Supported cryptographic algorithms
The following table summarizes the cryptographic algorithms, ciphers, modes, and key sizes
that AWS is deploying across its services to protect your data. This should not be
considered an exhaustive list of all cryptography used in AWS. The algorithms fall into
two categories: "Preferred" are the algorithms that meet industry standards and foster
interoperability and "Acceptable" which can be used for compatibility in
certain applications, but are not Preferred. You should consider the following information
when making your cryptographic choices for your encryption use cases.
For more details on cryptographic algorithms deployed in AWS, see Cryptography algorithms and AWS services.
Asymmetric Encryption
Algorithm |
Status |
RSA-OAEP with 2048 or 3072-bit modulus |
Acceptable |
HPKE with P-256 or P-384, HKDF and AES-GCM |
Acceptable |
Asymmetric Key Agreement
Algorithm |
Status |
ML-KEM-768 or ML-KEM-1024 |
Preferred (for quantum-resistance) |
ECDH(E) with P-384 |
Acceptable |
ECDH(E) with P-256, P-521, or X25519 |
Acceptable |
ECDH(E) with brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1 |
Acceptable |
Signatures
Algorithm |
Status |
ML-DSA-65 or ML-DSA-87 |
Preferred (for quantum-resistance) |
SLH-DSA |
Preferred (for quantum-resistant software/firmware signing) |
ECDSA with P-384 |
Acceptable |
ECDSA with P-256, P-521, or Ed25519 |
Acceptable |
RSA-2048 or RSA-3072 |
Acceptable |
Authenticated Encryption
Algorithm |
Status |
AES-GCM-256 |
Preferred |
AES-GCM-128 |
Acceptable |
ChaCha20/Poly1305 |
Acceptable |
Encryption Modes
Algorithm |
Status |
AES-XTS-256 (for block storage) |
Preferred |
AES-CBC / CTR (unathenticated modes) |
Acceptable |
Hashing
Algorithm |
Status |
SHA2-384 |
Preferred |
SHA2-256 |
Acceptable |
SHA3 |
Acceptable |
Key Derivation
Algorithm |
Status |
HKDF_Expand or HKDF with SHA2-256 |
Preferred |
Counter Mode KDF with HMAC-SHA2-256 |
Acceptable |
Key Wrapping
Algorithm |
Status |
AES-GCM-256 |
Preferred |
AES-KW or AES-KWP with 256-bit keys |
Acceptable |
Message Authentication Code (MAC)
Algorithm |
Status |
HMAC-SHA2-384 |
Preferred |
HMAC-SHA2-256 |
Acceptable |
KMAC |
Acceptable |
Password Hashing
Algorithm |
Status |
scrypt with SHA384 |
Preferred |
PBKDF2 |
Acceptable |