Questions tagged with AWS CloudHSM
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
Are AWS services assigned IAM roles that allow them to access the CloudHSM API....and then use the CloudHSM client Crypto User account to complete their task encrypt/decrypt task? If no, how does an...
2
answers
0
votes
342
views
asked 2 years agolg...
My understanding is, Private Key should never leave HSM cluster. HSM-Client should pass key-handle, Mechanism and payload to the HSM-Server and HSM-Server should encrypt or sign the payload and give...
0
answers
0
votes
149
views
asked 2 years agolg...
Hello,
Basically, as I understand it, physical HSMs are managed by a team of people who have physical key to reset the HSM itself. That is, these people, let's say there are 3 of them, have 3 keys and...
2
answers
0
votes
463
views
asked 2 years agolg...
Hello there, I do have a requirement in my application to encrypt and decrypt data using a symmetric key algorithm (mostly AES/CBC/PKCS5Padding).
CONSTRAINT and Requirements are
1. I need to use...
1
answers
0
votes
989
views
asked 2 years agolg...
Hi, I am trying to use Cavium in a Java application for two-way SSL handshake. My application is the client application. However when the application runs, the client handshake fails with the...
0
answers
0
votes
173
views
asked 2 years agolg...
I am assuming that when you follow the steps to use "TLS client-server mutual authentication," the default key can still be used.
* Is it possible to **only** allow "TLS client-server mutual...
1
answers
0
votes
411
views
asked 2 years agolg...
Can an application be architected so that it leverages CloudHSM clusters in multiple regions (at least 2)? Possibly by using the cross-region replication/cloning so data can be decrypted in both...
4
answers
1
votes
1285
views
asked 2 years agolg...
I understand DocumentDB supports SSE via KMS (1 key per cluster). However, does it support client-side encryption or the AWS encryption SDK?
3
answers
1
votes
658
views
asked 2 years agolg...
Hi,
I'm trying to issue RSA key pairs on AWS CloudHSM with a JAVA application using IAIK PKCS#11 Wrapper and JVM JCE Provider and I'm facing some difficulties. Indeed, for now, the only way to...
2
answers
0
votes
471
views
asked 3 years agolg...
Hello,
Can't launch any aws-cloudhsm-pkcs11-examples. C_Initialize() returns error code 5 (CKR_GENERAL_ERROR). What is missing?
I'm trying to integrate CloudHSM/PKCS11 library into...
1
answers
0
votes
542
views
asked 4 years agolg...
From the documentation, it seems that if you want to use TDE on Oracle on RDS, the TDE master key can be stored:
- In RDS itself (Oracle Wallet) or
- In ClassicHSM.
Do you have any inputs on the...
1
answers
0
votes
670
views
asked 4 years agolg...
Hello,
What is the user of the private key used to the sign the cluster CSR ? The user guide <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html> says
_If you can...
2
answers
0
votes
343
views
asked 5 years agolg...