Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support

Security Blog

This article announces that AWS Key Management Service (AWS KMS) now supports Elliptic Curve Diffie-Hellman (ECDH) key agreement on elliptic curve (ECC) KMS keys. It explains how this new DeriveSharedSecret API action allows two parties to establish a secure communication channel by exchanging only public keys to obtain a derived shared secret.

Specifically, the article covers:

Overview of the new DeriveSharedSecret API action
Example use case demonstrating how Alice and Bob can derive a shared secret using AWS KMS and OpenSSL
Step-by-step walkthrough of the key exchange and secret derivation process between Alice and Bob
Generating encryption keys from the shared secret using a suitable key derivation function
Recommendations for using the AWS Encryption SDK for secure encryption with derived keys

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Jun 17
2024

AWS KMS now supports Elliptic Curve Diffie-Hellman (ECDH) key agreement

Apr 1
2025

AWS Payment Cryptography launches support for exchanging cryptographic keys using ECDH

Nov 7
2025

AWS KMS now supports Edwards-curve Digital Signature Algorithm (EdDSA)

Jun 13
2025

AWS KMS adds support for post-quantum ML-DSA digital signatures

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support

Related articles