AWS CloudHSM Client SDKs
Use a Client SDK to offload cryptographic operations from platform or language-based applications to hardware security modules (HSMs).
AWS CloudHSM offers two major versions, and Client SDK 5 is the latest. It offers a variety of advantages over Client SDK 3 (the previous series). For more information, see Benefits of Client SDK 5. For information about platform support, see Client SDK 5 supported platforms.
For information on using Client SDK 3, see Previous Client SDK (Client SDK 3).
- PKCS #11 library
-
PKCS #11 is a standard for performing cryptographic operations on hardware security modules (HSMs). AWS CloudHSM offers implementations of the PKCS #11 library that are compliant with PKCS #11 version 2.40.
- OpenSSL Dynamic Engine
-
The AWS CloudHSM OpenSSL Dynamic Engine allows you to offload cryptographic operations to your CloudHSM cluster through the OpenSSL API.
- JCE provider
-
The AWS CloudHSM JCE provider is compliant with the Java Cryptographic Architecture (JCA). The provider allows you to perform cryptographic operations on the HSM.
- Cryptography API: Next Generation (CNG) and key storage providers (KSP) for Microsoft Windows
-
The AWS CloudHSM client for Windows includes CNG and KSP providers. Currently, only Client SDK 3 supports CNG and KSP providers.