AWS CloudHSM is a cloud-based HSM service that enables you to easily generate and use your own encryption and signing keys on the AWS CloudHSM. With AWS CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. AWS CloudHSM provides hardware security modules in the AWS Cloud that performs cryptographic operations and provides secure storage for cryptographic keys.

The AWS CloudHSM is only supported on ADSS Server deployed on Linux systems.

​The details of supported key types and mechanism are available here:


https://docs.aws.amazon.com/cloudhsm/latest/userguide/java-lib-supported.html.


To generate a new AWS CloudHSM profile press the New button in the Crypto Source Screen and select AWS CloudHSM in Crypto Source Type drop down:


Items

Description

Status

Set the status of this Crypto Profile. If the status is set to Inactive then it cannot be used to generate or read the keys for singing purposes. 

Friendly Name

Specify a friendly name for this service. The name should be unique within this ADSS Server environment.

Crypto Source Type

Select AWS CloudHSM from the drop-down menu.

Partition Name

Specify the Name of the partition. AWS CloudHSM Partitions are the specified storage areas that reside within the AWS CloudHSM. The AWS CloudHSM can contain multiple HSM partitions, and each partition can be connected to one or more Clients through their credentials.

User ID

Specify the User ID that needs to connect with AWS CloudHSM. 

User Password

Specify the password for the connecting user as per the above entered User ID.


​Key Wrapping is not supported in ADSS Server for AWS CloudHSM.


AWS CloudHSM is only supported when using ADSS Server deployed on Linux operating systems. This is due to the reliance on third party AWS CloudHSM libraries, that are only available on Linux platforms.



See also

PKCS#11 Standard

Utimaco CryptoServer CP5 HSM
Thales Luna K7 Cryptographic Module
nCipher nShield Solo XC Cryptographic Module
Azure Key Vault
AWS CloudHSM
MS-CAPI/CNG
Importing Existing Keys