Code samples for the AWS CloudHSM software library for Java

This topic provides resources and information on Java code samples for Client SDK 5.

Prerequisites

Before running the samples, you must set up your environment:

• Install and configure the Java Cryptographic Extension (JCE) provider.

• Set up a valid HSM user name and password. Cryptographic user (CU) permissions are sufficient for these tasks. Your application uses these credentials to log in to the HSM in each example.

• Decide how to provide credentials to the JCE provider.

Code samples

The following code samples show you how to use the AWS CloudHSM JCE provider to perform basic tasks. More code samples are available on GitHub.

• Log in to an HSM

• Manage keys

• Generate Symmetric Keys

• Generate Asymmetric Keys

• Encrypt and decrypt with AES-GCM

• Encrypt and decrypt with AES-CTR

• Encrypt and decrypt with DESede-ECB^{see note 1}

• Sign and Verify with RSA Keys

• Sign and Verify with EC Keys

• Use supported key attributes

• Use the CloudHSM key store

[1] In accordance with NIST guidance, this is disallowed for clusters in FIPS mode after 2023. For clusters in non-FIPS mode, it is still allowed after 2023. See FIPS 140 Compliance: 2024 Mechanism Deprecation for details.