This topic introduces the features of HSM instances provided by Data Encryption Service.
Currently Data Encryption Service only provides general purpose HSMs.
General purpose HSM
The following table describes the encryption algorithms that are supported by general purpose HSMs.
DES, 3DES, AES(128, 192, 256), etc.
RSA(1024~4096), ECC, etc.
SHA1, SHA256, SHA384, SHA512,etc.
General purpose HSMs also support the following specifications:
PKCS#11 interface specification
The following performance references are provided for an HSM instance of the default specification.
Random number generation (CSPRNG): 20 Mbit/s
RSA 2048-bit sign/verify: 1,100 operations/s
EC P256: 315 point mul/s
AES-256: 300 Mbit/s full-duplex bulk encryption
2048-bit RSA key generation: about 0.5 operations/s