All Products
Search
Document Center

Key Management Service:HSM types

Last Updated:Sep 27, 2024

This topic describes different types of hardware security modules (HSMs) that are supported by Cloud Hardware Security Module. This topic also describes the API specifications, encryption algorithms, and performance references of HSMs.

GVSMs

Cloud Hardware Security Module supports Federal Information Processing Standards (FIPS)-certified general virtual security modules (GVSMs). The following table describes the encryption algorithms and API specifications of GVSMs.

Feature

Description

Description

The hardware and firmware of GVSMs are validated by FIPS 140-2 Level 3. Cloud Hardware Security Module allows you to manage keys in a secure and reliable manner and ensures reliable data encryption and decryption by using multiple encryption algorithms.

API specifications

PKCS#11 is used.

Encryption algorithms

  • Symmetric encryption algorithms: Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES) (128-, 192-, and 256-bit keys are supported.)

  • Asymmetric encryption algorithms: Rivest-Shamir-Adleman (RSA) (key length from 2048 to 4096 in bits) and elliptic curve cryptography (ECC)

  • Digest algorithms: Secure Hash Algorithm 1 (SHA-1), SHA-256, SHA-384, and SHA-512

Performance references

  • Computing performance of RSA-2048 signing and verification: 1,100 times per second

  • EC P256 point multiplication performance: 315 times per second

  • AES-256 duplex communication encryption speed: 300 MB per second

  • RSA-2048 key generation performance: 0.5 pairs per second

  • Random number generation speed: 20 MB per second

HSM cluster feature

Cloud Hardware Security Module provides the HSM cluster feature. You can use the feature to associate and manage a group of HSMs that reside in different zones of the same region and are used by the same service in a centralized manner. The feature provides high availability, load balancing, and scale-out capabilities for cryptographic operations. An HSM cluster includes one master HSM and multiple non-master HSMs. In a cluster, HSMs that reside in the same zone use the same subnet.