Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AWS CloudHSM extracting keys using JCE

PDF
RSS
Focus mode
AWS CloudHSM extracting keys using JCE - AWS CloudHSM
getEncoded, getPrivateExponent, or getS returns nullgetEncoded, getPrivateExponent, or getS return key bytes outside of the HSM

Use the following sections to troubleshoot issues extracting AWS CloudHSM keys using JCE.

getEncoded, getPrivateExponent, or getS returns null

getEncoded, getPrivateExponent, and getS will return null because they are by default disabled. To enable them, refer to Key extraction using JCE for AWS CloudHSM.

If getEncoded, getPrivateExponent, and getS return null after being enabled, your key does not meet the right prerequisites. For more information, refer to Key extraction using JCE for AWS CloudHSM.

getEncoded, getPrivateExponent, or getS return key bytes outside of the HSM

You or someone with access to your system has enabled clear key extraction. See the following pages for more information, including how to reset this configuration to the default disabled state.

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.