AWS CloudHSM
AWS CloudHSM is a cloud-based HSM service that enables you to easily generate and use your own encryption and signing keys on the AWS CloudHSM. With AWS CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. AWS CloudHSM provides hardware security modules in the AWS Cloud that performs cryptographic operations and provides secure storage for cryptographic keys.
The AWS CloudHSM is only supported on ADSS Server deployed on Linux systems.
The details of supported key types and mechanism are available here:
https://docs.aws.amazon.com/cloudhsm/latest/userguide/java-lib-supported.htmlTo generate a new AWS CloudHSM profile press the New button in the Crypto Source Screen and select AWS CloudHSM in Crypto Source Type drop down:
| Item | Description |
| Status | Set the status of this Crypto Profile. If the status is set to Inactive then it cannot be used to generate or read the keys for singing purposes. |
| Friendly Name | Specify a friendly name for this service. The name should be unique within this ADSS Server environment. |
| Crypto Source Type | Select AWS CloudHSM from the drop-down menu. |
| Partition Name | Specify the Name of the partition. AWS CloudHSM Partitions are the specified storage areas that reside within the AWS CloudHSM. The AWS CloudHSM can contain multiple HSM partitions, and each partition can be connected to one or more Clients through their credentials. |
| User ID | Specify the User ID that needs to connect with AWS CloudHSM. |
| User Password | Specify the password for the connecting user as per the above entered User ID. |
Key Wrapping is not supported in ADSS Server for AWS CloudHSM.
AWS CloudHSM is only supported when using ADSS Server deployed on Linux operating systems. This is due to the reliance on third party AWS CloudHSM libraries, that are only available on Linux platforms.