aws-sdk-paymentcryptography 1.8.0 → 1.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-paymentcryptography/client.rb +379 -203
- data/lib/aws-sdk-paymentcryptography/client_api.rb +33 -0
- data/lib/aws-sdk-paymentcryptography/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-paymentcryptography/types.rb +292 -114
- data/lib/aws-sdk-paymentcryptography.rb +1 -1
- metadata +6 -6
|
@@ -61,14 +61,14 @@ module Aws::PaymentCryptography
|
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
# @!attribute [rw] alias_name
|
|
64
|
-
# A friendly name that you can use to refer a key. An alias must
|
|
65
|
-
# with `alias/` followed by a name, for example
|
|
66
|
-
# It can contain only alphanumeric characters,
|
|
67
|
-
# underscores (\_), and dashes (-).
|
|
64
|
+
# A friendly name that you can use to refer to a key. An alias must
|
|
65
|
+
# begin with `alias/` followed by a name, for example
|
|
66
|
+
# `alias/ExampleAlias`. It can contain only alphanumeric characters,
|
|
67
|
+
# forward slashes (/), underscores (\_), and dashes (-).
|
|
68
68
|
#
|
|
69
|
-
# Don't include confidential or sensitive information in
|
|
70
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
71
|
-
# other output.
|
|
69
|
+
# Don't include personal, confidential or sensitive information in
|
|
70
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
71
|
+
# logs and other output.
|
|
72
72
|
# @return [String]
|
|
73
73
|
#
|
|
74
74
|
# @!attribute [rw] key_arn
|
|
@@ -98,8 +98,8 @@ module Aws::PaymentCryptography
|
|
|
98
98
|
|
|
99
99
|
# @!attribute [rw] enabled
|
|
100
100
|
# Specifies whether to enable the key. If the key is enabled, it is
|
|
101
|
-
# activated for use within the service. If the key not enabled,
|
|
102
|
-
# it is created but not activated. The default value is enabled.
|
|
101
|
+
# activated for use within the service. If the key is not enabled,
|
|
102
|
+
# then it is created but not activated. The default value is enabled.
|
|
103
103
|
# @return [Boolean]
|
|
104
104
|
#
|
|
105
105
|
# @!attribute [rw] exportable
|
|
@@ -114,28 +114,31 @@ module Aws::PaymentCryptography
|
|
|
114
114
|
#
|
|
115
115
|
# @!attribute [rw] key_check_value_algorithm
|
|
116
116
|
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
117
|
-
# calculate the key check value (KCV)
|
|
117
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
118
|
+
# integrity.
|
|
118
119
|
#
|
|
119
|
-
# For
|
|
120
|
-
# value
|
|
121
|
-
# order bytes of the encrypted result. For AES
|
|
122
|
-
# computed
|
|
123
|
-
#
|
|
124
|
-
#
|
|
120
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
121
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
122
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
123
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
124
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
125
|
+
# result.
|
|
125
126
|
# @return [String]
|
|
126
127
|
#
|
|
127
128
|
# @!attribute [rw] tags
|
|
128
|
-
#
|
|
129
|
-
#
|
|
130
|
-
#
|
|
131
|
-
#
|
|
132
|
-
# same tag key.
|
|
129
|
+
# Assigns one or more tags to the Amazon Web Services Payment
|
|
130
|
+
# Cryptography key. Use this parameter to tag a key when it is
|
|
131
|
+
# created. To tag an existing Amazon Web Services Payment Cryptography
|
|
132
|
+
# key, use the TagResource operation.
|
|
133
133
|
#
|
|
134
|
-
#
|
|
134
|
+
# Each tag consists of a tag key and a tag value. Both the tag key and
|
|
135
|
+
# the tag value are required, but the tag value can be an empty (null)
|
|
136
|
+
# string. You can't have more than one tag on an Amazon Web Services
|
|
137
|
+
# Payment Cryptography key with the same tag key.
|
|
135
138
|
#
|
|
136
|
-
# Don't include confidential or sensitive information in
|
|
137
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
138
|
-
# other output.
|
|
139
|
+
# Don't include personal, confidential or sensitive information in
|
|
140
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
141
|
+
# logs and other output.
|
|
139
142
|
#
|
|
140
143
|
# <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
|
|
141
144
|
# can allow or deny permission to the key.
|
|
@@ -215,6 +218,84 @@ module Aws::PaymentCryptography
|
|
|
215
218
|
include Aws::Structure
|
|
216
219
|
end
|
|
217
220
|
|
|
221
|
+
# The attributes for IPEK generation during export.
|
|
222
|
+
#
|
|
223
|
+
# @!attribute [rw] export_dukpt_initial_key
|
|
224
|
+
# Parameter information for IPEK export.
|
|
225
|
+
# @return [Types::ExportDukptInitialKey]
|
|
226
|
+
#
|
|
227
|
+
# @!attribute [rw] key_check_value_algorithm
|
|
228
|
+
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
229
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
230
|
+
# integrity. Specify KCV for IPEK export only.
|
|
231
|
+
#
|
|
232
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
233
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
234
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
235
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
236
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
237
|
+
# result.
|
|
238
|
+
# @return [String]
|
|
239
|
+
#
|
|
240
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportAttributes AWS API Documentation
|
|
241
|
+
#
|
|
242
|
+
class ExportAttributes < Struct.new(
|
|
243
|
+
:export_dukpt_initial_key,
|
|
244
|
+
:key_check_value_algorithm)
|
|
245
|
+
SENSITIVE = []
|
|
246
|
+
include Aws::Structure
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
# Parameter information for IPEK generation during export.
|
|
250
|
+
#
|
|
251
|
+
# @!attribute [rw] key_serial_number
|
|
252
|
+
# The KSN for IPEK generation using DUKPT.
|
|
253
|
+
#
|
|
254
|
+
# KSN must be padded before sending to Amazon Web Services Payment
|
|
255
|
+
# Cryptography. KSN hex length should be 20 for a TDES\_2KEY key or 24
|
|
256
|
+
# for an AES key.
|
|
257
|
+
# @return [String]
|
|
258
|
+
#
|
|
259
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportDukptInitialKey AWS API Documentation
|
|
260
|
+
#
|
|
261
|
+
class ExportDukptInitialKey < Struct.new(
|
|
262
|
+
:key_serial_number)
|
|
263
|
+
SENSITIVE = []
|
|
264
|
+
include Aws::Structure
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
# Parameter information for key material export using asymmetric RSA
|
|
268
|
+
# wrap and unwrap key exchange method.
|
|
269
|
+
#
|
|
270
|
+
# @!attribute [rw] certificate_authority_public_key_identifier
|
|
271
|
+
# The `KeyARN` of the certificate chain that signs the wrapping key
|
|
272
|
+
# certificate during RSA wrap and unwrap key export.
|
|
273
|
+
# @return [String]
|
|
274
|
+
#
|
|
275
|
+
# @!attribute [rw] wrapping_key_certificate
|
|
276
|
+
# The wrapping key certificate in PEM format (base64 encoded). Amazon
|
|
277
|
+
# Web Services Payment Cryptography uses this certificate to wrap the
|
|
278
|
+
# key under export.
|
|
279
|
+
# @return [String]
|
|
280
|
+
#
|
|
281
|
+
# @!attribute [rw] wrapping_spec
|
|
282
|
+
# The wrapping spec for the key under export.
|
|
283
|
+
# @return [String]
|
|
284
|
+
#
|
|
285
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyCryptogram AWS API Documentation
|
|
286
|
+
#
|
|
287
|
+
class ExportKeyCryptogram < Struct.new(
|
|
288
|
+
:certificate_authority_public_key_identifier,
|
|
289
|
+
:wrapping_key_certificate,
|
|
290
|
+
:wrapping_spec)
|
|
291
|
+
SENSITIVE = [:wrapping_key_certificate]
|
|
292
|
+
include Aws::Structure
|
|
293
|
+
end
|
|
294
|
+
|
|
295
|
+
# @!attribute [rw] export_attributes
|
|
296
|
+
# The attributes for IPEK generation during export.
|
|
297
|
+
# @return [Types::ExportAttributes]
|
|
298
|
+
#
|
|
218
299
|
# @!attribute [rw] export_key_identifier
|
|
219
300
|
# The `KeyARN` of the key under export from Amazon Web Services
|
|
220
301
|
# Payment Cryptography.
|
|
@@ -228,6 +309,7 @@ module Aws::PaymentCryptography
|
|
|
228
309
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyInput AWS API Documentation
|
|
229
310
|
#
|
|
230
311
|
class ExportKeyInput < Struct.new(
|
|
312
|
+
:export_attributes,
|
|
231
313
|
:export_key_identifier,
|
|
232
314
|
:key_material)
|
|
233
315
|
SENSITIVE = []
|
|
@@ -235,21 +317,30 @@ module Aws::PaymentCryptography
|
|
|
235
317
|
end
|
|
236
318
|
|
|
237
319
|
# Parameter information for key material export from Amazon Web Services
|
|
238
|
-
# Payment Cryptography
|
|
320
|
+
# Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
|
|
321
|
+
# exchange method.
|
|
239
322
|
#
|
|
240
323
|
# @note ExportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
|
|
241
324
|
#
|
|
325
|
+
# @!attribute [rw] key_cryptogram
|
|
326
|
+
# Parameter information for key material export using asymmetric RSA
|
|
327
|
+
# wrap and unwrap key exchange method
|
|
328
|
+
# @return [Types::ExportKeyCryptogram]
|
|
329
|
+
#
|
|
242
330
|
# @!attribute [rw] tr_31_key_block
|
|
243
|
-
# Parameter information for key material export using TR-31
|
|
331
|
+
# Parameter information for key material export using symmetric TR-31
|
|
332
|
+
# key exchange method.
|
|
244
333
|
# @return [Types::ExportTr31KeyBlock]
|
|
245
334
|
#
|
|
246
335
|
# @!attribute [rw] tr_34_key_block
|
|
247
|
-
# Parameter information for key material export using
|
|
336
|
+
# Parameter information for key material export using the asymmetric
|
|
337
|
+
# TR-34 key exchange method.
|
|
248
338
|
# @return [Types::ExportTr34KeyBlock]
|
|
249
339
|
#
|
|
250
340
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyMaterial AWS API Documentation
|
|
251
341
|
#
|
|
252
342
|
class ExportKeyMaterial < Struct.new(
|
|
343
|
+
:key_cryptogram,
|
|
253
344
|
:tr_31_key_block,
|
|
254
345
|
:tr_34_key_block,
|
|
255
346
|
:unknown)
|
|
@@ -257,13 +348,15 @@ module Aws::PaymentCryptography
|
|
|
257
348
|
include Aws::Structure
|
|
258
349
|
include Aws::Structure::Union
|
|
259
350
|
|
|
351
|
+
class KeyCryptogram < ExportKeyMaterial; end
|
|
260
352
|
class Tr31KeyBlock < ExportKeyMaterial; end
|
|
261
353
|
class Tr34KeyBlock < ExportKeyMaterial; end
|
|
262
354
|
class Unknown < ExportKeyMaterial; end
|
|
263
355
|
end
|
|
264
356
|
|
|
265
357
|
# @!attribute [rw] wrapped_key
|
|
266
|
-
# The key material under export as a TR-34 or TR-31
|
|
358
|
+
# The key material under export as a TR-34 WrappedKeyBlock or a TR-31
|
|
359
|
+
# WrappedKeyBlock. or a RSA WrappedKeyCryptogram.
|
|
267
360
|
# @return [Types::WrappedKey]
|
|
268
361
|
#
|
|
269
362
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyOutput AWS API Documentation
|
|
@@ -274,7 +367,8 @@ module Aws::PaymentCryptography
|
|
|
274
367
|
include Aws::Structure
|
|
275
368
|
end
|
|
276
369
|
|
|
277
|
-
# Parameter information for key material export using TR-31
|
|
370
|
+
# Parameter information for key material export using symmetric TR-31
|
|
371
|
+
# key exchange method.
|
|
278
372
|
#
|
|
279
373
|
# @!attribute [rw] wrapping_key_identifier
|
|
280
374
|
# The `KeyARN` of the the wrapping key. This key encrypts or wraps the
|
|
@@ -289,7 +383,8 @@ module Aws::PaymentCryptography
|
|
|
289
383
|
include Aws::Structure
|
|
290
384
|
end
|
|
291
385
|
|
|
292
|
-
# Parameter information for key material export using
|
|
386
|
+
# Parameter information for key material export using the asymmetric
|
|
387
|
+
# TR-34 key exchange method.
|
|
293
388
|
#
|
|
294
389
|
# @!attribute [rw] certificate_authority_public_key_identifier
|
|
295
390
|
# The `KeyARN` of the certificate chain that signs the wrapping key
|
|
@@ -393,8 +488,7 @@ module Aws::PaymentCryptography
|
|
|
393
488
|
# @!attribute [rw] signing_key_algorithm
|
|
394
489
|
# The signing key algorithm to generate a signing key certificate.
|
|
395
490
|
# This certificate signs the wrapped key under export within the TR-34
|
|
396
|
-
# key block
|
|
397
|
-
# allowed.
|
|
491
|
+
# key block. `RSA_2048` is the only signing key algorithm allowed.
|
|
398
492
|
# @return [String]
|
|
399
493
|
#
|
|
400
494
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportInput AWS API Documentation
|
|
@@ -424,14 +518,14 @@ module Aws::PaymentCryptography
|
|
|
424
518
|
# @return [String]
|
|
425
519
|
#
|
|
426
520
|
# @!attribute [rw] signing_key_certificate
|
|
427
|
-
# The signing key certificate
|
|
428
|
-
# the TR-34 key block
|
|
429
|
-
# days.
|
|
521
|
+
# The signing key certificate in PEM format (base64 encoded) of the
|
|
522
|
+
# public key for signature within the TR-34 key block. The certificate
|
|
523
|
+
# expires after 7 days.
|
|
430
524
|
# @return [String]
|
|
431
525
|
#
|
|
432
526
|
# @!attribute [rw] signing_key_certificate_chain
|
|
433
|
-
# The certificate
|
|
434
|
-
#
|
|
527
|
+
# The root certificate authority (CA) that signed the signing key
|
|
528
|
+
# certificate in PEM format (base64 encoded).
|
|
435
529
|
# @return [String]
|
|
436
530
|
#
|
|
437
531
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportOutput AWS API Documentation
|
|
@@ -447,16 +541,22 @@ module Aws::PaymentCryptography
|
|
|
447
541
|
end
|
|
448
542
|
|
|
449
543
|
# @!attribute [rw] key_material_type
|
|
450
|
-
# The
|
|
451
|
-
#
|
|
452
|
-
# `
|
|
544
|
+
# The method to use for key material import. Import token is only
|
|
545
|
+
# required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`) and RSA
|
|
546
|
+
# WrappedKeyCryptogram (`KEY_CRYPTOGRAM`).
|
|
547
|
+
#
|
|
548
|
+
# Import token is not required for TR-31, root public key cerificate
|
|
549
|
+
# or trusted public key certificate.
|
|
453
550
|
# @return [String]
|
|
454
551
|
#
|
|
455
552
|
# @!attribute [rw] wrapping_key_algorithm
|
|
456
553
|
# The wrapping key algorithm to generate a wrapping key certificate.
|
|
457
|
-
# This certificate wraps the key under import
|
|
458
|
-
#
|
|
459
|
-
# allowed
|
|
554
|
+
# This certificate wraps the key under import.
|
|
555
|
+
#
|
|
556
|
+
# At this time, `RSA_2048` is the allowed algorithm for TR-34
|
|
557
|
+
# WrappedKeyBlock import. Additionally, `RSA_2048`, `RSA_3072`,
|
|
558
|
+
# `RSA_4096` are the allowed algorithms for RSA WrappedKeyCryptogram
|
|
559
|
+
# import.
|
|
460
560
|
# @return [String]
|
|
461
561
|
#
|
|
462
562
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportInput AWS API Documentation
|
|
@@ -480,19 +580,20 @@ module Aws::PaymentCryptography
|
|
|
480
580
|
# @return [Time]
|
|
481
581
|
#
|
|
482
582
|
# @!attribute [rw] wrapping_key_algorithm
|
|
483
|
-
# The algorithm of the wrapping key for use within TR-34
|
|
484
|
-
#
|
|
583
|
+
# The algorithm of the wrapping key for use within TR-34
|
|
584
|
+
# WrappedKeyBlock or RSA WrappedKeyCryptogram.
|
|
485
585
|
# @return [String]
|
|
486
586
|
#
|
|
487
587
|
# @!attribute [rw] wrapping_key_certificate
|
|
488
|
-
# The wrapping key certificate
|
|
489
|
-
# TR-34 key block. The certificate
|
|
588
|
+
# The wrapping key certificate in PEM format (base64 encoded) of the
|
|
589
|
+
# wrapping key for use within the TR-34 key block. The certificate
|
|
590
|
+
# expires in 7 days.
|
|
490
591
|
# @return [String]
|
|
491
592
|
#
|
|
492
593
|
# @!attribute [rw] wrapping_key_certificate_chain
|
|
493
|
-
# The Amazon Web Services Payment Cryptography certificate
|
|
494
|
-
# signed the wrapping key certificate
|
|
495
|
-
#
|
|
594
|
+
# The Amazon Web Services Payment Cryptography root certificate
|
|
595
|
+
# authority (CA) that signed the wrapping key certificate in PEM
|
|
596
|
+
# format (base64 encoded).
|
|
496
597
|
# @return [String]
|
|
497
598
|
#
|
|
498
599
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportOutput AWS API Documentation
|
|
@@ -521,14 +622,14 @@ module Aws::PaymentCryptography
|
|
|
521
622
|
|
|
522
623
|
# @!attribute [rw] key_certificate
|
|
523
624
|
# The public key component of the asymmetric key pair in a certificate
|
|
524
|
-
#
|
|
525
|
-
#
|
|
625
|
+
# PEM format (base64 encoded). It is signed by the root certificate
|
|
626
|
+
# authority (CA). The certificate expires in 90 days.
|
|
526
627
|
# @return [String]
|
|
527
628
|
#
|
|
528
629
|
# @!attribute [rw] key_certificate_chain
|
|
529
|
-
# The certificate
|
|
530
|
-
#
|
|
531
|
-
#
|
|
630
|
+
# The root certificate authority (CA) that signed the public key
|
|
631
|
+
# certificate in PEM format (base64 encoded) of the asymmetric key
|
|
632
|
+
# pair.
|
|
532
633
|
# @return [String]
|
|
533
634
|
#
|
|
534
635
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificateOutput AWS API Documentation
|
|
@@ -540,20 +641,61 @@ module Aws::PaymentCryptography
|
|
|
540
641
|
include Aws::Structure
|
|
541
642
|
end
|
|
542
643
|
|
|
644
|
+
# Parameter information for key material import using asymmetric RSA
|
|
645
|
+
# wrap and unwrap key exchange method.
|
|
646
|
+
#
|
|
647
|
+
# @!attribute [rw] exportable
|
|
648
|
+
# Specifies whether the key is exportable from the service.
|
|
649
|
+
# @return [Boolean]
|
|
650
|
+
#
|
|
651
|
+
# @!attribute [rw] import_token
|
|
652
|
+
# The import token that initiates key import using the asymmetric RSA
|
|
653
|
+
# wrap and unwrap key exchange method into AWS Payment Cryptography.
|
|
654
|
+
# It expires after 7 days. You can use the same import token to import
|
|
655
|
+
# multiple keys to the same service account.
|
|
656
|
+
# @return [String]
|
|
657
|
+
#
|
|
658
|
+
# @!attribute [rw] key_attributes
|
|
659
|
+
# The role of the key, the algorithm it supports, and the
|
|
660
|
+
# cryptographic operations allowed with the key. This data is
|
|
661
|
+
# immutable after the key is created.
|
|
662
|
+
# @return [Types::KeyAttributes]
|
|
663
|
+
#
|
|
664
|
+
# @!attribute [rw] wrapped_key_cryptogram
|
|
665
|
+
# The RSA wrapped key cryptogram under import.
|
|
666
|
+
# @return [String]
|
|
667
|
+
#
|
|
668
|
+
# @!attribute [rw] wrapping_spec
|
|
669
|
+
# The wrapping spec for the wrapped key cryptogram.
|
|
670
|
+
# @return [String]
|
|
671
|
+
#
|
|
672
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyCryptogram AWS API Documentation
|
|
673
|
+
#
|
|
674
|
+
class ImportKeyCryptogram < Struct.new(
|
|
675
|
+
:exportable,
|
|
676
|
+
:import_token,
|
|
677
|
+
:key_attributes,
|
|
678
|
+
:wrapped_key_cryptogram,
|
|
679
|
+
:wrapping_spec)
|
|
680
|
+
SENSITIVE = []
|
|
681
|
+
include Aws::Structure
|
|
682
|
+
end
|
|
683
|
+
|
|
543
684
|
# @!attribute [rw] enabled
|
|
544
685
|
# Specifies whether import key is enabled.
|
|
545
686
|
# @return [Boolean]
|
|
546
687
|
#
|
|
547
688
|
# @!attribute [rw] key_check_value_algorithm
|
|
548
689
|
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
549
|
-
# calculate the key check value (KCV)
|
|
690
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
691
|
+
# integrity.
|
|
550
692
|
#
|
|
551
|
-
# For
|
|
552
|
-
# value
|
|
553
|
-
# order bytes of the encrypted result. For AES
|
|
554
|
-
# computed
|
|
555
|
-
#
|
|
556
|
-
#
|
|
693
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
694
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
695
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
696
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
697
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
698
|
+
# result.
|
|
557
699
|
# @return [String]
|
|
558
700
|
#
|
|
559
701
|
# @!attribute [rw] key_material
|
|
@@ -562,22 +704,22 @@ module Aws::PaymentCryptography
|
|
|
562
704
|
# @return [Types::ImportKeyMaterial]
|
|
563
705
|
#
|
|
564
706
|
# @!attribute [rw] tags
|
|
565
|
-
#
|
|
566
|
-
#
|
|
567
|
-
#
|
|
568
|
-
#
|
|
569
|
-
#
|
|
570
|
-
#
|
|
571
|
-
#
|
|
572
|
-
#
|
|
573
|
-
#
|
|
574
|
-
#
|
|
575
|
-
#
|
|
576
|
-
#
|
|
577
|
-
#
|
|
578
|
-
# Don't include confidential or sensitive information in
|
|
579
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
580
|
-
# other output.
|
|
707
|
+
# Assigns one or more tags to the Amazon Web Services Payment
|
|
708
|
+
# Cryptography key. Use this parameter to tag a key when it is
|
|
709
|
+
# imported. To tag an existing Amazon Web Services Payment
|
|
710
|
+
# Cryptography key, use the TagResource operation.
|
|
711
|
+
#
|
|
712
|
+
# Each tag consists of a tag key and a tag value. Both the tag key and
|
|
713
|
+
# the tag value are required, but the tag value can be an empty (null)
|
|
714
|
+
# string. You can't have more than one tag on an Amazon Web Services
|
|
715
|
+
# Payment Cryptography key with the same tag key. If you specify an
|
|
716
|
+
# existing tag key with a different tag value, Amazon Web Services
|
|
717
|
+
# Payment Cryptography replaces the current tag value with the
|
|
718
|
+
# specified one.
|
|
719
|
+
#
|
|
720
|
+
# Don't include personal, confidential or sensitive information in
|
|
721
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
722
|
+
# logs and other output.
|
|
581
723
|
#
|
|
582
724
|
# <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
|
|
583
725
|
# can allow or deny permission to the key.
|
|
@@ -596,20 +738,29 @@ module Aws::PaymentCryptography
|
|
|
596
738
|
include Aws::Structure
|
|
597
739
|
end
|
|
598
740
|
|
|
599
|
-
# Parameter information for key material import
|
|
741
|
+
# Parameter information for key material import into Amazon Web Services
|
|
742
|
+
# Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
|
|
743
|
+
# exchange method.
|
|
600
744
|
#
|
|
601
745
|
# @note ImportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
|
|
602
746
|
#
|
|
747
|
+
# @!attribute [rw] key_cryptogram
|
|
748
|
+
# Parameter information for key material import using asymmetric RSA
|
|
749
|
+
# wrap and unwrap key exchange method.
|
|
750
|
+
# @return [Types::ImportKeyCryptogram]
|
|
751
|
+
#
|
|
603
752
|
# @!attribute [rw] root_certificate_public_key
|
|
604
753
|
# Parameter information for root public key certificate import.
|
|
605
754
|
# @return [Types::RootCertificatePublicKey]
|
|
606
755
|
#
|
|
607
756
|
# @!attribute [rw] tr_31_key_block
|
|
608
|
-
# Parameter information for key material import using TR-31
|
|
757
|
+
# Parameter information for key material import using symmetric TR-31
|
|
758
|
+
# key exchange method.
|
|
609
759
|
# @return [Types::ImportTr31KeyBlock]
|
|
610
760
|
#
|
|
611
761
|
# @!attribute [rw] tr_34_key_block
|
|
612
|
-
# Parameter information for key material import using
|
|
762
|
+
# Parameter information for key material import using the asymmetric
|
|
763
|
+
# TR-34 key exchange method.
|
|
613
764
|
# @return [Types::ImportTr34KeyBlock]
|
|
614
765
|
#
|
|
615
766
|
# @!attribute [rw] trusted_certificate_public_key
|
|
@@ -619,6 +770,7 @@ module Aws::PaymentCryptography
|
|
|
619
770
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyMaterial AWS API Documentation
|
|
620
771
|
#
|
|
621
772
|
class ImportKeyMaterial < Struct.new(
|
|
773
|
+
:key_cryptogram,
|
|
622
774
|
:root_certificate_public_key,
|
|
623
775
|
:tr_31_key_block,
|
|
624
776
|
:tr_34_key_block,
|
|
@@ -628,6 +780,7 @@ module Aws::PaymentCryptography
|
|
|
628
780
|
include Aws::Structure
|
|
629
781
|
include Aws::Structure::Union
|
|
630
782
|
|
|
783
|
+
class KeyCryptogram < ImportKeyMaterial; end
|
|
631
784
|
class RootCertificatePublicKey < ImportKeyMaterial; end
|
|
632
785
|
class Tr31KeyBlock < ImportKeyMaterial; end
|
|
633
786
|
class Tr34KeyBlock < ImportKeyMaterial; end
|
|
@@ -648,10 +801,11 @@ module Aws::PaymentCryptography
|
|
|
648
801
|
include Aws::Structure
|
|
649
802
|
end
|
|
650
803
|
|
|
651
|
-
# Parameter information for key material import using TR-31
|
|
804
|
+
# Parameter information for key material import using symmetric TR-31
|
|
805
|
+
# key exchange method.
|
|
652
806
|
#
|
|
653
807
|
# @!attribute [rw] wrapped_key_block
|
|
654
|
-
# The TR-
|
|
808
|
+
# The TR-31 wrapped key block to import.
|
|
655
809
|
# @return [String]
|
|
656
810
|
#
|
|
657
811
|
# @!attribute [rw] wrapping_key_identifier
|
|
@@ -668,7 +822,8 @@ module Aws::PaymentCryptography
|
|
|
668
822
|
include Aws::Structure
|
|
669
823
|
end
|
|
670
824
|
|
|
671
|
-
# Parameter information for key material import using
|
|
825
|
+
# Parameter information for key material import using the asymmetric
|
|
826
|
+
# TR-34 key exchange method.
|
|
672
827
|
#
|
|
673
828
|
# @!attribute [rw] certificate_authority_public_key_identifier
|
|
674
829
|
# The `KeyARN` of the certificate chain that signs the signing key
|
|
@@ -676,9 +831,10 @@ module Aws::PaymentCryptography
|
|
|
676
831
|
# @return [String]
|
|
677
832
|
#
|
|
678
833
|
# @!attribute [rw] import_token
|
|
679
|
-
# The import token that initiates key import
|
|
680
|
-
#
|
|
681
|
-
#
|
|
834
|
+
# The import token that initiates key import using the asymmetric
|
|
835
|
+
# TR-34 key exchange method into Amazon Web Services Payment
|
|
836
|
+
# Cryptography. It expires after 7 days. You can use the same import
|
|
837
|
+
# token to import multiple keys to the same service account.
|
|
682
838
|
# @return [String]
|
|
683
839
|
#
|
|
684
840
|
# @!attribute [rw] key_block_format
|
|
@@ -694,7 +850,7 @@ module Aws::PaymentCryptography
|
|
|
694
850
|
#
|
|
695
851
|
# @!attribute [rw] signing_key_certificate
|
|
696
852
|
# The public key component in PEM certificate format of the private
|
|
697
|
-
# key that signs the KDH TR-34
|
|
853
|
+
# key that signs the KDH TR-34 WrappedKeyBlock.
|
|
698
854
|
# @return [String]
|
|
699
855
|
#
|
|
700
856
|
# @!attribute [rw] wrapped_key_block
|
|
@@ -770,21 +926,19 @@ module Aws::PaymentCryptography
|
|
|
770
926
|
# @!attribute [rw] key_check_value
|
|
771
927
|
# The key check value (KCV) is used to check if all parties holding a
|
|
772
928
|
# given key have the same key or to detect that a key has changed.
|
|
773
|
-
# Amazon Web Services Payment Cryptography calculates the KCV by using
|
|
774
|
-
# standard algorithms, typically by encrypting 8 or 16 bytes or "00"
|
|
775
|
-
# or "01" and then truncating the result to the first 3 bytes, or 6
|
|
776
|
-
# hex digits, of the resulting cryptogram.
|
|
777
929
|
# @return [String]
|
|
778
930
|
#
|
|
779
931
|
# @!attribute [rw] key_check_value_algorithm
|
|
780
|
-
# The algorithm
|
|
781
|
-
#
|
|
782
|
-
#
|
|
783
|
-
#
|
|
784
|
-
#
|
|
785
|
-
#
|
|
786
|
-
#
|
|
787
|
-
#
|
|
932
|
+
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
933
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
934
|
+
# integrity.
|
|
935
|
+
#
|
|
936
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
937
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
938
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
939
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
940
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
941
|
+
# result.
|
|
788
942
|
# @return [String]
|
|
789
943
|
#
|
|
790
944
|
# @!attribute [rw] key_origin
|
|
@@ -961,10 +1115,6 @@ module Aws::PaymentCryptography
|
|
|
961
1115
|
# @!attribute [rw] key_check_value
|
|
962
1116
|
# The key check value (KCV) is used to check if all parties holding a
|
|
963
1117
|
# given key have the same key or to detect that a key has changed.
|
|
964
|
-
# Amazon Web Services Payment Cryptography calculates the KCV by using
|
|
965
|
-
# standard algorithms, typically by encrypting 8 or 16 bytes or "00"
|
|
966
|
-
# or "01" and then truncating the result to the first 3 bytes, or 6
|
|
967
|
-
# hex digits, of the resulting cryptogram.
|
|
968
1118
|
# @return [String]
|
|
969
1119
|
#
|
|
970
1120
|
# @!attribute [rw] key_state
|
|
@@ -1039,6 +1189,10 @@ module Aws::PaymentCryptography
|
|
|
1039
1189
|
# When this value is present, Amazon Web Services Payment Cryptography
|
|
1040
1190
|
# does not return more than the specified number of items, but it
|
|
1041
1191
|
# might return fewer.
|
|
1192
|
+
#
|
|
1193
|
+
# This value is optional. If you include a value, it must be between 1
|
|
1194
|
+
# and 100, inclusive. If you do not include a value, it defaults to
|
|
1195
|
+
# 50.
|
|
1042
1196
|
# @return [Integer]
|
|
1043
1197
|
#
|
|
1044
1198
|
# @!attribute [rw] next_token
|
|
@@ -1081,6 +1235,10 @@ module Aws::PaymentCryptography
|
|
|
1081
1235
|
# When this value is present, Amazon Web Services Payment Cryptography
|
|
1082
1236
|
# does not return more than the specified number of items, but it
|
|
1083
1237
|
# might return fewer.
|
|
1238
|
+
#
|
|
1239
|
+
# This value is optional. If you include a value, it must be between 1
|
|
1240
|
+
# and 100, inclusive. If you do not include a value, it defaults to
|
|
1241
|
+
# 50.
|
|
1084
1242
|
# @return [Integer]
|
|
1085
1243
|
#
|
|
1086
1244
|
# @!attribute [rw] next_token
|
|
@@ -1290,16 +1448,16 @@ module Aws::PaymentCryptography
|
|
|
1290
1448
|
# different tag value, Amazon Web Services Payment Cryptography
|
|
1291
1449
|
# replaces the current tag value with the new one.
|
|
1292
1450
|
#
|
|
1293
|
-
# Don't include confidential or sensitive information in
|
|
1294
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
1295
|
-
# other output.
|
|
1451
|
+
# Don't include personal, confidential or sensitive information in
|
|
1452
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
1453
|
+
# logs and other output.
|
|
1296
1454
|
#
|
|
1297
1455
|
# To use this parameter, you must have TagResource permission in an
|
|
1298
1456
|
# IAM policy.
|
|
1299
1457
|
#
|
|
1300
|
-
# Don't include confidential or sensitive information in
|
|
1301
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
1302
|
-
# other output.
|
|
1458
|
+
# Don't include personal, confidential or sensitive information in
|
|
1459
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
1460
|
+
# logs and other output.
|
|
1303
1461
|
# @return [Array<Types::Tag>]
|
|
1304
1462
|
#
|
|
1305
1463
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResourceInput AWS API Documentation
|
|
@@ -1424,12 +1582,30 @@ module Aws::PaymentCryptography
|
|
|
1424
1582
|
include Aws::Structure
|
|
1425
1583
|
end
|
|
1426
1584
|
|
|
1427
|
-
# Parameter information for generating a
|
|
1428
|
-
#
|
|
1585
|
+
# Parameter information for generating a WrappedKeyBlock for key
|
|
1586
|
+
# exchange.
|
|
1587
|
+
#
|
|
1588
|
+
# @!attribute [rw] key_check_value
|
|
1589
|
+
# The key check value (KCV) is used to check if all parties holding a
|
|
1590
|
+
# given key have the same key or to detect that a key has changed.
|
|
1591
|
+
# @return [String]
|
|
1592
|
+
#
|
|
1593
|
+
# @!attribute [rw] key_check_value_algorithm
|
|
1594
|
+
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
1595
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
1596
|
+
# integrity.
|
|
1597
|
+
#
|
|
1598
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
1599
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
1600
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
1601
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
1602
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
1603
|
+
# result.
|
|
1604
|
+
# @return [String]
|
|
1429
1605
|
#
|
|
1430
1606
|
# @!attribute [rw] key_material
|
|
1431
1607
|
# Parameter information for generating a wrapped key using TR-31 or
|
|
1432
|
-
# TR-34
|
|
1608
|
+
# TR-34 skey exchange method.
|
|
1433
1609
|
# @return [String]
|
|
1434
1610
|
#
|
|
1435
1611
|
# @!attribute [rw] wrapped_key_material_format
|
|
@@ -1443,6 +1619,8 @@ module Aws::PaymentCryptography
|
|
|
1443
1619
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/WrappedKey AWS API Documentation
|
|
1444
1620
|
#
|
|
1445
1621
|
class WrappedKey < Struct.new(
|
|
1622
|
+
:key_check_value,
|
|
1623
|
+
:key_check_value_algorithm,
|
|
1446
1624
|
:key_material,
|
|
1447
1625
|
:wrapped_key_material_format,
|
|
1448
1626
|
:wrapping_key_arn)
|