AWS CloudHSM Client SDKs

Use a Client SDK to offload cryptographic operations from platform or language-based applications to hardware security modules (HSMs).

AWS CloudHSM offers two major versions, and Client SDK 5 is the latest. It offers a variety of advantages over Client SDK 3 (the previous series). For more information, see Benefits of Client SDK 5. For information about platform support, see Client SDK 5 supported platforms.

For information on using Client SDK 3, see Previous Client SDK (Client SDK 3).

PKCS #11 library: PKCS #11 is a standard for performing cryptographic operations on hardware security modules (HSMs). AWS CloudHSM offers implementations of the PKCS #11 library that are compliant with PKCS #11 version 2.40.
OpenSSL Dynamic Engine: The AWS CloudHSM OpenSSL Dynamic Engine allows you to offload cryptographic operations to your CloudHSM cluster through the OpenSSL API.
JCE provider: The AWS CloudHSM JCE provider is compliant with the Java Cryptographic Architecture (JCA). The provider allows you to perform cryptographic operations on the HSM.
Cryptography API: Next Generation (CNG) and key storage providers (KSP) for Microsoft Windows: The AWS CloudHSM client for Windows includes CNG and KSP providers. Currently, only Client SDK 3 supports CNG and KSP providers.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Key Attribute Reference

Supported platforms