getEncoded, getPrivateExponent, or getS returns null getEncoded, getPrivateExponent, or getS return key bytes outside of the HSM

AWS CloudHSM extracting keys using JCE

Use the following sections to troubleshoot issues extracting AWS CloudHSM keys using JCE.

getEncoded, getPrivateExponent, or getS returns null

getEncoded, getPrivateExponent, and getS will return null because they are by default disabled. To enable them, refer to Key extraction using JCE for AWS CloudHSM.

If getEncoded, getPrivateExponent, and getS return null after being enabled, your key does not meet the right prerequisites. For more information, refer to Key extraction using JCE for AWS CloudHSM.

getEncoded, getPrivateExponent, or getS return key bytes outside of the HSM

You or someone with access to your system has enabled clear key extraction. See the following pages for more information, including how to reset this configuration to the default disabled state.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS CloudHSM error seen during key availability check

HSM throttling