aws-sdk-paymentcryptography 1.10.0 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -22,6 +22,7 @@ require 'aws-sdk-core/plugins/endpoint_pattern.rb'
22
22
  require 'aws-sdk-core/plugins/response_paging.rb'
23
23
  require 'aws-sdk-core/plugins/stub_responses.rb'
24
24
  require 'aws-sdk-core/plugins/idempotency_token.rb'
25
+ require 'aws-sdk-core/plugins/invocation_id.rb'
25
26
  require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
26
27
  require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
28
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
@@ -72,6 +73,7 @@ module Aws::PaymentCryptography
72
73
  add_plugin(Aws::Plugins::ResponsePaging)
73
74
  add_plugin(Aws::Plugins::StubResponses)
74
75
  add_plugin(Aws::Plugins::IdempotencyToken)
76
+ add_plugin(Aws::Plugins::InvocationId)
75
77
  add_plugin(Aws::Plugins::JsonvalueConverter)
76
78
  add_plugin(Aws::Plugins::ClientMetricsPlugin)
77
79
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
@@ -196,10 +198,17 @@ module Aws::PaymentCryptography
196
198
  # When set to 'true' the request body will not be compressed
197
199
  # for supported operations.
198
200
  #
199
- # @option options [String] :endpoint
200
- # The client endpoint is normally constructed from the `:region`
201
- # option. You should only configure an `:endpoint` when connecting
202
- # to test or custom endpoints. This should be a valid HTTP(S) URI.
201
+ # @option options [String, URI::HTTPS, URI::HTTP] :endpoint
202
+ # Normally you should not configure the `:endpoint` option
203
+ # directly. This is normally constructed from the `:region`
204
+ # option. Configuring `:endpoint` is normally reserved for
205
+ # connecting to test or custom endpoints. The endpoint should
206
+ # be a URI formatted like:
207
+ #
208
+ # 'http://example.com'
209
+ # 'https://example.com'
210
+ # 'http://example.com:123'
211
+ #
203
212
  #
204
213
  # @option options [Integer] :endpoint_cache_max_entries (1000)
205
214
  # Used for the maximum size limit of the LRU cache storing endpoints data
@@ -347,50 +356,65 @@ module Aws::PaymentCryptography
347
356
  # @option options [Aws::PaymentCryptography::EndpointProvider] :endpoint_provider
348
357
  # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::PaymentCryptography::EndpointParameters`
349
358
  #
350
- # @option options [URI::HTTP,String] :http_proxy A proxy to send
351
- # requests through. Formatted like 'http://proxy.com:123'.
352
- #
353
- # @option options [Float] :http_open_timeout (15) The number of
354
- # seconds to wait when opening a HTTP session before raising a
355
- # `Timeout::Error`.
356
- #
357
- # @option options [Float] :http_read_timeout (60) The default
358
- # number of seconds to wait for response data. This value can
359
- # safely be set per-request on the session.
360
- #
361
- # @option options [Float] :http_idle_timeout (5) The number of
362
- # seconds a connection is allowed to sit idle before it is
363
- # considered stale. Stale connections are closed and removed
364
- # from the pool before making a request.
365
- #
366
- # @option options [Float] :http_continue_timeout (1) The number of
367
- # seconds to wait for a 100-continue response before sending the
368
- # request body. This option has no effect unless the request has
369
- # "Expect" header set to "100-continue". Defaults to `nil` which
370
- # disables this behaviour. This value can safely be set per
371
- # request on the session.
372
- #
373
- # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
374
- # in seconds.
375
- #
376
- # @option options [Boolean] :http_wire_trace (false) When `true`,
377
- # HTTP debug output will be sent to the `:logger`.
359
+ # @option options [Float] :http_continue_timeout (1)
360
+ # The number of seconds to wait for a 100-continue response before sending the
361
+ # request body. This option has no effect unless the request has "Expect"
362
+ # header set to "100-continue". Defaults to `nil` which disables this
363
+ # behaviour. This value can safely be set per request on the session.
364
+ #
365
+ # @option options [Float] :http_idle_timeout (5)
366
+ # The number of seconds a connection is allowed to sit idle before it
367
+ # is considered stale. Stale connections are closed and removed from the
368
+ # pool before making a request.
369
+ #
370
+ # @option options [Float] :http_open_timeout (15)
371
+ # The default number of seconds to wait for response data.
372
+ # This value can safely be set per-request on the session.
373
+ #
374
+ # @option options [URI::HTTP,String] :http_proxy
375
+ # A proxy to send requests through. Formatted like 'http://proxy.com:123'.
376
+ #
377
+ # @option options [Float] :http_read_timeout (60)
378
+ # The default number of seconds to wait for response data.
379
+ # This value can safely be set per-request on the session.
380
+ #
381
+ # @option options [Boolean] :http_wire_trace (false)
382
+ # When `true`, HTTP debug output will be sent to the `:logger`.
383
+ #
384
+ # @option options [Proc] :on_chunk_received
385
+ # When a Proc object is provided, it will be used as callback when each chunk
386
+ # of the response body is received. It provides three arguments: the chunk,
387
+ # the number of bytes received, and the total number of
388
+ # bytes in the response (or nil if the server did not send a `content-length`).
389
+ #
390
+ # @option options [Proc] :on_chunk_sent
391
+ # When a Proc object is provided, it will be used as callback when each chunk
392
+ # of the request body is sent. It provides three arguments: the chunk,
393
+ # the number of bytes read from the body, and the total number of
394
+ # bytes in the body.
395
+ #
396
+ # @option options [Boolean] :raise_response_errors (true)
397
+ # When `true`, response errors are raised.
398
+ #
399
+ # @option options [String] :ssl_ca_bundle
400
+ # Full path to the SSL certificate authority bundle file that should be used when
401
+ # verifying peer certificates. If you do not pass `:ssl_ca_bundle` or
402
+ # `:ssl_ca_directory` the the system default will be used if available.
403
+ #
404
+ # @option options [String] :ssl_ca_directory
405
+ # Full path of the directory that contains the unbundled SSL certificate
406
+ # authority files for verifying peer certificates. If you do
407
+ # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the system
408
+ # default will be used if available.
378
409
  #
379
- # @option options [Boolean] :ssl_verify_peer (true) When `true`,
380
- # SSL peer certificates are verified when establishing a
381
- # connection.
410
+ # @option options [String] :ssl_ca_store
411
+ # Sets the X509::Store to verify peer certificate.
382
412
  #
383
- # @option options [String] :ssl_ca_bundle Full path to the SSL
384
- # certificate authority bundle file that should be used when
385
- # verifying peer certificates. If you do not pass
386
- # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
387
- # will be used if available.
413
+ # @option options [Float] :ssl_timeout
414
+ # Sets the SSL timeout in seconds
388
415
  #
389
- # @option options [String] :ssl_ca_directory Full path of the
390
- # directory that contains the unbundled SSL certificate
391
- # authority files for verifying peer certificates. If you do
392
- # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
393
- # system default will be used if available.
416
+ # @option options [Boolean] :ssl_verify_peer (true)
417
+ # When `true`, SSL peer certificates are verified when establishing a connection.
394
418
  #
395
419
  def initialize(*args)
396
420
  super
@@ -410,28 +434,32 @@ module Aws::PaymentCryptography
410
434
  # Services Region, but you can create another alias with the same name
411
435
  # in a different Amazon Web Services Region.
412
436
  #
413
- # To change the key that's associated with the alias, call UpdateAlias.
414
- # To delete the alias, call DeleteAlias. These operations don't affect
415
- # the underlying key. To get the alias that you created, call
416
- # ListAliases.
437
+ # To change the key that's associated with the alias, call
438
+ # [UpdateAlias][3]. To delete the alias, call [DeleteAlias][4]. These
439
+ # operations don't affect the underlying key. To get the alias that you
440
+ # created, call [ListAliases][5].
417
441
  #
418
442
  # **Cross-account use**: This operation can't be used across different
419
443
  # Amazon Web Services accounts.
420
444
  #
421
445
  # **Related operations:**
422
446
  #
423
- # * DeleteAlias
447
+ # * [DeleteAlias][4]
424
448
  #
425
- # * GetAlias
449
+ # * [GetAlias][6]
426
450
  #
427
- # * ListAliases
451
+ # * [ListAliases][5]
428
452
  #
429
- # * UpdateAlias
453
+ # * [UpdateAlias][3]
430
454
  #
431
455
  #
432
456
  #
433
457
  # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_EncryptData.html
434
458
  # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_DecryptData.html
459
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UpdateAlias.html
460
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteAlias.html
461
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListAliases.html
462
+ # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetAlias.html
435
463
  #
436
464
  # @option params [required, String] :alias_name
437
465
  # A friendly name that you can use to refer to a key. An alias must
@@ -503,23 +531,18 @@ module Aws::PaymentCryptography
503
531
  #
504
532
  # **Related operations:**
505
533
  #
506
- # * DeleteKey
534
+ # * [DeleteKey][2]
507
535
  #
508
- # * GetKey
536
+ # * [GetKey][3]
509
537
  #
510
- # * ListKeys
538
+ # * [ListKeys][4]
511
539
  #
512
540
  #
513
541
  #
514
542
  # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
515
- #
516
- # @option params [Boolean] :enabled
517
- # Specifies whether to enable the key. If the key is enabled, it is
518
- # activated for use within the service. If the key is not enabled, then
519
- # it is created but not activated. The default value is enabled.
520
- #
521
- # @option params [required, Boolean] :exportable
522
- # Specifies whether the key is exportable from the service.
543
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html
544
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetKey.html
545
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListKeys.html
523
546
  #
524
547
  # @option params [required, Types::KeyAttributes] :key_attributes
525
548
  # The role of the key, the algorithm it supports, and the cryptographic
@@ -537,11 +560,19 @@ module Aws::PaymentCryptography
537
560
  # using a CMAC algorithm where the input data is 16 bytes of zero and
538
561
  # retaining the 3 highest order bytes of the encrypted result.
539
562
  #
563
+ # @option params [required, Boolean] :exportable
564
+ # Specifies whether the key is exportable from the service.
565
+ #
566
+ # @option params [Boolean] :enabled
567
+ # Specifies whether to enable the key. If the key is enabled, it is
568
+ # activated for use within the service. If the key is not enabled, then
569
+ # it is created but not activated. The default value is enabled.
570
+ #
540
571
  # @option params [Array<Types::Tag>] :tags
541
572
  # Assigns one or more tags to the Amazon Web Services Payment
542
573
  # Cryptography key. Use this parameter to tag a key when it is created.
543
574
  # To tag an existing Amazon Web Services Payment Cryptography key, use
544
- # the TagResource operation.
575
+ # the [TagResource][1] operation.
545
576
  #
546
577
  # Each tag consists of a tag key and a tag value. Both the tag key and
547
578
  # the tag value are required, but the tag value can be an empty (null)
@@ -557,6 +588,10 @@ module Aws::PaymentCryptography
557
588
  #
558
589
  # </note>
559
590
  #
591
+ #
592
+ #
593
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html
594
+ #
560
595
  # @return [Types::CreateKeyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
561
596
  #
562
597
  # * {Types::CreateKeyOutput#key #key} => Types::Key
@@ -564,25 +599,25 @@ module Aws::PaymentCryptography
564
599
  # @example Request syntax with placeholder values
565
600
  #
566
601
  # resp = client.create_key({
567
- # enabled: false,
568
- # exportable: false, # required
569
602
  # key_attributes: { # required
570
- # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
603
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
571
604
  # key_class: "SYMMETRIC_KEY", # required, accepts SYMMETRIC_KEY, ASYMMETRIC_KEY_PAIR, PRIVATE_KEY, PUBLIC_KEY
605
+ # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
572
606
  # key_modes_of_use: { # required
573
- # decrypt: false,
574
- # derive_key: false,
575
607
  # encrypt: false,
608
+ # decrypt: false,
609
+ # wrap: false,
610
+ # unwrap: false,
576
611
  # generate: false,
577
- # no_restrictions: false,
578
612
  # sign: false,
579
- # unwrap: false,
580
613
  # verify: false,
581
- # wrap: false,
614
+ # derive_key: false,
615
+ # no_restrictions: false,
582
616
  # },
583
- # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
584
617
  # },
585
618
  # key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
619
+ # exportable: false, # required
620
+ # enabled: false,
586
621
  # tags: [
587
622
  # {
588
623
  # key: "TagKey", # required
@@ -593,30 +628,30 @@ module Aws::PaymentCryptography
593
628
  #
594
629
  # @example Response structure
595
630
  #
596
- # resp.key.create_timestamp #=> Time
597
- # resp.key.delete_pending_timestamp #=> Time
598
- # resp.key.delete_timestamp #=> Time
599
- # resp.key.enabled #=> Boolean
600
- # resp.key.exportable #=> Boolean
601
631
  # resp.key.key_arn #=> String
602
- # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
632
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
603
633
  # resp.key.key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
604
- # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
605
- # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
634
+ # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
606
635
  # resp.key.key_attributes.key_modes_of_use.encrypt #=> Boolean
636
+ # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
637
+ # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
638
+ # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
607
639
  # resp.key.key_attributes.key_modes_of_use.generate #=> Boolean
608
- # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
609
640
  # resp.key.key_attributes.key_modes_of_use.sign #=> Boolean
610
- # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
611
641
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
612
- # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
613
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
642
+ # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
643
+ # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
614
644
  # resp.key.key_check_value #=> String
615
645
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
616
- # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
646
+ # resp.key.enabled #=> Boolean
647
+ # resp.key.exportable #=> Boolean
617
648
  # resp.key.key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
649
+ # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
650
+ # resp.key.create_timestamp #=> Time
618
651
  # resp.key.usage_start_timestamp #=> Time
619
652
  # resp.key.usage_stop_timestamp #=> Time
653
+ # resp.key.delete_pending_timestamp #=> Time
654
+ # resp.key.delete_timestamp #=> Time
620
655
  #
621
656
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/CreateKey AWS API Documentation
622
657
  #
@@ -630,23 +665,31 @@ module Aws::PaymentCryptography
630
665
  # Deletes the alias, but doesn't affect the underlying key.
631
666
  #
632
667
  # Each key can have multiple aliases. To get the aliases of all keys,
633
- # use the ListAliases operation. To change the alias of a key, first use
634
- # DeleteAlias to delete the current alias and then use CreateAlias to
635
- # create a new alias. To associate an existing alias with a different
636
- # key, call UpdateAlias.
668
+ # use the [UpdateAlias][1] operation. To change the alias of a key,
669
+ # first use [DeleteAlias][2] to delete the current alias and then use
670
+ # [CreateAlias][3] to create a new alias. To associate an existing alias
671
+ # with a different key, call [UpdateAlias][1].
637
672
  #
638
673
  # **Cross-account use:** This operation can't be used across different
639
674
  # Amazon Web Services accounts.
640
675
  #
641
676
  # **Related operations:**
642
677
  #
643
- # * CreateAlias
678
+ # * [CreateAlias][3]
679
+ #
680
+ # * [GetAlias][4]
681
+ #
682
+ # * [ListAliases][5]
644
683
  #
645
- # * GetAlias
684
+ # * [UpdateAlias][1]
646
685
  #
647
- # * ListAliases
648
686
  #
649
- # * UpdateAlias
687
+ #
688
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UpdateAlias.html
689
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteAlias.html
690
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateAlias.html
691
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetAlias.html
692
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListAliases.html
650
693
  #
651
694
  # @option params [required, String] :alias_name
652
695
  # A friendly name that you can use to refer Amazon Web Services Payment
@@ -689,25 +732,31 @@ module Aws::PaymentCryptography
689
732
  # You should delete a key only when you are sure that you don't need to
690
733
  # use it anymore and no other parties are utilizing this key. If you
691
734
  # aren't sure, consider deactivating it instead by calling
692
- # StopKeyUsage.
735
+ # [StopKeyUsage][1].
693
736
  #
694
737
  # **Cross-account use:** This operation can't be used across different
695
738
  # Amazon Web Services accounts.
696
739
  #
697
740
  # **Related operations:**
698
741
  #
699
- # * RestoreKey
742
+ # * [RestoreKey][2]
700
743
  #
701
- # * StartKeyUsage
744
+ # * [StartKeyUsage][3]
745
+ #
746
+ # * [StopKeyUsage][1]
702
747
  #
703
- # * StopKeyUsage
704
748
  #
705
- # @option params [Integer] :delete_key_in_days
706
- # The waiting period for key deletion. The default value is seven days.
749
+ #
750
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StopKeyUsage.html
751
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_RestoreKey.html
752
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StartKeyUsage.html
707
753
  #
708
754
  # @option params [required, String] :key_identifier
709
755
  # The `KeyARN` of the key that is scheduled for deletion.
710
756
  #
757
+ # @option params [Integer] :delete_key_in_days
758
+ # The waiting period for key deletion. The default value is seven days.
759
+ #
711
760
  # @return [Types::DeleteKeyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
712
761
  #
713
762
  # * {Types::DeleteKeyOutput#key #key} => Types::Key
@@ -715,36 +764,36 @@ module Aws::PaymentCryptography
715
764
  # @example Request syntax with placeholder values
716
765
  #
717
766
  # resp = client.delete_key({
718
- # delete_key_in_days: 1,
719
767
  # key_identifier: "KeyArnOrKeyAliasType", # required
768
+ # delete_key_in_days: 1,
720
769
  # })
721
770
  #
722
771
  # @example Response structure
723
772
  #
724
- # resp.key.create_timestamp #=> Time
725
- # resp.key.delete_pending_timestamp #=> Time
726
- # resp.key.delete_timestamp #=> Time
727
- # resp.key.enabled #=> Boolean
728
- # resp.key.exportable #=> Boolean
729
773
  # resp.key.key_arn #=> String
730
- # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
774
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
731
775
  # resp.key.key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
732
- # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
733
- # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
776
+ # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
734
777
  # resp.key.key_attributes.key_modes_of_use.encrypt #=> Boolean
778
+ # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
779
+ # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
780
+ # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
735
781
  # resp.key.key_attributes.key_modes_of_use.generate #=> Boolean
736
- # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
737
782
  # resp.key.key_attributes.key_modes_of_use.sign #=> Boolean
738
- # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
739
783
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
740
- # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
741
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
784
+ # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
785
+ # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
742
786
  # resp.key.key_check_value #=> String
743
787
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
744
- # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
788
+ # resp.key.enabled #=> Boolean
789
+ # resp.key.exportable #=> Boolean
745
790
  # resp.key.key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
791
+ # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
792
+ # resp.key.create_timestamp #=> Time
746
793
  # resp.key.usage_start_timestamp #=> Time
747
794
  # resp.key.usage_stop_timestamp #=> Time
795
+ # resp.key.delete_pending_timestamp #=> Time
796
+ # resp.key.delete_timestamp #=> Time
748
797
  #
749
798
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/DeleteKey AWS API Documentation
750
799
  #
@@ -791,6 +840,25 @@ module Aws::PaymentCryptography
791
840
  # within Amazon Web Services Payment Cryptography and has to be
792
841
  # re-generated each time during export.
793
842
  #
843
+ # For key exchange using TR-31 or TR-34 key blocks, you can also export
844
+ # optional blocks within the key block header which contain additional
845
+ # attribute information about the key. The `KeyVersion` within
846
+ # `KeyBlockHeaders` indicates the version of the key within the key
847
+ # block. Furthermore, `KeyExportability` within `KeyBlockHeaders` can be
848
+ # used to further restrict exportability of the key after export from
849
+ # Amazon Web Services Payment Cryptography.
850
+ #
851
+ # The `OptionalBlocks` contain the additional data related to the key.
852
+ # For information on data type that can be included within optional
853
+ # blocks, refer to [ASC X9.143-2022][1].
854
+ #
855
+ # <note markdown="1"> Data included in key block headers is signed but transmitted in clear
856
+ # text. Sensitive or confidential information should not be included in
857
+ # optional blocks. Refer to ASC X9.143-2022 standard for information on
858
+ # allowed data type.
859
+ #
860
+ # </note>
861
+ #
794
862
  # **To export initial keys (KEK) or IPEK using TR-34**
795
863
  #
796
864
  # Using this operation, you can export initial key using TR-34
@@ -803,26 +871,26 @@ module Aws::PaymentCryptography
803
871
  # the key.
804
872
  #
805
873
  # To initiate TR-34 key export, the KRD must obtain an export token by
806
- # calling GetParametersForExport. This operation also generates a key
807
- # pair for the purpose of key export, signs the key and returns back the
808
- # signing public key certificate (also known as KDH signing certificate)
809
- # and root certificate chain. The KDH uses the private key to sign the
810
- # the export payload and the signing public key certificate is provided
811
- # to KRD to verify the signature. The KRD can import the root
812
- # certificate into its Hardware Security Module (HSM), as required. The
813
- # export token and the associated KDH signing certificate expires after
814
- # 7 days.
874
+ # calling [GetParametersForExport][2]. This operation also generates a
875
+ # key pair for the purpose of key export, signs the key and returns back
876
+ # the signing public key certificate (also known as KDH signing
877
+ # certificate) and root certificate chain. The KDH uses the private key
878
+ # to sign the the export payload and the signing public key certificate
879
+ # is provided to KRD to verify the signature. The KRD can import the
880
+ # root certificate into its Hardware Security Module (HSM), as required.
881
+ # The export token and the associated KDH signing certificate expires
882
+ # after 7 days.
815
883
  #
816
884
  # Next the KRD generates a key pair for the the purpose of encrypting
817
885
  # the KDH key and provides the public key cerificate (also known as KRD
818
886
  # wrapping certificate) back to KDH. The KRD will also import the root
819
887
  # cerificate chain into Amazon Web Services Payment Cryptography by
820
- # calling ImportKey for `RootCertificatePublicKey`. The KDH, Amazon Web
821
- # Services Payment Cryptography, will use the KRD wrapping cerificate to
822
- # encrypt (wrap) the key under export and signs it with signing private
823
- # key to generate a TR-34 WrappedKeyBlock. For more information on TR-34
824
- # key export, see section [Exporting symmetric keys][1] in the *Amazon
825
- # Web Services Payment Cryptography User Guide*.
888
+ # calling [ImportKey][3] for `RootCertificatePublicKey`. The KDH, Amazon
889
+ # Web Services Payment Cryptography, will use the KRD wrapping
890
+ # cerificate to encrypt (wrap) the key under export and signs it with
891
+ # signing private key to generate a TR-34 WrappedKeyBlock. For more
892
+ # information on TR-34 key export, see section [Exporting symmetric
893
+ # keys][4] in the *Amazon Web Services Payment Cryptography User Guide*.
826
894
  #
827
895
  # Set the following parameters:
828
896
  #
@@ -837,7 +905,8 @@ module Aws::PaymentCryptography
837
905
  # * `CertificateAuthorityPublicKeyIdentifier`: The `KeyARN` of the
838
906
  # certificate chain that signed the KRD wrapping key certificate.
839
907
  #
840
- # * `ExportToken`: Obtained from KDH by calling GetParametersForImport.
908
+ # * `ExportToken`: Obtained from KDH by calling
909
+ # [GetParametersForImport][5].
841
910
  #
842
911
  # * `WrappingKeyCertificate`: The public key certificate in PEM format
843
912
  # (base64 encoded) of the KRD wrapping key Amazon Web Services Payment
@@ -856,7 +925,7 @@ module Aws::PaymentCryptography
856
925
  # asymmetric key pair on the receiving HSM and obtain the public key
857
926
  # certificate in PEM format (base64 encoded) for the purpose of wrapping
858
927
  # and the root certifiate chain. Import the root certificate into Amazon
859
- # Web Services Payment Cryptography by calling ImportKey for
928
+ # Web Services Payment Cryptography by calling [ImportKey][3] for
860
929
  # `RootCertificatePublicKey`.
861
930
  #
862
931
  # Next call `ExportKey` and set the following parameters:
@@ -880,7 +949,7 @@ module Aws::PaymentCryptography
880
949
  # Using this operation, you can export working keys or IPEK using TR-31
881
950
  # symmetric key exchange. In TR-31, you must use an initial key such as
882
951
  # KEK to encrypt or wrap the key under export. To establish a KEK, you
883
- # can use CreateKey or ImportKey.
952
+ # can use [CreateKey][6] or [ImportKey][3].
884
953
  #
885
954
  # Set the following parameters:
886
955
  #
@@ -901,24 +970,29 @@ module Aws::PaymentCryptography
901
970
  #
902
971
  # **Related operations:**
903
972
  #
904
- # * GetParametersForExport
973
+ # * [GetParametersForExport][2]
905
974
  #
906
- # * ImportKey
975
+ # * [ImportKey][3]
907
976
  #
908
977
  #
909
978
  #
910
- # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-export.html
979
+ # [1]: https://webstore.ansi.org/standards/ascx9/ansix91432022
980
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForExport.html
981
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
982
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-export.html
983
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForImport.html
984
+ # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
911
985
  #
912
- # @option params [Types::ExportAttributes] :export_attributes
913
- # The attributes for IPEK generation during export.
986
+ # @option params [required, Types::ExportKeyMaterial] :key_material
987
+ # The key block format type, for example, TR-34 or TR-31, to use during
988
+ # key material export.
914
989
  #
915
990
  # @option params [required, String] :export_key_identifier
916
991
  # The `KeyARN` of the key under export from Amazon Web Services Payment
917
992
  # Cryptography.
918
993
  #
919
- # @option params [required, Types::ExportKeyMaterial] :key_material
920
- # The key block format type, for example, TR-34 or TR-31, to use during
921
- # key material export.
994
+ # @option params [Types::ExportAttributes] :export_attributes
995
+ # The attributes for IPEK generation during export.
922
996
  #
923
997
  # @return [Types::ExportKeyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
924
998
  #
@@ -927,39 +1001,75 @@ module Aws::PaymentCryptography
927
1001
  # @example Request syntax with placeholder values
928
1002
  #
929
1003
  # resp = client.export_key({
930
- # export_attributes: {
931
- # export_dukpt_initial_key: {
932
- # key_serial_number: "HexLength20Or24", # required
933
- # },
934
- # key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
935
- # },
936
- # export_key_identifier: "KeyArnOrKeyAliasType", # required
937
1004
  # key_material: { # required
938
- # key_cryptogram: {
939
- # certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
940
- # wrapping_key_certificate: "CertificateType", # required
941
- # wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
942
- # },
943
1005
  # tr_31_key_block: {
944
1006
  # wrapping_key_identifier: "KeyArnOrKeyAliasType", # required
1007
+ # key_block_headers: {
1008
+ # key_modes_of_use: {
1009
+ # encrypt: false,
1010
+ # decrypt: false,
1011
+ # wrap: false,
1012
+ # unwrap: false,
1013
+ # generate: false,
1014
+ # sign: false,
1015
+ # verify: false,
1016
+ # derive_key: false,
1017
+ # no_restrictions: false,
1018
+ # },
1019
+ # key_exportability: "EXPORTABLE", # accepts EXPORTABLE, NON_EXPORTABLE, SENSITIVE
1020
+ # key_version: "KeyVersion",
1021
+ # optional_blocks: {
1022
+ # "OptionalBlockId" => "OptionalBlockValue",
1023
+ # },
1024
+ # },
945
1025
  # },
946
1026
  # tr_34_key_block: {
947
1027
  # certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
1028
+ # wrapping_key_certificate: "CertificateType", # required
948
1029
  # export_token: "ExportTokenId", # required
949
1030
  # key_block_format: "X9_TR34_2012", # required, accepts X9_TR34_2012
950
1031
  # random_nonce: "HexLength16",
1032
+ # key_block_headers: {
1033
+ # key_modes_of_use: {
1034
+ # encrypt: false,
1035
+ # decrypt: false,
1036
+ # wrap: false,
1037
+ # unwrap: false,
1038
+ # generate: false,
1039
+ # sign: false,
1040
+ # verify: false,
1041
+ # derive_key: false,
1042
+ # no_restrictions: false,
1043
+ # },
1044
+ # key_exportability: "EXPORTABLE", # accepts EXPORTABLE, NON_EXPORTABLE, SENSITIVE
1045
+ # key_version: "KeyVersion",
1046
+ # optional_blocks: {
1047
+ # "OptionalBlockId" => "OptionalBlockValue",
1048
+ # },
1049
+ # },
1050
+ # },
1051
+ # key_cryptogram: {
1052
+ # certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
951
1053
  # wrapping_key_certificate: "CertificateType", # required
1054
+ # wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
1055
+ # },
1056
+ # },
1057
+ # export_key_identifier: "KeyArnOrKeyAliasType", # required
1058
+ # export_attributes: {
1059
+ # export_dukpt_initial_key: {
1060
+ # key_serial_number: "HexLength20Or24", # required
952
1061
  # },
1062
+ # key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
953
1063
  # },
954
1064
  # })
955
1065
  #
956
1066
  # @example Response structure
957
1067
  #
1068
+ # resp.wrapped_key.wrapping_key_arn #=> String
1069
+ # resp.wrapped_key.wrapped_key_material_format #=> String, one of "KEY_CRYPTOGRAM", "TR31_KEY_BLOCK", "TR34_KEY_BLOCK"
1070
+ # resp.wrapped_key.key_material #=> String
958
1071
  # resp.wrapped_key.key_check_value #=> String
959
1072
  # resp.wrapped_key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
960
- # resp.wrapped_key.key_material #=> String
961
- # resp.wrapped_key.wrapped_key_material_format #=> String, one of "KEY_CRYPTOGRAM", "TR31_KEY_BLOCK", "TR34_KEY_BLOCK"
962
- # resp.wrapped_key.wrapping_key_arn #=> String
963
1073
  #
964
1074
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKey AWS API Documentation
965
1075
  #
@@ -978,13 +1088,20 @@ module Aws::PaymentCryptography
978
1088
  #
979
1089
  # **Related operations:**
980
1090
  #
981
- # * CreateAlias
1091
+ # * [CreateAlias][1]
1092
+ #
1093
+ # * [DeleteAlias][2]
1094
+ #
1095
+ # * [ListAliases][3]
982
1096
  #
983
- # * DeleteAlias
1097
+ # * [UpdateAlias][4]
984
1098
  #
985
- # * ListAliases
986
1099
  #
987
- # * UpdateAlias
1100
+ #
1101
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateAlias.html
1102
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteAlias.html
1103
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListAliases.html
1104
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UpdateAlias.html
988
1105
  #
989
1106
  # @option params [required, String] :alias_name
990
1107
  # The alias of the Amazon Web Services Payment Cryptography key.
@@ -1022,11 +1139,17 @@ module Aws::PaymentCryptography
1022
1139
  #
1023
1140
  # **Related operations:**
1024
1141
  #
1025
- # * CreateKey
1142
+ # * [CreateKey][1]
1143
+ #
1144
+ # * [DeleteKey][2]
1145
+ #
1146
+ # * [ListKeys][3]
1147
+ #
1026
1148
  #
1027
- # * DeleteKey
1028
1149
  #
1029
- # * ListKeys
1150
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
1151
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html
1152
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListKeys.html
1030
1153
  #
1031
1154
  # @option params [required, String] :key_identifier
1032
1155
  # The `KeyARN` of the Amazon Web Services Payment Cryptography key.
@@ -1043,30 +1166,30 @@ module Aws::PaymentCryptography
1043
1166
  #
1044
1167
  # @example Response structure
1045
1168
  #
1046
- # resp.key.create_timestamp #=> Time
1047
- # resp.key.delete_pending_timestamp #=> Time
1048
- # resp.key.delete_timestamp #=> Time
1049
- # resp.key.enabled #=> Boolean
1050
- # resp.key.exportable #=> Boolean
1051
1169
  # resp.key.key_arn #=> String
1052
- # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1170
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1053
1171
  # resp.key.key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
1054
- # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
1055
- # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
1172
+ # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1056
1173
  # resp.key.key_attributes.key_modes_of_use.encrypt #=> Boolean
1174
+ # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
1175
+ # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1176
+ # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1057
1177
  # resp.key.key_attributes.key_modes_of_use.generate #=> Boolean
1058
- # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1059
1178
  # resp.key.key_attributes.key_modes_of_use.sign #=> Boolean
1060
- # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1061
1179
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1062
- # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1063
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1180
+ # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
1181
+ # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1064
1182
  # resp.key.key_check_value #=> String
1065
1183
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1066
- # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
1184
+ # resp.key.enabled #=> Boolean
1185
+ # resp.key.exportable #=> Boolean
1067
1186
  # resp.key.key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
1187
+ # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
1188
+ # resp.key.create_timestamp #=> Time
1068
1189
  # resp.key.usage_start_timestamp #=> Time
1069
1190
  # resp.key.usage_stop_timestamp #=> Time
1191
+ # resp.key.delete_pending_timestamp #=> Time
1192
+ # resp.key.delete_timestamp #=> Time
1070
1193
  #
1071
1194
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetKey AWS API Documentation
1072
1195
  #
@@ -1082,18 +1205,23 @@ module Aws::PaymentCryptography
1082
1205
  #
1083
1206
  # The signing key certificate signs the wrapped key under export within
1084
1207
  # the TR-34 key payload. The export token and signing key certificate
1085
- # must be in place and operational before calling ExportKey. The export
1086
- # token expires in 7 days. You can use the same export token to export
1087
- # multiple keys from your service account.
1208
+ # must be in place and operational before calling [ExportKey][1]. The
1209
+ # export token expires in 7 days. You can use the same export token to
1210
+ # export multiple keys from your service account.
1088
1211
  #
1089
1212
  # **Cross-account use:** This operation can't be used across different
1090
1213
  # Amazon Web Services accounts.
1091
1214
  #
1092
1215
  # **Related operations:**
1093
1216
  #
1094
- # * ExportKey
1217
+ # * [ExportKey][1]
1218
+ #
1219
+ # * [GetParametersForImport][2]
1220
+ #
1095
1221
  #
1096
- # * GetParametersForImport
1222
+ #
1223
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ExportKey.html
1224
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForImport.html
1097
1225
  #
1098
1226
  # @option params [required, String] :key_material_type
1099
1227
  # The key block format type (for example, TR-34 or TR-31) to use during
@@ -1108,11 +1236,11 @@ module Aws::PaymentCryptography
1108
1236
  #
1109
1237
  # @return [Types::GetParametersForExportOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1110
1238
  #
1111
- # * {Types::GetParametersForExportOutput#export_token #export_token} => String
1112
- # * {Types::GetParametersForExportOutput#parameters_valid_until_timestamp #parameters_valid_until_timestamp} => Time
1113
- # * {Types::GetParametersForExportOutput#signing_key_algorithm #signing_key_algorithm} => String
1114
1239
  # * {Types::GetParametersForExportOutput#signing_key_certificate #signing_key_certificate} => String
1115
1240
  # * {Types::GetParametersForExportOutput#signing_key_certificate_chain #signing_key_certificate_chain} => String
1241
+ # * {Types::GetParametersForExportOutput#signing_key_algorithm #signing_key_algorithm} => String
1242
+ # * {Types::GetParametersForExportOutput#export_token #export_token} => String
1243
+ # * {Types::GetParametersForExportOutput#parameters_valid_until_timestamp #parameters_valid_until_timestamp} => Time
1116
1244
  #
1117
1245
  # @example Request syntax with placeholder values
1118
1246
  #
@@ -1123,11 +1251,11 @@ module Aws::PaymentCryptography
1123
1251
  #
1124
1252
  # @example Response structure
1125
1253
  #
1126
- # resp.export_token #=> String
1127
- # resp.parameters_valid_until_timestamp #=> Time
1128
- # resp.signing_key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1129
1254
  # resp.signing_key_certificate #=> String
1130
1255
  # resp.signing_key_certificate_chain #=> String
1256
+ # resp.signing_key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1257
+ # resp.export_token #=> String
1258
+ # resp.parameters_valid_until_timestamp #=> Time
1131
1259
  #
1132
1260
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExport AWS API Documentation
1133
1261
  #
@@ -1145,18 +1273,23 @@ module Aws::PaymentCryptography
1145
1273
  #
1146
1274
  # The wrapping key certificate wraps the key under import. The import
1147
1275
  # token and wrapping key certificate must be in place and operational
1148
- # before calling ImportKey. The import token expires in 7 days. You can
1149
- # use the same import token to import multiple keys into your service
1150
- # account.
1276
+ # before calling [ImportKey][1]. The import token expires in 7 days. You
1277
+ # can use the same import token to import multiple keys into your
1278
+ # service account.
1151
1279
  #
1152
1280
  # **Cross-account use:** This operation can't be used across different
1153
1281
  # Amazon Web Services accounts.
1154
1282
  #
1155
1283
  # **Related operations:**
1156
1284
  #
1157
- # * GetParametersForExport
1285
+ # * [GetParametersForExport][2]
1286
+ #
1287
+ # * [ImportKey][1]
1288
+ #
1289
+ #
1158
1290
  #
1159
- # * ImportKey
1291
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
1292
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForExport.html
1160
1293
  #
1161
1294
  # @option params [required, String] :key_material_type
1162
1295
  # The method to use for key material import. Import token is only
@@ -1177,11 +1310,11 @@ module Aws::PaymentCryptography
1177
1310
  #
1178
1311
  # @return [Types::GetParametersForImportOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1179
1312
  #
1180
- # * {Types::GetParametersForImportOutput#import_token #import_token} => String
1181
- # * {Types::GetParametersForImportOutput#parameters_valid_until_timestamp #parameters_valid_until_timestamp} => Time
1182
- # * {Types::GetParametersForImportOutput#wrapping_key_algorithm #wrapping_key_algorithm} => String
1183
1313
  # * {Types::GetParametersForImportOutput#wrapping_key_certificate #wrapping_key_certificate} => String
1184
1314
  # * {Types::GetParametersForImportOutput#wrapping_key_certificate_chain #wrapping_key_certificate_chain} => String
1315
+ # * {Types::GetParametersForImportOutput#wrapping_key_algorithm #wrapping_key_algorithm} => String
1316
+ # * {Types::GetParametersForImportOutput#import_token #import_token} => String
1317
+ # * {Types::GetParametersForImportOutput#parameters_valid_until_timestamp #parameters_valid_until_timestamp} => Time
1185
1318
  #
1186
1319
  # @example Request syntax with placeholder values
1187
1320
  #
@@ -1192,11 +1325,11 @@ module Aws::PaymentCryptography
1192
1325
  #
1193
1326
  # @example Response structure
1194
1327
  #
1195
- # resp.import_token #=> String
1196
- # resp.parameters_valid_until_timestamp #=> Time
1197
- # resp.wrapping_key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1198
1328
  # resp.wrapping_key_certificate #=> String
1199
1329
  # resp.wrapping_key_certificate_chain #=> String
1330
+ # resp.wrapping_key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1331
+ # resp.import_token #=> String
1332
+ # resp.parameters_valid_until_timestamp #=> Time
1200
1333
  #
1201
1334
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImport AWS API Documentation
1202
1335
  #
@@ -1333,13 +1466,13 @@ module Aws::PaymentCryptography
1333
1466
  # Amazon Web Services Payment Cryptography who receives the key.
1334
1467
  #
1335
1468
  # To initiate TR-34 key import, the KDH must obtain an import token by
1336
- # calling GetParametersForImport. This operation generates an encryption
1337
- # keypair for the purpose of key import, signs the key and returns back
1338
- # the wrapping key certificate (also known as KRD wrapping certificate)
1339
- # and the root certificate chain. The KDH must trust and install the KRD
1340
- # wrapping certificate on its HSM and use it to encrypt (wrap) the KDH
1341
- # key during TR-34 WrappedKeyBlock generation. The import token and
1342
- # associated KRD wrapping certificate expires after 7 days.
1469
+ # calling [GetParametersForImport][1]. This operation generates an
1470
+ # encryption keypair for the purpose of key import, signs the key and
1471
+ # returns back the wrapping key certificate (also known as KRD wrapping
1472
+ # certificate) and the root certificate chain. The KDH must trust and
1473
+ # install the KRD wrapping certificate on its HSM and use it to encrypt
1474
+ # (wrap) the KDH key during TR-34 WrappedKeyBlock generation. The import
1475
+ # token and associated KRD wrapping certificate expires after 7 days.
1343
1476
  #
1344
1477
  # Next the KDH generates a key pair for the purpose of signing the
1345
1478
  # encrypted KDH key and provides the public certificate of the signing
@@ -1347,7 +1480,7 @@ module Aws::PaymentCryptography
1347
1480
  # need to import the root certificate chain of the KDH signing
1348
1481
  # certificate by calling `ImportKey` for `RootCertificatePublicKey`. For
1349
1482
  # more information on TR-34 key import, see section [Importing symmetric
1350
- # keys][1] in the *Amazon Web Services Payment Cryptography User Guide*.
1483
+ # keys][2] in the *Amazon Web Services Payment Cryptography User Guide*.
1351
1484
  #
1352
1485
  # Set the following parameters:
1353
1486
  #
@@ -1356,7 +1489,8 @@ module Aws::PaymentCryptography
1356
1489
  # * `CertificateAuthorityPublicKeyIdentifier`: The `KeyARN` of the
1357
1490
  # certificate chain that signed the KDH signing key certificate.
1358
1491
  #
1359
- # * `ImportToken`: Obtained from KRD by calling GetParametersForImport.
1492
+ # * `ImportToken`: Obtained from KRD by calling
1493
+ # [GetParametersForImport][1].
1360
1494
  #
1361
1495
  # * `WrappedKeyBlock`: The TR-34 wrapped key material from KDH. It
1362
1496
  # contains the KDH key under import, wrapped with KRD wrapping
@@ -1374,12 +1508,12 @@ module Aws::PaymentCryptography
1374
1508
  #
1375
1509
  # Using this operation, you can import initial key using asymmetric RSA
1376
1510
  # wrap and unwrap key exchange method. To initiate import, call
1377
- # GetParametersForImport with `KeyMaterial` set to `KEY_CRYPTOGRAM` to
1378
- # generate an import token. This operation also generates an encryption
1379
- # keypair for the purpose of key import, signs the key and returns back
1380
- # the wrapping key certificate in PEM format (base64 encoded) and its
1381
- # root certificate chain. The import token and associated KRD wrapping
1382
- # certificate expires after 7 days.
1511
+ # [GetParametersForImport][1] with `KeyMaterial` set to `KEY_CRYPTOGRAM`
1512
+ # to generate an import token. This operation also generates an
1513
+ # encryption keypair for the purpose of key import, signs the key and
1514
+ # returns back the wrapping key certificate in PEM format (base64
1515
+ # encoded) and its root certificate chain. The import token and
1516
+ # associated KRD wrapping certificate expires after 7 days.
1383
1517
  #
1384
1518
  # You must trust and install the wrapping certificate and its
1385
1519
  # certificate chain on the sending HSM and use it to wrap the key under
@@ -1392,8 +1526,8 @@ module Aws::PaymentCryptography
1392
1526
  # Amazon Web Services Payment Cryptography uses TR-31 symmetric key
1393
1527
  # exchange norm to import working keys. A KEK must be established within
1394
1528
  # Amazon Web Services Payment Cryptography by using TR-34 key import or
1395
- # by using CreateKey. To initiate a TR-31 key import, set the following
1396
- # parameters:
1529
+ # by using [CreateKey][3]. To initiate a TR-31 key import, set the
1530
+ # following parameters:
1397
1531
  #
1398
1532
  # * `KeyMaterial`: Use `Tr31KeyBlock` parameters.
1399
1533
  #
@@ -1411,16 +1545,20 @@ module Aws::PaymentCryptography
1411
1545
  #
1412
1546
  # **Related operations:**
1413
1547
  #
1414
- # * ExportKey
1548
+ # * [ExportKey][4]
1415
1549
  #
1416
- # * GetParametersForImport
1550
+ # * [GetParametersForImport][1]
1417
1551
  #
1418
1552
  #
1419
1553
  #
1420
- # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-import.html
1554
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForImport.html
1555
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-import.html
1556
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
1557
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ExportKey.html
1421
1558
  #
1422
- # @option params [Boolean] :enabled
1423
- # Specifies whether import key is enabled.
1559
+ # @option params [required, Types::ImportKeyMaterial] :key_material
1560
+ # The key or public key certificate type to use during key material
1561
+ # import, for example TR-34 or RootCertificatePublicKey.
1424
1562
  #
1425
1563
  # @option params [String] :key_check_value_algorithm
1426
1564
  # The algorithm that Amazon Web Services Payment Cryptography uses to
@@ -1433,15 +1571,14 @@ module Aws::PaymentCryptography
1433
1571
  # using a CMAC algorithm where the input data is 16 bytes of zero and
1434
1572
  # retaining the 3 highest order bytes of the encrypted result.
1435
1573
  #
1436
- # @option params [required, Types::ImportKeyMaterial] :key_material
1437
- # The key or public key certificate type to use during key material
1438
- # import, for example TR-34 or RootCertificatePublicKey.
1439
- #
1574
+ # @option params [Boolean] :enabled
1575
+ # Specifies whether import key is enabled.
1576
+ #
1440
1577
  # @option params [Array<Types::Tag>] :tags
1441
1578
  # Assigns one or more tags to the Amazon Web Services Payment
1442
1579
  # Cryptography key. Use this parameter to tag a key when it is imported.
1443
1580
  # To tag an existing Amazon Web Services Payment Cryptography key, use
1444
- # the TagResource operation.
1581
+ # the [TagResource][1] operation.
1445
1582
  #
1446
1583
  # Each tag consists of a tag key and a tag value. Both the tag key and
1447
1584
  # the tag value are required, but the tag value can be an empty (null)
@@ -1460,6 +1597,10 @@ module Aws::PaymentCryptography
1460
1597
  #
1461
1598
  # </note>
1462
1599
  #
1600
+ #
1601
+ #
1602
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html
1603
+ #
1463
1604
  # @return [Types::ImportKeyOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1464
1605
  #
1465
1606
  # * {Types::ImportKeyOutput#key #key} => Types::Key
@@ -1467,83 +1608,83 @@ module Aws::PaymentCryptography
1467
1608
  # @example Request syntax with placeholder values
1468
1609
  #
1469
1610
  # resp = client.import_key({
1470
- # enabled: false,
1471
- # key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
1472
1611
  # key_material: { # required
1473
- # key_cryptogram: {
1474
- # exportable: false, # required
1475
- # import_token: "ImportTokenId", # required
1612
+ # root_certificate_public_key: {
1476
1613
  # key_attributes: { # required
1477
- # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1614
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1478
1615
  # key_class: "SYMMETRIC_KEY", # required, accepts SYMMETRIC_KEY, ASYMMETRIC_KEY_PAIR, PRIVATE_KEY, PUBLIC_KEY
1616
+ # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1479
1617
  # key_modes_of_use: { # required
1480
- # decrypt: false,
1481
- # derive_key: false,
1482
1618
  # encrypt: false,
1619
+ # decrypt: false,
1620
+ # wrap: false,
1621
+ # unwrap: false,
1483
1622
  # generate: false,
1484
- # no_restrictions: false,
1485
1623
  # sign: false,
1486
- # unwrap: false,
1487
1624
  # verify: false,
1488
- # wrap: false,
1625
+ # derive_key: false,
1626
+ # no_restrictions: false,
1489
1627
  # },
1490
- # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1491
1628
  # },
1492
- # wrapped_key_cryptogram: "WrappedKeyCryptogram", # required
1493
- # wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
1629
+ # public_key_certificate: "CertificateType", # required
1494
1630
  # },
1495
- # root_certificate_public_key: {
1631
+ # trusted_certificate_public_key: {
1496
1632
  # key_attributes: { # required
1497
- # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1633
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1498
1634
  # key_class: "SYMMETRIC_KEY", # required, accepts SYMMETRIC_KEY, ASYMMETRIC_KEY_PAIR, PRIVATE_KEY, PUBLIC_KEY
1635
+ # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1499
1636
  # key_modes_of_use: { # required
1500
- # decrypt: false,
1501
- # derive_key: false,
1502
1637
  # encrypt: false,
1638
+ # decrypt: false,
1639
+ # wrap: false,
1640
+ # unwrap: false,
1503
1641
  # generate: false,
1504
- # no_restrictions: false,
1505
1642
  # sign: false,
1506
- # unwrap: false,
1507
1643
  # verify: false,
1508
- # wrap: false,
1644
+ # derive_key: false,
1645
+ # no_restrictions: false,
1509
1646
  # },
1510
- # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1511
1647
  # },
1512
1648
  # public_key_certificate: "CertificateType", # required
1649
+ # certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
1513
1650
  # },
1514
1651
  # tr_31_key_block: {
1515
- # wrapped_key_block: "Tr31WrappedKeyBlock", # required
1516
1652
  # wrapping_key_identifier: "KeyArnOrKeyAliasType", # required
1653
+ # wrapped_key_block: "Tr31WrappedKeyBlock", # required
1517
1654
  # },
1518
1655
  # tr_34_key_block: {
1519
1656
  # certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
1657
+ # signing_key_certificate: "CertificateType", # required
1520
1658
  # import_token: "ImportTokenId", # required
1659
+ # wrapped_key_block: "Tr34WrappedKeyBlock", # required
1521
1660
  # key_block_format: "X9_TR34_2012", # required, accepts X9_TR34_2012
1522
1661
  # random_nonce: "HexLength16",
1523
- # signing_key_certificate: "CertificateType", # required
1524
- # wrapped_key_block: "Tr34WrappedKeyBlock", # required
1525
1662
  # },
1526
- # trusted_certificate_public_key: {
1527
- # certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
1663
+ # key_cryptogram: {
1528
1664
  # key_attributes: { # required
1529
- # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1665
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1530
1666
  # key_class: "SYMMETRIC_KEY", # required, accepts SYMMETRIC_KEY, ASYMMETRIC_KEY_PAIR, PRIVATE_KEY, PUBLIC_KEY
1667
+ # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1531
1668
  # key_modes_of_use: { # required
1532
- # decrypt: false,
1533
- # derive_key: false,
1534
1669
  # encrypt: false,
1670
+ # decrypt: false,
1671
+ # wrap: false,
1672
+ # unwrap: false,
1535
1673
  # generate: false,
1536
- # no_restrictions: false,
1537
1674
  # sign: false,
1538
- # unwrap: false,
1539
1675
  # verify: false,
1540
- # wrap: false,
1676
+ # derive_key: false,
1677
+ # no_restrictions: false,
1541
1678
  # },
1542
- # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1543
1679
  # },
1544
- # public_key_certificate: "CertificateType", # required
1680
+ # exportable: false, # required
1681
+ # wrapped_key_cryptogram: "WrappedKeyCryptogram", # required
1682
+ # import_token: "ImportTokenId", # required
1683
+ # wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
1545
1684
  # },
1546
1685
  # },
1686
+ # key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
1687
+ # enabled: false,
1547
1688
  # tags: [
1548
1689
  # {
1549
1690
  # key: "TagKey", # required
@@ -1554,30 +1695,30 @@ module Aws::PaymentCryptography
1554
1695
  #
1555
1696
  # @example Response structure
1556
1697
  #
1557
- # resp.key.create_timestamp #=> Time
1558
- # resp.key.delete_pending_timestamp #=> Time
1559
- # resp.key.delete_timestamp #=> Time
1560
- # resp.key.enabled #=> Boolean
1561
- # resp.key.exportable #=> Boolean
1562
1698
  # resp.key.key_arn #=> String
1563
- # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1699
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1564
1700
  # resp.key.key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
1565
- # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
1566
- # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
1701
+ # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1567
1702
  # resp.key.key_attributes.key_modes_of_use.encrypt #=> Boolean
1703
+ # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
1704
+ # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1705
+ # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1568
1706
  # resp.key.key_attributes.key_modes_of_use.generate #=> Boolean
1569
- # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1570
1707
  # resp.key.key_attributes.key_modes_of_use.sign #=> Boolean
1571
- # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1572
1708
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1573
- # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1574
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1709
+ # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
1710
+ # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1575
1711
  # resp.key.key_check_value #=> String
1576
1712
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1577
- # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
1713
+ # resp.key.enabled #=> Boolean
1714
+ # resp.key.exportable #=> Boolean
1578
1715
  # resp.key.key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
1716
+ # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
1717
+ # resp.key.create_timestamp #=> Time
1579
1718
  # resp.key.usage_start_timestamp #=> Time
1580
1719
  # resp.key.usage_stop_timestamp #=> Time
1720
+ # resp.key.delete_pending_timestamp #=> Time
1721
+ # resp.key.delete_timestamp #=> Time
1581
1722
  #
1582
1723
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKey AWS API Documentation
1583
1724
  #
@@ -1605,17 +1746,26 @@ module Aws::PaymentCryptography
1605
1746
  #
1606
1747
  # **Related operations:**
1607
1748
  #
1608
- # * CreateAlias
1749
+ # * [CreateAlias][2]
1609
1750
  #
1610
- # * DeleteAlias
1751
+ # * [DeleteAlias][3]
1611
1752
  #
1612
- # * GetAlias
1753
+ # * [GetAlias][4]
1613
1754
  #
1614
- # * UpdateAlias
1755
+ # * [UpdateAlias][5]
1615
1756
  #
1616
1757
  #
1617
1758
  #
1618
1759
  # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-managealias.html
1760
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateAlias.html
1761
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteAlias.html
1762
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetAlias.html
1763
+ # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UpdateAlias.html
1764
+ #
1765
+ # @option params [String] :next_token
1766
+ # Use this parameter in a subsequent request after you receive a
1767
+ # response with truncated results. Set it to the value of `NextToken`
1768
+ # from the truncated response you just received.
1619
1769
  #
1620
1770
  # @option params [Integer] :max_results
1621
1771
  # Use this parameter to specify the maximum number of items to return.
@@ -1626,11 +1776,6 @@ module Aws::PaymentCryptography
1626
1776
  # This value is optional. If you include a value, it must be between 1
1627
1777
  # and 100, inclusive. If you do not include a value, it defaults to 50.
1628
1778
  #
1629
- # @option params [String] :next_token
1630
- # Use this parameter in a subsequent request after you receive a
1631
- # response with truncated results. Set it to the value of `NextToken`
1632
- # from the truncated response you just received.
1633
- #
1634
1779
  # @return [Types::ListAliasesOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1635
1780
  #
1636
1781
  # * {Types::ListAliasesOutput#aliases #aliases} => Array&lt;Types::Alias&gt;
@@ -1641,8 +1786,8 @@ module Aws::PaymentCryptography
1641
1786
  # @example Request syntax with placeholder values
1642
1787
  #
1643
1788
  # resp = client.list_aliases({
1644
- # max_results: 1,
1645
1789
  # next_token: "NextToken",
1790
+ # max_results: 1,
1646
1791
  # })
1647
1792
  #
1648
1793
  # @example Response structure
@@ -1676,15 +1821,26 @@ module Aws::PaymentCryptography
1676
1821
  #
1677
1822
  # **Related operations:**
1678
1823
  #
1679
- # * CreateKey
1824
+ # * [CreateKey][1]
1680
1825
  #
1681
- # * DeleteKey
1826
+ # * [DeleteKey][2]
1682
1827
  #
1683
- # * GetKey
1828
+ # * [GetKey][3]
1829
+ #
1830
+ #
1831
+ #
1832
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
1833
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html
1834
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetKey.html
1684
1835
  #
1685
1836
  # @option params [String] :key_state
1686
1837
  # The key state of the keys you want to list.
1687
1838
  #
1839
+ # @option params [String] :next_token
1840
+ # Use this parameter in a subsequent request after you receive a
1841
+ # response with truncated results. Set it to the value of `NextToken`
1842
+ # from the truncated response you just received.
1843
+ #
1688
1844
  # @option params [Integer] :max_results
1689
1845
  # Use this parameter to specify the maximum number of items to return.
1690
1846
  # When this value is present, Amazon Web Services Payment Cryptography
@@ -1694,11 +1850,6 @@ module Aws::PaymentCryptography
1694
1850
  # This value is optional. If you include a value, it must be between 1
1695
1851
  # and 100, inclusive. If you do not include a value, it defaults to 50.
1696
1852
  #
1697
- # @option params [String] :next_token
1698
- # Use this parameter in a subsequent request after you receive a
1699
- # response with truncated results. Set it to the value of `NextToken`
1700
- # from the truncated response you just received.
1701
- #
1702
1853
  # @return [Types::ListKeysOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1703
1854
  #
1704
1855
  # * {Types::ListKeysOutput#keys #keys} => Array&lt;Types::KeySummary&gt;
@@ -1710,30 +1861,30 @@ module Aws::PaymentCryptography
1710
1861
  #
1711
1862
  # resp = client.list_keys({
1712
1863
  # key_state: "CREATE_IN_PROGRESS", # accepts CREATE_IN_PROGRESS, CREATE_COMPLETE, DELETE_PENDING, DELETE_COMPLETE
1713
- # max_results: 1,
1714
1864
  # next_token: "NextToken",
1865
+ # max_results: 1,
1715
1866
  # })
1716
1867
  #
1717
1868
  # @example Response structure
1718
1869
  #
1719
1870
  # resp.keys #=> Array
1720
- # resp.keys[0].enabled #=> Boolean
1721
- # resp.keys[0].exportable #=> Boolean
1722
1871
  # resp.keys[0].key_arn #=> String
1723
- # resp.keys[0].key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1872
+ # resp.keys[0].key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
1873
+ # resp.keys[0].key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1724
1874
  # resp.keys[0].key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
1725
- # resp.keys[0].key_attributes.key_modes_of_use.decrypt #=> Boolean
1726
- # resp.keys[0].key_attributes.key_modes_of_use.derive_key #=> Boolean
1875
+ # resp.keys[0].key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1727
1876
  # resp.keys[0].key_attributes.key_modes_of_use.encrypt #=> Boolean
1877
+ # resp.keys[0].key_attributes.key_modes_of_use.decrypt #=> Boolean
1878
+ # resp.keys[0].key_attributes.key_modes_of_use.wrap #=> Boolean
1879
+ # resp.keys[0].key_attributes.key_modes_of_use.unwrap #=> Boolean
1728
1880
  # resp.keys[0].key_attributes.key_modes_of_use.generate #=> Boolean
1729
- # resp.keys[0].key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1730
1881
  # resp.keys[0].key_attributes.key_modes_of_use.sign #=> Boolean
1731
- # resp.keys[0].key_attributes.key_modes_of_use.unwrap #=> Boolean
1732
1882
  # resp.keys[0].key_attributes.key_modes_of_use.verify #=> Boolean
1733
- # resp.keys[0].key_attributes.key_modes_of_use.wrap #=> Boolean
1734
- # resp.keys[0].key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1883
+ # resp.keys[0].key_attributes.key_modes_of_use.derive_key #=> Boolean
1884
+ # resp.keys[0].key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1735
1885
  # resp.keys[0].key_check_value #=> String
1736
- # resp.keys[0].key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
1886
+ # resp.keys[0].exportable #=> Boolean
1887
+ # resp.keys[0].enabled #=> Boolean
1737
1888
  # resp.next_token #=> String
1738
1889
  #
1739
1890
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys AWS API Documentation
@@ -1759,9 +1910,22 @@ module Aws::PaymentCryptography
1759
1910
  #
1760
1911
  # **Related operations:**
1761
1912
  #
1762
- # * TagResource
1913
+ # * [TagResource][1]
1914
+ #
1915
+ # * [UntagResource][2]
1916
+ #
1763
1917
  #
1764
- # * UntagResource
1918
+ #
1919
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html
1920
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UntagResource.html
1921
+ #
1922
+ # @option params [required, String] :resource_arn
1923
+ # The `KeyARN` of the key whose tags you are getting.
1924
+ #
1925
+ # @option params [String] :next_token
1926
+ # Use this parameter in a subsequent request after you receive a
1927
+ # response with truncated results. Set it to the value of `NextToken`
1928
+ # from the truncated response you just received.
1765
1929
  #
1766
1930
  # @option params [Integer] :max_results
1767
1931
  # Use this parameter to specify the maximum number of items to return.
@@ -1772,35 +1936,27 @@ module Aws::PaymentCryptography
1772
1936
  # This value is optional. If you include a value, it must be between 1
1773
1937
  # and 100, inclusive. If you do not include a value, it defaults to 50.
1774
1938
  #
1775
- # @option params [String] :next_token
1776
- # Use this parameter in a subsequent request after you receive a
1777
- # response with truncated results. Set it to the value of `NextToken`
1778
- # from the truncated response you just received.
1779
- #
1780
- # @option params [required, String] :resource_arn
1781
- # The `KeyARN` of the key whose tags you are getting.
1782
- #
1783
1939
  # @return [Types::ListTagsForResourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1784
1940
  #
1785
- # * {Types::ListTagsForResourceOutput#next_token #next_token} => String
1786
1941
  # * {Types::ListTagsForResourceOutput#tags #tags} => Array&lt;Types::Tag&gt;
1942
+ # * {Types::ListTagsForResourceOutput#next_token #next_token} => String
1787
1943
  #
1788
1944
  # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1789
1945
  #
1790
1946
  # @example Request syntax with placeholder values
1791
1947
  #
1792
1948
  # resp = client.list_tags_for_resource({
1793
- # max_results: 1,
1794
- # next_token: "NextToken",
1795
1949
  # resource_arn: "ResourceArn", # required
1950
+ # next_token: "NextToken",
1951
+ # max_results: 1,
1796
1952
  # })
1797
1953
  #
1798
1954
  # @example Response structure
1799
1955
  #
1800
- # resp.next_token #=> String
1801
1956
  # resp.tags #=> Array
1802
1957
  # resp.tags[0].key #=> String
1803
1958
  # resp.tags[0].value #=> String
1959
+ # resp.next_token #=> String
1804
1960
  #
1805
1961
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListTagsForResource AWS API Documentation
1806
1962
  #
@@ -1825,11 +1981,17 @@ module Aws::PaymentCryptography
1825
1981
  #
1826
1982
  # **Related operations:**
1827
1983
  #
1828
- # * DeleteKey
1984
+ # * [DeleteKey][1]
1985
+ #
1986
+ # * [StartKeyUsage][2]
1987
+ #
1988
+ # * [StopKeyUsage][3]
1989
+ #
1829
1990
  #
1830
- # * StartKeyUsage
1831
1991
  #
1832
- # * StopKeyUsage
1992
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html
1993
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StartKeyUsage.html
1994
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StopKeyUsage.html
1833
1995
  #
1834
1996
  # @option params [required, String] :key_identifier
1835
1997
  # The `KeyARN` of the key to be restored within Amazon Web Services
@@ -1847,30 +2009,30 @@ module Aws::PaymentCryptography
1847
2009
  #
1848
2010
  # @example Response structure
1849
2011
  #
1850
- # resp.key.create_timestamp #=> Time
1851
- # resp.key.delete_pending_timestamp #=> Time
1852
- # resp.key.delete_timestamp #=> Time
1853
- # resp.key.enabled #=> Boolean
1854
- # resp.key.exportable #=> Boolean
1855
2012
  # resp.key.key_arn #=> String
1856
- # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
2013
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1857
2014
  # resp.key.key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
1858
- # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
1859
- # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
2015
+ # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1860
2016
  # resp.key.key_attributes.key_modes_of_use.encrypt #=> Boolean
2017
+ # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
2018
+ # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
2019
+ # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1861
2020
  # resp.key.key_attributes.key_modes_of_use.generate #=> Boolean
1862
- # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1863
2021
  # resp.key.key_attributes.key_modes_of_use.sign #=> Boolean
1864
- # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1865
2022
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1866
- # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1867
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
2023
+ # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
2024
+ # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1868
2025
  # resp.key.key_check_value #=> String
1869
2026
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1870
- # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
2027
+ # resp.key.enabled #=> Boolean
2028
+ # resp.key.exportable #=> Boolean
1871
2029
  # resp.key.key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
2030
+ # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
2031
+ # resp.key.create_timestamp #=> Time
1872
2032
  # resp.key.usage_start_timestamp #=> Time
1873
2033
  # resp.key.usage_stop_timestamp #=> Time
2034
+ # resp.key.delete_pending_timestamp #=> Time
2035
+ # resp.key.delete_timestamp #=> Time
1874
2036
  #
1875
2037
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/RestoreKey AWS API Documentation
1876
2038
  #
@@ -1890,10 +2052,14 @@ module Aws::PaymentCryptography
1890
2052
  #
1891
2053
  # **Related operations:**
1892
2054
  #
1893
- # * StopKeyUsage
2055
+ # * [StopKeyUsage][1]
1894
2056
  #
1895
2057
  # ^
1896
2058
  #
2059
+ #
2060
+ #
2061
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StopKeyUsage.html
2062
+ #
1897
2063
  # @option params [required, String] :key_identifier
1898
2064
  # The `KeyArn` of the key.
1899
2065
  #
@@ -1909,30 +2075,30 @@ module Aws::PaymentCryptography
1909
2075
  #
1910
2076
  # @example Response structure
1911
2077
  #
1912
- # resp.key.create_timestamp #=> Time
1913
- # resp.key.delete_pending_timestamp #=> Time
1914
- # resp.key.delete_timestamp #=> Time
1915
- # resp.key.enabled #=> Boolean
1916
- # resp.key.exportable #=> Boolean
1917
2078
  # resp.key.key_arn #=> String
1918
- # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
2079
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1919
2080
  # resp.key.key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
1920
- # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
1921
- # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
2081
+ # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1922
2082
  # resp.key.key_attributes.key_modes_of_use.encrypt #=> Boolean
2083
+ # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
2084
+ # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
2085
+ # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1923
2086
  # resp.key.key_attributes.key_modes_of_use.generate #=> Boolean
1924
- # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1925
2087
  # resp.key.key_attributes.key_modes_of_use.sign #=> Boolean
1926
- # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1927
2088
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1928
- # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1929
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
2089
+ # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
2090
+ # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1930
2091
  # resp.key.key_check_value #=> String
1931
2092
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1932
- # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
2093
+ # resp.key.enabled #=> Boolean
2094
+ # resp.key.exportable #=> Boolean
1933
2095
  # resp.key.key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
2096
+ # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
2097
+ # resp.key.create_timestamp #=> Time
1934
2098
  # resp.key.usage_start_timestamp #=> Time
1935
2099
  # resp.key.usage_stop_timestamp #=> Time
2100
+ # resp.key.delete_pending_timestamp #=> Time
2101
+ # resp.key.delete_timestamp #=> Time
1936
2102
  #
1937
2103
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StartKeyUsage AWS API Documentation
1938
2104
  #
@@ -1946,17 +2112,23 @@ module Aws::PaymentCryptography
1946
2112
  # Disables an Amazon Web Services Payment Cryptography key, which makes
1947
2113
  # it inactive within Amazon Web Services Payment Cryptography.
1948
2114
  #
1949
- # You can use this operation instead of DeleteKey to deactivate a key.
1950
- # You can enable the key in the future by calling StartKeyUsage.
2115
+ # You can use this operation instead of [DeleteKey][1] to deactivate a
2116
+ # key. You can enable the key in the future by calling
2117
+ # [StartKeyUsage][2].
1951
2118
  #
1952
2119
  # **Cross-account use:** This operation can't be used across different
1953
2120
  # Amazon Web Services accounts.
1954
2121
  #
1955
2122
  # **Related operations:**
1956
2123
  #
1957
- # * DeleteKey
2124
+ # * [DeleteKey][1]
2125
+ #
2126
+ # * [StartKeyUsage][2]
2127
+ #
1958
2128
  #
1959
- # * StartKeyUsage
2129
+ #
2130
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteKey.html
2131
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_StartKeyUsage.html
1960
2132
  #
1961
2133
  # @option params [required, String] :key_identifier
1962
2134
  # The `KeyArn` of the key.
@@ -1973,30 +2145,30 @@ module Aws::PaymentCryptography
1973
2145
  #
1974
2146
  # @example Response structure
1975
2147
  #
1976
- # resp.key.create_timestamp #=> Time
1977
- # resp.key.delete_pending_timestamp #=> Time
1978
- # resp.key.delete_timestamp #=> Time
1979
- # resp.key.enabled #=> Boolean
1980
- # resp.key.exportable #=> Boolean
1981
2148
  # resp.key.key_arn #=> String
1982
- # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
2149
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1983
2150
  # resp.key.key_attributes.key_class #=> String, one of "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY"
1984
- # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
1985
- # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
2151
+ # resp.key.key_attributes.key_algorithm #=> String, one of "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096"
1986
2152
  # resp.key.key_attributes.key_modes_of_use.encrypt #=> Boolean
2153
+ # resp.key.key_attributes.key_modes_of_use.decrypt #=> Boolean
2154
+ # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
2155
+ # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1987
2156
  # resp.key.key_attributes.key_modes_of_use.generate #=> Boolean
1988
- # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1989
2157
  # resp.key.key_attributes.key_modes_of_use.sign #=> Boolean
1990
- # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1991
2158
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1992
- # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1993
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
2159
+ # resp.key.key_attributes.key_modes_of_use.derive_key #=> Boolean
2160
+ # resp.key.key_attributes.key_modes_of_use.no_restrictions #=> Boolean
1994
2161
  # resp.key.key_check_value #=> String
1995
2162
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1996
- # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
2163
+ # resp.key.enabled #=> Boolean
2164
+ # resp.key.exportable #=> Boolean
1997
2165
  # resp.key.key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
2166
+ # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
2167
+ # resp.key.create_timestamp #=> Time
1998
2168
  # resp.key.usage_start_timestamp #=> Time
1999
2169
  # resp.key.usage_stop_timestamp #=> Time
2170
+ # resp.key.delete_pending_timestamp #=> Time
2171
+ # resp.key.delete_timestamp #=> Time
2000
2172
  #
2001
2173
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/StopKeyUsage AWS API Documentation
2002
2174
  #
@@ -2019,16 +2191,22 @@ module Aws::PaymentCryptography
2019
2191
  # To add a tag, specify a new tag key and a tag value. To edit a tag,
2020
2192
  # specify an existing tag key and a new tag value. You can also add tags
2021
2193
  # to an Amazon Web Services Payment Cryptography key when you create it
2022
- # with CreateKey.
2194
+ # with [CreateKey][1].
2023
2195
  #
2024
2196
  # **Cross-account use:** This operation can't be used across different
2025
2197
  # Amazon Web Services accounts.
2026
2198
  #
2027
2199
  # **Related operations:**
2028
2200
  #
2029
- # * ListTagsForResource
2201
+ # * [ListTagsForResource][2]
2202
+ #
2203
+ # * [UntagResource][3]
2204
+ #
2205
+ #
2030
2206
  #
2031
- # * UntagResource
2207
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
2208
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListTagsForResource.html
2209
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_UntagResource.html
2032
2210
  #
2033
2211
  # @option params [required, String] :resource_arn
2034
2212
  # The `KeyARN` of the key whose tags are being updated.
@@ -2045,13 +2223,17 @@ module Aws::PaymentCryptography
2045
2223
  # field. This field may be displayed in plaintext in CloudTrail logs and
2046
2224
  # other output.
2047
2225
  #
2048
- # To use this parameter, you must have TagResource permission in an IAM
2049
- # policy.
2226
+ # To use this parameter, you must have [TagResource][1] permission in an
2227
+ # IAM policy.
2050
2228
  #
2051
2229
  # Don't include personal, confidential or sensitive information in this
2052
2230
  # field. This field may be displayed in plaintext in CloudTrail logs and
2053
2231
  # other output.
2054
2232
  #
2233
+ #
2234
+ #
2235
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html
2236
+ #
2055
2237
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2056
2238
  #
2057
2239
  # @example Request syntax with placeholder values
@@ -2087,9 +2269,14 @@ module Aws::PaymentCryptography
2087
2269
  #
2088
2270
  # **Related operations:**
2089
2271
  #
2090
- # * ListTagsForResource
2272
+ # * [ListTagsForResource][1]
2273
+ #
2274
+ # * [TagResource][2]
2091
2275
  #
2092
- # * TagResource
2276
+ #
2277
+ #
2278
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListTagsForResource.html
2279
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html
2093
2280
  #
2094
2281
  # @option params [required, String] :resource_arn
2095
2282
  # The `KeyARN` of the key whose tags are being removed.
@@ -2100,7 +2287,11 @@ module Aws::PaymentCryptography
2100
2287
  # If the Amazon Web Services Payment Cryptography key doesn't have the
2101
2288
  # specified tag key, Amazon Web Services Payment Cryptography doesn't
2102
2289
  # throw an exception or return a response. To confirm that the operation
2103
- # succeeded, use the ListTagsForResource operation.
2290
+ # succeeded, use the [ListTagsForResource][1] operation.
2291
+ #
2292
+ #
2293
+ #
2294
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListTagsForResource.html
2104
2295
  #
2105
2296
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2106
2297
  #
@@ -2132,13 +2323,20 @@ module Aws::PaymentCryptography
2132
2323
  #
2133
2324
  # **Related operations:**
2134
2325
  #
2135
- # * CreateAlias
2326
+ # * [CreateAlias][1]
2327
+ #
2328
+ # * [DeleteAlias][2]
2329
+ #
2330
+ # * [GetAlias][3]
2331
+ #
2332
+ # * [ListAliases][4]
2136
2333
  #
2137
- # * DeleteAlias
2138
2334
  #
2139
- # * GetAlias
2140
2335
  #
2141
- # * ListAliases
2336
+ # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateAlias.html
2337
+ # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DeleteAlias.html
2338
+ # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetAlias.html
2339
+ # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListAliases.html
2142
2340
  #
2143
2341
  # @option params [required, String] :alias_name
2144
2342
  # The alias whose associated key is changing.
@@ -2185,7 +2383,7 @@ module Aws::PaymentCryptography
2185
2383
  params: params,
2186
2384
  config: config)
2187
2385
  context[:gem_name] = 'aws-sdk-paymentcryptography'
2188
- context[:gem_version] = '1.10.0'
2386
+ context[:gem_version] = '1.12.0'
2189
2387
  Seahorse::Client::Request.new(handlers, context)
2190
2388
  end
2191
2389