All Products
Document Center


Last Updated: Jan 08, 2021

This topic introduces the features of HSM instances provided by Data Encryption Service.

Currently Data Encryption Service only provides general purpose HSMs.

General purpose HSM

The following table describes the encryption algorithms that are supported by general purpose HSMs.

Algorithm type


Symmetric algorithm

DES, 3DES, AES(128, 192, 256), etc.

Asymmetric algorithm

RSA(1024~4096), ECC, etc.

Digest algorithm

SHA1, SHA256, SHA384, SHA512,etc.

General purpose HSMs also support the following specifications:

  • PKCS#11 interface specification

The following performance references are provided for an HSM instance of the default specification.

  • Random number generation (CSPRNG): 20 Mbit/s

  • RSA 2048-bit sign/verify: 1,100 operations/s

  • EC P256: 315 point mul/s

  • AES-256: 300 Mbit/s full-duplex bulk encryption

  • 2048-bit RSA key generation: about 0.5 operations/s