Supported cryptographic algorithms
The following table summarizes the cryptographic algorithms, ciphers, modes, and key sizes
that AWS is deploying across its services to protect your data. This should not be
considered an exhaustive list of all cryptography used in AWS. The algorithms fall into
two categories: "Preferred" are the algorithms that meet industry standards and foster
interoperability and "Acceptable" which can be used for compatibility in
certain applications, but are not Preferred. You should consider the following information
when making your cryptographic choices for your encryption use cases.
For more details on cryptographic algorithms deployed in AWS, see Cryptography algorithms and AWS services.
Asymmetric Encryption
| Algorithm |
Status |
| RSA-OAEP with 2048 or 3072-bit modulus |
Acceptable |
| HPKE with P-256 or P-384, HKDF and AES-GCM |
Acceptable |
Asymmetric Key Agreement
| Algorithm |
Status |
| ML-KEM-768 or ML-KEM-1024 |
Preferred (for quantum-resistance) |
| ECDH(E) with P-384 |
Acceptable |
| ECDH(E) with P-256, P-521, or X25519 |
Acceptable |
| ECDH(E) with brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 |
Acceptable |
Signatures
| Algorithm |
Status |
| ML-DSA-65 or ML-DSA-87 |
Preferred (for quantum-resistance) |
| SLH-DSA |
Preferred (for quantum-resistant software/firmware signing) |
| ECDSA with P-384 |
Acceptable |
| ECDSA with P-256, P-521, or Ed25519 |
Acceptable |
| RSA-2048 or RSA-3072 |
Acceptable |
Authenticated Encryption
| Algorithm |
Status |
| AES-GCM-256 |
Preferred |
| AES-GCM-128 |
Acceptable |
| ChaCha20/Poly1305 |
Acceptable |
Encryption Modes
| Algorithm |
Status |
| AES-XTS-256 (for block storage) |
Preferred |
| AES-CBC / CTR (unathenticated modes) |
Acceptable |
Hashing
| Algorithm |
Status |
| SHA2-384 |
Preferred |
| SHA2-256 |
Acceptable |
| SHA3 |
Acceptable |
Key Derivation
| Algorithm |
Status |
| HKDF_Expand or HKDF with SHA2-256 |
Preferred |
| Counter Mode KDF with HMAC-SHA2-256 |
Acceptable |
Key Wrapping
| Algorithm |
Status |
| AES-GCM-256 |
Preferred |
| AES-KW or AES-KWP with 256-bit keys |
Acceptable |
Message Authentication Code (MAC)
| Algorithm |
Status |
| HMAC-SHA2-384 |
Preferred |
| HMAC-SHA2-256 |
Acceptable |
| KMAC |
Acceptable |
Password Hashing
| Algorithm |
Status |
| scrypt with SHA384 |
Preferred |
| PBKDF2 |
Acceptable |
