AWS cryptography services Cryptographic algorithms

Cryptography algorithms and AWS services

An encryption algorithm is a formula or procedure that converts a plaintext message into an encrypted ciphertext. If you are new to encryption or its terminology, we recommend that you read About data encryption before proceeding with this guide.

AWS cryptography services

AWS cryptography services rely on secure, open-source encryption algorithms. These algorithms are vetted by public standards bodies and by academic research. Some AWS tools and services enforce the use of a specific algorithm. In other services, you can choose between multiple available algorithms and key lengths, or you can use the recommended defaults.

This section describes some of the algorithms that AWS tools and services support. They fall into two categories, symmetric and asymmetric, based on how their keys function:

Symmetric encryption uses the same key to encrypt and decrypt the data. AWS services support Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES or TDES), which are two widely used symmetric algorithms.
Asymmetric encryption uses a pair of keys, a public key for encryption and a private key for decryption. You can share the public key because it isn't used for decryption, but access to the private key should be highly restricted. AWS services typically support RSA and elliptic-curve cryptography (ECC) asymmetric algorithms.

AWS cryptographic services comply with a wide range of cryptographic security standards, so you can comply with governmental or professional regulations. For a full list of the data security standards that AWS services comply with, see AWS compliance programs.

Cryptographic algorithms

Cryptography is an essential part of security for AWS. AWS services support encryption for data in transit, at rest, or in memory. Many also support encryption with customer managed keys that are inaccessible to AWS. You can learn more about the AWS commitment to innovation and investing in additional controls for sovereignty and encryption features in the AWS digital sovereignty pledge (AWS blog post).

AWS is committed to using the most secure available cryptographic algorithms to meet your security and performance requirements. AWS defaults to high-assurance algorithms and implementations and prefer hardware-optimized solutions that are faster, improve security, and are more energy efficient. See the AWS Crypto Library for optimized, high-assurance and formally verified, constant-time cryptographic algorithms. AWS follows the shared responsibility model and offers cryptography options to meet your individual security, compliance, and performance requirements, while still meeting industry-accepted security levels. For example, Elastic Load Balancing offers Application Load Balancers that provide various security policies for the Transport Layer Security (TLS) protocol.

AWS services use trusted cryptographic algorithms that meet industry standards and foster interoperability. These standards are widely accepted by governments, industry, and academia. It takes considerable analysis by the global community for an algorithm to become widely accepted. It also takes time for it to become widely available within the industry. Lack of analysis and availability introduces challenges to interoperability, complexity, and risks for deployments. AWS continues to deploy new cryptographic options to meet a high bar for security and performance.

The following tables summarize the cryptographic algorithms, ciphers, modes, and key sizes that AWS deploys across its services to protect your data. They should not be considered to be an exhaustive list of all cryptography options available in AWS. The algorithms fall into two categories:

Preferred are the algorithms that meet the AWS security and performance standards.
Acceptable algorithms can be used for compatibility in some applications but are not preferred.

Asymmetric encryption	Status
RSA-OAEP with 2048 or 3072-bit modulus	Acceptable
HPKE with P-256 or P-384, HKDF and AES-GCM	Acceptable

Asymmetric key agreement	Status
ECDH(E) with P-384	Preferred
ECDH(E) with P-256, P-521, or X25519	Acceptable
ECDH(E) with brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1	Acceptable
ML-KEM-768 combined with ECDH(E) (in PQ-hybrid key exchanges)	Preferred (for quantum-resistance)

Block ciphers and modes	Status
AES-GCM-256	Preferred
AES-XTS-256	Acceptable
AES-GCM-128	Acceptable
ChaCha20/Poly1305	Acceptable
CBC / CTR / CCM modes (with AES-128 or AES-256)	Acceptable

Hashing	Status
SHA2-384	Preferred
SHA2-256	Acceptable
SHA3	Acceptable

Key derivation	Status
HKDF_Expand or HKDF with SHA2-256	Preferred
Counter Mode KDF with HMAC-SHA2-256	Acceptable

Key wrapping	Status
AES-GCM-256	Preferred
AES-KW or AES-KWP with 256-bit keys	Acceptable

Message Authentication Code (MAC)	Status
HMAC-SHA2-384	Preferred
HMAC-SHA2-256	Acceptable
KMAC	Acceptable

Password hashing	Status
scrypt with SHA384	Preferred
PBKDF2	Acceptable

Signatures	Status
ECDSA with P-384	Preferred
ECDSA with P-256, P-521, or Ed25519	Acceptable
RSA-2048 or RSA-3072	Acceptable
SLH-DSA	Preferred (for quantum-resistant software/firmware signing)

AWS closely tracks cryptographic developments, security issues, and research results. As deprecated algorithms and security issues are discovered, they are addressed. For more information, see the AWS Security Blog. AWS remains committed to identifying compatibility issues with clients that use legacy security algorithms and to helping customers migrate to more secure options. AWS also remains involved in new cryptographic areas, which includes post-quantum cryptography and cryptographic computing.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Introduction

General encryption best practices