Posted On: Jun 23, 2024
The Elliptic Curve Diffie-Hellman (ECDH) key agreement enables two parties to establish a shared secret over a public channel. With this new feature, you can take another party’s public key and your own elliptic-curve KMS key that’s inside Amazon Key Management Service (KMS) to derive a shared secret within the government-approved hardware security modules (HSMs). This shared secret can then be used to derive a symmetric key to encrypt and decrypt data between the two parties using a symmetric encryption algorithm within your application.
This new feature is available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and in Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more about this new capability, see Amazon KMS API Reference.