Cryptographic module overview
-
- UpdatedFeb 1, 2024
- 1 minute read
- Washington DC
- Now Platform Security
Cryptographic modules are the centerpiece of Key Management Framework (KMF). They define the specific cryptographic mechanisms used for cryptographic operations for a given use case.
A cryptographic module applies the cryptographic mechanism of your choice to a use case that you define. For example, if you wanted to secure the data in your HR application with an AES-CBC with a 256-bit symmetric key, you can create a module for that purpose.
Cryptographic modules also support key life-cycle management. You can create and rotate your cryptographic keys, and define your encryption method. Cryptographic modules are composed of the following components:
- Cryptographic specification
- Defines aspects of your module, including its cryptographic purpose and which algorithms to use.
- Cryptographic keys
- The key your module uses to encode or decode cryptographic data. This can be a key generated by your instance, or a customer-supplied key you create and upload.
- Module access policies
- Module access policies are the access control mechanisms that place limits on whether data can be encrypted or decrypted.
- Module policy exceptions
- A control mechanism to define exceptions to a module access policy.
The following screen shows these high-level components in a cryptographic module:

For details on creating cryptographic modules, see Create a cryptographic module.