checksum c8e5182accafed0d42c78806e7e64ce77ee37d62713be8f5ac97ee0339083ae1)

RHEL 8

Download version 5.8.0 software for RHEL 8 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum dfeca89815475ed0180221aea250f4e56d482a7493ede24d87b0fc01b05f01cd)

  • OpenSSL Dynamic Engine (SHA256 checksum 7829c894eccec81efb0ba28b42459d99193f0549f8a61bf1d24be7e95c28cf98)

  • JCE provider (SHA256 checksum 3ebe55cbebc8dc93b3516f30e2c9bcc0b83055d164e56ecd1b2bc6db4509df25)

  • CloudHSM CLI (SHA256 checksum 979c623ae96c601eb1a8f3ab6500d56c8895735f33fdd6513621c0cd73336ffc)

Ubuntu 18.04 LTS

Download version 5.8.0 software for Ubuntu 18.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 648460bfdf897dae5de8f96c75b6216dfe1b5df9d307f8dbb4c4482c53d52977)

  • OpenSSL Dynamic Engine (SHA256 checksum 2e4ef2f7f94000bc6824a2a04df2d49d22bd61a612e41334af66d1eb2efcf8ca)

  • JCE provider (SHA256 checksum b4ac6c40f290eb873e4845d4386fdc6d759bfba2ba770b9eb942725028e562e3)

  • CloudHSM CLI (SHA256 checksum 24b34d1206d453c0427c40b5d3b12f83670b7501d0153dea208487758f7f2236)

Ubuntu 20.04 LTS

Download version 5.8.0 software for Ubuntu 20.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c50e50cecec9ebc9f04cf45737dafc943ab72b3fa2616f9174ceab26757c017b)

  • OpenSSL Dynamic Engine (SHA256 checksum 0131539a039836f241544bb18c2e74195082ca85e02105af9287b40c1e3c7bd3)

  • JCE provider (SHA256 checksum 73c2f597eb81ee2193aa0c9a3ac8bebbd51fc6951358d87e50bcbc94ac00c9d2)

  • CloudHSM CLI (SHA256 checksum 9946f789b570b4c11becfdfe6fcb35cfd6328ec3870ffced5186057df81d8b6b)

Windows Server 2016

Download version 5.8.0 software for Windows Server 2016 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c3fc54fa01599a65c67a1f8c280d13f2dcbeb8655fa7202dd4e7317aa90bc25c)

  • JCE provider (SHA256 checksum 500f5d2ca9681547fe8474fdfcd3ba16a5ec119b09a054f79dba4d97baad8773)

  • CloudHSM CLI (SHA256 checksum 9d61c1a6b95c05ebda7b2c94ae4355988206f6addf60fb22ad4ba5b6413a0e51)

Windows Server 2019

Download version 5.8.0 software for Windows Server 2019 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c3fc54fa01599a65c67a1f8c280d13f2dcbeb8655fa7202dd4e7317aa90bc25c)

  • JCE provider (SHA256 checksum 500f5d2ca9681547fe8474fdfcd3ba16a5ec119b09a054f79dba4d97baad8773)

  • CloudHSM CLI (SHA256 checksum 9d61c1a6b95c05ebda7b2c94ae4355988206f6addf60fb22ad4ba5b6413a0e51)

Version 5.8.0 introduces quorum authentication for CloudHSM CLI, SSL/TLS offload with JSSE, multi-slot support for PKCS #11, multi-cluster/multi-user support for JCE, key extraction with JCE, supported keyFactory for JCE, new retry configurations for non-terminal return codes, and includes improved stability and bug fixes for all SDKs.

PKCS #11 library
  • Added support for multi-slot configuration.

JCE provider
  • Added configuration based key extraction.

  • Added support for multi-cluster and multi-user configurations.

  • Added support for SSL and TLS offload with JSSE.

  • Added unwrap support for AES/CBC/NoPadding.

  • Added new types of key factories: SecretKeyFactory and KeyFactory.

CloudHSM CLI
  • Added support for quorum authentication

Amazon Linux

Download version 5.7.0 software for Amazon Linux on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 847cf948df64c6f81b59d9e81fee86d70338f30922e5e88c46239f26028ac2d8)

  • OpenSSL Dynamic Engine (SHA256 checksum 35f996798d29cd0ab1bca301e7417970e6060fe8485de7d77a442fb888e526d4)

  • JCE provider (SHA256 checksum 0bee58bf3f0909d7e0ad39f2c8a19284bbfc72187b2f03516c85201ac33b39f6)

  • CloudHSM CLI (SHA256 checksum fd3ebdaae0e942109bf28f23ea76d87f7c9b7efcafaf1df8d0dcc4e6eaf5fa62)

Amazon Linux 2

Download version 5.7.0 software for Amazon Linux 2 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum cf3f65b361a369b1eda49c18fb33d8319a1ef163402f9e61a23225399ce21a8f)

  • OpenSSL Dynamic Engine (SHA256 checksum b713395fee50e6f71bf4ff851bbcde89018ad813fd8dd8b2a4e94a96c989d886)

  • JCE provider (SHA256 checksum ed85b35e9d77f5c76bff05221e4422968b419d0b5ef0c0c5cc657883bbff5c3a)

  • CloudHSM CLI (SHA256 checksum 35d4da8341aa4ab51fa5dc072f44b711e0e6e102323c88d1d4de7ce0a3c00309)

Download version 5.7.0 software for Amazon Linux 2 on ARM64 architecture:

  • PKCS #11 library (SHA256 checksum 52d6093d17c0bd13df00a58a807aba1258cb009f615001121e257aa10b8a1b6c)

  • OpenSSL Dynamic Engine (SHA256 checksum 73b85d065c979816dbb51f3bdd92340b34e17fce915c8462648818c03e57e7a9)

  • JCE provider (SHA256 checksum 2953b51f7cb4879da44ca5a6888de77d39f7ab8758d3a8100e3886fcd1826863)

  • CloudHSM CLI (SHA256 checksum ef736bed399409c3c8f51416c3f6e8a68ddeede6cec5a8c8e6d088aacb95b52a)

CentOS 7

Download version 5.7.0 software for CentOS 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum cf3f65b361a369b1eda49c18fb33d8319a1ef163402f9e61a23225399ce21a8f)

  • OpenSSL Dynamic Engine (SHA256 checksum b713395fee50e6f71bf4ff851bbcde89018ad813fd8dd8b2a4e94a96c989d886)

  • JCE provider (SHA256 checksum ed85b35e9d77f5c76bff05221e4422968b419d0b5ef0c0c5cc657883bbff5c3a)

  • CloudHSM CLI (SHA256 checksum 35d4da8341aa4ab51fa5dc072f44b711e0e6e102323c88d1d4de7ce0a3c00309)

RHEL 7

Download version 5.7.0 software for RHEL 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum cf3f65b361a369b1eda49c18fb33d8319a1ef163402f9e61a23225399ce21a8f)

  • OpenSSL Dynamic Engine (SHA256 checksum b713395fee50e6f71bf4ff851bbcde89018ad813fd8dd8b2a4e94a96c989d886)

  • JCE provider (SHA256 checksum ed85b35e9d77f5c76bff05221e4422968b419d0b5ef0c0c5cc657883bbff5c3a)

  • CloudHSM CLI (SHA256 checksum 35d4da8341aa4ab51fa5dc072f44b711e0e6e102323c88d1d4de7ce0a3c00309)

RHEL 8

Download version 5.7.0 software for RHEL 8 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 90227569a1a5225833aad73c1bb57ae303f1d1fc2635b08d1ac8412b1db56720)

  • OpenSSL Dynamic Engine (SHA256 checksum a4291e2f47a98fbe58be6f1b262aba394f19c3aa3ea4bfd60e0e087c0464d428)

  • JCE provider (SHA256 checksum fa3d83c03b01bb5b8f86c32329771ef73d3f4a66375e428344beceda21c029b2)

  • CloudHSM CLI (SHA256 checksum 7d30de2eec04e062d3420fa1a4502ece7c372f1f0f59b4db0c690a46f006038a)

Ubuntu 18.04 LTS

Download version 5.7.0 software for Ubuntu 18.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 4fd9c59d5d7b38d4c1c7cc17bdbe7839ee1040bd18cfe9f640719faaf68fdb8a)

  • OpenSSL Dynamic Engine (SHA256 checksum 6afdd452f1526dbfcfd8c69ced2f81f98620b8e89dd4d7005d53d433b95cbe05)

  • JCE provider (SHA256 checksum e12bc3ac0e2b5ed2f317d38ef33d920523133b2c7a783343f1cd5b8e75e46b0e)

  • CloudHSM CLI (SHA256 checksum 1dbfe0010572f6b0c985123730f673a11b4472ecbe11dc96b09aa7989adae1da)

Ubuntu 20.04 LTS

Download version 5.7.0 software for Ubuntu 20.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 4e18891e18312089d90bf8ee40d7cdee03128454a925d5d9b14fb12175efaa01)

  • OpenSSL Dynamic Engine (SHA256 checksum ef0eb28c3269506e808d9176c7136ce62902944250472bed134f1c0a713d5a18)

  • JCE provider (SHA256 checksum 43cdbb69505810dc10fc1db862f0fb777e18e3b31c364142dc2228b4c6f1de49)

  • CloudHSM CLI (SHA256 checksum b831dedf9775189f2c99283df2404b8b969bd8be4537690e21a2fd10b0cc4152)

Windows Server 2016

Download version 5.7.0 software for Windows Server 2016 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 2c677d2f01216766741d0044735977134bb9e903472ae7e57a1c6eab3b7388e5)

  • JCE provider (SHA256 checksum eecb49e2c1d2af75fddb7c656820723fa00672c2f46b9f6e8a64bb2dbe63d54a)

  • CloudHSM CLI (SHA256 checksum 854bcec5053e3d7ed9771044c8921de6c9019a6eb4ae0376a6d6f9d78343d58b)

Windows Server 2019

Download version 5.7.0 software for Windows Server 2019 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 2c677d2f01216766741d0044735977134bb9e903472ae7e57a1c6eab3b7388e5)

  • JCE provider (SHA256 checksum eecb49e2c1d2af75fddb7c656820723fa00672c2f46b9f6e8a64bb2dbe63d54a)

  • CloudHSM CLI (SHA256 checksum 854bcec5053e3d7ed9771044c8921de6c9019a6eb4ae0376a6d6f9d78343d58b)

Version 5.7.0 introduces CloudHSM CLI and includes a new cipher-based message authentication code (CMAC) algorithm. This release adds ARM architecture on Amazon Linux 2. JCE provider Javadocs are now available for AWS CloudHSM.

PKCS #11 library
  • Improved stability and bug fixes.

  • Now supported on ARM architecture with Amazon Linux 2.

  • Algorithms

    • CKM_AES_CMAC (sign and verify)

OpenSSL Dynamic Engine
  • Improved stability and bug fixes.

  • Now supported on ARM architecture with Amazon Linux 2.

JCE provider
  • Improved stability and bug fixes.

  • Algorithms

    • AESCMAC

Amazon Linux

Download version 5.6.0 software for Amazon Linux on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum e8fe110344dfc8bc324da7eb9f84fa304b3186e6ba02474c1ebde7ff91c2e7fa)

  • OpenSSL Dynamic Engine (SHA256 checksum 62aa8fdff368d2701d32a39c1e2a2ba0ea7170cab9cd5541b6b2c8f09bfe1209)

  • JCE provider (SHA256 checksum 99b80a2e11f3b6c0b510f27213a8c903ec50baac0aaaed48d6424152d244e17e)

Amazon Linux 2

Download version 5.6.0 software for Amazon Linux 2 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 2a08cf126c6ababc4ae776a8c79ac0e086fb1d94a888bbf5fc0e4e03e31fab5b)

  • OpenSSL Dynamic Engine (SHA256 checksum 2e327a6483b5f3fab9e556e19a41bd422949ae15045cdbd88ab4d86b46928d09)

  • JCE provider (SHA256 checksum e08c6e773b40ac4bae366b1d2ff85891fa3d0c94a38dd722d6da5b11ea1b4003)

Download version 5.6.0 software for Amazon Linux 2 on ARM64 architecture:

  • JCE provider (SHA256 checksum eeb6af4e6b89b1602499125c61ed1f45858b252b12363c45b9ea21bdc0f4d85b)

CentOS 7

Download version 5.6.0 software for CentOS 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 2a08cf126c6ababc4ae776a8c79ac0e086fb1d94a888bbf5fc0e4e03e31fab5b)

  • OpenSSL Dynamic Engine (SHA256 checksum 2e327a6483b5f3fab9e556e19a41bd422949ae15045cdbd88ab4d86b46928d09)

  • JCE provider (SHA256 checksum e08c6e773b40ac4bae366b1d2ff85891fa3d0c94a38dd722d6da5b11ea1b4003)

RHEL 7

Download version 5.6.0 software for RHEL 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 2a08cf126c6ababc4ae776a8c79ac0e086fb1d94a888bbf5fc0e4e03e31fab5b)

  • OpenSSL Dynamic Engine (SHA256 checksum 2e327a6483b5f3fab9e556e19a41bd422949ae15045cdbd88ab4d86b46928d09)

  • JCE provider (SHA256 checksum e08c6e773b40ac4bae366b1d2ff85891fa3d0c94a38dd722d6da5b11ea1b4003)

RHEL 8

Download version 5.6.0 software for RHEL 8 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 442df60ffeb577498e429339941bcfa8adb377b0c0edce1d19e870f996a9e312)

  • OpenSSL Dynamic Engine (SHA256 checksum c70ec51e00d697b541052ee53b485e2003720b561c74db1a4a0976fc59ec1937)

  • JCE provider (SHA256 checksum b761ee7f3a0b372931e7d0b94bdc00b62ddc60a3929c2412675c6e224cd8de7b)

Ubuntu 18.04 LTS

Download version 5.6.0 software for Ubuntu 18.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 115e40ca45ee8e177cc34d9d1f1fe137dbcb476467043e827d5322456dbae293)

  • OpenSSL Dynamic Engine (SHA256 checksum a646ae0839157d576e8539eebb214a7e147d9060ce8947c5c14df334c5d6cb34)

  • JCE provider (SHA256 checksum 9330ec740aaf854a811090dec93fe40e4fa2dbbfe88a61fc978b2159124f531a)

Ubuntu 20.04 LTS

Download version 5.6.0 software for Ubuntu 20.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum d8666432b63fb74693c8bbbd2dc88ddbac786c390cb54a7055f3827e70347018)

  • OpenSSL Dynamic Engine (SHA256 checksum 4e6e264050f65961cca61ecc884c0f6fe98e5f9ab2bfab7ae1d4ea5a0e8d79a5)

  • JCE provider (SHA256 checksum 361a4a3ee695995e0d3367660533910d24c3a2945dcfbf458f12f544425d68d9)

Windows Server 2016

Download version 5.6.0 software for Windows Server 2016 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 32cd12c80aef38e2dba74851578ea5498bee078bff548b0ba0b383270f43b0a5)

  • JCE provider (SHA256 checksum c595166d549e8d8dfd0959c43ab0eb29fc08ed8df32cc2d01ce57d22c704b672)

Windows Server 2019

Download version 5.6.0 software for Windows Server 2019 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 32cd12c80aef38e2dba74851578ea5498bee078bff548b0ba0b383270f43b0a5)

  • JCE provider (SHA256 checksum c595166d549e8d8dfd0959c43ab0eb29fc08ed8df32cc2d01ce57d22c704b672)

Version 5.6.0 includes new mechanism support for PKCS #11 library and JCE provider. Additionally, version 5.6 supports Ubuntu 20.04.

PKCS #11 library
  • Improved stability and bug fixes.

  • Mechanisms

    • CKM_RSA_X_509, for encrypt, decrypt, sign, and verify modes

OpenSSL Dynamic Engine
  • Improved stability and bug fixes.

JCE provider
  • Improved stability and bug fixes.

  • Ciphers

    • RSA/ECB/NoPadding, for encrypt and decrypt modes

Supported keys
  • EC with curves secp224r1 and secp521r1

Platform support
  • Added support for Ubuntu 20.04.

Amazon Linux

Download version 5.5.0 software for Amazon Linux on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum d26dcf4b1850f1ace52a386496063fb1e4a7692f34a1f00d1e4e61a8f59b3363)

  • OpenSSL Dynamic Engine (SHA256 checksum 098d3ee36db307e803ae6badff5c57e7581649a25d2fb789bf2e8e5ff851910b)

  • JCE provider (SHA256 checksum 3106dcf572870fbfa0645d82705d509677c2439527b5ad35ec8456ad5d068161)

Amazon Linux 2

Download version 5.5.0 software for Amazon Linux 2 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c08f71fe022d0041c897f326f5cff17ca2ed5b3d308e9801dd7889ca9e92068e)

  • OpenSSL Dynamic Engine (SHA256 checksum bbb90f0bb7bbac9594177b7a9ff92d04bc16853a78b5016f7f5cd40b8a3ed539)

  • JCE provider (SHA256 checksum 65f1d6360985f4a5225b89bccd276b15408a4d09ceb41489c4fa743970315bae)

Download version 5.5.0 software for Amazon Linux 2 on ARM64 architecture:

  • JCE provider (SHA256 checksum 958de0815636e77cbd79e0b60d4b721d4b47a13652f8d5d036bd30d8b202b1e6)

CentOS 7

Download version 5.5.0 software for CentOS 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c08f71fe022d0041c897f326f5cff17ca2ed5b3d308e9801dd7889ca9e92068e)

  • OpenSSL Dynamic Engine (SHA256 checksum bbb90f0bb7bbac9594177b7a9ff92d04bc16853a78b5016f7f5cd40b8a3ed539)

  • JCE provider (SHA256 checksum 65f1d6360985f4a5225b89bccd276b15408a4d09ceb41489c4fa743970315bae)

RHEL 7

Download version 5.5.0 software for RHEL 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c08f71fe022d0041c897f326f5cff17ca2ed5b3d308e9801dd7889ca9e92068e)

  • OpenSSL Dynamic Engine (SHA256 checksum bbb90f0bb7bbac9594177b7a9ff92d04bc16853a78b5016f7f5cd40b8a3ed539)

  • JCE provider (SHA256 checksum 65f1d6360985f4a5225b89bccd276b15408a4d09ceb41489c4fa743970315bae)

RHEL 8

Download version 5.5.0 software for RHEL 8 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum a27fb3315377aa94f2c757fcc5108673f9f8d50b5fbd7423e7e9aa7484e1e451)

  • OpenSSL Dynamic Engine (SHA256 checksum bb52bcf1ed306918bf68782e84012d2ee3de369f7fab5b805e62afe87371335e)

  • JCE provider (SHA256 checksum 3ffd94fe5241e5d74234df4fba20d61f3d6223534bd2b6e03f9179defa0f3e8e)

Ubuntu 18.04 LTS

Download version 5.5.0 software for Ubuntu 18.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 00aa40e909e73ad96b480073e3b959e5de4ea853b539f9604e9aa592dcbcbfe5)

  • OpenSSL Dynamic Engine (SHA256 checksum 1dabd957d1e5777d3da7da7273885b1541868656b033c7ad8d9fde133e03da6a)

  • JCE provider (SHA256 checksum 702a560938718e59120653b5c3359cb6a14f6b835f4c7d3aab0df26071e2ff63)

Windows Server 2016

Download version 5.5.0 software for Windows Server 2016 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum df4197ebfb623acf3b733fc7b4bdf38a76cb09d63059680d56a3af37f740afd4)

  • JCE provider (SHA256 checksum b8dc0a7a54715596c0eb40b6e97978850230ec1f76acf926fe6dbc622b2ac0b3)

Windows Server 2019

Download version 5.5.0 software for Windows Server 2019 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum df4197ebfb623acf3b733fc7b4bdf38a76cb09d63059680d56a3af37f740afd4)

  • JCE provider (SHA256 checksum b8dc0a7a54715596c0eb40b6e97978850230ec1f76acf926fe6dbc622b2ac0b3)

Version 5.5.0 adds support for OpenJDK 11, Keytool and Jarsigner integration, and additional mechanisms to the JCE provider. Resolves a known issue regarding a KeyGenerator class incorrectly interpreting key size parameter as number of bytes instead of bits.

PKCS #11 library
  • Improved stability and bug fixes.

OpenSSL Dynamic Engine
  • Improved stability and bug fixes.

JCE provider
  • Support for the Keytool and Jarsigner utilities

  • Support for OpenJDK 11 on all platforms

  • Ciphers

    • AES/CBC/NoPadding Encrypt and Decrypt mode

    • AES/ECB/PKCS5Padding Encrypt and Decrypt mode

    • AES/CTR/NoPadding Encrypt and Decrypt mode

    • AES/GCM/NoPadding Wrap and Unwrap mode

    • DESede/ECB/PKCS5Padding Encrypt and Decrypt mode

    • DESede/CBC/NoPadding Encrypt and Decrypt mode

    • AESWrap/ECB/NoPadding Wrap and Unwrap mode

    • AESWrap/ECB/PKCS5Padding Wrap and Unwrap mode

    • AESWrap/ECB/ZeroPadding Wrap and Unwrap mode

    • RSA/ECB/PKCS1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPPadding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-1ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-224ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-256ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-384ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-512ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPPadding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-1ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-224ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-256ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-384ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-512ANDMGF1Padding Wrap and Unwrap mode

  • KeyFactory and SecretKeyFactory

    • RSA – 2048-bit to 4096-bit RSA keys, in increments of 256 bits

    • AES – 128, 192, and 256-bit AES keys

    • EC key pairs for NIST curves secp256r1 (P-256), secp384r1 (P-384), and secp256k1

    • DESede (3DES)

    • GenericSecret

    • HMAC – with SHA1, SHA224, SHA256, SHA384, SHA512 hash support

  • Sign/Verify

    • RSASSA-PSS

    • SHA1withRSA/PSS

    • SHA224withRSA/PSS

    • SHA256withRSA/PSS

    • SHA384withRSA/PSS

    • SHA512withRSA/PSS

    • SHA1withRSAandMGF1

    • SHA224withRSAandMGF1

    • SHA256withRSAandMGF1

    • SHA384withRSAandMGF1

    • SHA512withRSAandMGF1

Amazon Linux

Download the version 5.4.2 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum dd904ebbb8c9cd8a58c8ed1ba6b329ee92dfe45d89e4ac807030c0421aadbed6)

  • OpenSSL Dynamic Engine (SHA256 checksum bbf81f8aa24092b7ab3c6c1b2011c46f1304ee6f003ef630a600673ed906a0a5)

  • JCE provider (SHA256 checksum ea3f178bd35bef7400421c2b66755cc6130e9297960f36ca5aefb64537afeb1b)

Amazon Linux 2

Download the version 5.4.2 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 8d892210db097a942ae99213c8f20fe78798840d208b0c5329baa9eda6783b9e)

  • OpenSSL Dynamic Engine (SHA256 checksum 68cb82352a9880d16035181bd14ee4085ff16b48b9d8d501df352dc0fb214009)

  • JCE provider (SHA256 checksum 891a99f9c85182dd11c62f1745363b1fbe2ae442abbaea01c9681cd2d32ffe1c)

CentOS 7

Download the version 5.4.2 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum 8d892210db097a942ae99213c8f20fe78798840d208b0c5329baa9eda6783b9e)

  • OpenSSL Dynamic Engine (SHA256 checksum 68cb82352a9880d16035181bd14ee4085ff16b48b9d8d501df352dc0fb214009)

  • JCE provider (SHA256 checksum 891a99f9c85182dd11c62f1745363b1fbe2ae442abbaea01c9681cd2d32ffe1c)

CentOS 8

Download the version 5.4.2 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum bf3ffa7bc1c4fd7bc9509e4f7c8bc3a013dbdae362cacf6ed278730fa43a0da0)

  • OpenSSL Dynamic Engine (SHA256 checksum 2da903322f91f7f2ba32edf48676f4b9f23d83ceb4395ea7a51c6a0f132ddc9b)

  • JCE provider (SHA256 checksum d5d1d813fdbf34e98873209606d8a55d56181598b1a539a0a0a62d4efd0addf2)

Note

Due to the recent End of Life of CentOS 8, we will no longer be able to support this platform with next release.

RHEL 7

Download the version 5.4.2 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum 8d892210db097a942ae99213c8f20fe78798840d208b0c5329baa9eda6783b9e)

  • OpenSSL Dynamic Engine (SHA256 checksum 68cb82352a9880d16035181bd14ee4085ff16b48b9d8d501df352dc0fb214009)

  • JCE provider (SHA256 checksum 891a99f9c85182dd11c62f1745363b1fbe2ae442abbaea01c9681cd2d32ffe1c)

RHEL 8

Download the version 5.4.2 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum bf3ffa7bc1c4fd7bc9509e4f7c8bc3a013dbdae362cacf6ed278730fa43a0da0)

  • OpenSSL Dynamic Engine (SHA256 checksum 2da903322f91f7f2ba32edf48676f4b9f23d83ceb4395ea7a51c6a0f132ddc9b)

  • JCE provider (SHA256 checksum d5d1d813fdbf34e98873209606d8a55d56181598b1a539a0a0a62d4efd0addf2)

Ubuntu 18.04 LTS

Download the version 5.4.2 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 6e78e18f64d2a6a3f9eeba1e2b846b9c91340816e2f15cd9b77fa959188716ab)

  • OpenSSL Dynamic Engine (SHA256 checksum 2f52ddbd73a242ed0458747fd5b25be94328d813f862d9e4dc1c273362120744)

  • JCE provider (SHA256 checksum 9d335b372cf7f9b43e9ef5838897dc1d05e8cd02b31427e0a5f763489905a187)

Windows Server 2016

Download the version 5.4.2 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum e0b4a2753f1f940614a697ec91a7777b411ffc3ae3f0d52b61e94f62f6b5149c)

  • JCE provider (SHA256 checksum 0d502232118e5508e6f68a405a50f1cde0d6e7905553ecbb2c7fec6a7735c7f4)

Windows Server 2019

Download the version 5.4.2 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum e0b4a2753f1f940614a697ec91a7777b411ffc3ae3f0d52b61e94f62f6b5149c)

  • JCE provider (SHA256 checksum 0d502232118e5508e6f68a405a50f1cde0d6e7905553ecbb2c7fec6a7735c7f4)

Version 5.4.2 includes improved stability and bug fixes for all SDKs. This is also the last release for the CentOS 8 platform. For more information, see the CentOS website.

PKCS #11 library
  • Improved stability and bug fixes.

OpenSSL Dynamic Engine
  • Improved stability and bug fixes.

JCE provider
  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.4.1 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum e9a87d12874933f3bc943232c9de9efc6020f8d907272e10b461d0300375a784)

  • OpenSSL Dynamic Engine (SHA256 checksum 8a8b17895e0e473b2ee3f7bd15dd9deb443f3f0af1b33c89e4c2dfa67d9f452b)

  • JCE provider (SHA256 checksum 9dc53f4bcfab4a062534f82e65e2708aa60c9b965b1ec7eb61e9cae57863c7aa)

Amazon Linux 2

Download the version 5.4.1 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 17e28ef5a0921aa4a0832aebb5c4451836f2cf238f8034d6270cd50d93b61920)

  • OpenSSL Dynamic Engine (SHA256 checksum 75225f3b06a852614b5c1f657ce6b1aed6fcf87dec631072aba1764c6def1506)

  • JCE provider (SHA256 checksum c71b1a314844adb623f14dcbfbdafa0a7cfa68a94021e51d48c32371d92d8e6a)

CentOS 7

Download the version 5.4.1 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum 17e28ef5a0921aa4a0832aebb5c4451836f2cf238f8034d6270cd50d93b61920)

  • OpenSSL Dynamic Engine (SHA256 checksum 75225f3b06a852614b5c1f657ce6b1aed6fcf87dec631072aba1764c6def1506)

  • JCE provider (SHA256 checksum c71b1a314844adb623f14dcbfbdafa0a7cfa68a94021e51d48c32371d92d8e6a)

CentOS 8

Download the version 5.4.1 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum 5a01dcf5f1be7f081a4e47b686d266fd7bc94c7a26f502eaafc6f2bc99bec2b2)

  • OpenSSL Dynamic Engine (SHA256 checksum 62776a4b8a7a540c6578d747633d32a2f52c54080ba45cc450206a08a5a4a428)

  • JCE provider (SHA256 checksum 1311d64d916b27c13c0890a25f6aa7f6f62ff37a8203e8bde6524bc94e661860)

Note

Due to the recent end of life for CentOS 8, we will no longer be able to support this platform with the next release.

RHEL 7

Download the version 5.4.1 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum 17e28ef5a0921aa4a0832aebb5c4451836f2cf238f8034d6270cd50d93b61920)

  • OpenSSL Dynamic Engine (SHA256 checksum 75225f3b06a852614b5c1f657ce6b1aed6fcf87dec631072aba1764c6def1506)

  • JCE provider (SHA256 checksum c71b1a314844adb623f14dcbfbdafa0a7cfa68a94021e51d48c32371d92d8e6a)

RHEL 8

Download the version 5.4.1 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum 5a01dcf5f1be7f081a4e47b686d266fd7bc94c7a26f502eaafc6f2bc99bec2b2)

  • OpenSSL Dynamic Engine (SHA256 checksum 62776a4b8a7a540c6578d747633d32a2f52c54080ba45cc450206a08a5a4a428)

  • JCE provider (SHA256 checksum 1311d64d916b27c13c0890a25f6aa7f6f62ff37a8203e8bde6524bc94e661860)

Ubuntu 18.04 LTS

Download the version 5.4.1 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 91db61b43066545b68543d6ecf819785ab6d22379978d4fbcf2488f70eab8679)

  • OpenSSL Dynamic Engine (SHA256 checksum ef9b8ba5ac3fb8a1d215e5bd36ff69d1bb7514d7a430927af4ba64cafd8a8d05)

  • JCE provider (SHA256 checksum 3a008934485a3c6be35479e2c14c48bc7ab9c30f5b76af272fa9c79f148c98eb)

Windows Server 2016

Download the version 5.4.1 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum f861f3170bb15c2f512d1d581179e6548cc295f3c1d45afb005b898b5cd26474)

  • JCE provider (SHA256 checksum 1205867ee6a5b19f3bda7df13719edc98e6cb67b0561f4b7d775b91aa30626cf)

Windows Server 2019

Download the version 5.4.1 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum f861f3170bb15c2f512d1d581179e6548cc295f3c1d45afb005b898b5cd26474)

  • JCE provider (SHA256 checksum 1205867ee6a5b19f3bda7df13719edc98e6cb67b0561f4b7d775b91aa30626cf)

Version 5.4.1 resolves a known issue with the PKCS #11 library. This is also the last release for the CentOS 8 platform. For more information, see the CentOS website.

PKCS #11 library
  • Improved stability and bug fixes.

OpenSSL Dynamic Engine
  • Improved stability and bug fixes.

JCE provider
  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.4.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 8e643e52bca4690bbe7f5c26d871fa3af067a4a1dcda7d41f57002e5a4e31795)

  • OpenSSL Dynamic Engine (SHA256 checksum be6e50291efafe50d9ffcba630367e47f71b2e4c3ae9ee3d3ab5b298eea2f72f)

  • JCE provider (SHA256 checksum 0634c3fc61ce4a0c04ce161be55a4145748ccadeae04510066a984ce784b0531)

Amazon Linux 2

Download the version 5.4.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 7cd01f3632c06a118e7c33c2b19e70d669ffb0fca906f6944a878d1f55fdb23a)

  • OpenSSL Dynamic Engine (SHA256 checksum a7e63134bdb3f567ab8931783e9a15602193818ed64f3a11bc1e98dd1c000324)

  • JCE provider (SHA256 checksum ca6dfc9b9d96b351445320570b8e73ef761ddfc7bc6954d61b51302c6532c020)

CentOS 7

Download the version 5.4.0 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum 7cd01f3632c06a118e7c33c2b19e70d669ffb0fca906f6944a878d1f55fdb23a)

  • OpenSSL Dynamic Engine (SHA256 checksum a7e63134bdb3f567ab8931783e9a15602193818ed64f3a11bc1e98dd1c000324)

  • JCE provider (SHA256 checksum ca6dfc9b9d96b351445320570b8e73ef761ddfc7bc6954d61b51302c6532c020)

CentOS 8

Download the version 5.4.0 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum 661e8a42dcbdc6e98f06a0fe8e19d88c80f5207558afe7a1dbfd8e6fb02d6871)

  • OpenSSL Dynamic Engine (SHA256 checksum 536ccfdd4a0e4d2a762f6eed334536e5ed8522009ad96fc980de59b463855119)

  • JCE provider (SHA256 checksum 2d8c64a301e585f00bb52676e240ceaa415a0dad63dc392428d8dfc36c552165)

RHEL 7

Download the version 5.4.0 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum 7cd01f3632c06a118e7c33c2b19e70d669ffb0fca906f6944a878d1f55fdb23a)

  • OpenSSL Dynamic Engine (SHA256 checksum a7e63134bdb3f567ab8931783e9a15602193818ed64f3a11bc1e98dd1c000324)

  • JCE provider (SHA256 checksum ca6dfc9b9d96b351445320570b8e73ef761ddfc7bc6954d61b51302c6532c020)

RHEL 8

Download the version 5.4.0 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum 661e8a42dcbdc6e98f06a0fe8e19d88c80f5207558afe7a1dbfd8e6fb02d6871)

  • OpenSSL Dynamic Engine (SHA256 checksum 536ccfdd4a0e4d2a762f6eed334536e5ed8522009ad96fc980de59b463855119)

  • JCE provider (SHA256 checksum 2d8c64a301e585f00bb52676e240ceaa415a0dad63dc392428d8dfc36c552165)

Ubuntu 18.04 LTS

Download the version 5.4.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum a477dd926049663cbda3d7a534eda360023f54a149aa3d8308e34b575b87e70d)

  • OpenSSL Dynamic Engine (SHA256 checksum d04823a20ecb4c26135b9587f33a219fe9148e3850fe85e9fd43c818ea8ee75e)

  • JCE provider (SHA256 checksum 7101b3fc98760a3110021b9c2e168685f7bdb6acd624c023d350f7af1252ca86)

Windows Server 2016

Download the version 5.4.0 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum 08607f7f7690946df7c1eb7f8b5012c5383c12afe1cbfdd5db2a326efcb13709)

  • JCE provider (SHA256 checksum fa4052f6aa2865a410d3582f8a1d76e90ff068e8950067cb6fb962a38a0432b6)

Windows Server 2019

Download the version 5.4.0 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum 08607f7f7690946df7c1eb7f8b5012c5383c12afe1cbfdd5db2a326efcb13709)

  • JCE provider (SHA256 checksum fa4052f6aa2865a410d3582f8a1d76e90ff068e8950067cb6fb962a38a0432b6)

Version 5.4.0 adds initial support for the JCE provider for all platforms. The JCE provider is compatible with OpenJDK 8.

PKCS #11 library
  • Improved stability and bug fixes.

OpenSSL Dynamic Engine
  • Improved stability and bug fixes.

JCE provider
  • Key types
    • RSA – 2048-bit to 4096-bit RSA keys, in increments of 256 bits.

    • AES – 128, 192, and 256-bit AES keys.

    • ECC key pairs for NIST curves secp256r1 (P-256), secp384r1 (P-384), and secp256k1.

    • DESede (3DES)

    • HMAC – with SHA1, SHA224, SHA256, SHA384, SHA512 hash support.

  • Ciphers (encrypt and decrypt only)
    • AES/GCM/NoPadding

    • AES/ECB/NoPadding

    • AES/CBC/PKCS5Padding

    • DESede/ECB/NoPadding

    • DESede/CBC/PKCS5Padding

    • AES/CTR/NoPadding

    • RSA/ECB/PKCS1Padding

    • RSA/ECB/OAEPPadding

    • RSA/ECB/OAEPWithSHA-1ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-224ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-256ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-384ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-512ANDMGF1Padding

  • Digests
    • SHA-1

    • SHA-224

    • SHA-256

    • SHA-384

    • SHA-512

  • Sign/Verify
    • NONEwithRSA

    • SHA1withRSA

    • SHA224withRSA

    • SHA256withRSA

    • SHA384withRSA

    • SHA512withRSA

    • NONEwithECDSA

    • SHA1withECDSA

    • SHA224withECDSA

    • SHA256withECDSA

    • SHA384withECDSA

    • SHA512withECDSA

  • Integration with the Java KeyStore

Amazon Linux

Download the version 5.3.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 66f34388dd6188b33d3b41c9f520be4504ad4f5a5eee758ba53106e9f3a264be)

  • OpenSSL Dynamic Engine (SHA256 checksum 33e5245592b43157f0658472e10c541f0e4fb7342bd4e6c221a5472663face81)

Amazon Linux 2

Download the version 5.3.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum a66cbb515a2155977093dd15577625adc3d57be2b7345714711a541d14eb31ee)

  • OpenSSL Dynamic Engine (SHA256 checksum 14fa0428df7cb290b7e3f9ee3f3eb2d1345672f362ed25da01cdbedaf8cf1511)

CentOS 7

Download the version 5.3.0 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum a66cbb515a2155977093dd15577625adc3d57be2b7345714711a541d14eb31ee)

  • OpenSSL Dynamic Engine (SHA256 checksum 14fa0428df7cb290b7e3f9ee3f3eb2d1345672f362ed25da01cdbedaf8cf1511)

CentOS 8

Download the version 5.3.0 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum f44a0451cdcdf87240a23aab4bf18fc0d32a2edd0806b1d169b831523f762b4c)

  • OpenSSL Dynamic Engine (SHA256 checksum 71173b74a9c20364f5aff64553d0eb6984dc91ec84c8f6a6b7ff2ceca0db27c3)

RHEL 7

Download the version 5.3.0 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum a66cbb515a2155977093dd15577625adc3d57be2b7345714711a541d14eb31ee)

  • OpenSSL Dynamic Engine (SHA256 checksum 14fa0428df7cb290b7e3f9ee3f3eb2d1345672f362ed25da01cdbedaf8cf1511)

RHEL 8

Download the version 5.3.0 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum f44a0451cdcdf87240a23aab4bf18fc0d32a2edd0806b1d169b831523f762b4c)

  • OpenSSL Dynamic Engine (SHA256 checksum 71173b74a9c20364f5aff64553d0eb6984dc91ec84c8f6a6b7ff2ceca0db27c3)

Ubuntu 18.04 LTS

Download the version 5.3.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum dc1b378f0cd554f588ed783cf0dd7b209352347f8a888fa63e24554f27bac91a)

  • OpenSSL Dynamic Engine (SHA256 checksum 9a8373497882ccc325ee4a533b1e7bcfdfe5ad43eb6b11f2d104a3b41303a90a)

Windows Server 2016

Download the version 5.3.0 software for Windows Server 2016: PKCS #11 library (SHA256 checksum 1d262717746aa1ed33db380b78ac0bab8bbb43a444425f4518c09b4288f7f4de)

Windows Server 2019

Download the version 5.3.0 software for Windows Server 2019: PKCS #11 library (SHA256 checksum 1d262717746aa1ed33db380b78ac0bab8bbb43a444425f4518c09b4288f7f4de)

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Add support for ECDSA sign/verify with curves P-256, P-384, and secp256k1.

  • Add support for the platforms: Amazon Linux, Amazon Linux 2, Centos 7.8+, RHEL 7.9+.

  • Add support for OpenSSL version 1.0.2.

  • Improved stability and bug fixes.

JCE provider
  • Key types
    • RSA – 2048-bit to 4096-bit RSA keys, in increments of 256 bits.

    • AES – 128, 192, and 256-bit AES keys.

    • EC key pairs for NIST curves secp256r1 (P-256), secp384r1 (P-384), and secp256k1.

    • DESede (3DES)

    • HMAC – with SHA1, SHA224, SHA256, SHA384, SHA512 hash support.

  • Ciphers (encrypt and decrypt only)
    • AES/GCM/NoPadding

    • AES/ECB/NoPadding

    • AES/CBC/PKCS5Padding

    • DESede/ECB/NoPadding

    • DESede/CBC/PKCS5Padding

    • AES/CTR/NoPadding

    • RSA/ECB/PKCS1Padding

    • RSA/ECB/OAEPPadding

    • RSA/ECB/OAEPWithSHA-1ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-224ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-256ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-384ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-512ANDMGF1Padding

  • Digests
    • SHA-1

    • SHA-224

    • SHA-256

    • SHA-384

    • SHA-512

  • Sign/Verify
    • NONEwithRSA

    • SHA1withRSA

    • SHA224withRSA

    • SHA256withRSA

    • SHA384withRSA

    • SHA512withRSA

    • NONEwithECDSA

    • SHA1withECDSA

    • SHA224withECDSA

    • SHA256withECDSA

    • SHA384withECDSA

    • SHA512withECDSA

  • Integration with the Java KeyStore

Amazon Linux

Download the version 5.2.1 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 710654ef82794e2cdab49ae621ac83b64c23b38b2d935e2f8d04a311994730f5)

Amazon Linux 2

Download the version 5.2.1 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum b3ac4b0d4a27d58a3ae3df45702c2c1197daf0a5703fb8d403813019451a9f36)

CentOS 7.8+

Download the version 5.2.1 software for CentOS 7.8+:

  • PKCS #11 library (SHA256 checksum b3ac4b0d4a27d58a3ae3df45702c2c1197daf0a5703fb8d403813019451a9f36)

CentOS 8.3+

Download the version 5.2.1 software for CentOS 8.3+:

  • PKCS #11 library (SHA256 checksum 57909c25f0c93c2af8b78a833aec7acdd09d7dc448c268b89893d8a03c7b9a45)

  • OpenSSL Dynamic Engine (SHA256 checksum e9d3daecd68f66acaadc6036bd5aa108a0c59cb91d3f31ee9b758c5590812086)

RHEL 7.9+

Download the version 5.2.1 software for RedHat Enterprise Linux 7.8+:

  • PKCS #11 library (SHA256 checksum b3ac4b0d4a27d58a3ae3df45702c2c1197daf0a5703fb8d403813019451a9f36)

RHEL 8.3+

Download the version 5.2.1 software for RedHat Enterprise Linux 8.3+:

  • PKCS #11 library (SHA256 checksum 57909c25f0c93c2af8b78a833aec7acdd09d7dc448c268b89893d8a03c7b9a45)

  • OpenSSL Dynamic Engine (SHA256 checksum e9d3daecd68f66acaadc6036bd5aa108a0c59cb91d3f31ee9b758c5590812086)

Ubuntu 18.04 LTS

Download the version 5.2.1 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 29ab3ea6fc9ff84ce94f5e4e79c254190e4a6d0af5d4c5583416a892998019f0)

  • OpenSSL Dynamic Engine (SHA256 checksum 55e48b58358e6a2e701ba42dd0fd29bcae57d08b0af77a3f44c62b397edd8b9a)

Windows Server 2016

Download the latest version 5.2.1 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum b82c2afa1e8353fb47fa392ba20be480e0d2ccb0e361acb6d8ca89f8f8803545)

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Windows Server 2019

Download the latest version 5.2.1 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum b82c2afa1e8353fb47fa392ba20be480e0d2ccb0e361acb6d8ca89f8f8803545)

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.2.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 6ba98c1cd05e80d96e690c146c4d870f34a8971f542a3b7c3b30c96ac2bdf940)

Amazon Linux 2

Download the version 5.2.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 3df6395a9d15ad3d1b1c19bae78dbac96a704be304d96f9ae9101a78f7573797)

CentOS 7.8+

Download the version 5.2.0 software for CentOS 7.8+:

  • PKCS #11 library (SHA256 checksum 3df6395a9d15ad3d1b1c19bae78dbac96a704be304d96f9ae9101a78f7573797)

CentOS 8.3+

Download the version 5.2.0 software for CentOS 8.3+:

  • PKCS #11 library (SHA256 checksum d1d3f8d2ec98ae7bdcc4ffc8e3f6affd4b7d11113ab8480ba2c7dd6ed17c280e)

  • OpenSSL Dynamic Engine (SHA256 checksum f5d8fd0d694c481f6c51a1e9ff2c45873f31df1000db671901a26f5041f905f8)

RHEL 7.9+

Download the version 5.2.0 software for RedHat Enterprise Linux 7.8+:

  • PKCS #11 library (SHA256 checksum 3df6395a9d15ad3d1b1c19bae78dbac96a704be304d96f9ae9101a78f7573797)

RHEL 8.3+

Download the version 5.2.0 software for RedHat Enterprise Linux 8.3+:

  • PKCS #11 library (SHA256 checksum d1d3f8d2ec98ae7bdcc4ffc8e3f6affd4b7d11113ab8480ba2c7dd6ed17c280e)

  • OpenSSL Dynamic Engine (SHA256 checksum f5d8fd0d694c481f6c51a1e9ff2c45873f31df1000db671901a26f5041f905f8)

Ubuntu 18.04 LTS

Download the version 5.2.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 25448e26a2f600ee53143779001bb001111aa37d34b861f4a88a7e507eb6ec44)

  • OpenSSL Dynamic Engine (SHA256 checksum 797061b4c4a2550172ec0d49c694ca76ddefc0fb157a2ce39a5f39a650767c36)

Windows Server 2016

Download the latest version 5.2.0 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum 64c9afa1856a7166707d563ab4eedc2dc27132df7f5e76c0467ca996828fff0b)

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Windows Server 2019

Download the latest version 5.2.0 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum 64c9afa1856a7166707d563ab4eedc2dc27132df7f5e76c0467ca996828fff0b)

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Version 5.2.0 adds support additional key types and mechanisms to the PKCS #11 library.

PKCS #11 library

Key Types

  • ECDSA– P-224, P-256, P-384, P-521 and secp256k1 curves

  • Triple DES (3DES)

Mechanisms

  • CKM_EC_KEY_PAIR_GEN

  • CKM_DES3_KEY_GEN

  • CKM_DES3_CBC

  • CKM_DES3_CBC_PAD

  • CKM_DES3_ECB

  • CKM_ECDSA

  • CKM_ECDSA_SHA1

  • CKM_ECDSA_SHA224

  • CKM_ECDSA_SHA256

  • CKM_ECDSA_SHA384

  • CKM_ECDSA_SHA512

  • CKM_RSA_PKCS for Encrypt/Decrypt

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.1.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum cd9016efeb1d7339be1fda4cff0d32f9144a119077da9f409f7e6f27c1d54c8b)

Amazon Linux 2

Download the version 5.1.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 9674d705032b39087a8ddaa793647fa0e31968c3ede3ca67f3ea65be4f0d77a1)

CentOS 7.8+

Download the version 5.1.0 software for CentOS 7.8+:

  • PKCS #11 library (SHA256 checksum 9674d705032b39087a8ddaa793647fa0e31968c3ede3ca67f3ea65be4f0d77a1)

CentOS 8.3+

Download the version 5.1.0 software for CentOS 8.3+:

  • PKCS #11 library (SHA256 checksum 0c0de23d884500b47cf0df89943f902c5a52cb48a6088693c51e31a240bc0bc3)

  • OpenSSL Dynamic Engine (SHA256 checksum fd2f8f5fca5ed3d92ff602c6673e8b92daa70d904c7428dbe90ea6a7b5492cdb)

RHEL 7.9+

Download the version 5.1.0 software for RedHat Enterprise Linux 7.8+:

  • PKCS #11 library (SHA256 checksum 9674d705032b39087a8ddaa793647fa0e31968c3ede3ca67f3ea65be4f0d77a1)

RHEL 8.3+

Download the version 5.1.0 software for RedHat Enterprise Linux 8.3+:

  • PKCS #11 library (SHA256 checksum 0c0de23d884500b47cf0df89943f902c5a52cb48a6088693c51e31a240bc0bc3)

  • OpenSSL Dynamic Engine (SHA256 checksum fd2f8f5fca5ed3d92ff602c6673e8b92daa70d904c7428dbe90ea6a7b5492cdb)

Ubuntu 18.04 LTS

Download the version 5.1.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum f03e683f37fe82209451b95704d42716c1e6155611c6c02e7838e5e41c429019)

  • OpenSSL Dynamic Engine (SHA256 checksum 956b51bb5a20a302c938c8ad29542a487b2c85fe7a7c9e3386f7d280d6913058)

Windows Server 2016

Download the latest version 5.1.0 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum 520c9cd19fc48dcf61b2e3f2d1951cefa9ba5e41874a9db7c926a04e03147c8d)

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Windows Server 2019

Download the latest version 5.1.0 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum 520c9cd19fc48dcf61b2e3f2d1951cefa9ba5e41874a9db7c926a04e03147c8d)

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Version 5.1.0 adds support for additional mechanisms to the PKCS #11 library.

PKCS #11 library

Mechanisms

  • CKM_RSA_PKCS for Wrap/Unwrap

  • CKM_RSA_PKCS_PSS

  • CKM_SHA1_RSA_PKCS_PSS

  • CKM_SHA224_RSA_PKCS_PSS

  • CKM_SHA256_RSA_PKCS_PSS

  • CKM_SHA384_RSA_PKCS_PSS

  • CKM_SHA512_RSA_PKCS_PSS

  • CKM_AES_ECB

  • CKM_AES_CTR

  • CKM_AES_CBC

  • CKM_AES_CBC_PAD

  • CKM_SP800_108_COUNTER_KDF

  • CKM_GENERIC_SECRET_KEY_GEN

  • CKM_SHA_1_HMAC

  • CKM_SHA224_HMAC

  • CKM_SHA256_HMAC

  • CKM_SHA384_HMAC

  • CKM_SHA512_HMAC

  • CKM_RSA_PKCS_OAEP Wrap/Unwrap only

  • CKM_RSA_AES_KEY_WRAP

  • CKM_CLOUDHSM_AES_KEY_WRAP_NO_PAD

  • CKM_CLOUDHSM_AES_KEY_WRAP_PKCS5_PAD

  • CKM_CLOUDHSM_AES_KEY_WRAP_ZERO_PAD

API Operations

  • C_CreateObject

  • C_DeriveKey

  • C_WrapKey

  • C_UnWrapKey

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.0.1 software for Amazon Linux:

Amazon Linux 2

Download the version 5.0.1 software for Amazon Linux 2:

CentOS 7.8+

Download the version 5.0.1 software for CentOS 7.8+:

CentOS 8.3+

Download the version 5.0.1 software for CentOS 8.3+:

RHEL 7.9+

Download the version 5.0.1 software for RedHat Enterprise Linux 7.8+:

RHEL 8.3+

Download the version 5.0.1 software for RedHat Enterprise Linux 8.3+:

Ubuntu 18.04 LTS

Download the version 5.0.1 software for Ubuntu 18.04 LTS:

Windows Server 2016

Download the latest version 5.0.1 software for Windows Server 2016:

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Windows Server 2019

Download the latest version 5.0.1 software for Windows Server 2019:

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Version 5.0.1 adds initial support for OpenSSL Dynamic Engine.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Initial release of OpenSSL Dynamic Engine.

  • This release offers introductory support for key types and OpenSSL APIs:

    • RSA key generation for 2048, 3072, and 4096-bit keys

    • OpenSSL APIs:

    For more information, see OpenSSL Dynamic Engine.

  • Platforms supported: CentOS 8.3+, Red Hat Enterprise Linux (RHEL) 8.3+, and Ubuntu 18.04 LTS

    • Requires: OpenSSL 1.1.1

    For more information, see Supported Platforms.

  • Support for SSL/TLS Offload on CentOS 8.3+, Red Hat Enterprise Linux (RHEL) 8.3, and Ubuntu 18.04 LTS, including NGINX 1.19 (for select cipher suites).

    For more information, see Using SSL/TLS Offload on Linux.

Amazon Linux

Download the version 5.0.0 software for Amazon Linux:

Amazon Linux 2

Download the version 5.0.0 software for Amazon Linux 2:

CentOS 7.8+

Download the version 5.0.0 software for CentOS 7.8+:

CentOS 8.3+

Download the version 5.0.0 software for CentOS 8.2:

RHEL 7.9+

Download the version 5.0.0 software for RedHat Enterprise Linux 7.8+:

RHEL 8.3+

Download the version 5.0.0 software for RedHat Enterprise Linux 8.2:

Ubuntu 18.04 LTS

Download the version 5.0.0 software for Ubuntu 18.04 LTS:

Windows Server 2016

Download the latest version 5.0.0 software for Windows Server 2016:

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Windows Server 2019

Download the latest version 5.0.0 software for Windows Server 2019:

For information about Windows Server platform support for Client SDK 5, see Client SDK 5 supported platforms.

Version 5.0.0 is the first release.

PKCS #11 library

  • This is the initial release.

Introductory PKCS #11 library support in client SDK version 5.0.0

This section details support for key types, mechanisms, API operations and attributes Client SDK version 5.0.0.

Key Types:

  • AES– 128, 192, and 256-bit AES keys

  • RSA– 2048-bit to 4096-bit RSA keys, in increments of 256 bits

Mechanisms:

  • CKM_AES_GCM

  • CKM_AES_KEY_GEN

  • CKM_CLOUDHSM_AES_GCM

  • CKM_RSA_PKCS

  • CKM_RSA_X9_31_KEY_PAIR_GEN

  • CKM_SHA1

  • CKM_SHA1_RSA_PKCS

  • CKM_SHA224

  • CKM_SHA224_RSA_PKCS

  • CKM_SHA256

  • CKM_SHA256_RSA_PKCS

  • CKM_SHA384

  • CKM_SHA384_RSA_PKCS

  • CKM_SHA512

  • CKM_SHA512_RSA_PKCS

API Operations:

  • C_CloseAllSessions

  • C_CloseSession

  • C_Decrypt

  • C_DecryptFinal

  • C_DecryptInit

  • C_DecryptUpdate

  • C_DestroyObject

  • C_Digest

  • C_DigestFinal

  • C_DigestInit

  • C_DigestUpdate

  • C_Encrypt

  • C_EncryptFinal

  • C_EncryptInit

  • C_EncryptUpdate

  • C_Finalize

  • C_FindObjects

  • C_FindObjectsFinal

  • C_FindObjectsInit

  • C_GenerateKey

  • C_GenerateKeyPair

  • C_GenerateRandom

  • C_GetAttributeValue

  • C_GetFunctionList

  • C_GetInfo

  • C_GetMechanismInfo

  • C_GetMechanismList

  • C_GetSessionInfo

  • C_GetSlotInfo

  • C_GetSlotList

  • C_GetTokenInfo

  • C_Initialize

  • C_Login

  • C_Logout

  • C_OpenSession

  • C_Sign

  • C_SignFinal

  • C_SignInit

  • C_SignUpdate

  • C_Verify

  • C_VerifyFinal

  • C_VerifyInit

  • C_VerifyUpdate

Attributes:

  • GenerateKeyPair

    • All RSA Key attributes

  • GenerateKey

    • All AES Key attributes

  • GetAttributeValue

    • All RSA Key attributes

    • All AES Key attributes

Samples:

Previous Client SDK 3 releases

This section lists previous Client SDK 3 releases. For the current Client SDK 3 release, see Latest releases.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.3 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum a92337e0f1d8a7d5db89b16f7530535746af1affd609df0db7381cfeab2e04fd)

  • PKCS #11 library (SHA256 checksum 499be5d60d07ea90cc70522875f9ba477e4a356f37051086c51e31d0f6196501)

  • OpenSSL Dynamic Engine (SHA256 checksum 5605a34334f120afe2ecf6bcd5eab0cc30a46abe2e31eddbf48091bbd8819ebb)

  • JCE provider (SHA256 checksum a3d78eb4f8195e37a1f263bc3e16f1e767a78bd88e6b9d276b1e64e6ded003f9)

  • AWS CloudHSM Management Utility (SHA256 checksum 82c0dbf9eb322a2462a66105cc93dd6c3f11d59e8e9845b3d93419286130a10c)

Amazon Linux 2

Download the version 3.4.3 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 16e3fd76c19216f270219524bdb4ab82a0ccdbec04175b4a7e34615cadd741ac)

  • PKCS #11 library (SHA256 checksum 0f9ac194bc3fcbf615e4735d87e6174f4630d776f2211cbe9d5e2cc90631095f)

  • OpenSSL Dynamic Engine (SHA256 checksum ca0007b6b0d05f0bb6beaebc9bf39c2feeefc1cd51437d46c9db2781046d7353)

  • JCE provider (SHA256 checksum 0109c40792414beae32e78f6100024d8db79cf1216fdfba36b5f2bd458fb6610)

  • AWS CloudHSM Management Utility (SHA256 checksum 045af33133c0a809c45876fdc45f81234613f1cb718e10b138df0f6b08427365)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.3.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.3 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 16e3fd76c19216f270219524bdb4ab82a0ccdbec04175b4a7e34615cadd741ac)

  • PKCS #11 library (SHA256 checksum 0f9ac194bc3fcbf615e4735d87e6174f4630d776f2211cbe9d5e2cc90631095f)

  • OpenSSL Dynamic Engine (SHA256 checksum ca0007b6b0d05f0bb6beaebc9bf39c2feeefc1cd51437d46c9db2781046d7353)

  • JCE provider (SHA256 checksum 0109c40792414beae32e78f6100024d8db79cf1216fdfba36b5f2bd458fb6610)

  • AWS CloudHSM Management Utility (SHA256 checksum 045af33133c0a809c45876fdc45f81234613f1cb718e10b138df0f6b08427365)

CentOS 8

Download the version 3.4.3 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 5436a0b1c2df34ccf846c79a5479a986e125d8b04234a2b1fa38db19bb9ba0b8)

  • PKCS #11 library (SHA256 checksum 9d5abe25513294ede35677f0c896547fc7671e19dbf6514066161d933b84fed1)

  • JCE provider (SHA256 checksum f04e48e47cfdbccea47bb45f988c95832244b2ab18b3c040249c91ad2a99ab64)

  • AWS CloudHSM Management Utility (SHA256 checksum da50c29bbeb65f84d9b4769bf3539a9b5189c51c7e0ae8981b85290aa4f5d152)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.3.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.3 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 16e3fd76c19216f270219524bdb4ab82a0ccdbec04175b4a7e34615cadd741ac)

  • PKCS #11 library (SHA256 checksum 0f9ac194bc3fcbf615e4735d87e6174f4630d776f2211cbe9d5e2cc90631095f)

  • OpenSSL Dynamic Engine (SHA256 checksum ca0007b6b0d05f0bb6beaebc9bf39c2feeefc1cd51437d46c9db2781046d7353)

  • JCE provider (SHA256 checksum 0109c40792414beae32e78f6100024d8db79cf1216fdfba36b5f2bd458fb6610)

  • AWS CloudHSM Management Utility (SHA256 checksum 045af33133c0a809c45876fdc45f81234613f1cb718e10b138df0f6b08427365)

RHEL 8

Download the version 3.4.3 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 5436a0b1c2df34ccf846c79a5479a986e125d8b04234a2b1fa38db19bb9ba0b8)

  • PKCS #11 library (SHA256 checksum 9d5abe25513294ede35677f0c896547fc7671e19dbf6514066161d933b84fed1)

  • JCE provider (SHA256 checksum f04e48e47cfdbccea47bb45f988c95832244b2ab18b3c040249c91ad2a99ab64)

  • AWS CloudHSM Management Utility (SHA256 checksum da50c29bbeb65f84d9b4769bf3539a9b5189c51c7e0ae8981b85290aa4f5d152)

Ubuntu 16.04 LTS

Download the version 3.4.3 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum ab6cf9173c4023f0766f2b67e66d507ccd597302576cfc9507c23734560f67f9)

  • PKCS #11 library (SHA256 checksum 71a721747a6c593d3b1061879dbbf891640dab2909ca9efdef4dad3b66013863)

  • OpenSSL Dynamic Engine (SHA256 checksum 20b8a764e341a2d2b6e4a7197e5ff32ec9e215fc5314d309f14fdfd1e8f6e986)

  • JCE provider (SHA256 checksum 6deb8ad0c7950f558302a3d9828e7f7a1ed7faba7148f738e1c8dd324b631163)

  • AWS CloudHSM Management Utility (SHA256 checksum 0a74107394bca140dfab4abd20dbc486c5969df7de5ee51b610fb787398531d2)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.3 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 03d8b339494c5b6d7f84fb96225f64f2a10e60070abaa9f9bc9c7e04bb7b5916)

  • PKCS #11 library (SHA256 checksum 8fffcc5b2988bb2845476117ef881b4a62785fbed2a383cd656765921d552eac)

  • JCE provider (SHA256 checksum b6a103606fcf54e85ac98da257eef872139148727cb5734c43e55d6952c547e4)

  • AWS CloudHSM Management Utility (SHA256 checksum 5d611d31132af9e667027a1143b9d3e744ef701be0f46609777c31b8658db3b1)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.3 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.3) software for Windows Server:

Version 3.4.3 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.17.0.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.2 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum 5fcb89ace8bb30f02ecaed54edb125157d4c5da48016428d08212bccb4a56fc6)

  • PKCS #11 library (SHA256 checksum d85b2e769bcc96efa86b1bfc7bac22ddeb1b237ad6bab6b7402b61c9db638578)

  • OpenSSL Dynamic Engine (SHA256 checksum 8c36fd8a8701b738294ce9d6b612a366f1b139d4bdb8f52b3bf7c5bfc8d391c4)

  • JCE provider (SHA256 checksum 589d744275c825050248909c67ee756fc3d3f35ff8932d80a4a981f4b275b981)

  • AWS CloudHSM Management Utility (SHA256 checksum ba55f0dee3bf728f960bc4182f8178de63a2f17363c830a7480d07ff27872f44)

Amazon Linux 2

Download the version 3.4.2 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 8110f2d5f3ec0dbdc1f7c49511610ad678b0a27823edcba2e3c4c79f6859aa8f)

  • PKCS #11 library (SHA256 checksum 2c2225f29a30347810b0bdef617036b6c4ba698955bd5cb1c588e8230a7dbd24)

  • OpenSSL Dynamic Engine (SHA256 checksum 3b07f1588e1093c6b67f2c8810239679b9a42ac9472a065bf97fd4d75a4a9f28)

  • JCE provider (SHA256 checksum ecaa9ea834ef51c58ab3601248d28264a23173b19f10180640c3cf1addb1a808)

  • AWS CloudHSM Management Utility (SHA256 checksum 2ee1625ab2634e96a2bf5fea3df87d085991a4bf404e9beea993c58de2902db2)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.2.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.2 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 8110f2d5f3ec0dbdc1f7c49511610ad678b0a27823edcba2e3c4c79f6859aa8f)

  • PKCS #11 library (SHA256 checksum 2c2225f29a30347810b0bdef617036b6c4ba698955bd5cb1c588e8230a7dbd24)

  • OpenSSL Dynamic Engine (SHA256 checksum 3b07f1588e1093c6b67f2c8810239679b9a42ac9472a065bf97fd4d75a4a9f28)

  • JCE provider (SHA256 checksum ecaa9ea834ef51c58ab3601248d28264a23173b19f10180640c3cf1addb1a808)

  • AWS CloudHSM Management Utility (SHA256 checksum 2ee1625ab2634e96a2bf5fea3df87d085991a4bf404e9beea993c58de2902db2)

CentOS 8

Download the version 3.4.2 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 1a1f94924acb5d0778f40d5af827e270e67074744ecc2ff84eb44f3f2bb3cb71)

  • PKCS #11 library (SHA256 checksum 922ff0f24ee129f57bdddbd7a757521d1117e4e910f17047c674b395121760fe)

  • JCE provider (SHA256 checksum e68dd76218eb476b235d7fd1aa911b5c8567511bd9787ed45744d6d146c519ac)

  • AWS CloudHSM Management Utility (SHA256 checksum f9a8c504c6c8b3df10d098dc299a921158ca820c0d015a167b1498036c33b0bd)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.2.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.2 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 8110f2d5f3ec0dbdc1f7c49511610ad678b0a27823edcba2e3c4c79f6859aa8f)

  • PKCS #11 library (SHA256 checksum 2c2225f29a30347810b0bdef617036b6c4ba698955bd5cb1c588e8230a7dbd24)

  • OpenSSL Dynamic Engine (SHA256 checksum 3b07f1588e1093c6b67f2c8810239679b9a42ac9472a065bf97fd4d75a4a9f28)

  • JCE provider (SHA256 checksum ecaa9ea834ef51c58ab3601248d28264a23173b19f10180640c3cf1addb1a808)

  • AWS CloudHSM Management Utility (SHA256 checksum 2ee1625ab2634e96a2bf5fea3df87d085991a4bf404e9beea993c58de2902db2)

RHEL 8

Download the version 3.4.2 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 1a1f94924acb5d0778f40d5af827e270e67074744ecc2ff84eb44f3f2bb3cb71)

  • PKCS #11 library (SHA256 checksum 922ff0f24ee129f57bdddbd7a757521d1117e4e910f17047c674b395121760fe)

  • JCE provider (SHA256 checksum e68dd76218eb476b235d7fd1aa911b5c8567511bd9787ed45744d6d146c519ac)

  • AWS CloudHSM Management Utility (SHA256 checksum f9a8c504c6c8b3df10d098dc299a921158ca820c0d015a167b1498036c33b0bd)

Ubuntu 16.04 LTS

Download the version 3.4.2 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum f8e20b397cc5fa78c400cc59b9b4fdfa231b6df310a554e77bb6002c9c43259e)

  • PKCS #11 library (SHA256 checksum f9f7e86190d1e051a837028f103315ed50461cbd7c9d249fac9e5fc8601b6381)

  • OpenSSL Dynamic Engine (SHA256 checksum 827d686f7bd961c70a35b262a7003edec5d4b05f346eb9c51c05f585c15543ee)

  • JCE provider (SHA256 checksum 74ce4fba33f6b1f4a79a6d62ace011b215904483397b676e2740a094c058d76d)

  • AWS CloudHSM Management Utility (SHA256 checksum 35bbcf5be6b1ab68da11db61c28e11b4bee0d7cdb03be6430d7ee77a8d23ae28)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.2 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 555c659973e24e7dcb788c80e97fae982844b14f34381a80b212991141a24fe6)

  • PKCS #11 library (SHA256 checksum 7dcb31b5db1b0f75ea2ed1f9f14dc62198a0d2feb08278183b958b125fcf969a)

  • JCE provider (SHA256 checksum 67893de3e86202bb73bd9541b5a7c6afa53c6fd030aabc321af4a384a0f2e690)

  • AWS CloudHSM Management Utility (SHA256 checksum cc79e50155bd1bb2f395a2538bd0e768292f83b3fc0fa9237a46fb745f4112c1)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.2 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.2) software for Windows Server:

Version 3.4.2 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.16.0.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.1 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum ca038e1219d6999ed62b680fde18fe0b992af082eaf9360f351a21ee2d42f786)

  • PKCS #11 library (SHA256 checksum 6f532aba4e15a802befea15c69874bc0e01c8076b98c7b43e4722f220912d4f8)

  • OpenSSL Dynamic Engine (SHA256 checksum b26afb7b84d95ac1d5a0d1a0de53c48dda6dddc52306b0d3f72d4927647efc06)

  • JCE provider (SHA256 checksum 76fa2c963cb23cea11644e03151a33f6fad249e872ec7609af6ab1f54371a4d5)

  • AWS CloudHSM Management Utility (SHA256 checksum a1cdd92cb4ce229aa33905f33ac9e65f147acc2e21b672453c0e87a2ba6d1896)

Amazon Linux 2

Download the version 3.4.1 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum dff54434429e24100c66f78aba4ca44a6c44d0017b9efe533399065bd13efbf8)

  • PKCS #11 library (SHA256 checksum ca6a9b3f42d9f765992906380638099a04dd8b5f2d3d24e2b616b2cf2f836fdd)

  • OpenSSL Dynamic Engine (SHA256 checksum b14c1718b3d68205d7447bf467bdaa0c21b8bc0e6cd25c7065ffff006f270807)

  • JCE provider (SHA256 checksum 55327fc3feac4f1cccaa0eafc49d77c9f47d07e18b4332fed9f559c11c97e769)

  • AWS CloudHSM Management Utility (SHA256 checksum 2e830f22bee0ceea1273c512f14d437e321f71616f619aa0b5d7490374648573)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.1.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.1 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum dff54434429e24100c66f78aba4ca44a6c44d0017b9efe533399065bd13efbf8)

  • PKCS #11 library (SHA256 checksum ca6a9b3f42d9f765992906380638099a04dd8b5f2d3d24e2b616b2cf2f836fdd)

  • OpenSSL Dynamic Engine (SHA256 checksum b14c1718b3d68205d7447bf467bdaa0c21b8bc0e6cd25c7065ffff006f270807)

  • JCE provider (SHA256 checksum 55327fc3feac4f1cccaa0eafc49d77c9f47d07e18b4332fed9f559c11c97e769)

  • AWS CloudHSM Management Utility (SHA256 checksum 2e830f22bee0ceea1273c512f14d437e321f71616f619aa0b5d7490374648573)

CentOS 8

Download the version 3.4.1 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum cd7770e2ada3f885250b9c18f23cb8fdef576be6b79ee5293e1f670f6ab9aac4)

  • PKCS #11 library (SHA256 checksum 3ecbfce9a614c61f2767d984c27296547c68894a3b838780b77cdf2b6cadb1ef)

  • JCE provider (SHA256 checksum 7762c85a113f98909f89dab1eb7529f2327c84345ea05a592c491773b7b3c104)

  • AWS CloudHSM Management Utility (SHA256 checksum 2495720d653b332f3dae405daa6ef462e57e8424d69d75191841ed6960d2cdbe)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.1.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.1 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum dff54434429e24100c66f78aba4ca44a6c44d0017b9efe533399065bd13efbf8)

  • PKCS #11 library (SHA256 checksum ca6a9b3f42d9f765992906380638099a04dd8b5f2d3d24e2b616b2cf2f836fdd)

  • OpenSSL Dynamic Engine (SHA256 checksum b14c1718b3d68205d7447bf467bdaa0c21b8bc0e6cd25c7065ffff006f270807)

  • JCE provider (SHA256 checksum 55327fc3feac4f1cccaa0eafc49d77c9f47d07e18b4332fed9f559c11c97e769)

  • AWS CloudHSM Management Utility (SHA256 checksum 2e830f22bee0ceea1273c512f14d437e321f71616f619aa0b5d7490374648573)

RHEL 8

Download the version 3.4.1 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum cd7770e2ada3f885250b9c18f23cb8fdef576be6b79ee5293e1f670f6ab9aac4)

  • PKCS #11 library (SHA256 checksum 3ecbfce9a614c61f2767d984c27296547c68894a3b838780b77cdf2b6cadb1ef)

  • JCE provider (SHA256 checksum 7762c85a113f98909f89dab1eb7529f2327c84345ea05a592c491773b7b3c104)

  • AWS CloudHSM Management Utility (SHA256 checksum 2495720d653b332f3dae405daa6ef462e57e8424d69d75191841ed6960d2cdbe)

Ubuntu 16.04 LTS

Download the version 3.4.1 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum ff2a986ea8ec6d37b6484536bbab1e9406c6025a80f2264aefa563c50b865f8f)

  • PKCS #11 library (SHA256 checksum 17665e2f31f692ffb74d809b05e2672a6d493a48d1010397c8900ada65af4c1a)

  • OpenSSL Dynamic Engine (SHA256 checksum 826af655e5cf7224d84fdf0a3545966fcefb18d1fe43a64dbe85cd7589594747)

  • JCE provider (SHA256 checksum 027d4f19416bb34c124443840ddf8ddb6e7b417107a5c4e2705158d93532d378)

  • AWS CloudHSM Management Utility (SHA256 checksum 367272bd1840e0c8c6bce663d3f4469f3940abec9e037b455cb3113086aa598f)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.1 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 1759bb86f4ca8b9494b59a7cac27f540f4667a3f86745f5d507db12a217b16c1)

  • PKCS #11 library (SHA256 checksum 470a2cd6d2bdb1cdc014ad3ac3e4e97867ca50888fbe64784238f9d2eff345d2)

  • JCE provider (SHA256 checksum 83edeae4b22d26849b9806f3ad7d729b25cf555e06f8d0bb90e1032f1e908207)

  • AWS CloudHSM Management Utility (SHA256 checksum 8aeb482106d1af6de81c89369c98516c97955876a5a645a415fe8e7c065bda66)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.1) software for Windows Server:

Version 3.4.1 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.15.0.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.0 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum e5ca8d26805ea1d11da3d8801e706423d766071a7ede0bedfcae45e561f45d17)

  • PKCS #11 library (SHA256 checksum 3851c30ca0d426dc054000ad6929016fc783043404edf98a4033fd9b64d29f6c)

  • OpenSSL Dynamic Engine (SHA256 checksum ae19c864fe4b0a96e9d8e3c03a41b84b2f0d4a91ec65485d34624ecb964fc90c)

  • JCE provider (SHA256 checksum 3251d7c11528c5eda386c9c250ad9178acf303832136c6b267a0b9f825436c4b)

  • AWS CloudHSM Management Utility (SHA256 checksum 9f87b4b7bdb219df05905c132a732ffcb2544a3c9a68af0859c6434d5c7747e7)

Amazon Linux 2

Download the version 3.4.0 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 4b520de05217f7e6077bd94af6788da60e19d1b3f28e5a17669232d519c83857)

  • PKCS #11 library (SHA256 checksum 64262f715786172c7c0da0ab74136097c2b7a1641e3b284ae827f1486fbbc56b)

  • OpenSSL Dynamic Engine (SHA256 checksum 05320772c49a622bda0284dd503c8ae5a13c1669f0e4b475873e53b5a7c074e6)

  • JCE provider (SHA256 checksum 845b2788a654b81a5bbaf19cefd7865ceab8a7c779d927eb282eea86b0819007)

  • AWS CloudHSM Management Utility (SHA256 checksum ce6741813d29a41cfb23722fb0d140a2fedf90a44a0ddcac39a607457eabe91a)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.0.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.0 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 4b520de05217f7e6077bd94af6788da60e19d1b3f28e5a17669232d519c83857)

  • PKCS #11 library (SHA256 checksum 64262f715786172c7c0da0ab74136097c2b7a1641e3b284ae827f1486fbbc56b)

  • OpenSSL Dynamic Engine (SHA256 checksum 05320772c49a622bda0284dd503c8ae5a13c1669f0e4b475873e53b5a7c074e6)

  • JCE provider (SHA256 checksum 845b2788a654b81a5bbaf19cefd7865ceab8a7c779d927eb282eea86b0819007)

  • AWS CloudHSM Management Utility (SHA256 checksum ce6741813d29a41cfb23722fb0d140a2fedf90a44a0ddcac39a607457eabe91a)

CentOS 8

Download the version 3.4.0 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 853b05e6ea6e239f42e1bbf70be26adcc8205d2d172dfc3d57342c14d0060a1e)

  • PKCS #11 library (SHA256 checksum 51415be53ee10ddc8e85d5bcb0f052a4e29c086434c7fac152b57c7ac37bc3f5)

  • JCE provider (SHA256 checksum e7a39e46084cab6e193c13c57ea021f0570246cce90b21863d6b40f60a7a8cd7)

  • AWS CloudHSM Management Utility (SHA256 checksum 5de8d9d9a88deae2fffacd4923e429aad885d600adeb1d0bdb771da177fae647)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.0.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.0 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 4b520de05217f7e6077bd94af6788da60e19d1b3f28e5a17669232d519c83857)

  • PKCS #11 library (SHA256 checksum 64262f715786172c7c0da0ab74136097c2b7a1641e3b284ae827f1486fbbc56b)

  • OpenSSL Dynamic Engine (SHA256 checksum 05320772c49a622bda0284dd503c8ae5a13c1669f0e4b475873e53b5a7c074e6)

  • JCE provider (SHA256 checksum 845b2788a654b81a5bbaf19cefd7865ceab8a7c779d927eb282eea86b0819007)

  • AWS CloudHSM Management Utility (SHA256 checksum ce6741813d29a41cfb23722fb0d140a2fedf90a44a0ddcac39a607457eabe91a)

RHEL 8

Download the version 3.4.0 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 853b05e6ea6e239f42e1bbf70be26adcc8205d2d172dfc3d57342c14d0060a1e)

  • PKCS #11 library (SHA256 checksum 51415be53ee10ddc8e85d5bcb0f052a4e29c086434c7fac152b57c7ac37bc3f5)

  • JCE provider (SHA256 checksum e7a39e46084cab6e193c13c57ea021f0570246cce90b21863d6b40f60a7a8cd7)

  • AWS CloudHSM Management Utility (SHA256 checksum 5de8d9d9a88deae2fffacd4923e429aad885d600adeb1d0bdb771da177fae647)

Ubuntu 16.04 LTS

Download the version 3.4.0 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 1f80e1a7e2fcd35481cc4a6e7fba3869e863becbc09aba32ef2a81a2494c2e49)

  • PKCS #11 library (SHA256 checksum 8fb002f8d5810ee43b8ef020831372a3a9d0f5a7fa35dca23f7d93a2a74a63bf)

  • OpenSSL Dynamic Engine (SHA256 checksum 2c1717f99cb4a56d47d8517ba97847c644112d0a4f37da435898f77cc794a508)

  • JCE provider (SHA256 checksum 9f0708e2ec644f5b87dbd6fb0683f690e78371f3ef866d1384ab80e3b4a1c1a6)

  • AWS CloudHSM Management Utility (SHA256 checksum fec730e64467371fbe5b3b8485215712637fe6139fc45832095fb945fb4317d1)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.0 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum a78832a1666b41a85869fc0362c19ecc33113243970a4cc88eeae993c4cd47c1)

  • PKCS #11 library (SHA256 checksum f9610a82d55b17202c2ad064650199abbc2f8412fe28ef24819a899633feea80)

  • JCE provider (SHA256 checksum 5b450c1519594b9630f06620c6e23079dcbcaf2999852ea95768c699461585eb)

  • AWS CloudHSM Management Utility (SHA256 checksum 8bdc208a258976c5cb5fa97bcd19a3a5cb156ecfbd507a019c99bf5886b5f03f)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.0) software for Windows Server:

Version 3.4.0 adds updates to all components.

AWS CloudHSM Client Software

  • Improved stability and bug fixes.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Improved stability and bug fixes.

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.3.2 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum 1f73c4e86fff4c8a3b465f6d21bd81c7c767267476f24c29e45ebab7f470f9a8)

  • PKCS #11 library (SHA256 checksum d9a4333bddbc7807a34806ff46a63802bc9f4a021358230f1c8292357cd8f43a)

  • OpenSSL Dynamic Engine (SHA256 checksum 16153d539667b16905bd0ec0de3d023ce8af6bddf4eb03eba8f945152322e2e6)

  • JCE provider (SHA256 checksum 568324f6484049156026e903b886195c1f2e46efa338bb5d5a0a5501a77148aa)

  • AWS CloudHSM Management Utility (SHA256 checksum df9c833de5c828b0de11b3ef93ec41988a7c17bc3950d772c7dc9674876d745f)

Amazon Linux 2

Download the version 3.3.2 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 2cd5e0b022fe9091e027f019be1ea81923392ca6d065bfcca6532aa5b9492a99)

  • PKCS #11 library (SHA256 checksum ae062f4675f7547639a8696d39cec1afc09db0b9fa6ded6e335b2a81025ab993)

  • OpenSSL Dynamic Engine (SHA256 checksum a0876a42f802c0fbc67e5301045c435a4a9494ed84110b87c8fc3524e9afc29a)

  • JCE provider (SHA256 checksum 640c7e3e43ca27178c003ca153a90814f7c78ada3e86a4aa4ce663bb784c4b8d)

  • AWS CloudHSM Management Utility (SHA256 checksum cf76cf044b01d9168a408d78aedae79295626bc4b6eb040d82663c5d8d814f6e)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.3.2.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.3.2 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 2cd5e0b022fe9091e027f019be1ea81923392ca6d065bfcca6532aa5b9492a99)

  • PKCS #11 library (SHA256 checksum ae062f4675f7547639a8696d39cec1afc09db0b9fa6ded6e335b2a81025ab993)

  • OpenSSL Dynamic Engine (SHA256 checksum a0876a42f802c0fbc67e5301045c435a4a9494ed84110b87c8fc3524e9afc29a)

  • JCE provider (SHA256 checksum 640c7e3e43ca27178c003ca153a90814f7c78ada3e86a4aa4ce663bb784c4b8d)

  • AWS CloudHSM Management Utility (SHA256 checksum cf76cf044b01d9168a408d78aedae79295626bc4b6eb040d82663c5d8d814f6e)

CentOS 8

Download the version 3.3.2 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 696bb3d67b3aca379106a409a8de814174df5b8308a2d4500bee5cfc89f40070)

  • PKCS #11 library (SHA256 checksum c58992e14d75c0cc7ae9f57746b40be5a4dbc1f2769e9d387eae39107b560749)

  • JCE provider (SHA256 checksum 95e519d2bf656446141cd227e50447b67d485008e8b38151ea31f2a9ca855b49)

  • AWS CloudHSM Management Utility (SHA256 checksum e1ab86404d162e1169bb80364510119ce2c072fe30fbeb0a06bd2497f980f840)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.3.2.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.3.2 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 2cd5e0b022fe9091e027f019be1ea81923392ca6d065bfcca6532aa5b9492a99)

  • PKCS #11 library (SHA256 checksum ae062f4675f7547639a8696d39cec1afc09db0b9fa6ded6e335b2a81025ab993)

  • OpenSSL Dynamic Engine (SHA256 checksum a0876a42f802c0fbc67e5301045c435a4a9494ed84110b87c8fc3524e9afc29a)

  • JCE provider (SHA256 checksum 640c7e3e43ca27178c003ca153a90814f7c78ada3e86a4aa4ce663bb784c4b8d)

  • AWS CloudHSM Management Utility (SHA256 checksum cf76cf044b01d9168a408d78aedae79295626bc4b6eb040d82663c5d8d814f6e)

RHEL 8

Download the version 3.3.2 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 696bb3d67b3aca379106a409a8de814174df5b8308a2d4500bee5cfc89f40070)

  • PKCS #11 library (SHA256 checksum c58992e14d75c0cc7ae9f57746b40be5a4dbc1f2769e9d387eae39107b560749)

  • JCE provider (SHA256 checksum 95e519d2bf656446141cd227e50447b67d485008e8b38151ea31f2a9ca855b49)

  • AWS CloudHSM Management Utility (SHA256 checksum e1ab86404d162e1169bb80364510119ce2c072fe30fbeb0a06bd2497f980f840)

Ubuntu 16.04 LTS

Download the version 3.3.2 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 5797aa27b9ebe0aa52189b0a48a933a7a8ab404e651cbc43ec8dfe73fb03b66c)

  • PKCS #11 library (SHA256 checksum 155cfb9f5e95ee03bcce298bd43ca3f5a883ae4ed69192d83ef34df2c6a117c7)

  • OpenSSL Dynamic Engine (SHA256 checksum b313ad3fc31fe6031707916567ee30d461a14511328db0b37c00ff0affa42608)

  • JCE provider (SHA256 checksum 0c0307054bfbff8c15830c5d431f9a21f96409a7969fda1b12379ce5444c56c1)

  • AWS CloudHSM Management Utility (SHA256 checksum e34e317cf3fe11a9b70fbfabc35824f06800f3e2386d8ea02c977564eb3308a4)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.3.2 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum ccce515a4375e81b1493d641d523eac4599ad813d4fccc062bb872f16d57b094)

  • PKCS #11 library (SHA256 checksum 25b54341d7efe594f13c7c7accdcbac177241a610e82955bde24b82531236a52)

  • JCE provider (SHA256 checksum 31cf9953ce86243b73863e1c5b0db21d9dcc4f26fa1c4741a9f0cc9489f389a2)

  • AWS CloudHSM Management Utility (SHA256 checksum 1b6ff0c96cfd7209c16ae69debb669f881a7a920f37226801456f6ec328c612d)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.3.2 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.3.2) software for Windows Server:

Version 3.3.2 resolves an issue with the client_info script.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Updated the version for consistency.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.3.1 software for Amazon Linux:

Amazon Linux 2

Download the version 3.3.1 software for Amazon Linux 2:

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.3.1.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.3.1 software for CentOS 7:

CentOS 8

Download the version 3.3.1 software for CentOS 8:

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.3.1.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.3.1 software for RedHat Enterprise Linux 7:

RHEL 8

Download the version 3.3.1 software for RedHat Enterprise Linux 8:

Ubuntu 16.04 LTS

Download the version 3.3.1 software for Ubuntu 16.04 LTS:

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.3.1 software for Ubuntu 18.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.3.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.3.1) software for Windows Server:

Version 3.3.1 adds updates to all components.

AWS CloudHSM Client Software

  • Improved stability and bug fixes.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Improved stability and bug fixes.

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.3.0 software for Amazon Linux:

Amazon Linux 2

Download the version 3.3.0 software for Amazon Linux 2:

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.3.0.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.3.0 software for CentOS 7:

CentOS 8

Download the version 3.3.0 software for CentOS 8:

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.3.0.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.3.0 software for RedHat Enterprise Linux 7:

RHEL 8

Download the version 3.3.0 software for RedHat Enterprise Linux 8:

Ubuntu 16.04 LTS

Download the version 3.3.0 software for Ubuntu 16.04 LTS:

Ubuntu 18.04 LTS

Download the version 3.3.0 software for Ubuntu 18.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.3.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.2.1) software for Windows Server:

Version 3.3.0 adds two-factor authentication (2FA) and other improvements.

AWS CloudHSM Client Software

  • Added 2FA authentication for crypto officers (CO). For more information, see Managing Two-Factor Authentication for Crypto Officers.

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

  • Added a standalone version of CMU for use with Client SDK 5 or Client SDK 3. This is the same version of CMU included with the client daemon of version 3.3.0, and now you can download CMU without downloading the client daemon.

PKCS #11 library

  • Improved stability and bug fixes.

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

OpenSSL Dynamic Engine

  • Updated the version for consistency

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

JCE provider

  • Improved stability and bug fixes.

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

Windows (CNG and KSP providers)

  • Updated the version for consistency

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.2.1 software for Amazon Linux:

Amazon Linux 2

Download the version 3.2.1 software for Amazon Linux 2:

CentOS 6

Download the version 3.2.1 software for CentOS 6:

CentOS 7

Download the version 3.2.1 software for CentOS 7:

CentOS 8

Download the version 3.2.1 software for CentOS 8:

RHEL 6

Download the version 3.2.1 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.2.1 software for RedHat Enterprise Linux 7:

RHEL 8

Download the version 3.2.1 software for RedHat Enterprise Linux 8:

Ubuntu 16.04 LTS

Download the version 3.2.1 software for Ubuntu 16.04 LTS:

Ubuntu 18.04 LTS

Download the version 3.2.1 software for Ubuntu 18.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.2.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.2.1) software for Windows Server:

Version 3.2.1 adds a compliance analysis between the AWS CloudHSM implementation of the PKCS #11 library and the PKCS #11 standard, new platforms, and other improvements.

AWS CloudHSM Client Software

PKCS #11 library

OpenSSL Dynamic Engine

JCE provider

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.2.0 software for Amazon Linux:

Amazon Linux 2

Download the version 3.2.0 software for Amazon Linux 2:

CentOS 6

Download the version 3.2.0 software for CentOS 6:

CentOS 7

Download the version 3.2.0 software for CentOS 7:

RHEL 6

Download the version 3.2.0 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.2.0 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.2.0 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.2.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.2.0) software for Windows Server:

Version 3.2.0 adds support for masking passwords and other improvements.

AWS CloudHSM Client Software

PKCS #11 library

  • Adds support for hashing large data in software for some PKCS #11 mechanisms that were previously unsupported. For more information, see Supported Mechanisms.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Updated the version for consistency.

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.1.2 software for Amazon Linux:

Amazon Linux 2

Download the version 3.1.2 software for Amazon Linux 2:

CentOS 6

Download the version 3.1.2 software for CentOS 6:

CentOS 7

Download the version 3.1.2 software for CentOS 7:

RHEL 6

Download the version 3.1.2 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.1.2 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.1.2 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. The AWS CloudHSM 3.1.2 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.1.2) software for Windows Server:

Version 3.1.2 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency

PKCS #11 library

  • Updated the version for consistency

OpenSSL Dynamic Engine

  • Updated the version for consistency

JCE provider

  • Update log4j to version 2.13.3

Windows (CNG and KSP providers)

  • Updated the version for consistency

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.1.1 software for Amazon Linux:

Amazon Linux 2

Download the version 3.1.1 software for Amazon Linux 2:

CentOS 6

Download the version 3.1.1 software for CentOS 6:

CentOS 7

Download the version 3.1.1 software for CentOS 7:

RHEL 6

Download the version 3.1.1 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.1.1 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.1.1 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.1.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.1.1) software for Windows Server:

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 Library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Bug fixes and performance improvements.

Windows (CNG, KSP)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.1.0 software for Amazon Linux:

Amazon Linux 2

Download the version 3.1.0 software for Amazon Linux 2:

CentOS 6

Download the version 3.1.0 software for CentOS 6:

CentOS 7

Download the version 3.1.0 software for CentOS 7:

RHEL 6

Download the version 3.1.0 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.1.0 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.1.0 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.1.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.1.0) software for Windows Server:

Version 3.1.0 adds standards-compliant AES key wrapping.

AWS CloudHSM Client Software

  • A new requirement for upgrade: the version of your client must match the version of any software libraries you are using. To upgrade, you must use a batch command that upgrades the client and all the libraries at the same time. For more information, see Client SDK 3 Upgrade.

  • Key_mgmt_util (KMU) includes the following updates:

    • Added two new AES key wrap methods – standards-compliant AES key wrap with zero padding and AES key wrap with no padding. For more information, see wrapKey and unwrapKey.

    • Disabled ability to specify custom IV when wrapping a key using AES_KEY_WRAP_PAD_PKCS5. For more information, see AES Key Wrapping.

PKCS #11 Library

  • Added two new AES key wrap methods - standards-compliant AES key wrap with zero padding and AES key wrap with no padding. For more information, see AES Key Wrapping.

  • You can configure salt length for RSA-PSS signatures. To learn how to use this feature, see Configurable salt length for RSA-PSS signatures on GitHub.

OpenSSL Dynamic Engine

  • BREAKING CHANGE: TLS 1.0 and 1.2 cipher suites with SHA1 are not available in OpenSSL Engine 3.1.0. This issue will be resolved shortly.

  • If you intend to install the OpenSSL Dynamic Engine library on RHEL 6 or CentOS 6, see a known issue about the default OpenSSL version installed on those operating systems.

  • Improved stability and bug fixes

JCE provider

  • BREAKING CHANGE: To address an issue with Java Cryptography Extension (JCE) compliance, AES wrap and unwrap now properly use the AESWrap algorithm instead of the AES algorithm. This means Cipher.WRAP_MODE and Cipher.UNWRAP_MODE no longer succeed for AES/ECB and AES/CBC mechanisms.

    To upgrade to client version 3.1.0, you must update your code. If you have existing wrapped keys, you must pay particular attention to the mechanism you use to unwrap and how IV defaults have changed. If you wrapped keys with client version 3.0.0 or earlier, then in 3.1.1 you must use AESWrap/ECB/PKCS5Padding to unwrap your existing keys. For more information, see AES Key Wrapping.

  • You can list multiple keys with the same label from the JCE provider. To learn how to iterate through all available keys, see Find all keys on GitHub.

  • You can set more restrictive values for attributes during key creation, including specifying different labels for public and private keys. For more information, see Supported Java Attributes.

Windows (CNG, KSP)

  • Improved stability and bug fixes.

Deprecated releases

Versions 3.0.1 and earlier are deprecated. We do not recommend using deprecated releases in production workloads. We do not provide backwards compatible updates for deprecated releases, nor do we host deprecated releases for download. If you experience production impact while using deprecated releases, you must upgrade to obtain software fixes.

End-of-life releases

AWS CloudHSM announces end of life for releases no longer compatible with the service. To preserve the safety of your application, we reserve the right to actively refuse connections from end-of-life releases.

  • Currently no versions of the client SDK are end-of-life releases.