AWS CloudHSM Signer

Easily Sign Transactions and Manage Keys with AWS

Kaleido makes it easy to utilize AWS CloudHSM and generate an Ethereum signing key. Then use it to sign and submission transactions.
What it is

AWS CloudHSM Signer, Simplified

AWS CloudHSM provides hardware security modules (HSM) that are maintained in the AWS Cloud. As with any HSM, you can use the AWS CloudHSM to generate and store keys and also perform an array of operations including importing/exporting keys, encrytion/decrytion, signing, calculating message digests etc. AWS CloudHSM Signer allows you to generate an ethereum signing key, and use it to sign and submit transactions.

Secure Transaction Signing

Generate an ethereum signing key, and use it to sign and submit transactions.

AWS CloudHSM Client

The client runs locally in the Kaleido CloudHSM service, maintaining secure end-to-end connection with the AWS CloudHSM(s).

Easily Generate and Store Keys

Perform an array of operations including importing/exporting keys, encrytion/decrytion, signing, calculating message digests, and more.

How it Works

To give an overview of the architecture, the Kaleido CloudHSM service communicates with the AWS CloudHSM to get a transaction signed by a signing account managed by the AWS CloudHSM. Under no circumstances would Kaleido be able to retrieve the keys from the AWS Cloud, but instead uses the respective key handle and sends the payload to be signed to the cloud, which gets signed and returned.

AWS CloudHSM Cluster

AWS offers clustered HSMs as a service which is FIPS 140-2 Level 3 certified. The cluster is provisioned under your AWS account and will manage your signing keys inside the secure HSM devices.

AWS CloudHSM Client

The communication between the Kaleido CloudHSM service and AWS CloudHSM cluster is established with the help of a component called AWS CloudHSM Client which runs locally in the Kaleido CloudHSM service. This is responsible for maintaining secure end-to-end connection with the AWS CloudHSM(s). More information on the client daemon can be found in AWS's documentation.

PKCS #11 Interface

AWS provides a software library implementing the "Cryptoki" API compliant with the PKCS #11 specification. The library is supported on Linux compatible OS's. This PKCS #11 interface is used by the Kaleido CloudHSM service to communicate with the CloudHSMs in AWS Cloud.

Why Kaleido

Everything You Need to Build Enterprise-Grade Blockchain and Digital Asset Solutions on AWS

Kaleido's blockchain platform makes it radically simple for businesses to create complete web3 networks and applications. With just a few clicks, you can launch a blockchain network, deploy it globally, set up governance, and start plugging in familiar services.

Quickly Launch Blockchain
Networks

Launch blockchain networks in minutes
Choose from leading protocols
Select permissioned chains, appchains,  sidechains, or consortium chains
Deploy on AWS, Azure or on-prem
Stand up nodes worldwide in regions of your choice

Simplify Development to Get to
Production Fast

Access 40+ plug-and-play services for wallets, key management, storage, data, and more
Automate management and deployment with our fully API-enabled platform
Turn any smart contract into familiar APIs with our smart contract API generator
Make digital assets, NFTs, and consortia easy with our dedicated solutions
Mint, manage, and burn tokens at scale with robust tooling

All Backed by Enterprise-Grade Infrastructure and Support

Modern cloud scale architecture
Built-in high availability and disaster recovery
ISO 27k and SOC 2 Type 2 compliant
Integrate seamlessly with existing internal systems
Open source tech and no vendor lockin
24x7 support and SLAs
Additional Resources
Learn More About AWS CloudHSM Signer

Ready to Get Started with AWS CloudHSM Signer?

No Credit Card Required
ISO27K & SOC2 Type 2 Compliant
Free Training & Support