Cryptography algorithms and AWS services
An encryption algorithm is a formula or procedure that converts a plaintext message into an encrypted ciphertext. If you are new to encryption or its terminology, we recommend that you read About data encryption before proceeding with this guide.
AWS cryptography services
AWS cryptography services rely on secure, open-source encryption algorithms. These algorithms are vetted by public standards bodies and by academic research. Some AWS tools and services enforce the use of a specific algorithm. In other services, you can choose between multiple available algorithms and key lengths, or you can use the recommended defaults.
This section describes some of the algorithms that AWS tools and services support. They fall into two categories, symmetric and asymmetric, based on how their keys function:
-
Symmetric encryption uses the same key to encrypt and decrypt the data. AWS services support Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES or TDES), which are two widely used symmetric algorithms.
-
Asymmetric encryption uses a pair of keys, a public key for encryption and a private key for decryption. You can share the public key because it isn't used for decryption, but access to the private key should be highly restricted. AWS services typically support RSA and elliptic-curve cryptography (ECC) asymmetric algorithms.
AWS cryptographic services comply with a wide range of cryptographic security
standards, so you can comply with governmental or professional regulations. For a full
list of the data security standards that AWS services comply with, see AWS compliance
programs
About cryptographic algorithms
Cryptography is an essential part of security for AWS. AWS services support
encryption for data in transit, at rest, or in memory. Many also support encryption with
customer managed keys that are inaccessible to AWS. You can learn more about the AWS
commitment to innovation and investing in additional controls for sovereignty and
encryption features in the AWS digital sovereignty pledge
AWS is committed to using the most secure available cryptographic algorithms to meet
your security and performance requirements. AWS defaults to high-assurance algorithms
and implementations and prefer hardware-optimized solutions that are faster, improve
security, and are more energy efficient. See the AWS Crypto Library
AWS services use trusted cryptographic algorithms that meet industry standards and foster interoperability. These standards are widely accepted by governments, industry, and academia. It takes considerable analysis by the global community for an algorithm to become widely accepted. It also takes time for it to become widely available within the industry. Lack of analysis and availability introduces challenges to interoperability, complexity, and risks for deployments. AWS continues to deploy new cryptographic options to meet a high bar for security and performance.
AWS closely tracks cryptographic developments, security issues, and research
results. As deprecated algorithms and security issues are discovered, they are
addressed. For more information, see the AWS Security
Blog
Cryptographic algorithms
The following tables summarize the cryptographic algorithms, ciphers, modes, and key sizes that AWS deploys across its services to protect your data. They should not be considered to be an exhaustive list of all cryptography options available in AWS. The algorithms fall into two categories:
-
Preferred algorithms meet the AWS security and performance standards.
-
Acceptable algorithms can be used for compatibility in some applications but are not preferred.
Asymmetric cryptography
The following table lists supported asymmetric algorithms for encryption, key agreement, and digital signatures.
| Type | Algorithm | Status |
|---|---|---|
| Encryption | RSA-OAEP (2048 or 3072-bit modulus) | Acceptable |
| Encryption | HPKE (P-256 or P-384, HKDF and AES-GCM) | Acceptable |
| Key Agreement | ML-KEM-768 or ML-KEM-1024 | Preferred (quantum-resistant) |
| Key Agreement | ECDH(E) with P-384 | Acceptable |
| Key Agreement | ECDH(E) with P-256, P-521, or X25519 | Acceptable |
| Key Agreement | ECDH(E) with brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 | Acceptable |
| Signatures | ML-DSA-65 or ML-DSA-87 | Preferred (quantum-resistant) |
| Signatures | SLH-DSA | Preferred (quantum-resistant software/firmware signing) |
| Signatures | ECDSA with P-384 | Acceptable |
| Signatures | ECDSA with P-256, P-521, or Ed25519 | Acceptable |
| Signatures | RSA-2048 or RSA-3072 | Acceptable |
Symmetric cryptography
The following table lists supported symmetric algorithms for encryption, authenticated encryption, and key wrapping.
| Type | Algorithm | Status |
|---|---|---|
| Authenticated Encryption | AES-GCM-256 | Preferred |
| Authenticated Encryption | AES-GCM-128 | Acceptable |
| Authenticated Encryption | ChaCha20/Poly1305 | Acceptable |
| Encryption Modes | AES-XTS-256 (for block storage) | Preferred |
| Encryption Modes | AES-CBC / CTR (unauthenticated modes) | Acceptable |
| Key Wrapping | AES-GCM-256 | Preferred |
| Key Wrapping | AES-KW or AES-KWP with 256-bit keys | Acceptable |
Cryptographic functions
The following table lists supported algorithms for hashing, key derivation, message authentication, and password hashing.
| Type | Algorithm | Status |
|---|---|---|
| Hashing | SHA2-384 | Preferred |
| Hashing | SHA2-256 | Acceptable |
| Hashing | SHA3 | Acceptable |
| Key Derivation | HKDF_Expand or HKDF with SHA2-256 | Preferred |
| Key Derivation | Counter Mode KDF with HMAC-SHA2-256 | Acceptable |
| Message Authentication Code | HMAC-SHA2-384 | Preferred |
| Message Authentication Code | HMAC-SHA2-256 | Acceptable |
| Message Authentication Code | KMAC | Acceptable |
| Password Hashing | scrypt with SHA384 | Preferred |
| Password Hashing | PBKDF2 | Acceptable |
