aws-sdk-paymentcryptography 1.7.0 → 1.9.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -29,6 +29,8 @@ module Aws::PaymentCryptography
29
29
  DeleteKeyInput = Shapes::StructureShape.new(name: 'DeleteKeyInput')
30
30
  DeleteKeyInputDeleteKeyInDaysInteger = Shapes::IntegerShape.new(name: 'DeleteKeyInputDeleteKeyInDaysInteger')
31
31
  DeleteKeyOutput = Shapes::StructureShape.new(name: 'DeleteKeyOutput')
32
+ ExportAttributes = Shapes::StructureShape.new(name: 'ExportAttributes')
33
+ ExportDukptInitialKey = Shapes::StructureShape.new(name: 'ExportDukptInitialKey')
32
34
  ExportKeyInput = Shapes::StructureShape.new(name: 'ExportKeyInput')
33
35
  ExportKeyMaterial = Shapes::UnionShape.new(name: 'ExportKeyMaterial')
34
36
  ExportKeyOutput = Shapes::StructureShape.new(name: 'ExportKeyOutput')
@@ -46,6 +48,7 @@ module Aws::PaymentCryptography
46
48
  GetPublicKeyCertificateInput = Shapes::StructureShape.new(name: 'GetPublicKeyCertificateInput')
47
49
  GetPublicKeyCertificateOutput = Shapes::StructureShape.new(name: 'GetPublicKeyCertificateOutput')
48
50
  HexLength16 = Shapes::StringShape.new(name: 'HexLength16')
51
+ HexLength20Or24 = Shapes::StringShape.new(name: 'HexLength20Or24')
49
52
  ImportKeyInput = Shapes::StructureShape.new(name: 'ImportKeyInput')
50
53
  ImportKeyMaterial = Shapes::UnionShape.new(name: 'ImportKeyMaterial')
51
54
  ImportKeyOutput = Shapes::StructureShape.new(name: 'ImportKeyOutput')
@@ -152,6 +155,14 @@ module Aws::PaymentCryptography
152
155
  DeleteKeyOutput.add_member(:key, Shapes::ShapeRef.new(shape: Key, required: true, location_name: "Key"))
153
156
  DeleteKeyOutput.struct_class = Types::DeleteKeyOutput
154
157
 
158
+ ExportAttributes.add_member(:export_dukpt_initial_key, Shapes::ShapeRef.new(shape: ExportDukptInitialKey, location_name: "ExportDukptInitialKey"))
159
+ ExportAttributes.add_member(:key_check_value_algorithm, Shapes::ShapeRef.new(shape: KeyCheckValueAlgorithm, location_name: "KeyCheckValueAlgorithm"))
160
+ ExportAttributes.struct_class = Types::ExportAttributes
161
+
162
+ ExportDukptInitialKey.add_member(:key_serial_number, Shapes::ShapeRef.new(shape: HexLength20Or24, required: true, location_name: "KeySerialNumber"))
163
+ ExportDukptInitialKey.struct_class = Types::ExportDukptInitialKey
164
+
165
+ ExportKeyInput.add_member(:export_attributes, Shapes::ShapeRef.new(shape: ExportAttributes, location_name: "ExportAttributes"))
155
166
  ExportKeyInput.add_member(:export_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "ExportKeyIdentifier"))
156
167
  ExportKeyInput.add_member(:key_material, Shapes::ShapeRef.new(shape: ExportKeyMaterial, required: true, location_name: "KeyMaterial"))
157
168
  ExportKeyInput.struct_class = Types::ExportKeyInput
@@ -391,6 +402,8 @@ module Aws::PaymentCryptography
391
402
  ValidationException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
392
403
  ValidationException.struct_class = Types::ValidationException
393
404
 
405
+ WrappedKey.add_member(:key_check_value, Shapes::ShapeRef.new(shape: KeyCheckValue, location_name: "KeyCheckValue"))
406
+ WrappedKey.add_member(:key_check_value_algorithm, Shapes::ShapeRef.new(shape: KeyCheckValueAlgorithm, location_name: "KeyCheckValueAlgorithm"))
394
407
  WrappedKey.add_member(:key_material, Shapes::ShapeRef.new(shape: KeyMaterial, required: true, location_name: "KeyMaterial"))
395
408
  WrappedKey.add_member(:wrapped_key_material_format, Shapes::ShapeRef.new(shape: WrappedKeyMaterialFormat, required: true, location_name: "WrappedKeyMaterialFormat"))
396
409
  WrappedKey.add_member(:wrapping_key_arn, Shapes::ShapeRef.new(shape: KeyArn, required: true, location_name: "WrappingKeyArn"))
@@ -32,7 +32,7 @@ module Aws::PaymentCryptography
32
32
  raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
33
33
  end
34
34
  if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
35
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
35
+ if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
36
36
  return Aws::Endpoints::Endpoint.new(url: "https://controlplane.payment-cryptography-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
37
37
  end
38
38
  raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
@@ -25,16 +25,17 @@ module Aws::PaymentCryptography
25
25
  # @api private
26
26
  class Handler < Seahorse::Client::Handler
27
27
  def call(context)
28
- # If endpoint was discovered, do not resolve or apply the endpoint.
29
28
  unless context[:discovered_endpoint]
30
29
  params = parameters_for_operation(context)
31
30
  endpoint = context.config.endpoint_provider.resolve_endpoint(params)
32
31
 
33
32
  context.http_request.endpoint = endpoint.url
34
33
  apply_endpoint_headers(context, endpoint.headers)
34
+
35
+ context[:endpoint_params] = params
36
+ context[:endpoint_properties] = endpoint.properties
35
37
  end
36
38
 
37
- context[:endpoint_params] = params
38
39
  context[:auth_scheme] =
39
40
  Aws::Endpoints.resolve_auth_scheme(context, endpoint)
40
41
 
@@ -61,14 +61,14 @@ module Aws::PaymentCryptography
61
61
  end
62
62
 
63
63
  # @!attribute [rw] alias_name
64
- # A friendly name that you can use to refer a key. An alias must begin
65
- # with `alias/` followed by a name, for example `alias/ExampleAlias`.
66
- # It can contain only alphanumeric characters, forward slashes (/),
67
- # underscores (\_), and dashes (-).
64
+ # A friendly name that you can use to refer to a key. An alias must
65
+ # begin with `alias/` followed by a name, for example
66
+ # `alias/ExampleAlias`. It can contain only alphanumeric characters,
67
+ # forward slashes (/), underscores (\_), and dashes (-).
68
68
  #
69
- # Don't include confidential or sensitive information in this field.
70
- # This field may be displayed in plaintext in CloudTrail logs and
71
- # other output.
69
+ # Don't include personal, confidential or sensitive information in
70
+ # this field. This field may be displayed in plaintext in CloudTrail
71
+ # logs and other output.
72
72
  # @return [String]
73
73
  #
74
74
  # @!attribute [rw] key_arn
@@ -98,8 +98,8 @@ module Aws::PaymentCryptography
98
98
 
99
99
  # @!attribute [rw] enabled
100
100
  # Specifies whether to enable the key. If the key is enabled, it is
101
- # activated for use within the service. If the key not enabled, then
102
- # it is created but not activated. The default value is enabled.
101
+ # activated for use within the service. If the key is not enabled,
102
+ # then it is created but not activated. The default value is enabled.
103
103
  # @return [Boolean]
104
104
  #
105
105
  # @!attribute [rw] exportable
@@ -114,28 +114,31 @@ module Aws::PaymentCryptography
114
114
  #
115
115
  # @!attribute [rw] key_check_value_algorithm
116
116
  # The algorithm that Amazon Web Services Payment Cryptography uses to
117
- # calculate the key check value (KCV) for DES and AES keys.
117
+ # calculate the key check value (KCV). It is used to validate the key
118
+ # integrity.
118
119
  #
119
- # For DES key, the KCV is computed by encrypting 8 bytes, each with
120
- # value '00', with the key to be checked and retaining the 3 highest
121
- # order bytes of the encrypted result. For AES key, the KCV is
122
- # computed by encrypting 8 bytes, each with value '01', with the key
123
- # to be checked and retaining the 3 highest order bytes of the
124
- # encrypted result.
120
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
121
+ # value of zero, with the key to be checked and retaining the 3
122
+ # highest order bytes of the encrypted result. For AES keys, the KCV
123
+ # is computed using a CMAC algorithm where the input data is 16 bytes
124
+ # of zero and retaining the 3 highest order bytes of the encrypted
125
+ # result.
125
126
  # @return [String]
126
127
  #
127
128
  # @!attribute [rw] tags
128
- # The tags to attach to the key. Each tag consists of a tag key and a
129
- # tag value. Both the tag key and the tag value are required, but the
130
- # tag value can be an empty (null) string. You can't have more than
131
- # one tag on an Amazon Web Services Payment Cryptography key with the
132
- # same tag key.
129
+ # Assigns one or more tags to the Amazon Web Services Payment
130
+ # Cryptography key. Use this parameter to tag a key when it is
131
+ # created. To tag an existing Amazon Web Services Payment Cryptography
132
+ # key, use the TagResource operation.
133
133
  #
134
- # To use this parameter, you must have `TagResource` permission.
134
+ # Each tag consists of a tag key and a tag value. Both the tag key and
135
+ # the tag value are required, but the tag value can be an empty (null)
136
+ # string. You can't have more than one tag on an Amazon Web Services
137
+ # Payment Cryptography key with the same tag key.
135
138
  #
136
- # Don't include confidential or sensitive information in this field.
137
- # This field may be displayed in plaintext in CloudTrail logs and
138
- # other output.
139
+ # Don't include personal, confidential or sensitive information in
140
+ # this field. This field may be displayed in plaintext in CloudTrail
141
+ # logs and other output.
139
142
  #
140
143
  # <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
141
144
  # can allow or deny permission to the key.
@@ -215,6 +218,56 @@ module Aws::PaymentCryptography
215
218
  include Aws::Structure
216
219
  end
217
220
 
221
+ # The attributes for IPEK generation during export.
222
+ #
223
+ # @!attribute [rw] export_dukpt_initial_key
224
+ # Parameter information for IPEK export.
225
+ # @return [Types::ExportDukptInitialKey]
226
+ #
227
+ # @!attribute [rw] key_check_value_algorithm
228
+ # The algorithm that Amazon Web Services Payment Cryptography uses to
229
+ # calculate the key check value (KCV). It is used to validate the key
230
+ # integrity. Specify KCV for IPEK export only.
231
+ #
232
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
233
+ # value of zero, with the key to be checked and retaining the 3
234
+ # highest order bytes of the encrypted result. For AES keys, the KCV
235
+ # is computed using a CMAC algorithm where the input data is 16 bytes
236
+ # of zero and retaining the 3 highest order bytes of the encrypted
237
+ # result.
238
+ # @return [String]
239
+ #
240
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportAttributes AWS API Documentation
241
+ #
242
+ class ExportAttributes < Struct.new(
243
+ :export_dukpt_initial_key,
244
+ :key_check_value_algorithm)
245
+ SENSITIVE = []
246
+ include Aws::Structure
247
+ end
248
+
249
+ # Parameter information for IPEK generation during export.
250
+ #
251
+ # @!attribute [rw] key_serial_number
252
+ # The KSN for IPEK generation using DUKPT.
253
+ #
254
+ # KSN must be padded before sending to Amazon Web Services Payment
255
+ # Cryptography. KSN hex length should be 20 for a TDES\_2KEY key or 24
256
+ # for an AES key.
257
+ # @return [String]
258
+ #
259
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportDukptInitialKey AWS API Documentation
260
+ #
261
+ class ExportDukptInitialKey < Struct.new(
262
+ :key_serial_number)
263
+ SENSITIVE = []
264
+ include Aws::Structure
265
+ end
266
+
267
+ # @!attribute [rw] export_attributes
268
+ # The attributes for IPEK generation during export.
269
+ # @return [Types::ExportAttributes]
270
+ #
218
271
  # @!attribute [rw] export_key_identifier
219
272
  # The `KeyARN` of the key under export from Amazon Web Services
220
273
  # Payment Cryptography.
@@ -228,6 +281,7 @@ module Aws::PaymentCryptography
228
281
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyInput AWS API Documentation
229
282
  #
230
283
  class ExportKeyInput < Struct.new(
284
+ :export_attributes,
231
285
  :export_key_identifier,
232
286
  :key_material)
233
287
  SENSITIVE = []
@@ -235,16 +289,18 @@ module Aws::PaymentCryptography
235
289
  end
236
290
 
237
291
  # Parameter information for key material export from Amazon Web Services
238
- # Payment Cryptography.
292
+ # Payment Cryptography using TR-31 or TR-34 key exchange method.
239
293
  #
240
294
  # @note ExportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
241
295
  #
242
296
  # @!attribute [rw] tr_31_key_block
243
- # Parameter information for key material export using TR-31 standard.
297
+ # Parameter information for key material export using symmetric TR-31
298
+ # key exchange method.
244
299
  # @return [Types::ExportTr31KeyBlock]
245
300
  #
246
301
  # @!attribute [rw] tr_34_key_block
247
- # Parameter information for key material export using TR-34 standard.
302
+ # Parameter information for key material export using the asymmetric
303
+ # TR-34 key exchange method.
248
304
  # @return [Types::ExportTr34KeyBlock]
249
305
  #
250
306
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyMaterial AWS API Documentation
@@ -263,7 +319,8 @@ module Aws::PaymentCryptography
263
319
  end
264
320
 
265
321
  # @!attribute [rw] wrapped_key
266
- # The key material under export as a TR-34 or TR-31 wrapped key block.
322
+ # The key material under export as a TR-34 WrappedKeyBlock or a TR-31
323
+ # WrappedKeyBlock.
267
324
  # @return [Types::WrappedKey]
268
325
  #
269
326
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyOutput AWS API Documentation
@@ -274,7 +331,8 @@ module Aws::PaymentCryptography
274
331
  include Aws::Structure
275
332
  end
276
333
 
277
- # Parameter information for key material export using TR-31 standard.
334
+ # Parameter information for key material export using symmetric TR-31
335
+ # key exchange method.
278
336
  #
279
337
  # @!attribute [rw] wrapping_key_identifier
280
338
  # The `KeyARN` of the the wrapping key. This key encrypts or wraps the
@@ -289,7 +347,8 @@ module Aws::PaymentCryptography
289
347
  include Aws::Structure
290
348
  end
291
349
 
292
- # Parameter information for key material export using TR-34 standard.
350
+ # Parameter information for key material export using the asymmetric
351
+ # TR-34 key exchange method.
293
352
  #
294
353
  # @!attribute [rw] certificate_authority_public_key_identifier
295
354
  # The `KeyARN` of the certificate chain that signs the wrapping key
@@ -393,8 +452,7 @@ module Aws::PaymentCryptography
393
452
  # @!attribute [rw] signing_key_algorithm
394
453
  # The signing key algorithm to generate a signing key certificate.
395
454
  # This certificate signs the wrapped key under export within the TR-34
396
- # key block cryptogram. `RSA_2048` is the only signing key algorithm
397
- # allowed.
455
+ # key block. `RSA_2048` is the only signing key algorithm allowed.
398
456
  # @return [String]
399
457
  #
400
458
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportInput AWS API Documentation
@@ -424,14 +482,14 @@ module Aws::PaymentCryptography
424
482
  # @return [String]
425
483
  #
426
484
  # @!attribute [rw] signing_key_certificate
427
- # The signing key certificate of the public key for signature within
428
- # the TR-34 key block cryptogram. The certificate expires after 7
429
- # days.
485
+ # The signing key certificate in PEM format (base64 encoded) of the
486
+ # public key for signature within the TR-34 key block. The certificate
487
+ # expires after 7 days.
430
488
  # @return [String]
431
489
  #
432
490
  # @!attribute [rw] signing_key_certificate_chain
433
- # The certificate chain that signed the signing key certificate. This
434
- # is the root certificate authority (CA) within your service account.
491
+ # The root certificate authority (CA) that signed the signing key
492
+ # certificate in PEM format (base64 encoded).
435
493
  # @return [String]
436
494
  #
437
495
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportOutput AWS API Documentation
@@ -447,16 +505,19 @@ module Aws::PaymentCryptography
447
505
  end
448
506
 
449
507
  # @!attribute [rw] key_material_type
450
- # The key block format type such as TR-34 or TR-31 to use during key
451
- # material import. Import token is only required for TR-34 key import
452
- # `TR34_KEY_BLOCK`. Import token is not required for TR-31 key import.
508
+ # The method to use for key material import. Import token is only
509
+ # required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`).
510
+ #
511
+ # Import token is not required for TR-31, root public key cerificate
512
+ # or trusted public key certificate.
453
513
  # @return [String]
454
514
  #
455
515
  # @!attribute [rw] wrapping_key_algorithm
456
516
  # The wrapping key algorithm to generate a wrapping key certificate.
457
- # This certificate wraps the key under import within the TR-34 key
458
- # block cryptogram. `RSA_2048` is the only wrapping key algorithm
459
- # allowed.
517
+ # This certificate wraps the key under import.
518
+ #
519
+ # At this time, `RSA_2048`, `RSA_3072`, `RSA_4096` are the only
520
+ # allowed algorithms for TR-34 WrappedKeyBlock import.
460
521
  # @return [String]
461
522
  #
462
523
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportInput AWS API Documentation
@@ -480,19 +541,20 @@ module Aws::PaymentCryptography
480
541
  # @return [Time]
481
542
  #
482
543
  # @!attribute [rw] wrapping_key_algorithm
483
- # The algorithm of the wrapping key for use within TR-34 key block.
484
- # `RSA_2048` is the only wrapping key algorithm allowed.
544
+ # The algorithm of the wrapping key for use within TR-34
545
+ # WrappedKeyBlock.
485
546
  # @return [String]
486
547
  #
487
548
  # @!attribute [rw] wrapping_key_certificate
488
- # The wrapping key certificate of the wrapping key for use within the
489
- # TR-34 key block. The certificate expires in 7 days.
549
+ # The wrapping key certificate in PEM format (base64 encoded) of the
550
+ # wrapping key for use within the TR-34 key block. The certificate
551
+ # expires in 7 days.
490
552
  # @return [String]
491
553
  #
492
554
  # @!attribute [rw] wrapping_key_certificate_chain
493
- # The Amazon Web Services Payment Cryptography certificate chain that
494
- # signed the wrapping key certificate. This is the root certificate
495
- # authority (CA) within your service account.
555
+ # The Amazon Web Services Payment Cryptography root certificate
556
+ # authority (CA) that signed the wrapping key certificate in PEM
557
+ # format (base64 encoded).
496
558
  # @return [String]
497
559
  #
498
560
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportOutput AWS API Documentation
@@ -521,14 +583,14 @@ module Aws::PaymentCryptography
521
583
 
522
584
  # @!attribute [rw] key_certificate
523
585
  # The public key component of the asymmetric key pair in a certificate
524
- # (PEM) format. It is signed by the root certificate authority (CA)
525
- # within your service account. The certificate expires in 90 days.
586
+ # PEM format (base64 encoded). It is signed by the root certificate
587
+ # authority (CA). The certificate expires in 90 days.
526
588
  # @return [String]
527
589
  #
528
590
  # @!attribute [rw] key_certificate_chain
529
- # The certificate chain that signed the public key certificate of the
530
- # asymmetric key pair. This is the root certificate authority (CA)
531
- # within your service account.
591
+ # The root certificate authority (CA) that signed the public key
592
+ # certificate in PEM format (base64 encoded) of the asymmetric key
593
+ # pair.
532
594
  # @return [String]
533
595
  #
534
596
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificateOutput AWS API Documentation
@@ -546,14 +608,15 @@ module Aws::PaymentCryptography
546
608
  #
547
609
  # @!attribute [rw] key_check_value_algorithm
548
610
  # The algorithm that Amazon Web Services Payment Cryptography uses to
549
- # calculate the key check value (KCV) for DES and AES keys.
611
+ # calculate the key check value (KCV). It is used to validate the key
612
+ # integrity.
550
613
  #
551
- # For DES key, the KCV is computed by encrypting 8 bytes, each with
552
- # value '00', with the key to be checked and retaining the 3 highest
553
- # order bytes of the encrypted result. For AES key, the KCV is
554
- # computed by encrypting 8 bytes, each with value '01', with the key
555
- # to be checked and retaining the 3 highest order bytes of the
556
- # encrypted result.
614
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
615
+ # value of zero, with the key to be checked and retaining the 3
616
+ # highest order bytes of the encrypted result. For AES keys, the KCV
617
+ # is computed using a CMAC algorithm where the input data is 16 bytes
618
+ # of zero and retaining the 3 highest order bytes of the encrypted
619
+ # result.
557
620
  # @return [String]
558
621
  #
559
622
  # @!attribute [rw] key_material
@@ -562,22 +625,22 @@ module Aws::PaymentCryptography
562
625
  # @return [Types::ImportKeyMaterial]
563
626
  #
564
627
  # @!attribute [rw] tags
565
- # The tags to attach to the key. Each tag consists of a tag key and a
566
- # tag value. Both the tag key and the tag value are required, but the
567
- # tag value can be an empty (null) string. You can't have more than
568
- # one tag on an Amazon Web Services Payment Cryptography key with the
569
- # same tag key.
570
- #
571
- # You can't have more than one tag on an Amazon Web Services Payment
572
- # Cryptography key with the same tag key. If you specify an existing
573
- # tag key with a different tag value, Amazon Web Services Payment
574
- # Cryptography replaces the current tag value with the specified one.
575
- #
576
- # To use this parameter, you must have `TagResource` permission.
577
- #
578
- # Don't include confidential or sensitive information in this field.
579
- # This field may be displayed in plaintext in CloudTrail logs and
580
- # other output.
628
+ # Assigns one or more tags to the Amazon Web Services Payment
629
+ # Cryptography key. Use this parameter to tag a key when it is
630
+ # imported. To tag an existing Amazon Web Services Payment
631
+ # Cryptography key, use the TagResource operation.
632
+ #
633
+ # Each tag consists of a tag key and a tag value. Both the tag key and
634
+ # the tag value are required, but the tag value can be an empty (null)
635
+ # string. You can't have more than one tag on an Amazon Web Services
636
+ # Payment Cryptography key with the same tag key. If you specify an
637
+ # existing tag key with a different tag value, Amazon Web Services
638
+ # Payment Cryptography replaces the current tag value with the
639
+ # specified one.
640
+ #
641
+ # Don't include personal, confidential or sensitive information in
642
+ # this field. This field may be displayed in plaintext in CloudTrail
643
+ # logs and other output.
581
644
  #
582
645
  # <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
583
646
  # can allow or deny permission to the key.
@@ -596,7 +659,8 @@ module Aws::PaymentCryptography
596
659
  include Aws::Structure
597
660
  end
598
661
 
599
- # Parameter information for key material import.
662
+ # Parameter information for key material import into Amazon Web Services
663
+ # Payment Cryptography using TR-31 or TR-34 key exchange method.
600
664
  #
601
665
  # @note ImportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
602
666
  #
@@ -605,11 +669,13 @@ module Aws::PaymentCryptography
605
669
  # @return [Types::RootCertificatePublicKey]
606
670
  #
607
671
  # @!attribute [rw] tr_31_key_block
608
- # Parameter information for key material import using TR-31 standard.
672
+ # Parameter information for key material import using symmetric TR-31
673
+ # key exchange method.
609
674
  # @return [Types::ImportTr31KeyBlock]
610
675
  #
611
676
  # @!attribute [rw] tr_34_key_block
612
- # Parameter information for key material import using TR-34 standard.
677
+ # Parameter information for key material import using the asymmetric
678
+ # TR-34 key exchange method.
613
679
  # @return [Types::ImportTr34KeyBlock]
614
680
  #
615
681
  # @!attribute [rw] trusted_certificate_public_key
@@ -648,10 +714,11 @@ module Aws::PaymentCryptography
648
714
  include Aws::Structure
649
715
  end
650
716
 
651
- # Parameter information for key material import using TR-31 standard.
717
+ # Parameter information for key material import using symmetric TR-31
718
+ # key exchange method.
652
719
  #
653
720
  # @!attribute [rw] wrapped_key_block
654
- # The TR-34 wrapped key block to import.
721
+ # The TR-31 wrapped key block to import.
655
722
  # @return [String]
656
723
  #
657
724
  # @!attribute [rw] wrapping_key_identifier
@@ -668,7 +735,8 @@ module Aws::PaymentCryptography
668
735
  include Aws::Structure
669
736
  end
670
737
 
671
- # Parameter information for key material import using TR-34 standard.
738
+ # Parameter information for key material import using the asymmetric
739
+ # TR-34 key exchange method.
672
740
  #
673
741
  # @!attribute [rw] certificate_authority_public_key_identifier
674
742
  # The `KeyARN` of the certificate chain that signs the signing key
@@ -676,9 +744,10 @@ module Aws::PaymentCryptography
676
744
  # @return [String]
677
745
  #
678
746
  # @!attribute [rw] import_token
679
- # The import token that initiates key import into Amazon Web Services
680
- # Payment Cryptography. It expires after 7 days. You can use the same
681
- # import token to import multiple keys to the same service account.
747
+ # The import token that initiates key import using the asymmetric
748
+ # TR-34 key exchange method into Amazon Web Services Payment
749
+ # Cryptography. It expires after 7 days. You can use the same import
750
+ # token to import multiple keys to the same service account.
682
751
  # @return [String]
683
752
  #
684
753
  # @!attribute [rw] key_block_format
@@ -694,7 +763,7 @@ module Aws::PaymentCryptography
694
763
  #
695
764
  # @!attribute [rw] signing_key_certificate
696
765
  # The public key component in PEM certificate format of the private
697
- # key that signs the KDH TR-34 wrapped key block.
766
+ # key that signs the KDH TR-34 WrappedKeyBlock.
698
767
  # @return [String]
699
768
  #
700
769
  # @!attribute [rw] wrapped_key_block
@@ -770,21 +839,19 @@ module Aws::PaymentCryptography
770
839
  # @!attribute [rw] key_check_value
771
840
  # The key check value (KCV) is used to check if all parties holding a
772
841
  # given key have the same key or to detect that a key has changed.
773
- # Amazon Web Services Payment Cryptography calculates the KCV by using
774
- # standard algorithms, typically by encrypting 8 or 16 bytes or "00"
775
- # or "01" and then truncating the result to the first 3 bytes, or 6
776
- # hex digits, of the resulting cryptogram.
777
842
  # @return [String]
778
843
  #
779
844
  # @!attribute [rw] key_check_value_algorithm
780
- # The algorithm used for calculating key check value (KCV) for DES and
781
- # AES keys. For a DES key, Amazon Web Services Payment Cryptography
782
- # computes the KCV by encrypting 8 bytes, each with value '00', with
783
- # the key to be checked and retaining the 3 highest order bytes of the
784
- # encrypted result. For an AES key, Amazon Web Services Payment
785
- # Cryptography computes the KCV by encrypting 8 bytes, each with value
786
- # '01', with the key to be checked and retaining the 3 highest order
787
- # bytes of the encrypted result.
845
+ # The algorithm that Amazon Web Services Payment Cryptography uses to
846
+ # calculate the key check value (KCV). It is used to validate the key
847
+ # integrity.
848
+ #
849
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
850
+ # value of zero, with the key to be checked and retaining the 3
851
+ # highest order bytes of the encrypted result. For AES keys, the KCV
852
+ # is computed using a CMAC algorithm where the input data is 16 bytes
853
+ # of zero and retaining the 3 highest order bytes of the encrypted
854
+ # result.
788
855
  # @return [String]
789
856
  #
790
857
  # @!attribute [rw] key_origin
@@ -961,10 +1028,6 @@ module Aws::PaymentCryptography
961
1028
  # @!attribute [rw] key_check_value
962
1029
  # The key check value (KCV) is used to check if all parties holding a
963
1030
  # given key have the same key or to detect that a key has changed.
964
- # Amazon Web Services Payment Cryptography calculates the KCV by using
965
- # standard algorithms, typically by encrypting 8 or 16 bytes or "00"
966
- # or "01" and then truncating the result to the first 3 bytes, or 6
967
- # hex digits, of the resulting cryptogram.
968
1031
  # @return [String]
969
1032
  #
970
1033
  # @!attribute [rw] key_state
@@ -1039,6 +1102,10 @@ module Aws::PaymentCryptography
1039
1102
  # When this value is present, Amazon Web Services Payment Cryptography
1040
1103
  # does not return more than the specified number of items, but it
1041
1104
  # might return fewer.
1105
+ #
1106
+ # This value is optional. If you include a value, it must be between 1
1107
+ # and 100, inclusive. If you do not include a value, it defaults to
1108
+ # 50.
1042
1109
  # @return [Integer]
1043
1110
  #
1044
1111
  # @!attribute [rw] next_token
@@ -1081,6 +1148,10 @@ module Aws::PaymentCryptography
1081
1148
  # When this value is present, Amazon Web Services Payment Cryptography
1082
1149
  # does not return more than the specified number of items, but it
1083
1150
  # might return fewer.
1151
+ #
1152
+ # This value is optional. If you include a value, it must be between 1
1153
+ # and 100, inclusive. If you do not include a value, it defaults to
1154
+ # 50.
1084
1155
  # @return [Integer]
1085
1156
  #
1086
1157
  # @!attribute [rw] next_token
@@ -1290,16 +1361,16 @@ module Aws::PaymentCryptography
1290
1361
  # different tag value, Amazon Web Services Payment Cryptography
1291
1362
  # replaces the current tag value with the new one.
1292
1363
  #
1293
- # Don't include confidential or sensitive information in this field.
1294
- # This field may be displayed in plaintext in CloudTrail logs and
1295
- # other output.
1364
+ # Don't include personal, confidential or sensitive information in
1365
+ # this field. This field may be displayed in plaintext in CloudTrail
1366
+ # logs and other output.
1296
1367
  #
1297
1368
  # To use this parameter, you must have TagResource permission in an
1298
1369
  # IAM policy.
1299
1370
  #
1300
- # Don't include confidential or sensitive information in this field.
1301
- # This field may be displayed in plaintext in CloudTrail logs and
1302
- # other output.
1371
+ # Don't include personal, confidential or sensitive information in
1372
+ # this field. This field may be displayed in plaintext in CloudTrail
1373
+ # logs and other output.
1303
1374
  # @return [Array<Types::Tag>]
1304
1375
  #
1305
1376
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResourceInput AWS API Documentation
@@ -1424,12 +1495,30 @@ module Aws::PaymentCryptography
1424
1495
  include Aws::Structure
1425
1496
  end
1426
1497
 
1427
- # Parameter information for generating a wrapped key using TR-31 or
1428
- # TR-34 standard.
1498
+ # Parameter information for generating a WrappedKeyBlock for key
1499
+ # exchange.
1500
+ #
1501
+ # @!attribute [rw] key_check_value
1502
+ # The key check value (KCV) is used to check if all parties holding a
1503
+ # given key have the same key or to detect that a key has changed.
1504
+ # @return [String]
1505
+ #
1506
+ # @!attribute [rw] key_check_value_algorithm
1507
+ # The algorithm that Amazon Web Services Payment Cryptography uses to
1508
+ # calculate the key check value (KCV). It is used to validate the key
1509
+ # integrity.
1510
+ #
1511
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
1512
+ # value of zero, with the key to be checked and retaining the 3
1513
+ # highest order bytes of the encrypted result. For AES keys, the KCV
1514
+ # is computed using a CMAC algorithm where the input data is 16 bytes
1515
+ # of zero and retaining the 3 highest order bytes of the encrypted
1516
+ # result.
1517
+ # @return [String]
1429
1518
  #
1430
1519
  # @!attribute [rw] key_material
1431
1520
  # Parameter information for generating a wrapped key using TR-31 or
1432
- # TR-34 standard.
1521
+ # TR-34 skey exchange method.
1433
1522
  # @return [String]
1434
1523
  #
1435
1524
  # @!attribute [rw] wrapped_key_material_format
@@ -1443,6 +1532,8 @@ module Aws::PaymentCryptography
1443
1532
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/WrappedKey AWS API Documentation
1444
1533
  #
1445
1534
  class WrappedKey < Struct.new(
1535
+ :key_check_value,
1536
+ :key_check_value_algorithm,
1446
1537
  :key_material,
1447
1538
  :wrapped_key_material_format,
1448
1539
  :wrapping_key_arn)
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-paymentcryptography/customizations'
52
52
  # @!group service
53
53
  module Aws::PaymentCryptography
54
54
 
55
- GEM_VERSION = '1.7.0'
55
+ GEM_VERSION = '1.9.0'
56
56
 
57
57
  end