Questions tagged with AWS CloudHSM
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Are AWS services assigned IAM roles that allow them to access the CloudHSM API....and then use the CloudHSM client Crypto User account to complete their task encrypt/decrypt task? If no, how does an...
2
answers
0
votes
345
views
asked 2 years agolg...
My understanding is, Private Key should never leave HSM cluster. HSM-Client should pass key-handle, Mechanism and payload to the HSM-Server and HSM-Server should encrypt or sign the payload and give...
0
answers
0
votes
151
views
asked 2 years agolg...
Hello,
Basically, as I understand it, physical HSMs are managed by a team of people who have physical key to reset the HSM itself. That is, these people, let's say there are 3 of them, have 3 keys and...
2
answers
0
votes
467
views
asked 2 years agolg...
Hello there, I do have a requirement in my application to encrypt and decrypt data using a symmetric key algorithm (mostly AES/CBC/PKCS5Padding).
CONSTRAINT and Requirements are
1. I need to use...
1
answers
0
votes
994
views
asked 2 years agolg...
Hi, I am trying to use Cavium in a Java application for two-way SSL handshake. My application is the client application. However when the application runs, the client handshake fails with the...
0
answers
0
votes
175
views
asked 2 years agolg...
I am assuming that when you follow the steps to use "TLS client-server mutual authentication," the default key can still be used.
* Is it possible to **only** allow "TLS client-server mutual...
1
answers
0
votes
415
views
asked 2 years agolg...
Can an application be architected so that it leverages CloudHSM clusters in multiple regions (at least 2)? Possibly by using the cross-region replication/cloning so data can be decrypted in both...
4
answers
1
votes
1291
views
asked 2 years agolg...
I understand DocumentDB supports SSE via KMS (1 key per cluster). However, does it support client-side encryption or the AWS encryption SDK?
3
answers
1
votes
662
views
asked 2 years agolg...
Hi,
I'm trying to issue RSA key pairs on AWS CloudHSM with a JAVA application using IAIK PKCS#11 Wrapper and JVM JCE Provider and I'm facing some difficulties. Indeed, for now, the only way to...
2
answers
0
votes
476
views
asked 3 years agolg...
Hello,
Can't launch any aws-cloudhsm-pkcs11-examples. C_Initialize() returns error code 5 (CKR_GENERAL_ERROR). What is missing?
I'm trying to integrate CloudHSM/PKCS11 library into...
1
answers
0
votes
547
views
asked 4 years agolg...
From the documentation, it seems that if you want to use TDE on Oracle on RDS, the TDE master key can be stored:
- In RDS itself (Oracle Wallet) or
- In ClassicHSM.
Do you have any inputs on the...
1
answers
0
votes
674
views
asked 4 years agolg...
Hello,
What is the user of the private key used to the sign the cluster CSR ? The user guide <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html> says
_If you can...
2
answers
0
votes
345
views
asked 5 years agolg...