Download AWS CloudHSM Client SDK - AWS CloudHSM

Download AWS CloudHSM Client SDK

In March 2021, AWS CloudHSM released Client SDK version 5.0.0, which introduces an all-new Client SDK with different requirements, capabilities, and platform support. You now have two versions of the Client SDK to choose from, Client SDK 5 and Client SDK 3. For more information, see Choose a Client SDK version to work with AWS CloudHSM.

Latest releases

This section includes the latest version of each Client SDK.

Client SDK 5 is fully supported for production environments, but it does not offer every component or the same level of support for cryptographic operations as Client SDK 3. For more information, see Client SDK comparison.

Latest Client SDK 5 release: Version 5.5.0

Amazon Linux

Download version 5.5.0 software for Amazon Linux on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum d26dcf4b1850f1ace52a386496063fb1e4a7692f34a1f00d1e4e61a8f59b3363)

  • OpenSSL Dynamic Engine (SHA256 checksum 098d3ee36db307e803ae6badff5c57e7581649a25d2fb789bf2e8e5ff851910b)

  • JCE provider (SHA256 checksum 3106dcf572870fbfa0645d82705d509677c2439527b5ad35ec8456ad5d068161)

Amazon Linux 2

Download version 5.5.0 software for Amazon Linux 2 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c08f71fe022d0041c897f326f5cff17ca2ed5b3d308e9801dd7889ca9e92068e)

  • OpenSSL Dynamic Engine (SHA256 checksum bbb90f0bb7bbac9594177b7a9ff92d04bc16853a78b5016f7f5cd40b8a3ed539)

  • JCE provider (SHA256 checksum 65f1d6360985f4a5225b89bccd276b15408a4d09ceb41489c4fa743970315bae)

Download version 5.5.0 software for Amazon Linux 2 on ARM64 architecture:

  • JCE provider (SHA256 checksum 958de0815636e77cbd79e0b60d4b721d4b47a13652f8d5d036bd30d8b202b1e6)

CentOS 7

Download version 5.5.0 software for CentOS 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c08f71fe022d0041c897f326f5cff17ca2ed5b3d308e9801dd7889ca9e92068e)

  • OpenSSL Dynamic Engine (SHA256 checksum bbb90f0bb7bbac9594177b7a9ff92d04bc16853a78b5016f7f5cd40b8a3ed539)

  • JCE provider (SHA256 checksum 65f1d6360985f4a5225b89bccd276b15408a4d09ceb41489c4fa743970315bae)

RHEL 7

Download version 5.5.0 software for RHEL 7 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum c08f71fe022d0041c897f326f5cff17ca2ed5b3d308e9801dd7889ca9e92068e)

  • OpenSSL Dynamic Engine (SHA256 checksum bbb90f0bb7bbac9594177b7a9ff92d04bc16853a78b5016f7f5cd40b8a3ed539)

  • JCE provider (SHA256 checksum 65f1d6360985f4a5225b89bccd276b15408a4d09ceb41489c4fa743970315bae)

RHEL 8

Download version 5.5.0 software for RHEL 8 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum a27fb3315377aa94f2c757fcc5108673f9f8d50b5fbd7423e7e9aa7484e1e451)

  • OpenSSL Dynamic Engine (SHA256 checksum bb52bcf1ed306918bf68782e84012d2ee3de369f7fab5b805e62afe87371335e)

  • JCE provider (SHA256 checksum 3ffd94fe5241e5d74234df4fba20d61f3d6223534bd2b6e03f9179defa0f3e8e)

Ubuntu 18.04 LTS

Download version 5.5.0 software for Ubuntu 18.04 LTS on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum 00aa40e909e73ad96b480073e3b959e5de4ea853b539f9604e9aa592dcbcbfe5)

  • OpenSSL Dynamic Engine (SHA256 checksum 1dabd957d1e5777d3da7da7273885b1541868656b033c7ad8d9fde133e03da6a)

  • JCE provider (SHA256 checksum 702a560938718e59120653b5c3359cb6a14f6b835f4c7d3aab0df26071e2ff63)

Windows Server 2016

Download version 5.5.0 software for Windows Server 2016 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum df4197ebfb623acf3b733fc7b4bdf38a76cb09d63059680d56a3af37f740afd4)

  • JCE provider (SHA256 checksum b8dc0a7a54715596c0eb40b6e97978850230ec1f76acf926fe6dbc622b2ac0b3)

Windows Server 2019

Download version 5.5.0 software for Windows Server 2019 on x86_64 architecture:

  • PKCS #11 library (SHA256 checksum df4197ebfb623acf3b733fc7b4bdf38a76cb09d63059680d56a3af37f740afd4)

  • JCE provider (SHA256 checksum b8dc0a7a54715596c0eb40b6e97978850230ec1f76acf926fe6dbc622b2ac0b3)

Version 5.5.0 adds support for OpenJDK 11, Keytool and Jarsigner integration, and additional mechanisms to the JCE provider. Resolves a known issue regarding a KeyGenerator class incorrectly interpreting key size parameter as number of bytes instead of bits.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Support for the Keytool and Jarsigner utilities

  • Support for OpenJDK 11 on all platforms

  • Ciphers

    • AES/CBC/NoPadding Encrypt and Decrypt mode

    • AES/ECB/PKCS5Padding Encrypt and Decrypt mode

    • AES/CTR/NoPadding Encrypt and Decrypt mode

    • AES/GCM/NoPadding Wrap and Unwrap mode

    • DESede/ECB/PKCS5Padding Encrypt and Decrypt mode

    • DESede/CBC/NoPadding Encrypt and Decrypt mode

    • AESWrap/ECB/NoPadding Wrap and Unwrap mode

    • AESWrap/ECB/PKCS5Padding Wrap and Unwrap mode

    • AESWrap/ECB/ZeroPadding Wrap and Unwrap mode

    • RSA/ECB/PKCS1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPPadding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-1ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-224ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-256ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-384ANDMGF1Padding Wrap and Unwrap mode

    • RSA/ECB/OAEPWithSHA-512ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPPadding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-1ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-224ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-256ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-384ANDMGF1Padding Wrap and Unwrap mode

    • RSAAESWrap/ECB/OAEPWithSHA-512ANDMGF1Padding Wrap and Unwrap mode

  • KeyFactory and SecretKeyFactory

    • RSA – 2048-bit to 4096-bit RSA keys, in increments of 256 bits

    • AES – 128, 192, and 256-bit AES keys

    • ECC key pairs for NIST curves secp256r1 (P-256), secp384r1 (P-384), and secp256k1

    • DESede (3DES)

    • GenericSecret

    • HMAC – with SHA1, SHA224, SHA256, SHA384, SHA512 hash support

  • Sign/Verify

    • RSASSA-PSS

    • SHA1withRSA/PSS

    • SHA224withRSA/PSS

    • SHA256withRSA/PSS

    • SHA384withRSA/PSS

    • SHA512withRSA/PSS

    • SHA1withRSAandMGF1

    • SHA224withRSAandMGF1

    • SHA256withRSAandMGF1

    • SHA384withRSAandMGF1

    • SHA512withRSAandMGF1

Latest Client SDK 3 release: Version 3.4.4

To upgrade Client SDK 3 on Linux platforms, you must use a batch command that upgrades the client daemon and all the libraries at the same time. For more information about upgrade, see Client SDK 3 Upgrade.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.4 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum 900de424d70f41e661aa636f256a6a79cc43bea6b0fe6eb95c2aaa63e5289505)

  • PKCS #11 library (SHA256 checksum a3f93f084d59fee5d7c859292bc02cb7e7f15fb06e971171ebf9b52bbd229c30)

  • OpenSSL Dynamic Engine (SHA256 checksum 8db07b9843d49016b0b6fec46d39881d94e426fcaae1cee2747be14af9313bb0)

  • JCE provider (SHA256 checksum 360617c55bf4caa8e6e78ede079ca68cf9ef11473e7918154c22ba908a219843)

  • AWS CloudHSM Management Utility (SHA256 checksum c9961ffe38921131bd6f3702e10d73588e68b8ab10fbb241723e676f4fa8c4fa)

Amazon Linux 2

Download the version 3.4.4 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 7d61d835ae38c6ce121d102b516527f342a76ac31733768097d5cab8bc482610)

  • PKCS #11 library (SHA256 checksum 2099f324ff625e1a46d96c1d5084263ca1d650424d7465ead43fe767d6687f36)

  • OpenSSL Dynamic Engine (SHA256 checksum 6d8e81ad1208652904fe4b6abc4f174e866303f2302a6551c3fbef617337e663)

  • JCE provider (SHA256 checksum 70e3cdce143c45a76e155ffb5969841e0153e011f59eb9f2c6e6be0707030abf)

  • AWS CloudHSM Management Utility (SHA256 checksum 5a702fe5e50dc6055daa723df71a0874317c9ff5844eea30104587a61097ecf4)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.4.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.4 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 7d61d835ae38c6ce121d102b516527f342a76ac31733768097d5cab8bc482610)

  • PKCS #11 library (SHA256 checksum 2099f324ff625e1a46d96c1d5084263ca1d650424d7465ead43fe767d6687f36)

  • OpenSSL Dynamic Engine (SHA256 checksum 6d8e81ad1208652904fe4b6abc4f174e866303f2302a6551c3fbef617337e663)

  • JCE provider (SHA256 checksum 70e3cdce143c45a76e155ffb5969841e0153e011f59eb9f2c6e6be0707030abf)

  • AWS CloudHSM Management Utility (SHA256 checksum 5a702fe5e50dc6055daa723df71a0874317c9ff5844eea30104587a61097ecf4)

CentOS 8

Download the version 3.4.4 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 81639c9ec83e501709c4117ba9d98b23dea7838a206ed244c9c6cc0d65130f8c)

  • PKCS #11 library (SHA256 checksum 9a15daa87b8616cf03a6bf6b375f53451ef448dbc54bf2c27fbc2be7823fc633)

  • JCE provider (SHA256 checksum 2b1c4208992903cf7bcc669c1392c59a64fbfc82e010c626ffa58d0cb8e9126b)

  • AWS CloudHSM Management Utility (SHA256 checksum 3adbecc802e0854c23aa4b8d80540d1748903c8dba93b6c8042fb7885051c360)

Note

Due to the recent End of Life of CentOS 8, we will no longer be able to support this platform with next release.

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.4.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.4 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 7d61d835ae38c6ce121d102b516527f342a76ac31733768097d5cab8bc482610)

  • PKCS #11 library (SHA256 checksum 2099f324ff625e1a46d96c1d5084263ca1d650424d7465ead43fe767d6687f36)

  • OpenSSL Dynamic Engine (SHA256 checksum 6d8e81ad1208652904fe4b6abc4f174e866303f2302a6551c3fbef617337e663)

  • JCE provider (SHA256 checksum 70e3cdce143c45a76e155ffb5969841e0153e011f59eb9f2c6e6be0707030abf)

  • AWS CloudHSM Management Utility (SHA256 checksum 5a702fe5e50dc6055daa723df71a0874317c9ff5844eea30104587a61097ecf4)

RHEL 8

Download the version 3.4.4 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 81639c9ec83e501709c4117ba9d98b23dea7838a206ed244c9c6cc0d65130f8c)

  • PKCS #11 library (SHA256 checksum 9a15daa87b8616cf03a6bf6b375f53451ef448dbc54bf2c27fbc2be7823fc633)

  • JCE provider (SHA256 checksum 2b1c4208992903cf7bcc669c1392c59a64fbfc82e010c626ffa58d0cb8e9126b)

  • AWS CloudHSM Management Utility (SHA256 checksum 3adbecc802e0854c23aa4b8d80540d1748903c8dba93b6c8042fb7885051c360)

Ubuntu 16.04 LTS

Download the version 3.4.4 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 317c92c2e0b5d60afab1beb947f053d13ddaacb994cccc2c2b898e997ece29b9)

  • PKCS #11 library (SHA256 checksum 91451c420c51488a022569fd32f052a3b988a2883ea4c2ac952acb61a2fea37c)

  • OpenSSL Dynamic Engine (SHA256 checksum 4098771ad0e38df9bf14d50520ca49b9395f819f0387e2bc3b0e61abb5888e66)

  • JCE provider (SHA256 checksum e136ff183271c2f9590a9fccb8261a7eb809506686b070e3854df1b8686c6641)

  • AWS CloudHSM Management Utility (SHA256 checksum cbf24a4032f393a913a9898b1b27036392104e8e05d911cab84049b2bcca2541)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.4 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum cf57d5e0e95efbf032aac8887aebd59ac8cc80e97c69e7c39fdad40873374fe8)

  • PKCS #11 library (SHA256 checksum 428f8bdad7925db5401112f707942ee8f3ca554f4ab53fa92237996e69144d2f)

  • JCE provider (SHA256 checksum 1ff17b8f7688e84f7f0bfc96383564dca598a1cab2f2c52c888d0361682f2b9e)

  • AWS CloudHSM Management Utility (SHA256 checksum afe253046146ed6177c520b681efc680dac1048c4a95b3d8ad0f305e79bbe93e)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.4 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.4) software for Windows Server:

Version 3.4.4 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.17.1.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

Previous Client SDK 5 releases

This section lists previous Client SDK 5 releases. For the current Client SDK 5 release, see Latest releases.

Amazon Linux

Download the version 5.4.2 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum dd904ebbb8c9cd8a58c8ed1ba6b329ee92dfe45d89e4ac807030c0421aadbed6)

  • OpenSSL Dynamic Engine (SHA256 checksum bbf81f8aa24092b7ab3c6c1b2011c46f1304ee6f003ef630a600673ed906a0a5)

  • JCE provider (SHA256 checksum ea3f178bd35bef7400421c2b66755cc6130e9297960f36ca5aefb64537afeb1b)

Amazon Linux 2

Download the version 5.4.2 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 8d892210db097a942ae99213c8f20fe78798840d208b0c5329baa9eda6783b9e)

  • OpenSSL Dynamic Engine (SHA256 checksum 68cb82352a9880d16035181bd14ee4085ff16b48b9d8d501df352dc0fb214009)

  • JCE provider (SHA256 checksum 891a99f9c85182dd11c62f1745363b1fbe2ae442abbaea01c9681cd2d32ffe1c)

CentOS 7

Download the version 5.4.2 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum 8d892210db097a942ae99213c8f20fe78798840d208b0c5329baa9eda6783b9e)

  • OpenSSL Dynamic Engine (SHA256 checksum 68cb82352a9880d16035181bd14ee4085ff16b48b9d8d501df352dc0fb214009)

  • JCE provider (SHA256 checksum 891a99f9c85182dd11c62f1745363b1fbe2ae442abbaea01c9681cd2d32ffe1c)

CentOS 8

Download the version 5.4.2 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum bf3ffa7bc1c4fd7bc9509e4f7c8bc3a013dbdae362cacf6ed278730fa43a0da0)

  • OpenSSL Dynamic Engine (SHA256 checksum 2da903322f91f7f2ba32edf48676f4b9f23d83ceb4395ea7a51c6a0f132ddc9b)

  • JCE provider (SHA256 checksum d5d1d813fdbf34e98873209606d8a55d56181598b1a539a0a0a62d4efd0addf2)

Note

Due to the recent End of Life of CentOS 8, we will no longer be able to support this platform with next release.

RHEL 7

Download the version 5.4.2 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum 8d892210db097a942ae99213c8f20fe78798840d208b0c5329baa9eda6783b9e)

  • OpenSSL Dynamic Engine (SHA256 checksum 68cb82352a9880d16035181bd14ee4085ff16b48b9d8d501df352dc0fb214009)

  • JCE provider (SHA256 checksum 891a99f9c85182dd11c62f1745363b1fbe2ae442abbaea01c9681cd2d32ffe1c)

RHEL 8

Download the version 5.4.2 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum bf3ffa7bc1c4fd7bc9509e4f7c8bc3a013dbdae362cacf6ed278730fa43a0da0)

  • OpenSSL Dynamic Engine (SHA256 checksum 2da903322f91f7f2ba32edf48676f4b9f23d83ceb4395ea7a51c6a0f132ddc9b)

  • JCE provider (SHA256 checksum d5d1d813fdbf34e98873209606d8a55d56181598b1a539a0a0a62d4efd0addf2)

Ubuntu 18.04 LTS

Download the version 5.4.2 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 6e78e18f64d2a6a3f9eeba1e2b846b9c91340816e2f15cd9b77fa959188716ab)

  • OpenSSL Dynamic Engine (SHA256 checksum 2f52ddbd73a242ed0458747fd5b25be94328d813f862d9e4dc1c273362120744)

  • JCE provider (SHA256 checksum 9d335b372cf7f9b43e9ef5838897dc1d05e8cd02b31427e0a5f763489905a187)

Windows Server 2016

Download the version 5.4.2 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum e0b4a2753f1f940614a697ec91a7777b411ffc3ae3f0d52b61e94f62f6b5149c)

  • JCE provider (SHA256 checksum 0d502232118e5508e6f68a405a50f1cde0d6e7905553ecbb2c7fec6a7735c7f4)

Windows Server 2019

Download the version 5.4.2 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum e0b4a2753f1f940614a697ec91a7777b411ffc3ae3f0d52b61e94f62f6b5149c)

  • JCE provider (SHA256 checksum 0d502232118e5508e6f68a405a50f1cde0d6e7905553ecbb2c7fec6a7735c7f4)

Version 5.4.2 includes improved stability and bug fixes for all SDKs. This is also the last release for the CentOS 8 platform. For more information, see the CentOS website.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.4.1 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum e9a87d12874933f3bc943232c9de9efc6020f8d907272e10b461d0300375a784)

  • OpenSSL Dynamic Engine (SHA256 checksum 8a8b17895e0e473b2ee3f7bd15dd9deb443f3f0af1b33c89e4c2dfa67d9f452b)

  • JCE provider (SHA256 checksum 9dc53f4bcfab4a062534f82e65e2708aa60c9b965b1ec7eb61e9cae57863c7aa)

Amazon Linux 2

Download the version 5.4.1 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 17e28ef5a0921aa4a0832aebb5c4451836f2cf238f8034d6270cd50d93b61920)

  • OpenSSL Dynamic Engine (SHA256 checksum 75225f3b06a852614b5c1f657ce6b1aed6fcf87dec631072aba1764c6def1506)

  • JCE provider (SHA256 checksum c71b1a314844adb623f14dcbfbdafa0a7cfa68a94021e51d48c32371d92d8e6a)

CentOS 7

Download the version 5.4.1 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum 17e28ef5a0921aa4a0832aebb5c4451836f2cf238f8034d6270cd50d93b61920)

  • OpenSSL Dynamic Engine (SHA256 checksum 75225f3b06a852614b5c1f657ce6b1aed6fcf87dec631072aba1764c6def1506)

  • JCE provider (SHA256 checksum c71b1a314844adb623f14dcbfbdafa0a7cfa68a94021e51d48c32371d92d8e6a)

CentOS 8

Download the version 5.4.1 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum 5a01dcf5f1be7f081a4e47b686d266fd7bc94c7a26f502eaafc6f2bc99bec2b2)

  • OpenSSL Dynamic Engine (SHA256 checksum 62776a4b8a7a540c6578d747633d32a2f52c54080ba45cc450206a08a5a4a428)

  • JCE provider (SHA256 checksum 1311d64d916b27c13c0890a25f6aa7f6f62ff37a8203e8bde6524bc94e661860)

Note

Due to the recent End of Life of CentOS 8, we will no longer be able to support this platform with next release.

RHEL 7

Download the version 5.4.1 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum 17e28ef5a0921aa4a0832aebb5c4451836f2cf238f8034d6270cd50d93b61920)

  • OpenSSL Dynamic Engine (SHA256 checksum 75225f3b06a852614b5c1f657ce6b1aed6fcf87dec631072aba1764c6def1506)

  • JCE provider (SHA256 checksum c71b1a314844adb623f14dcbfbdafa0a7cfa68a94021e51d48c32371d92d8e6a)

RHEL 8

Download the version 5.4.1 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum 5a01dcf5f1be7f081a4e47b686d266fd7bc94c7a26f502eaafc6f2bc99bec2b2)

  • OpenSSL Dynamic Engine (SHA256 checksum 62776a4b8a7a540c6578d747633d32a2f52c54080ba45cc450206a08a5a4a428)

  • JCE provider (SHA256 checksum 1311d64d916b27c13c0890a25f6aa7f6f62ff37a8203e8bde6524bc94e661860)

Ubuntu 18.04 LTS

Download the version 5.4.1 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 91db61b43066545b68543d6ecf819785ab6d22379978d4fbcf2488f70eab8679)

  • OpenSSL Dynamic Engine (SHA256 checksum ef9b8ba5ac3fb8a1d215e5bd36ff69d1bb7514d7a430927af4ba64cafd8a8d05)

  • JCE provider (SHA256 checksum 3a008934485a3c6be35479e2c14c48bc7ab9c30f5b76af272fa9c79f148c98eb)

Windows Server 2016

Download the version 5.4.1 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum f861f3170bb15c2f512d1d581179e6548cc295f3c1d45afb005b898b5cd26474)

  • JCE provider (SHA256 checksum 1205867ee6a5b19f3bda7df13719edc98e6cb67b0561f4b7d775b91aa30626cf)

Windows Server 2019

Download the version 5.4.1 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum f861f3170bb15c2f512d1d581179e6548cc295f3c1d45afb005b898b5cd26474)

  • JCE provider (SHA256 checksum 1205867ee6a5b19f3bda7df13719edc98e6cb67b0561f4b7d775b91aa30626cf)

Version 5.4.1 resolves a known issue with the PKCS #11 library. This is also the last release for the CentOS 8 platform. For more information, see the CentOS website.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.4.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 8e643e52bca4690bbe7f5c26d871fa3af067a4a1dcda7d41f57002e5a4e31795)

  • OpenSSL Dynamic Engine (SHA256 checksum be6e50291efafe50d9ffcba630367e47f71b2e4c3ae9ee3d3ab5b298eea2f72f)

  • JCE provider (SHA256 checksum 0634c3fc61ce4a0c04ce161be55a4145748ccadeae04510066a984ce784b0531)

Amazon Linux 2

Download the version 5.4.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 7cd01f3632c06a118e7c33c2b19e70d669ffb0fca906f6944a878d1f55fdb23a)

  • OpenSSL Dynamic Engine (SHA256 checksum a7e63134bdb3f567ab8931783e9a15602193818ed64f3a11bc1e98dd1c000324)

  • JCE provider (SHA256 checksum ca6dfc9b9d96b351445320570b8e73ef761ddfc7bc6954d61b51302c6532c020)

CentOS 7

Download the version 5.4.0 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum 7cd01f3632c06a118e7c33c2b19e70d669ffb0fca906f6944a878d1f55fdb23a)

  • OpenSSL Dynamic Engine (SHA256 checksum a7e63134bdb3f567ab8931783e9a15602193818ed64f3a11bc1e98dd1c000324)

  • JCE provider (SHA256 checksum ca6dfc9b9d96b351445320570b8e73ef761ddfc7bc6954d61b51302c6532c020)

CentOS 8

Download the version 5.4.0 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum 661e8a42dcbdc6e98f06a0fe8e19d88c80f5207558afe7a1dbfd8e6fb02d6871)

  • OpenSSL Dynamic Engine (SHA256 checksum 536ccfdd4a0e4d2a762f6eed334536e5ed8522009ad96fc980de59b463855119)

  • JCE provider (SHA256 checksum 2d8c64a301e585f00bb52676e240ceaa415a0dad63dc392428d8dfc36c552165)

RHEL 7

Download the version 5.4.0 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum 7cd01f3632c06a118e7c33c2b19e70d669ffb0fca906f6944a878d1f55fdb23a)

  • OpenSSL Dynamic Engine (SHA256 checksum a7e63134bdb3f567ab8931783e9a15602193818ed64f3a11bc1e98dd1c000324)

  • JCE provider (SHA256 checksum ca6dfc9b9d96b351445320570b8e73ef761ddfc7bc6954d61b51302c6532c020)

RHEL 8

Download the version 5.4.0 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum 661e8a42dcbdc6e98f06a0fe8e19d88c80f5207558afe7a1dbfd8e6fb02d6871)

  • OpenSSL Dynamic Engine (SHA256 checksum 536ccfdd4a0e4d2a762f6eed334536e5ed8522009ad96fc980de59b463855119)

  • JCE provider (SHA256 checksum 2d8c64a301e585f00bb52676e240ceaa415a0dad63dc392428d8dfc36c552165)

Ubuntu 18.04 LTS

Download the version 5.4.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum a477dd926049663cbda3d7a534eda360023f54a149aa3d8308e34b575b87e70d)

  • OpenSSL Dynamic Engine (SHA256 checksum d04823a20ecb4c26135b9587f33a219fe9148e3850fe85e9fd43c818ea8ee75e)

  • JCE provider (SHA256 checksum 7101b3fc98760a3110021b9c2e168685f7bdb6acd624c023d350f7af1252ca86)

Windows Server 2016

Download the version 5.4.0 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum 08607f7f7690946df7c1eb7f8b5012c5383c12afe1cbfdd5db2a326efcb13709)

  • JCE provider (SHA256 checksum fa4052f6aa2865a410d3582f8a1d76e90ff068e8950067cb6fb962a38a0432b6)

Windows Server 2019

Download the version 5.4.0 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum 08607f7f7690946df7c1eb7f8b5012c5383c12afe1cbfdd5db2a326efcb13709)

  • JCE provider (SHA256 checksum fa4052f6aa2865a410d3582f8a1d76e90ff068e8950067cb6fb962a38a0432b6)

Version 5.4.0 adds initial support for the JCE provider for all platforms. The JCE provider is compatible with OpenJDK 8.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Key types

    • RSA – 2048-bit to 4096-bit RSA keys, in increments of 256 bits.

    • AES – 128, 192, and 256-bit AES keys.

    • ECC key pairs for NIST curves secp256r1 (P-256), secp384r1 (P-384), and secp256k1.

    • DESede (3DES)

    • HMAC – with SHA1, SHA224, SHA256, SHA384, SHA512 hash support.

  • Ciphers (encrypt and decrypt only)

    • AES/GCM/NoPadding

    • AES/ECB/NoPadding

    • AES/CBC/PKCS5Padding

    • DESede/ECB/NoPadding

    • DESede/CBC/PKCS5Padding

    • AES/CTR/NoPadding

    • RSA/ECB/PKCS1Padding

    • RSA/ECB/OAEPPadding

    • RSA/ECB/OAEPWithSHA-1ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-224ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-256ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-384ANDMGF1Padding

    • RSA/ECB/OAEPWithSHA-512ANDMGF1Padding

  • Digests

    • SHA-1

    • SHA-224

    • SHA-256

    • SHA-384

    • SHA-512

  • Sign/Verify

    • NONEwithRSA

    • SHA1withRSA

    • SHA224withRSA

    • SHA256withRSA

    • SHA384withRSA

    • SHA512withRSA

    • NONEwithECDSA

    • SHA1withECDSA

    • SHA224withECDSA

    • SHA256withECDSA

    • SHA384withECDSA

    • SHA512withECDSA

  • Integration with the Java KeyStore

Amazon Linux

Download the version 5.3.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 66f34388dd6188b33d3b41c9f520be4504ad4f5a5eee758ba53106e9f3a264be)

  • OpenSSL Dynamic Engine (SHA256 checksum 33e5245592b43157f0658472e10c541f0e4fb7342bd4e6c221a5472663face81)

Amazon Linux 2

Download the version 5.3.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum a66cbb515a2155977093dd15577625adc3d57be2b7345714711a541d14eb31ee)

  • OpenSSL Dynamic Engine (SHA256 checksum 14fa0428df7cb290b7e3f9ee3f3eb2d1345672f362ed25da01cdbedaf8cf1511)

CentOS 7

Download the version 5.3.0 software for CentOS 7:

  • PKCS #11 library (SHA256 checksum a66cbb515a2155977093dd15577625adc3d57be2b7345714711a541d14eb31ee)

  • OpenSSL Dynamic Engine (SHA256 checksum 14fa0428df7cb290b7e3f9ee3f3eb2d1345672f362ed25da01cdbedaf8cf1511)

CentOS 8

Download the version 5.3.0 software for CentOS 8:

  • PKCS #11 library (SHA256 checksum f44a0451cdcdf87240a23aab4bf18fc0d32a2edd0806b1d169b831523f762b4c)

  • OpenSSL Dynamic Engine (SHA256 checksum 71173b74a9c20364f5aff64553d0eb6984dc91ec84c8f6a6b7ff2ceca0db27c3)

RHEL 7

Download the version 5.3.0 software for RHEL 7:

  • PKCS #11 library (SHA256 checksum a66cbb515a2155977093dd15577625adc3d57be2b7345714711a541d14eb31ee)

  • OpenSSL Dynamic Engine (SHA256 checksum 14fa0428df7cb290b7e3f9ee3f3eb2d1345672f362ed25da01cdbedaf8cf1511)

RHEL 8

Download the version 5.3.0 software for RHEL 8:

  • PKCS #11 library (SHA256 checksum f44a0451cdcdf87240a23aab4bf18fc0d32a2edd0806b1d169b831523f762b4c)

  • OpenSSL Dynamic Engine (SHA256 checksum 71173b74a9c20364f5aff64553d0eb6984dc91ec84c8f6a6b7ff2ceca0db27c3)

Ubuntu 18.04 LTS

Download the version 5.3.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum dc1b378f0cd554f588ed783cf0dd7b209352347f8a888fa63e24554f27bac91a)

  • OpenSSL Dynamic Engine (SHA256 checksum 9a8373497882ccc325ee4a533b1e7bcfdfe5ad43eb6b11f2d104a3b41303a90a)

Windows Server 2016

Download the version 5.3.0 software for Windows Server 2016: PKCS #11 library (SHA256 checksum 1d262717746aa1ed33db380b78ac0bab8bbb43a444425f4518c09b4288f7f4de)

Windows Server 2019

Download the version 5.3.0 software for Windows Server 2019: PKCS #11 library (SHA256 checksum 1d262717746aa1ed33db380b78ac0bab8bbb43a444425f4518c09b4288f7f4de)

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Add support for ECDSA sign/verify with curves P-256, P-384, and secp256k1.

  • Add support for the platforms: Amazon Linux, Amazon Linux 2, Centos 7.8+, RHEL 7.8+.

  • Add support for OpenSSL version 1.0.2.

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.2.1 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 710654ef82794e2cdab49ae621ac83b64c23b38b2d935e2f8d04a311994730f5)

Amazon Linux 2

Download the version 5.2.1 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum b3ac4b0d4a27d58a3ae3df45702c2c1197daf0a5703fb8d403813019451a9f36)

CentOS 7.8+

Download the version 5.2.1 software for CentOS 7.8+:

  • PKCS #11 library (SHA256 checksum b3ac4b0d4a27d58a3ae3df45702c2c1197daf0a5703fb8d403813019451a9f36)

CentOS 8.3+

Download the version 5.2.1 software for CentOS 8.3+:

  • PKCS #11 library (SHA256 checksum 57909c25f0c93c2af8b78a833aec7acdd09d7dc448c268b89893d8a03c7b9a45)

  • OpenSSL Dynamic Engine (SHA256 checksum e9d3daecd68f66acaadc6036bd5aa108a0c59cb91d3f31ee9b758c5590812086)

RHEL 7.8+

Download the version 5.2.1 software for RedHat Enterprise Linux 7.8+:

  • PKCS #11 library (SHA256 checksum b3ac4b0d4a27d58a3ae3df45702c2c1197daf0a5703fb8d403813019451a9f36)

RHEL 8.3+

Download the version 5.2.1 software for RedHat Enterprise Linux 8.3+:

  • PKCS #11 library (SHA256 checksum 57909c25f0c93c2af8b78a833aec7acdd09d7dc448c268b89893d8a03c7b9a45)

  • OpenSSL Dynamic Engine (SHA256 checksum e9d3daecd68f66acaadc6036bd5aa108a0c59cb91d3f31ee9b758c5590812086)

Ubuntu 18.04 LTS

Download the version 5.2.1 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 29ab3ea6fc9ff84ce94f5e4e79c254190e4a6d0af5d4c5583416a892998019f0)

  • OpenSSL Dynamic Engine (SHA256 checksum 55e48b58358e6a2e701ba42dd0fd29bcae57d08b0af77a3f44c62b397edd8b9a)

Windows Server 2016

Download the latest version 5.2.1 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum b82c2afa1e8353fb47fa392ba20be480e0d2ccb0e361acb6d8ca89f8f8803545)

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Windows Server 2019

Download the latest version 5.2.1 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum b82c2afa1e8353fb47fa392ba20be480e0d2ccb0e361acb6d8ca89f8f8803545)

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.2.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum 6ba98c1cd05e80d96e690c146c4d870f34a8971f542a3b7c3b30c96ac2bdf940)

Amazon Linux 2

Download the version 5.2.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 3df6395a9d15ad3d1b1c19bae78dbac96a704be304d96f9ae9101a78f7573797)

CentOS 7.8+

Download the version 5.2.0 software for CentOS 7.8+:

  • PKCS #11 library (SHA256 checksum 3df6395a9d15ad3d1b1c19bae78dbac96a704be304d96f9ae9101a78f7573797)

CentOS 8.3+

Download the version 5.2.0 software for CentOS 8.3+:

  • PKCS #11 library (SHA256 checksum d1d3f8d2ec98ae7bdcc4ffc8e3f6affd4b7d11113ab8480ba2c7dd6ed17c280e)

  • OpenSSL Dynamic Engine (SHA256 checksum f5d8fd0d694c481f6c51a1e9ff2c45873f31df1000db671901a26f5041f905f8)

RHEL 7.8+

Download the version 5.2.0 software for RedHat Enterprise Linux 7.8+:

  • PKCS #11 library (SHA256 checksum 3df6395a9d15ad3d1b1c19bae78dbac96a704be304d96f9ae9101a78f7573797)

RHEL 8.3+

Download the version 5.2.0 software for RedHat Enterprise Linux 8.3+:

  • PKCS #11 library (SHA256 checksum d1d3f8d2ec98ae7bdcc4ffc8e3f6affd4b7d11113ab8480ba2c7dd6ed17c280e)

  • OpenSSL Dynamic Engine (SHA256 checksum f5d8fd0d694c481f6c51a1e9ff2c45873f31df1000db671901a26f5041f905f8)

Ubuntu 18.04 LTS

Download the version 5.2.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum 25448e26a2f600ee53143779001bb001111aa37d34b861f4a88a7e507eb6ec44)

  • OpenSSL Dynamic Engine (SHA256 checksum 797061b4c4a2550172ec0d49c694ca76ddefc0fb157a2ce39a5f39a650767c36)

Windows Server 2016

Download the latest version 5.2.0 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum 64c9afa1856a7166707d563ab4eedc2dc27132df7f5e76c0467ca996828fff0b)

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Windows Server 2019

Download the latest version 5.2.0 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum 64c9afa1856a7166707d563ab4eedc2dc27132df7f5e76c0467ca996828fff0b)

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Version 5.2.0 adds support additional key types and mechanisms to the PKCS #11 library.

PKCS #11 library

Key Types

  • ECDSA– P-224, P-256, P-384, P-521 and secp256k1 curves

  • Triple DES (3DES)

Mechanisms

  • CKM_EC_KEY_PAIR_GEN

  • CKM_DES3_KEY_GEN

  • CKM_DES3_CBC

  • CKM_DES3_CBC_PAD

  • CKM_DES3_ECB

  • CKM_ECDSA

  • CKM_ECDSA_SHA1

  • CKM_ECDSA_SHA224

  • CKM_ECDSA_SHA256

  • CKM_ECDSA_SHA384

  • CKM_ECDSA_SHA512

  • CKM_RSA_PKCS for Encrypt/Decrypt

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.1.0 software for Amazon Linux:

  • PKCS #11 library (SHA256 checksum cd9016efeb1d7339be1fda4cff0d32f9144a119077da9f409f7e6f27c1d54c8b)

Amazon Linux 2

Download the version 5.1.0 software for Amazon Linux 2:

  • PKCS #11 library (SHA256 checksum 9674d705032b39087a8ddaa793647fa0e31968c3ede3ca67f3ea65be4f0d77a1)

CentOS 7.8+

Download the version 5.1.0 software for CentOS 7.8+:

  • PKCS #11 library (SHA256 checksum 9674d705032b39087a8ddaa793647fa0e31968c3ede3ca67f3ea65be4f0d77a1)

CentOS 8.3+

Download the version 5.1.0 software for CentOS 8.3+:

  • PKCS #11 library (SHA256 checksum 0c0de23d884500b47cf0df89943f902c5a52cb48a6088693c51e31a240bc0bc3)

  • OpenSSL Dynamic Engine (SHA256 checksum fd2f8f5fca5ed3d92ff602c6673e8b92daa70d904c7428dbe90ea6a7b5492cdb)

RHEL 7.8+

Download the version 5.1.0 software for RedHat Enterprise Linux 7.8+:

  • PKCS #11 library (SHA256 checksum 9674d705032b39087a8ddaa793647fa0e31968c3ede3ca67f3ea65be4f0d77a1)

RHEL 8.3+

Download the version 5.1.0 software for RedHat Enterprise Linux 8.3+:

  • PKCS #11 library (SHA256 checksum 0c0de23d884500b47cf0df89943f902c5a52cb48a6088693c51e31a240bc0bc3)

  • OpenSSL Dynamic Engine (SHA256 checksum fd2f8f5fca5ed3d92ff602c6673e8b92daa70d904c7428dbe90ea6a7b5492cdb)

Ubuntu 18.04 LTS

Download the version 5.1.0 software for Ubuntu 18.04 LTS:

  • PKCS #11 library (SHA256 checksum f03e683f37fe82209451b95704d42716c1e6155611c6c02e7838e5e41c429019)

  • OpenSSL Dynamic Engine (SHA256 checksum 956b51bb5a20a302c938c8ad29542a487b2c85fe7a7c9e3386f7d280d6913058)

Windows Server 2016

Download the latest version 5.1.0 software for Windows Server 2016:

  • PKCS #11 library (SHA256 checksum 520c9cd19fc48dcf61b2e3f2d1951cefa9ba5e41874a9db7c926a04e03147c8d)

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Windows Server 2019

Download the latest version 5.1.0 software for Windows Server 2019:

  • PKCS #11 library (SHA256 checksum 520c9cd19fc48dcf61b2e3f2d1951cefa9ba5e41874a9db7c926a04e03147c8d)

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Version 5.1.0 adds support for additional mechanisms to the PKCS #11 library.

PKCS #11 library

Mechanisms

  • CKM_RSA_PKCS for Wrap/Unwrap

  • CKM_RSA_PKCS_PSS

  • CKM_SHA1_RSA_PKCS_PSS

  • CKM_SHA224_RSA_PKCS_PSS

  • CKM_SHA256_RSA_PKCS_PSS

  • CKM_SHA384_RSA_PKCS_PSS

  • CKM_SHA512_RSA_PKCS_PSS

  • CKM_AES_ECB

  • CKM_AES_CTR

  • CKM_AES_CBC

  • CKM_AES_CBC_PAD

  • CKM_SP800_108_COUNTER_KDF

  • CKM_GENERIC_SECRET_KEY_GEN

  • CKM_SHA_1_HMAC

  • CKM_SHA224_HMAC

  • CKM_SHA256_HMAC

  • CKM_SHA384_HMAC

  • CKM_SHA512_HMAC

  • CKM_RSA_PKCS_OAEP Wrap/Unwrap only

  • CKM_RSA_AES_KEY_WRAP

  • CKM_CLOUDHSM_AES_KEY_WRAP_NO_PAD

  • CKM_CLOUDHSM_AES_KEY_WRAP_PKCS5_PAD

  • CKM_CLOUDHSM_AES_KEY_WRAP_ZERO_PAD

API Operations

  • C_CreateObject

  • C_DeriveKey

  • C_WrapKey

  • C_UnWrapKey

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

Amazon Linux

Download the version 5.0.1 software for Amazon Linux:

Amazon Linux 2

Download the version 5.0.1 software for Amazon Linux 2:

CentOS 7.8+

Download the version 5.0.1 software for CentOS 7.8+:

CentOS 8.3+

Download the version 5.0.1 software for CentOS 8.3+:

RHEL 7.8+

Download the version 5.0.1 software for RedHat Enterprise Linux 7.8+:

RHEL 8.3+

Download the version 5.0.1 software for RedHat Enterprise Linux 8.3+:

Ubuntu 18.04 LTS

Download the version 5.0.1 software for Ubuntu 18.04 LTS:

Windows Server 2016

Download the latest version 5.0.1 software for Windows Server 2016:

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Windows Server 2019

Download the latest version 5.0.1 software for Windows Server 2019:

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Version 5.0.1 adds initial support for OpenSSL Dynamic Engine.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Initial release of OpenSSL Dynamic Engine.

  • This release offers introductory support for key types and OpenSSL APIs:

    • RSA key generation for 2048, 3072, and 4096-bit keys

    • OpenSSL APIs:

    For more information, see OpenSSL Dynamic Engine.

  • Platforms supported: CentOS 8.3+, Red Hat Enterprise Linux (RHEL) 8.3+, and Ubuntu 18.04 LTS

    • Requires: OpenSSL 1.1.1

    For more information, see Supported Platforms.

  • Support for SSL/TLS Offload on CentOS 8.3+, Red Hat Enterprise Linux (RHEL) 8.3, and Ubuntu 18.04 LTS, including NGINX 1.19 (for select cipher suites).

    For more information, see Using SSL/TLS Offload on Linux.

Amazon Linux

Download the version 5.0.0 software for Amazon Linux:

Amazon Linux 2

Download the version 5.0.0 software for Amazon Linux 2:

CentOS 7.8+

Download the version 5.0.0 software for CentOS 7.8+:

CentOS 8.3+

Download the version 5.0.0 software for CentOS 8.2:

RHEL 7.8+

Download the version 5.0.0 software for RedHat Enterprise Linux 7.8+:

RHEL 8.3+

Download the version 5.0.0 software for RedHat Enterprise Linux 8.2:

Ubuntu 18.04 LTS

Download the version 5.0.0 software for Ubuntu 18.04 LTS:

Windows Server 2016

Download the latest version 5.0.0 software for Windows Server 2016:

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Windows Server 2019

Download the latest version 5.0.0 software for Windows Server 2019:

For information about Windows Server platform support for Client SDK 5, see Supported platforms for the client SDKs.

Version 5.0.0 is the first release.

PKCS #11 library

  • This is the initial release.

Introductory PKCS #11 library support in client SDK version 5.0.0

This section details support for key types, mechanisms, API operations and attributes Client SDK version 5.0.0.

Key Types:

  • AES– 128, 192, and 256-bit AES keys

  • RSA– 2048-bit to 4096-bit RSA keys, in increments of 256 bits

Mechanisms:

  • CKM_AES_GCM

  • CKM_AES_KEY_GEN

  • CKM_CLOUDHSM_AES_GCM

  • CKM_RSA_PKCS

  • CKM_RSA_X9_31_KEY_PAIR_GEN

  • CKM_SHA1

  • CKM_SHA1_RSA_PKCS

  • CKM_SHA224

  • CKM_SHA224_RSA_PKCS

  • CKM_SHA256

  • CKM_SHA256_RSA_PKCS

  • CKM_SHA384

  • CKM_SHA384_RSA_PKCS

  • CKM_SHA512

  • CKM_SHA512_RSA_PKCS

API Operations:

  • C_CloseAllSessions

  • C_CloseSession

  • C_Decrypt

  • C_DecryptFinal

  • C_DecryptInit

  • C_DecryptUpdate

  • C_DestroyObject

  • C_Digest

  • C_DigestFinal

  • C_DigestInit

  • C_DigestUpdate

  • C_Encrypt

  • C_EncryptFinal

  • C_EncryptInit

  • C_EncryptUpdate

  • C_Finalize

  • C_FindObjects

  • C_FindObjectsFinal

  • C_FindObjectsInit

  • C_GenerateKey

  • C_GenerateKeyPair

  • C_GenerateRandom

  • C_GetAttributeValue

  • C_GetFunctionList

  • C_GetInfo

  • C_GetMechanismInfo

  • C_GetMechanismList

  • C_GetSessionInfo

  • C_GetSlotInfo

  • C_GetSlotList

  • C_GetTokenInfo

  • C_Initialize

  • C_Login

  • C_Logout

  • C_OpenSession

  • C_Sign

  • C_SignFinal

  • C_SignInit

  • C_SignUpdate

  • C_Verify

  • C_VerifyFinal

  • C_VerifyInit

  • C_VerifyUpdate

Attributes:

  • GenerateKeyPair

    • All RSA Key attributes

  • GenerateKey

    • All AES Key attributes

  • GetAttributeValue

    • All RSA Key attributes

    • All AES Key attributes

Samples:

Previous Client SDK 3 releases

This section lists previous Client SDK 3 releases. For the current Client SDK 3 release, see Latest releases.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.3 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum a92337e0f1d8a7d5db89b16f7530535746af1affd609df0db7381cfeab2e04fd)

  • PKCS #11 library (SHA256 checksum 499be5d60d07ea90cc70522875f9ba477e4a356f37051086c51e31d0f6196501)

  • OpenSSL Dynamic Engine (SHA256 checksum 5605a34334f120afe2ecf6bcd5eab0cc30a46abe2e31eddbf48091bbd8819ebb)

  • JCE provider (SHA256 checksum a3d78eb4f8195e37a1f263bc3e16f1e767a78bd88e6b9d276b1e64e6ded003f9)

  • AWS CloudHSM Management Utility (SHA256 checksum 82c0dbf9eb322a2462a66105cc93dd6c3f11d59e8e9845b3d93419286130a10c)

Amazon Linux 2

Download the version 3.4.3 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 16e3fd76c19216f270219524bdb4ab82a0ccdbec04175b4a7e34615cadd741ac)

  • PKCS #11 library (SHA256 checksum 0f9ac194bc3fcbf615e4735d87e6174f4630d776f2211cbe9d5e2cc90631095f)

  • OpenSSL Dynamic Engine (SHA256 checksum ca0007b6b0d05f0bb6beaebc9bf39c2feeefc1cd51437d46c9db2781046d7353)

  • JCE provider (SHA256 checksum 0109c40792414beae32e78f6100024d8db79cf1216fdfba36b5f2bd458fb6610)

  • AWS CloudHSM Management Utility (SHA256 checksum 045af33133c0a809c45876fdc45f81234613f1cb718e10b138df0f6b08427365)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.3.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.3 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 16e3fd76c19216f270219524bdb4ab82a0ccdbec04175b4a7e34615cadd741ac)

  • PKCS #11 library (SHA256 checksum 0f9ac194bc3fcbf615e4735d87e6174f4630d776f2211cbe9d5e2cc90631095f)

  • OpenSSL Dynamic Engine (SHA256 checksum ca0007b6b0d05f0bb6beaebc9bf39c2feeefc1cd51437d46c9db2781046d7353)

  • JCE provider (SHA256 checksum 0109c40792414beae32e78f6100024d8db79cf1216fdfba36b5f2bd458fb6610)

  • AWS CloudHSM Management Utility (SHA256 checksum 045af33133c0a809c45876fdc45f81234613f1cb718e10b138df0f6b08427365)

CentOS 8

Download the version 3.4.3 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 5436a0b1c2df34ccf846c79a5479a986e125d8b04234a2b1fa38db19bb9ba0b8)

  • PKCS #11 library (SHA256 checksum 9d5abe25513294ede35677f0c896547fc7671e19dbf6514066161d933b84fed1)

  • JCE provider (SHA256 checksum f04e48e47cfdbccea47bb45f988c95832244b2ab18b3c040249c91ad2a99ab64)

  • AWS CloudHSM Management Utility (SHA256 checksum da50c29bbeb65f84d9b4769bf3539a9b5189c51c7e0ae8981b85290aa4f5d152)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.3.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.3 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 16e3fd76c19216f270219524bdb4ab82a0ccdbec04175b4a7e34615cadd741ac)

  • PKCS #11 library (SHA256 checksum 0f9ac194bc3fcbf615e4735d87e6174f4630d776f2211cbe9d5e2cc90631095f)

  • OpenSSL Dynamic Engine (SHA256 checksum ca0007b6b0d05f0bb6beaebc9bf39c2feeefc1cd51437d46c9db2781046d7353)

  • JCE provider (SHA256 checksum 0109c40792414beae32e78f6100024d8db79cf1216fdfba36b5f2bd458fb6610)

  • AWS CloudHSM Management Utility (SHA256 checksum 045af33133c0a809c45876fdc45f81234613f1cb718e10b138df0f6b08427365)

RHEL 8

Download the version 3.4.3 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 5436a0b1c2df34ccf846c79a5479a986e125d8b04234a2b1fa38db19bb9ba0b8)

  • PKCS #11 library (SHA256 checksum 9d5abe25513294ede35677f0c896547fc7671e19dbf6514066161d933b84fed1)

  • JCE provider (SHA256 checksum f04e48e47cfdbccea47bb45f988c95832244b2ab18b3c040249c91ad2a99ab64)

  • AWS CloudHSM Management Utility (SHA256 checksum da50c29bbeb65f84d9b4769bf3539a9b5189c51c7e0ae8981b85290aa4f5d152)

Ubuntu 16.04 LTS

Download the version 3.4.3 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum ab6cf9173c4023f0766f2b67e66d507ccd597302576cfc9507c23734560f67f9)

  • PKCS #11 library (SHA256 checksum 71a721747a6c593d3b1061879dbbf891640dab2909ca9efdef4dad3b66013863)

  • OpenSSL Dynamic Engine (SHA256 checksum 20b8a764e341a2d2b6e4a7197e5ff32ec9e215fc5314d309f14fdfd1e8f6e986)

  • JCE provider (SHA256 checksum 6deb8ad0c7950f558302a3d9828e7f7a1ed7faba7148f738e1c8dd324b631163)

  • AWS CloudHSM Management Utility (SHA256 checksum 0a74107394bca140dfab4abd20dbc486c5969df7de5ee51b610fb787398531d2)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.3 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 03d8b339494c5b6d7f84fb96225f64f2a10e60070abaa9f9bc9c7e04bb7b5916)

  • PKCS #11 library (SHA256 checksum 8fffcc5b2988bb2845476117ef881b4a62785fbed2a383cd656765921d552eac)

  • JCE provider (SHA256 checksum b6a103606fcf54e85ac98da257eef872139148727cb5734c43e55d6952c547e4)

  • AWS CloudHSM Management Utility (SHA256 checksum 5d611d31132af9e667027a1143b9d3e744ef701be0f46609777c31b8658db3b1)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.3 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.3) software for Windows Server:

Version 3.4.3 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.17.0.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.2 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum 5fcb89ace8bb30f02ecaed54edb125157d4c5da48016428d08212bccb4a56fc6)

  • PKCS #11 library (SHA256 checksum d85b2e769bcc96efa86b1bfc7bac22ddeb1b237ad6bab6b7402b61c9db638578)

  • OpenSSL Dynamic Engine (SHA256 checksum 8c36fd8a8701b738294ce9d6b612a366f1b139d4bdb8f52b3bf7c5bfc8d391c4)

  • JCE provider (SHA256 checksum 589d744275c825050248909c67ee756fc3d3f35ff8932d80a4a981f4b275b981)

  • AWS CloudHSM Management Utility (SHA256 checksum ba55f0dee3bf728f960bc4182f8178de63a2f17363c830a7480d07ff27872f44)

Amazon Linux 2

Download the version 3.4.2 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 8110f2d5f3ec0dbdc1f7c49511610ad678b0a27823edcba2e3c4c79f6859aa8f)

  • PKCS #11 library (SHA256 checksum 2c2225f29a30347810b0bdef617036b6c4ba698955bd5cb1c588e8230a7dbd24)

  • OpenSSL Dynamic Engine (SHA256 checksum 3b07f1588e1093c6b67f2c8810239679b9a42ac9472a065bf97fd4d75a4a9f28)

  • JCE provider (SHA256 checksum ecaa9ea834ef51c58ab3601248d28264a23173b19f10180640c3cf1addb1a808)

  • AWS CloudHSM Management Utility (SHA256 checksum 2ee1625ab2634e96a2bf5fea3df87d085991a4bf404e9beea993c58de2902db2)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.2.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.2 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 8110f2d5f3ec0dbdc1f7c49511610ad678b0a27823edcba2e3c4c79f6859aa8f)

  • PKCS #11 library (SHA256 checksum 2c2225f29a30347810b0bdef617036b6c4ba698955bd5cb1c588e8230a7dbd24)

  • OpenSSL Dynamic Engine (SHA256 checksum 3b07f1588e1093c6b67f2c8810239679b9a42ac9472a065bf97fd4d75a4a9f28)

  • JCE provider (SHA256 checksum ecaa9ea834ef51c58ab3601248d28264a23173b19f10180640c3cf1addb1a808)

  • AWS CloudHSM Management Utility (SHA256 checksum 2ee1625ab2634e96a2bf5fea3df87d085991a4bf404e9beea993c58de2902db2)

CentOS 8

Download the version 3.4.2 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 1a1f94924acb5d0778f40d5af827e270e67074744ecc2ff84eb44f3f2bb3cb71)

  • PKCS #11 library (SHA256 checksum 922ff0f24ee129f57bdddbd7a757521d1117e4e910f17047c674b395121760fe)

  • JCE provider (SHA256 checksum e68dd76218eb476b235d7fd1aa911b5c8567511bd9787ed45744d6d146c519ac)

  • AWS CloudHSM Management Utility (SHA256 checksum f9a8c504c6c8b3df10d098dc299a921158ca820c0d015a167b1498036c33b0bd)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.2.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.2 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 8110f2d5f3ec0dbdc1f7c49511610ad678b0a27823edcba2e3c4c79f6859aa8f)

  • PKCS #11 library (SHA256 checksum 2c2225f29a30347810b0bdef617036b6c4ba698955bd5cb1c588e8230a7dbd24)

  • OpenSSL Dynamic Engine (SHA256 checksum 3b07f1588e1093c6b67f2c8810239679b9a42ac9472a065bf97fd4d75a4a9f28)

  • JCE provider (SHA256 checksum ecaa9ea834ef51c58ab3601248d28264a23173b19f10180640c3cf1addb1a808)

  • AWS CloudHSM Management Utility (SHA256 checksum 2ee1625ab2634e96a2bf5fea3df87d085991a4bf404e9beea993c58de2902db2)

RHEL 8

Download the version 3.4.2 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 1a1f94924acb5d0778f40d5af827e270e67074744ecc2ff84eb44f3f2bb3cb71)

  • PKCS #11 library (SHA256 checksum 922ff0f24ee129f57bdddbd7a757521d1117e4e910f17047c674b395121760fe)

  • JCE provider (SHA256 checksum e68dd76218eb476b235d7fd1aa911b5c8567511bd9787ed45744d6d146c519ac)

  • AWS CloudHSM Management Utility (SHA256 checksum f9a8c504c6c8b3df10d098dc299a921158ca820c0d015a167b1498036c33b0bd)

Ubuntu 16.04 LTS

Download the version 3.4.2 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum f8e20b397cc5fa78c400cc59b9b4fdfa231b6df310a554e77bb6002c9c43259e)

  • PKCS #11 library (SHA256 checksum f9f7e86190d1e051a837028f103315ed50461cbd7c9d249fac9e5fc8601b6381)

  • OpenSSL Dynamic Engine (SHA256 checksum 827d686f7bd961c70a35b262a7003edec5d4b05f346eb9c51c05f585c15543ee)

  • JCE provider (SHA256 checksum 74ce4fba33f6b1f4a79a6d62ace011b215904483397b676e2740a094c058d76d)

  • AWS CloudHSM Management Utility (SHA256 checksum 35bbcf5be6b1ab68da11db61c28e11b4bee0d7cdb03be6430d7ee77a8d23ae28)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.2 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 555c659973e24e7dcb788c80e97fae982844b14f34381a80b212991141a24fe6)

  • PKCS #11 library (SHA256 checksum 7dcb31b5db1b0f75ea2ed1f9f14dc62198a0d2feb08278183b958b125fcf969a)

  • JCE provider (SHA256 checksum 67893de3e86202bb73bd9541b5a7c6afa53c6fd030aabc321af4a384a0f2e690)

  • AWS CloudHSM Management Utility (SHA256 checksum cc79e50155bd1bb2f395a2538bd0e768292f83b3fc0fa9237a46fb745f4112c1)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.2 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.2) software for Windows Server:

Version 3.4.2 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.16.0.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.1 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum ca038e1219d6999ed62b680fde18fe0b992af082eaf9360f351a21ee2d42f786)

  • PKCS #11 library (SHA256 checksum 6f532aba4e15a802befea15c69874bc0e01c8076b98c7b43e4722f220912d4f8)

  • OpenSSL Dynamic Engine (SHA256 checksum b26afb7b84d95ac1d5a0d1a0de53c48dda6dddc52306b0d3f72d4927647efc06)

  • JCE provider (SHA256 checksum 76fa2c963cb23cea11644e03151a33f6fad249e872ec7609af6ab1f54371a4d5)

  • AWS CloudHSM Management Utility (SHA256 checksum a1cdd92cb4ce229aa33905f33ac9e65f147acc2e21b672453c0e87a2ba6d1896)

Amazon Linux 2

Download the version 3.4.1 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum dff54434429e24100c66f78aba4ca44a6c44d0017b9efe533399065bd13efbf8)

  • PKCS #11 library (SHA256 checksum ca6a9b3f42d9f765992906380638099a04dd8b5f2d3d24e2b616b2cf2f836fdd)

  • OpenSSL Dynamic Engine (SHA256 checksum b14c1718b3d68205d7447bf467bdaa0c21b8bc0e6cd25c7065ffff006f270807)

  • JCE provider (SHA256 checksum 55327fc3feac4f1cccaa0eafc49d77c9f47d07e18b4332fed9f559c11c97e769)

  • AWS CloudHSM Management Utility (SHA256 checksum 2e830f22bee0ceea1273c512f14d437e321f71616f619aa0b5d7490374648573)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.1.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.1 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum dff54434429e24100c66f78aba4ca44a6c44d0017b9efe533399065bd13efbf8)

  • PKCS #11 library (SHA256 checksum ca6a9b3f42d9f765992906380638099a04dd8b5f2d3d24e2b616b2cf2f836fdd)

  • OpenSSL Dynamic Engine (SHA256 checksum b14c1718b3d68205d7447bf467bdaa0c21b8bc0e6cd25c7065ffff006f270807)

  • JCE provider (SHA256 checksum 55327fc3feac4f1cccaa0eafc49d77c9f47d07e18b4332fed9f559c11c97e769)

  • AWS CloudHSM Management Utility (SHA256 checksum 2e830f22bee0ceea1273c512f14d437e321f71616f619aa0b5d7490374648573)

CentOS 8

Download the version 3.4.1 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum cd7770e2ada3f885250b9c18f23cb8fdef576be6b79ee5293e1f670f6ab9aac4)

  • PKCS #11 library (SHA256 checksum 3ecbfce9a614c61f2767d984c27296547c68894a3b838780b77cdf2b6cadb1ef)

  • JCE provider (SHA256 checksum 7762c85a113f98909f89dab1eb7529f2327c84345ea05a592c491773b7b3c104)

  • AWS CloudHSM Management Utility (SHA256 checksum 2495720d653b332f3dae405daa6ef462e57e8424d69d75191841ed6960d2cdbe)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.1.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.1 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum dff54434429e24100c66f78aba4ca44a6c44d0017b9efe533399065bd13efbf8)

  • PKCS #11 library (SHA256 checksum ca6a9b3f42d9f765992906380638099a04dd8b5f2d3d24e2b616b2cf2f836fdd)

  • OpenSSL Dynamic Engine (SHA256 checksum b14c1718b3d68205d7447bf467bdaa0c21b8bc0e6cd25c7065ffff006f270807)

  • JCE provider (SHA256 checksum 55327fc3feac4f1cccaa0eafc49d77c9f47d07e18b4332fed9f559c11c97e769)

  • AWS CloudHSM Management Utility (SHA256 checksum 2e830f22bee0ceea1273c512f14d437e321f71616f619aa0b5d7490374648573)

RHEL 8

Download the version 3.4.1 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum cd7770e2ada3f885250b9c18f23cb8fdef576be6b79ee5293e1f670f6ab9aac4)

  • PKCS #11 library (SHA256 checksum 3ecbfce9a614c61f2767d984c27296547c68894a3b838780b77cdf2b6cadb1ef)

  • JCE provider (SHA256 checksum 7762c85a113f98909f89dab1eb7529f2327c84345ea05a592c491773b7b3c104)

  • AWS CloudHSM Management Utility (SHA256 checksum 2495720d653b332f3dae405daa6ef462e57e8424d69d75191841ed6960d2cdbe)

Ubuntu 16.04 LTS

Download the version 3.4.1 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum ff2a986ea8ec6d37b6484536bbab1e9406c6025a80f2264aefa563c50b865f8f)

  • PKCS #11 library (SHA256 checksum 17665e2f31f692ffb74d809b05e2672a6d493a48d1010397c8900ada65af4c1a)

  • OpenSSL Dynamic Engine (SHA256 checksum 826af655e5cf7224d84fdf0a3545966fcefb18d1fe43a64dbe85cd7589594747)

  • JCE provider (SHA256 checksum 027d4f19416bb34c124443840ddf8ddb6e7b417107a5c4e2705158d93532d378)

  • AWS CloudHSM Management Utility (SHA256 checksum 367272bd1840e0c8c6bce663d3f4469f3940abec9e037b455cb3113086aa598f)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.1 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 1759bb86f4ca8b9494b59a7cac27f540f4667a3f86745f5d507db12a217b16c1)

  • PKCS #11 library (SHA256 checksum 470a2cd6d2bdb1cdc014ad3ac3e4e97867ca50888fbe64784238f9d2eff345d2)

  • JCE provider (SHA256 checksum 83edeae4b22d26849b9806f3ad7d729b25cf555e06f8d0bb90e1032f1e908207)

  • AWS CloudHSM Management Utility (SHA256 checksum 8aeb482106d1af6de81c89369c98516c97955876a5a645a415fe8e7c065bda66)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.1) software for Windows Server:

Version 3.4.1 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Update log4j to version 2.15.0.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.4.0 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum e5ca8d26805ea1d11da3d8801e706423d766071a7ede0bedfcae45e561f45d17)

  • PKCS #11 library (SHA256 checksum 3851c30ca0d426dc054000ad6929016fc783043404edf98a4033fd9b64d29f6c)

  • OpenSSL Dynamic Engine (SHA256 checksum ae19c864fe4b0a96e9d8e3c03a41b84b2f0d4a91ec65485d34624ecb964fc90c)

  • JCE provider (SHA256 checksum 3251d7c11528c5eda386c9c250ad9178acf303832136c6b267a0b9f825436c4b)

  • AWS CloudHSM Management Utility (SHA256 checksum 9f87b4b7bdb219df05905c132a732ffcb2544a3c9a68af0859c6434d5c7747e7)

Amazon Linux 2

Download the version 3.4.0 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 4b520de05217f7e6077bd94af6788da60e19d1b3f28e5a17669232d519c83857)

  • PKCS #11 library (SHA256 checksum 64262f715786172c7c0da0ab74136097c2b7a1641e3b284ae827f1486fbbc56b)

  • OpenSSL Dynamic Engine (SHA256 checksum 05320772c49a622bda0284dd503c8ae5a13c1669f0e4b475873e53b5a7c074e6)

  • JCE provider (SHA256 checksum 845b2788a654b81a5bbaf19cefd7865ceab8a7c779d927eb282eea86b0819007)

  • AWS CloudHSM Management Utility (SHA256 checksum ce6741813d29a41cfb23722fb0d140a2fedf90a44a0ddcac39a607457eabe91a)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.4.0.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.4.0 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 4b520de05217f7e6077bd94af6788da60e19d1b3f28e5a17669232d519c83857)

  • PKCS #11 library (SHA256 checksum 64262f715786172c7c0da0ab74136097c2b7a1641e3b284ae827f1486fbbc56b)

  • OpenSSL Dynamic Engine (SHA256 checksum 05320772c49a622bda0284dd503c8ae5a13c1669f0e4b475873e53b5a7c074e6)

  • JCE provider (SHA256 checksum 845b2788a654b81a5bbaf19cefd7865ceab8a7c779d927eb282eea86b0819007)

  • AWS CloudHSM Management Utility (SHA256 checksum ce6741813d29a41cfb23722fb0d140a2fedf90a44a0ddcac39a607457eabe91a)

CentOS 8

Download the version 3.4.0 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 853b05e6ea6e239f42e1bbf70be26adcc8205d2d172dfc3d57342c14d0060a1e)

  • PKCS #11 library (SHA256 checksum 51415be53ee10ddc8e85d5bcb0f052a4e29c086434c7fac152b57c7ac37bc3f5)

  • JCE provider (SHA256 checksum e7a39e46084cab6e193c13c57ea021f0570246cce90b21863d6b40f60a7a8cd7)

  • AWS CloudHSM Management Utility (SHA256 checksum 5de8d9d9a88deae2fffacd4923e429aad885d600adeb1d0bdb771da177fae647)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.4.0.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.4.0 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 4b520de05217f7e6077bd94af6788da60e19d1b3f28e5a17669232d519c83857)

  • PKCS #11 library (SHA256 checksum 64262f715786172c7c0da0ab74136097c2b7a1641e3b284ae827f1486fbbc56b)

  • OpenSSL Dynamic Engine (SHA256 checksum 05320772c49a622bda0284dd503c8ae5a13c1669f0e4b475873e53b5a7c074e6)

  • JCE provider (SHA256 checksum 845b2788a654b81a5bbaf19cefd7865ceab8a7c779d927eb282eea86b0819007)

  • AWS CloudHSM Management Utility (SHA256 checksum ce6741813d29a41cfb23722fb0d140a2fedf90a44a0ddcac39a607457eabe91a)

RHEL 8

Download the version 3.4.0 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 853b05e6ea6e239f42e1bbf70be26adcc8205d2d172dfc3d57342c14d0060a1e)

  • PKCS #11 library (SHA256 checksum 51415be53ee10ddc8e85d5bcb0f052a4e29c086434c7fac152b57c7ac37bc3f5)

  • JCE provider (SHA256 checksum e7a39e46084cab6e193c13c57ea021f0570246cce90b21863d6b40f60a7a8cd7)

  • AWS CloudHSM Management Utility (SHA256 checksum 5de8d9d9a88deae2fffacd4923e429aad885d600adeb1d0bdb771da177fae647)

Ubuntu 16.04 LTS

Download the version 3.4.0 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 1f80e1a7e2fcd35481cc4a6e7fba3869e863becbc09aba32ef2a81a2494c2e49)

  • PKCS #11 library (SHA256 checksum 8fb002f8d5810ee43b8ef020831372a3a9d0f5a7fa35dca23f7d93a2a74a63bf)

  • OpenSSL Dynamic Engine (SHA256 checksum 2c1717f99cb4a56d47d8517ba97847c644112d0a4f37da435898f77cc794a508)

  • JCE provider (SHA256 checksum 9f0708e2ec644f5b87dbd6fb0683f690e78371f3ef866d1384ab80e3b4a1c1a6)

  • AWS CloudHSM Management Utility (SHA256 checksum fec730e64467371fbe5b3b8485215712637fe6139fc45832095fb945fb4317d1)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.4.0 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum a78832a1666b41a85869fc0362c19ecc33113243970a4cc88eeae993c4cd47c1)

  • PKCS #11 library (SHA256 checksum f9610a82d55b17202c2ad064650199abbc2f8412fe28ef24819a899633feea80)

  • JCE provider (SHA256 checksum 5b450c1519594b9630f06620c6e23079dcbcaf2999852ea95768c699461585eb)

  • AWS CloudHSM Management Utility (SHA256 checksum 8bdc208a258976c5cb5fa97bcd19a3a5cb156ecfbd507a019c99bf5886b5f03f)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.4.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.4.0) software for Windows Server:

Version 3.4.0 adds updates to all components.

AWS CloudHSM Client Software

  • Improved stability and bug fixes.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Improved stability and bug fixes.

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.3.2 software for Amazon Linux:

  • AWS CloudHSM Client (SHA256 checksum 1f73c4e86fff4c8a3b465f6d21bd81c7c767267476f24c29e45ebab7f470f9a8)

  • PKCS #11 library (SHA256 checksum d9a4333bddbc7807a34806ff46a63802bc9f4a021358230f1c8292357cd8f43a)

  • OpenSSL Dynamic Engine (SHA256 checksum 16153d539667b16905bd0ec0de3d023ce8af6bddf4eb03eba8f945152322e2e6)

  • JCE provider (SHA256 checksum 568324f6484049156026e903b886195c1f2e46efa338bb5d5a0a5501a77148aa)

  • AWS CloudHSM Management Utility (SHA256 checksum df9c833de5c828b0de11b3ef93ec41988a7c17bc3950d772c7dc9674876d745f)

Amazon Linux 2

Download the version 3.3.2 software for Amazon Linux 2:

  • AWS CloudHSM Client (SHA256 checksum 2cd5e0b022fe9091e027f019be1ea81923392ca6d065bfcca6532aa5b9492a99)

  • PKCS #11 library (SHA256 checksum ae062f4675f7547639a8696d39cec1afc09db0b9fa6ded6e335b2a81025ab993)

  • OpenSSL Dynamic Engine (SHA256 checksum a0876a42f802c0fbc67e5301045c435a4a9494ed84110b87c8fc3524e9afc29a)

  • JCE provider (SHA256 checksum 640c7e3e43ca27178c003ca153a90814f7c78ada3e86a4aa4ce663bb784c4b8d)

  • AWS CloudHSM Management Utility (SHA256 checksum cf76cf044b01d9168a408d78aedae79295626bc4b6eb040d82663c5d8d814f6e)

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.3.2.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.3.2 software for CentOS 7:

  • AWS CloudHSM Client (SHA256 checksum 2cd5e0b022fe9091e027f019be1ea81923392ca6d065bfcca6532aa5b9492a99)

  • PKCS #11 library (SHA256 checksum ae062f4675f7547639a8696d39cec1afc09db0b9fa6ded6e335b2a81025ab993)

  • OpenSSL Dynamic Engine (SHA256 checksum a0876a42f802c0fbc67e5301045c435a4a9494ed84110b87c8fc3524e9afc29a)

  • JCE provider (SHA256 checksum 640c7e3e43ca27178c003ca153a90814f7c78ada3e86a4aa4ce663bb784c4b8d)

  • AWS CloudHSM Management Utility (SHA256 checksum cf76cf044b01d9168a408d78aedae79295626bc4b6eb040d82663c5d8d814f6e)

CentOS 8

Download the version 3.3.2 software for CentOS 8:

  • AWS CloudHSM Client (SHA256 checksum 696bb3d67b3aca379106a409a8de814174df5b8308a2d4500bee5cfc89f40070)

  • PKCS #11 library (SHA256 checksum c58992e14d75c0cc7ae9f57746b40be5a4dbc1f2769e9d387eae39107b560749)

  • JCE provider (SHA256 checksum 95e519d2bf656446141cd227e50447b67d485008e8b38151ea31f2a9ca855b49)

  • AWS CloudHSM Management Utility (SHA256 checksum e1ab86404d162e1169bb80364510119ce2c072fe30fbeb0a06bd2497f980f840)

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.3.2.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.3.2 software for RedHat Enterprise Linux 7:

  • AWS CloudHSM Client (SHA256 checksum 2cd5e0b022fe9091e027f019be1ea81923392ca6d065bfcca6532aa5b9492a99)

  • PKCS #11 library (SHA256 checksum ae062f4675f7547639a8696d39cec1afc09db0b9fa6ded6e335b2a81025ab993)

  • OpenSSL Dynamic Engine (SHA256 checksum a0876a42f802c0fbc67e5301045c435a4a9494ed84110b87c8fc3524e9afc29a)

  • JCE provider (SHA256 checksum 640c7e3e43ca27178c003ca153a90814f7c78ada3e86a4aa4ce663bb784c4b8d)

  • AWS CloudHSM Management Utility (SHA256 checksum cf76cf044b01d9168a408d78aedae79295626bc4b6eb040d82663c5d8d814f6e)

RHEL 8

Download the version 3.3.2 software for RedHat Enterprise Linux 8:

  • AWS CloudHSM Client (SHA256 checksum 696bb3d67b3aca379106a409a8de814174df5b8308a2d4500bee5cfc89f40070)

  • PKCS #11 library (SHA256 checksum c58992e14d75c0cc7ae9f57746b40be5a4dbc1f2769e9d387eae39107b560749)

  • JCE provider (SHA256 checksum 95e519d2bf656446141cd227e50447b67d485008e8b38151ea31f2a9ca855b49)

  • AWS CloudHSM Management Utility (SHA256 checksum e1ab86404d162e1169bb80364510119ce2c072fe30fbeb0a06bd2497f980f840)

Ubuntu 16.04 LTS

Download the version 3.3.2 software for Ubuntu 16.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum 5797aa27b9ebe0aa52189b0a48a933a7a8ab404e651cbc43ec8dfe73fb03b66c)

  • PKCS #11 library (SHA256 checksum 155cfb9f5e95ee03bcce298bd43ca3f5a883ae4ed69192d83ef34df2c6a117c7)

  • OpenSSL Dynamic Engine (SHA256 checksum b313ad3fc31fe6031707916567ee30d461a14511328db0b37c00ff0affa42608)

  • JCE provider (SHA256 checksum 0c0307054bfbff8c15830c5d431f9a21f96409a7969fda1b12379ce5444c56c1)

  • AWS CloudHSM Management Utility (SHA256 checksum e34e317cf3fe11a9b70fbfabc35824f06800f3e2386d8ea02c977564eb3308a4)

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.3.2 software for Ubuntu 18.04 LTS:

  • AWS CloudHSM Client (SHA256 checksum ccce515a4375e81b1493d641d523eac4599ad813d4fccc062bb872f16d57b094)

  • PKCS #11 library (SHA256 checksum 25b54341d7efe594f13c7c7accdcbac177241a610e82955bde24b82531236a52)

  • JCE provider (SHA256 checksum 31cf9953ce86243b73863e1c5b0db21d9dcc4f26fa1c4741a9f0cc9489f389a2)

  • AWS CloudHSM Management Utility (SHA256 checksum 1b6ff0c96cfd7209c16ae69debb669f881a7a920f37226801456f6ec328c612d)

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.3.2 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.3.2) software for Windows Server:

Version 3.3.2 resolves an issue with the client_info script.

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Updated the version for consistency.

Windows (CNG and KSP providers)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.3.1 software for Amazon Linux:

Amazon Linux 2

Download the version 3.3.1 software for Amazon Linux 2:

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.3.1.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.3.1 software for CentOS 7:

CentOS 8

Download the version 3.3.1 software for CentOS 8:

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.3.1.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.3.1 software for RedHat Enterprise Linux 7:

RHEL 8

Download the version 3.3.1 software for RedHat Enterprise Linux 8:

Ubuntu 16.04 LTS

Download the version 3.3.1 software for Ubuntu 16.04 LTS:

Note

Due to the impending EOL of Ubuntu 16.04, we intend to drop support for this platform with the next release.

Ubuntu 18.04 LTS

Download the version 3.3.1 software for Ubuntu 18.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.3.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.3.1) software for Windows Server:

Version 3.3.1 adds updates to all components.

AWS CloudHSM Client Software

  • Improved stability and bug fixes.

PKCS #11 library

  • Improved stability and bug fixes.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Improved stability and bug fixes.

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.3.0 software for Amazon Linux:

Amazon Linux 2

Download the version 3.3.0 software for Amazon Linux 2:

CentOS 6

AWS CloudHSM does not support CentOS 6 with Client SDK Version 3.3.0.

Use Version 3.2.1 for CentOS 6 or choose a supported platform.

CentOS 7

Download the version 3.3.0 software for CentOS 7:

CentOS 8

Download the version 3.3.0 software for CentOS 8:

RHEL 6

AWS CloudHSM does not support RedHat Enterprise Linux 6 with Client SDK Version 3.3.0.

Use Version 3.2.1 for RedHat Enterprise Linux 6 or choose a supported platform.

RHEL 7

Download the version 3.3.0 software for RedHat Enterprise Linux 7:

RHEL 8

Download the version 3.3.0 software for RedHat Enterprise Linux 8:

Ubuntu 16.04 LTS

Download the version 3.3.0 software for Ubuntu 16.04 LTS:

Ubuntu 18.04 LTS

Download the version 3.3.0 software for Ubuntu 18.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.3.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.2.1) software for Windows Server:

Version 3.3.0 adds two-factor authentication (2FA) and other improvements.

AWS CloudHSM Client Software

  • Added 2FA authentication for crypto officers (CO). For more information, see Managing Two-Factor Authentication for Crypto Officers.

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

  • Added a standalone version of CMU for use with Client SDK 5 or Client SDK 3. This is the same version of CMU included with the client daemon of version 3.3.0, and now you can download CMU without downloading the client daemon. For more information, see Download and Install CMU.

PKCS #11 library

  • Improved stability and bug fixes.

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

OpenSSL Dynamic Engine

  • Updated the version for consistency

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

JCE provider

  • Improved stability and bug fixes.

  • Removed platform support for RedHat Enterprise Linux 6 and CentOS 6. For more information, see Linux Support.

Windows (CNG and KSP providers)

  • Updated the version for consistency

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.2.1 software for Amazon Linux:

Amazon Linux 2

Download the version 3.2.1 software for Amazon Linux 2:

CentOS 6

Download the version 3.2.1 software for CentOS 6:

CentOS 7

Download the version 3.2.1 software for CentOS 7:

CentOS 8

Download the version 3.2.1 software for CentOS 8:

RHEL 6

Download the version 3.2.1 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.2.1 software for RedHat Enterprise Linux 7:

RHEL 8

Download the version 3.2.1 software for RedHat Enterprise Linux 8:

Ubuntu 16.04 LTS

Download the version 3.2.1 software for Ubuntu 16.04 LTS:

Ubuntu 18.04 LTS

Download the version 3.2.1 software for Ubuntu 18.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.2.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.2.1) software for Windows Server:

Version 3.2.1 adds a compliance analysis between the AWS CloudHSM implementation of the PKCS #11 library and the PKCS #11 standard, new platforms, and other improvements.

AWS CloudHSM Client Software

PKCS #11 library

OpenSSL Dynamic Engine

JCE provider

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.2.0 software for Amazon Linux:

Amazon Linux 2

Download the version 3.2.0 software for Amazon Linux 2:

CentOS 6

Download the version 3.2.0 software for CentOS 6:

CentOS 7

Download the version 3.2.0 software for CentOS 7:

RHEL 6

Download the version 3.2.0 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.2.0 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.2.0 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.2.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.2.0) software for Windows Server:

Version 3.2.0 adds support for masking passwords and other improvements.

AWS CloudHSM Client Software

PKCS #11 library

  • Adds support for hashing large data in software for some PKCS #11 mechanisms that were previously unsupported. For more information, see Supported Mechanisms.

OpenSSL Dynamic Engine

  • Improved stability and bug fixes.

JCE provider

  • Updated the version for consistency.

Windows (CNG and KSP providers)

  • Improved stability and bug fixes.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.1.2 software for Amazon Linux:

Amazon Linux 2

Download the version 3.1.2 software for Amazon Linux 2:

CentOS 6

Download the version 3.1.2 software for CentOS 6:

CentOS 7

Download the version 3.1.2 software for CentOS 7:

RHEL 6

Download the version 3.1.2 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.1.2 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.1.2 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.1.2 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.1.2) software for Windows Server:

Version 3.1.2 adds updates to JCE provider.

AWS CloudHSM Client Software

  • Updated the version for consistency

PKCS #11 library

  • Updated the version for consistency

OpenSSL Dynamic Engine

  • Updated the version for consistency

JCE provider

  • Update log4j to version 2.13.3

Windows (CNG and KSP providers)

  • Updated the version for consistency

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.1.1 software for Amazon Linux:

Amazon Linux 2

Download the version 3.1.1 software for Amazon Linux 2:

CentOS 6

Download the version 3.1.1 software for CentOS 6:

CentOS 7

Download the version 3.1.1 software for CentOS 7:

RHEL 6

Download the version 3.1.1 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.1.1 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.1.1 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.1.1 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.1.1) software for Windows Server:

AWS CloudHSM Client Software

  • Updated the version for consistency.

PKCS #11 Library

  • Updated the version for consistency.

OpenSSL Dynamic Engine

  • Updated the version for consistency.

JCE provider

  • Bug fixes and performance improvements.

Windows (CNG, KSP)

  • Updated the version for consistency.

To download the software, choose the tab for your preferred operating system, then choose the link to each software package.

Amazon Linux

Download the version 3.1.0 software for Amazon Linux:

Amazon Linux 2

Download the version 3.1.0 software for Amazon Linux 2:

CentOS 6

Download the version 3.1.0 software for CentOS 6:

CentOS 7

Download the version 3.1.0 software for CentOS 7:

RHEL 6

Download the version 3.1.0 software for RedHat Enterprise Linux 6:

RHEL 7

Download the version 3.1.0 software for RedHat Enterprise Linux 7:

Ubuntu 16.04 LTS

Download the version 3.1.0 software for Ubuntu 16.04 LTS:

Windows Server

AWS CloudHSM supports 64-bit versions of Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016. The AWS CloudHSM 3.1.0 client software for Windows Server includes the required CNG and KSP providers. For details, see Install and Configure the AWS CloudHSM Client (Windows). Download the latest version (3.1.0) software for Windows Server:

Version 3.1.0 adds standards-compliant AES key wrapping.

AWS CloudHSM Client Software

  • A new requirement for upgrade: the version of your client must match the version of any software libraries you are using. To upgrade, you must use a batch command that upgrades the client and all the libraries at the same time. For more information, see Client SDK 3 Upgrade.

  • Key_mgmt_util (KMU) includes the following updates:

    • Added two new AES key wrap methods – standards-compliant AES key wrap with zero padding and AES key wrap with no padding. For more information, see wrapKey and unwrapKey.

    • Disabled ability to specify custom IV when wrapping a key using AES_KEY_WRAP_PAD_PKCS5. For more information, see AES Key Wrapping.

PKCS #11 Library

  • Added two new AES key wrap methods - standards-compliant AES key wrap with zero padding and AES key wrap with no padding. For more information, see AES Key Wrapping.

  • You can configure salt length for RSA-PSS signatures. To learn how to use this feature, see Configurable salt length for RSA-PSS signatures on GitHub.

OpenSSL Dynamic Engine

  • BREAKING CHANGE: TLS 1.0 and 1.2 cipher suites with SHA1 are not available in OpenSSL Engine 3.1.0. This issue will be resolved shortly.

  • If you intend to install the OpenSSL Dynamic Engine library on RHEL 6 or CentOS 6, see a known issue about the default OpenSSL version installed on those operating systems.

  • Improved stability and bug fixes

JCE provider

  • BREAKING CHANGE: To address an issue with Java Cryptography Extension (JCE) compliance, AES wrap and unwrap now properly use the AESWrap algorithm instead of the AES algorithm. This means Cipher.WRAP_MODE and Cipher.UNWRAP_MODE no longer succeed for AES/ECB and AES/CBC mechanisms.

    To upgrade to client version 3.1.0, you must update your code. If you have existing wrapped keys, you must pay particular attention to the mechanism you use to unwrap and how IV defaults have changed. If you wrapped keys with client version 3.0.0 or earlier, then in 3.1.1 you must use AESWrap/ECB/PKCS5Padding to unwrap your existing keys. For more information, see AES Key Wrapping.

  • You can list multiple keys with the same label from the JCE provider. To learn how to iterate through all available keys, see Find all keys on GitHub.

  • You can set more restrictive values for attributes during key creation, including specifying different labels for public and private keys. For more information, see Supported Java Attributes.

Windows (CNG, KSP)

  • Improved stability and bug fixes.

Deprecated releases

Versions 3.0.1 and earlier are deprecated. We do not recommend using deprecated releases in production workloads. We do not provide backwards compatible updates for deprecated releases, nor do we host deprecated releases for download. If you experience production impact while using deprecated releases, you must upgrade to obtain software fixes.

End-of-life releases

AWS CloudHSM announces end of life for releases no longer compatible with the service. To preserve the safety of your application, we reserve the right to actively refuse connections from end-of-life releases.

  • Currently no versions of the client SDK are end-of-life releases.