AWS CloudHSM Signer

Sign transactions using off-platform keys, while benefiting from a fully-managed signing experience including nonce management and REST APIs
Use on Kaleido
Coming Soon

AWS CloudHSM provides hardware security modules (HSM) that are maintained in the AWS Cloud. As with any HSM, you can use the AWS CloudHSM to generate and store keys and also perform an array of operations including importing/exporting keys, encrytion/decrytion, signing, calculating message digests etc. AWS CloudHSM Signer allows you to generate an ethereum signing key, and use it to sign and submit transactions.

AWS CloudHSM provides hardware security modules (HSM) that are maintained in the AWS Cloud. As with any HSM, you can use the AWS CloudHSM to generate and store keys and also perform an array of operations including importing/exporting keys, encrytion/decrytion, signing, calculating message digests etc. AWS CloudHSM Signer allows you to generate an ethereum signing key, and use it to sign and submit transactions.

Features

Secure Transaction Signing

Generate an ethereum signing key, and use it to sign and submit transactions.


AWS CloudHSM Client 

The client runs locally in the Kaleido CloudHSM service, maintaining secure end-to-end connection with the AWS CloudHSM(s)

Easily generate and store keys 

Perform an array of operations including importing/exporting keys, encrytion/decrytion, signing, calculating message digests etc

How it works

To give an overview of the architecture, the Kaleido CloudHSM service communicates with the AWS CloudHSM to get a transaction signed by a signing account managed by the AWS CloudHSM. Under no circumstances would Kaleido be able to retrieve the keys from the AWS Cloud, but instead uses the respective key handle and sends the payload to be signed to the cloud, which gets signed and returned.

AWS CloudHSM Cluster
AWS offers clustered HSMs as a service which is FIPS 140-2 Level 3 certified. The cluster is provisioned under your AWS account and will manage your signing keys inside the secure HSM devices.

AWS CloudHSM Client
The communication between the Kaleido CloudHSM service and AWS CloudHSM cluster is established with the help of a component called AWS CloudHSM Client which runs locally in the Kaleido CloudHSM service. This is responsible for maintaining secure end-to-end connection with the AWS CloudHSM(s). More information on the client daemon can be found at https://docs.aws.amazon.com/cloudhsm/latest/userguide/client-tools-and-libraries.html.

PKCS #11 Interface
AWS provides a software library implementing the "Cryptoki" API compliant with the PKCS #11 specification. The library is supported on Linux compatible OS's. This PKCS #11 interface is used by the Kaleido CloudHSM service to communicate with the CloudHSMs in AWS Cloud.

No items found.

To give an overview of the architecture, the Kaleido CloudHSM service communicates with the AWS CloudHSM to get a transaction signed by a signing account managed by the AWS CloudHSM. Under no circumstances would Kaleido be able to retrieve the keys from the AWS Cloud, but instead uses the respective key handle and sends the payload to be signed to the cloud, which gets signed and returned.

AWS CloudHSM Cluster
AWS offers clustered HSMs as a service which is FIPS 140-2 Level 3 certified. The cluster is provisioned under your AWS account and will manage your signing keys inside the secure HSM devices.

AWS CloudHSM Client
The communication between the Kaleido CloudHSM service and AWS CloudHSM cluster is established with the help of a component called AWS CloudHSM Client which runs locally in the Kaleido CloudHSM service. This is responsible for maintaining secure end-to-end connection with the AWS CloudHSM(s). More information on the client daemon can be found at https://docs.aws.amazon.com/cloudhsm/latest/userguide/client-tools-and-libraries.html.

PKCS #11 Interface
AWS provides a software library implementing the "Cryptoki" API compliant with the PKCS #11 specification. The library is supported on Linux compatible OS's. This PKCS #11 interface is used by the Kaleido CloudHSM service to communicate with the CloudHSMs in AWS Cloud.

No items found.

Additional Resources

Accelerate your Digital Transformation

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience. Learn about our Privacy Policy here.