Offload operations with AWS CloudHSM Client SDKs
Use a Client SDK to offload cryptographic operations from platform or language-based applications to hardware security modules (HSMs).
AWS CloudHSM offers two major versions, and Client SDK 5 is the latest. It offers a variety of advantages over Client SDK 3 (the previous series). For more information, see Benefits of Client SDK 5. For information about platform support, see AWS CloudHSM Client SDK 5 supported platforms.
The following topics describe how to work with AWS CloudHSM Client SDKs.
AWS CloudHSM supports the following components:
- PKCS #11 library for AWS CloudHSM Client SDK 5
-
PKCS #11 is a standard for performing cryptographic operations on hardware security modules (HSMs). AWS CloudHSM offers implementations of the PKCS #11 library that are compliant with PKCS #11 version 2.40.
- OpenSSL Dynamic Engine for AWS CloudHSM Client SDK 5
-
The AWS CloudHSM OpenSSL Dynamic Engine allows you to offload cryptographic operations to your CloudHSM cluster through the OpenSSL API.
- JCE provider for AWS CloudHSM Client SDK 5
-
The AWS CloudHSM JCE provider is compliant with the Java Cryptographic Architecture (JCA). The provider allows you to perform cryptographic operations on the HSM.
- Key storage provider (KSP) for AWS CloudHSM Client SDK 5
-
The AWS CloudHSM client for Windows includes CNG and KSP providers. Currently, only Client SDK 3 supports CNG and KSP providers.