Encryption SDK is a client-side encryption library. It is used with Key Management Service (KMS) to allow you to encrypt and decrypt data, as well as generate and verify signatures.


  • Encryption SDK is integrated with KMS to manage and protect keys. This meets security and compliance requirements.
  • Encryption SDK provides simple cryptographic operations. For example, Encryption SDK allows you to use a unique key in each session to encrypt messages. You can also use Encryption SDK to generate and verify signatures.
  • Encryption SDK adopts an extensible design pattern that supports custom cryptographic operations. For example, you can customize Encryption SDK to use the same data key in multiple sessions.


  • Encryption SDK encapsulates best practices to simplify coding.

    Encryption SDK creates a unique data key for each piece of data that you want to encrypt. This way, each encryption session uses a unique data key. This follows best practices for cryptography design.

  • Encryption SDK has high business compatibility.

    Encryption SDK supports various encryption algorithms, working modes, and padding methods to meet different business and migration requirements.

  • Encryption SDK supports cross-region data encryption and decryption.

    Encryption SDK allows you to configure different customer master keys (CMKs) in different regions. You can encrypt data by using a single line of code and decrypt the data in different regions. This ensures cross-region data availability and disaster recovery.

Quick start

For more information about the quick start of Encryption SDK for different programming languages, see the following topics: