Supported cryptographic algorithms - AWS Key Management Service

Supported cryptographic algorithms

The following table summarizes the cryptographic algorithms, ciphers, modes, and key sizes that AWS is deploying across its services to protect your data. This should not be considered an exhaustive list of all cryptography used in AWS. The algorithms fall into two categories: "Preferred" are the algorithms that meet industry standards and foster interoperability and "Acceptable" which can be used for compatibility in certain applications, but are not Preferred. You should consider the following information when making your cryptographic choices for your encryption use cases.

For more details on cryptographic algorithms deployed in AWS, see Cryptography algorithms and AWS services.

Asymmetric Encryption
Algorithm Status
RSA-OAEP with 2048 or 3072-bit modulus Acceptable
HPKE with P-256 or P-384, HKDF and AES-GCM Acceptable
Asymmetric Key Agreement
Algorithm Status
ML-KEM-768 or ML-KEM-1024 Preferred (for quantum-resistance)
ECDH(E) with P-384 Acceptable
ECDH(E) with P-256, P-521, or X25519 Acceptable
ECDH(E) with brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 Acceptable
Signatures
Algorithm Status
ML-DSA-65 or ML-DSA-87 Preferred (for quantum-resistance)
SLH-DSA Preferred (for quantum-resistant software/firmware signing)
ECDSA with P-384 Acceptable
ECDSA with P-256, P-521, or Ed25519 Acceptable
RSA-2048 or RSA-3072 Acceptable
Authenticated Encryption
Algorithm Status
AES-GCM-256 Preferred
AES-GCM-128 Acceptable
ChaCha20/Poly1305 Acceptable
Encryption Modes
Algorithm Status
AES-XTS-256 (for block storage) Preferred
AES-CBC / CTR (unathenticated modes) Acceptable
Hashing
Algorithm Status
SHA2-384 Preferred
SHA2-256 Acceptable
SHA3 Acceptable
Key Derivation
Algorithm Status
HKDF_Expand or HKDF with SHA2-256 Preferred
Counter Mode KDF with HMAC-SHA2-256 Acceptable
Key Wrapping
Algorithm Status
AES-GCM-256 Preferred
AES-KW or AES-KWP with 256-bit keys Acceptable
Message Authentication Code (MAC)
Algorithm Status
HMAC-SHA2-384 Preferred
HMAC-SHA2-256 Acceptable
KMAC Acceptable
Password Hashing
Algorithm Status
scrypt with SHA384 Preferred
PBKDF2 Acceptable