Supported key types for JCE provider for AWS CloudHSM Client SDK 5 - AWS CloudHSM

Supported key types for JCE provider for AWS CloudHSM Client SDK 5

The AWS CloudHSM software library for Java enables you to generate the following key types.

Key Type Description
AES Generate 128, 192, and 256-bit AES keys.
Triple DES (3DES, DESede) Generate a 192-bit Triple DES Key See footnote 1 for an upcoming change.
EC Generate EC key pairs – NIST curves secp224r1 (P-224), secp256r1 (P-256), secp256k1 (Blockchain), secp384r1 (P-384), and secp521r1 (P-521).
GENERIC_SECRET Generate 1 to 800 bytes generic secrets.
HMAC Hash support for SHA1, SHA224, SHA256, SHA384, SHA512.
RSA Generate 2048-bit to 4096-bit RSA keys, in increments of 256 bits.

[1] In accordance with NIST guidance, this is disallowed for clusters in FIPS mode after 2023. For clusters in non-FIPS mode, it is still allowed after 2023. See FIPS 140 Compliance: 2024 Mechanism Deprecation for details.