Posted On: Nov 25, 2019

AWS Key Management Service (KMS) now enables you to create and use asymmetric customer master keys (CMKs) and data key pairs. With this feature, you can perform digital signing operations using RSA and Elliptic Curve (ECC) keys. You can also perform public key encryption operations using RSA keys. The public portion of the key pairs can be used outside of the service. You can share public keys with your customers and partners so they can encrypt data or verify signatures without making a request to AWS KMS. As with all other AWS KMS APIs, asymmetric key usage is logged in AWS CloudTrail to help meet your regulatory and compliance needs.

Asymmetric keys are supported in the following AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), and EU (Ireland) with additional regions planned for later. To learn more about this new feature, visit the AWS KMS documentation.