Supported key types - AWS CloudHSM

Supported key types

The PKCS #11 library supports the following key types.

Key Type Description
AES Generate 128, 192, and 256-bit AES keys.
Triple DES (3DES, DESede) Generate 192-bit Triple DES keys. See note 1 below for an upcoming change.
EC Generate keys with the secp224r1 (P-224), secp256r1 (P-256), secp256k1 (Blockchain), secp384r1 (P-384), and secp521r1 (P-521) curves.
GENERIC_SECRET Generate 1 to 800 bytes generic secrets.
RSA Generate 2048-bit to 4096-bit RSA keys, in increments of 256 bits.

[1] Disallowed after 2023 for FIPS compliance as per NIST guidance. See FIPS 140 Compliance: 2024 Mechanism Deprecation for details.