AWS CloudHSM Signer

Easily Sign Transactions and Manage Keys with AWS

Kaleido makes it easy to utilize AWS CloudHSM and generate an Ethereum signing key. Then use it to sign and submission transactions.
What it is

What It Is

AWS CloudHSM provides hardware security modules (HSM) that are maintained in the AWS Cloud. As with any HSM, you can use the AWS CloudHSM to generate and store keys and also perform an array of operations including importing/exporting keys, encrytion/decrytion, signing, calculating message digests etc. AWS CloudHSM Signer allows you to generate an ethereum signing key, and use it to sign and submit transactions.

Secure Transaction Signing

Generate an ethereum signing key, and use it to sign and submit transactions.

AWS CloudHSM Client

The client runs locally in the Kaleido CloudHSM service, maintaining secure end-to-end connection with the AWS CloudHSM(s).

Easily Generate and Store Keys

Perform an array of operations including importing/exporting keys, encrytion/decrytion, signing, calculating message digests, and more.

How it works

How it Works

To give an overview of the architecture, the Kaleido CloudHSM service communicates with the AWS CloudHSM to get a transaction signed by a signing account managed by the AWS CloudHSM. Under no circumstances would Kaleido be able to retrieve the keys from the AWS Cloud, but instead uses the respective key handle and sends the payload to be signed to the cloud, which gets signed and returned.

AWS CloudHSM Cluster

AWS offers clustered HSMs as a service which is FIPS 140-2 Level 3 certified. The cluster is provisioned under your AWS account and will manage your signing keys inside the secure HSM devices.

AWS CloudHSM Client

The communication between the Kaleido CloudHSM service and AWS CloudHSM cluster is established with the help of a component called AWS CloudHSM Client which runs locally in the Kaleido CloudHSM service. This is responsible for maintaining secure end-to-end connection with the AWS CloudHSM(s). More information on the client daemon can be found in AWS's documentation.

PKCS #11 Interface

AWS provides a software library implementing the "Cryptoki" API compliant with the PKCS #11 specification. The library is supported on Linux compatible OS's. This PKCS #11 interface is used by the Kaleido CloudHSM service to communicate with the CloudHSMs in AWS Cloud.

Why Kaleido

Why Kaleido

Kaleido's platform is different because it has everything businesses need to create complete blockchain solutions. With just a few clicks, you can create a blockchain network, deploy it globally, set up governance, and include additional services.

Blazing Fast Deployment, Speed, and Scale

Deploy Production-Ready Blockchain Networks and Digital Assets in Minutes
Amazingly Low Cost Per Transaction
Multi-Party, Cross-Cloud, and Multi-Region Support
Built-In High Availability and Disaster Recovery
400+ APIs and 40+ Services to Accelerate Development

No Lock-in and Open Source Technologies

Support for Multiple Blockchain Protocols
Enterprise Integrations and Marketplace
Customizable Decentralization Options
Actively Leading New Standards and Technologies

Proven Enterprise Platform and Expertise

ISO and SOC2 Certified
SLAs and  24/7 Support
On-Chain and Off-Chain Services
Secure Key Management
Built-In Monitoring and Smart Contract Management
Additional Resources
Learn More About
AWS CloudHSM Signer
Ready to Get Started With
AWS CloudHSM Signer
?