AWS Key Management Service expands support for asymmetric keys

Posted on: Jan 21, 2020

AWS Key Management Service (KMS) now enables customers to create asymmetric customer master keys (CMKs) and generate data key pairs in all regions where AWS KMS is available, except in the AWS China (Beijing) Region, operated by Sinnet and the AWS China (Ningxia) Region, operated by NWCD.  

With this feature, AWS customers and 3rd parties can perform unauthenticated encryption outside of AWS KMS using an RSA public key, but enforce authenticated decryption within AWS KMS using the corresponding private key. Similarly, customers can use ECC or RSA private keys to generate digital signatures and 3rd parties can perform verification outside AWS KMS using the public keys.  

To learn more about this new feature, visit our documentation.