Offload operations with AWS CloudHSM Client SDKs - AWS CloudHSM

Offload operations with AWS CloudHSM Client SDKs

Use a Client SDK to offload cryptographic operations from platform or language-based applications to hardware security modules (HSMs).

AWS CloudHSM offers two major versions, and Client SDK 5 is the latest. It offers a variety of advantages over Client SDK 3 (the previous series). For more information, see Benefits of Client SDK 5. For information about platform support, see AWS CloudHSM Client SDK 5 supported platforms.

The following topics describe how to work with AWS CloudHSM Client SDKs.

AWS CloudHSM supports the following components:

PKCS #11 library for AWS CloudHSM Client SDK 5

PKCS #11 is a standard for performing cryptographic operations on hardware security modules (HSMs). AWS CloudHSM offers implementations of the PKCS #11 library that are compliant with PKCS #11 version 2.40.

OpenSSL Dynamic Engine for AWS CloudHSM Client SDK 5

The AWS CloudHSM OpenSSL Dynamic Engine allows you to offload cryptographic operations to your CloudHSM cluster through the OpenSSL API.

JCE provider for AWS CloudHSM Client SDK 5

The AWS CloudHSM JCE provider is compliant with the Java Cryptographic Architecture (JCA). The provider allows you to perform cryptographic operations on the HSM.

Key storage provider (KSP) for AWS CloudHSM Client SDK 5

The AWS CloudHSM client for Windows includes CNG and KSP providers. Currently, only Client SDK 3 supports CNG and KSP providers.