AWS CloudHSM Client SDKs - AWS CloudHSM

AWS CloudHSM Client SDKs

Use a Client SDK to offload cryptographic operations from platform or language-based applications to hardware security modules (HSMs).

AWS CloudHSM offers two major versions, and Client SDK 5 is the latest. It offers a variety of advantages over Client SDK 3 (the previous series). For more information, see Benefits of Client SDK 5. For information about platform support, see Client SDK 5 supported platforms.

For information on using Client SDK 3, see Previous Client SDK versions.

PKCS #11 library

PKCS #11 is a standard for performing cryptographic operations on hardware security modules (HSMs). AWS CloudHSM offers implementations of the PKCS #11 library that are compliant with PKCS #11 version 2.40.

OpenSSL Dynamic Engine

The AWS CloudHSM OpenSSL Dynamic Engine allows you to offload cryptographic operations to your CloudHSM cluster through the OpenSSL API.

JCE provider

The AWS CloudHSM JCE provider is compliant with the Java Cryptographic Architecture (JCA). The provider allows you to perform cryptographic operations on the HSM.

Cryptography API: Next Generation (CNG) and key storage providers (KSP) for Microsoft Windows

The AWS CloudHSM client for Windows includes CNG and KSP providers. Currently, only Client SDK 3 supports CNG and KSP providers.