aws-sdk-paymentcryptography 1.8.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-paymentcryptography/client.rb +379 -203
- data/lib/aws-sdk-paymentcryptography/client_api.rb +33 -0
- data/lib/aws-sdk-paymentcryptography/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-paymentcryptography/types.rb +292 -114
- data/lib/aws-sdk-paymentcryptography.rb +1 -1
- metadata +6 -6
|
@@ -61,14 +61,14 @@ module Aws::PaymentCryptography
|
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
# @!attribute [rw] alias_name
|
|
64
|
-
# A friendly name that you can use to refer a key. An alias must
|
|
65
|
-
# with `alias/` followed by a name, for example
|
|
66
|
-
# It can contain only alphanumeric characters,
|
|
67
|
-
# underscores (\_), and dashes (-).
|
|
64
|
+
# A friendly name that you can use to refer to a key. An alias must
|
|
65
|
+
# begin with `alias/` followed by a name, for example
|
|
66
|
+
# `alias/ExampleAlias`. It can contain only alphanumeric characters,
|
|
67
|
+
# forward slashes (/), underscores (\_), and dashes (-).
|
|
68
68
|
#
|
|
69
|
-
# Don't include confidential or sensitive information in
|
|
70
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
71
|
-
# other output.
|
|
69
|
+
# Don't include personal, confidential or sensitive information in
|
|
70
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
71
|
+
# logs and other output.
|
|
72
72
|
# @return [String]
|
|
73
73
|
#
|
|
74
74
|
# @!attribute [rw] key_arn
|
|
@@ -98,8 +98,8 @@ module Aws::PaymentCryptography
|
|
|
98
98
|
|
|
99
99
|
# @!attribute [rw] enabled
|
|
100
100
|
# Specifies whether to enable the key. If the key is enabled, it is
|
|
101
|
-
# activated for use within the service. If the key not enabled,
|
|
102
|
-
# it is created but not activated. The default value is enabled.
|
|
101
|
+
# activated for use within the service. If the key is not enabled,
|
|
102
|
+
# then it is created but not activated. The default value is enabled.
|
|
103
103
|
# @return [Boolean]
|
|
104
104
|
#
|
|
105
105
|
# @!attribute [rw] exportable
|
|
@@ -114,28 +114,31 @@ module Aws::PaymentCryptography
|
|
|
114
114
|
#
|
|
115
115
|
# @!attribute [rw] key_check_value_algorithm
|
|
116
116
|
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
117
|
-
# calculate the key check value (KCV)
|
|
117
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
118
|
+
# integrity.
|
|
118
119
|
#
|
|
119
|
-
# For
|
|
120
|
-
# value
|
|
121
|
-
# order bytes of the encrypted result. For AES
|
|
122
|
-
# computed
|
|
123
|
-
#
|
|
124
|
-
#
|
|
120
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
121
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
122
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
123
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
124
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
125
|
+
# result.
|
|
125
126
|
# @return [String]
|
|
126
127
|
#
|
|
127
128
|
# @!attribute [rw] tags
|
|
128
|
-
#
|
|
129
|
-
#
|
|
130
|
-
#
|
|
131
|
-
#
|
|
132
|
-
# same tag key.
|
|
129
|
+
# Assigns one or more tags to the Amazon Web Services Payment
|
|
130
|
+
# Cryptography key. Use this parameter to tag a key when it is
|
|
131
|
+
# created. To tag an existing Amazon Web Services Payment Cryptography
|
|
132
|
+
# key, use the TagResource operation.
|
|
133
133
|
#
|
|
134
|
-
#
|
|
134
|
+
# Each tag consists of a tag key and a tag value. Both the tag key and
|
|
135
|
+
# the tag value are required, but the tag value can be an empty (null)
|
|
136
|
+
# string. You can't have more than one tag on an Amazon Web Services
|
|
137
|
+
# Payment Cryptography key with the same tag key.
|
|
135
138
|
#
|
|
136
|
-
# Don't include confidential or sensitive information in
|
|
137
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
138
|
-
# other output.
|
|
139
|
+
# Don't include personal, confidential or sensitive information in
|
|
140
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
141
|
+
# logs and other output.
|
|
139
142
|
#
|
|
140
143
|
# <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
|
|
141
144
|
# can allow or deny permission to the key.
|
|
@@ -215,6 +218,84 @@ module Aws::PaymentCryptography
|
|
|
215
218
|
include Aws::Structure
|
|
216
219
|
end
|
|
217
220
|
|
|
221
|
+
# The attributes for IPEK generation during export.
|
|
222
|
+
#
|
|
223
|
+
# @!attribute [rw] export_dukpt_initial_key
|
|
224
|
+
# Parameter information for IPEK export.
|
|
225
|
+
# @return [Types::ExportDukptInitialKey]
|
|
226
|
+
#
|
|
227
|
+
# @!attribute [rw] key_check_value_algorithm
|
|
228
|
+
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
229
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
230
|
+
# integrity. Specify KCV for IPEK export only.
|
|
231
|
+
#
|
|
232
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
233
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
234
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
235
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
236
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
237
|
+
# result.
|
|
238
|
+
# @return [String]
|
|
239
|
+
#
|
|
240
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportAttributes AWS API Documentation
|
|
241
|
+
#
|
|
242
|
+
class ExportAttributes < Struct.new(
|
|
243
|
+
:export_dukpt_initial_key,
|
|
244
|
+
:key_check_value_algorithm)
|
|
245
|
+
SENSITIVE = []
|
|
246
|
+
include Aws::Structure
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
# Parameter information for IPEK generation during export.
|
|
250
|
+
#
|
|
251
|
+
# @!attribute [rw] key_serial_number
|
|
252
|
+
# The KSN for IPEK generation using DUKPT.
|
|
253
|
+
#
|
|
254
|
+
# KSN must be padded before sending to Amazon Web Services Payment
|
|
255
|
+
# Cryptography. KSN hex length should be 20 for a TDES\_2KEY key or 24
|
|
256
|
+
# for an AES key.
|
|
257
|
+
# @return [String]
|
|
258
|
+
#
|
|
259
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportDukptInitialKey AWS API Documentation
|
|
260
|
+
#
|
|
261
|
+
class ExportDukptInitialKey < Struct.new(
|
|
262
|
+
:key_serial_number)
|
|
263
|
+
SENSITIVE = []
|
|
264
|
+
include Aws::Structure
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
# Parameter information for key material export using asymmetric RSA
|
|
268
|
+
# wrap and unwrap key exchange method.
|
|
269
|
+
#
|
|
270
|
+
# @!attribute [rw] certificate_authority_public_key_identifier
|
|
271
|
+
# The `KeyARN` of the certificate chain that signs the wrapping key
|
|
272
|
+
# certificate during RSA wrap and unwrap key export.
|
|
273
|
+
# @return [String]
|
|
274
|
+
#
|
|
275
|
+
# @!attribute [rw] wrapping_key_certificate
|
|
276
|
+
# The wrapping key certificate in PEM format (base64 encoded). Amazon
|
|
277
|
+
# Web Services Payment Cryptography uses this certificate to wrap the
|
|
278
|
+
# key under export.
|
|
279
|
+
# @return [String]
|
|
280
|
+
#
|
|
281
|
+
# @!attribute [rw] wrapping_spec
|
|
282
|
+
# The wrapping spec for the key under export.
|
|
283
|
+
# @return [String]
|
|
284
|
+
#
|
|
285
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyCryptogram AWS API Documentation
|
|
286
|
+
#
|
|
287
|
+
class ExportKeyCryptogram < Struct.new(
|
|
288
|
+
:certificate_authority_public_key_identifier,
|
|
289
|
+
:wrapping_key_certificate,
|
|
290
|
+
:wrapping_spec)
|
|
291
|
+
SENSITIVE = [:wrapping_key_certificate]
|
|
292
|
+
include Aws::Structure
|
|
293
|
+
end
|
|
294
|
+
|
|
295
|
+
# @!attribute [rw] export_attributes
|
|
296
|
+
# The attributes for IPEK generation during export.
|
|
297
|
+
# @return [Types::ExportAttributes]
|
|
298
|
+
#
|
|
218
299
|
# @!attribute [rw] export_key_identifier
|
|
219
300
|
# The `KeyARN` of the key under export from Amazon Web Services
|
|
220
301
|
# Payment Cryptography.
|
|
@@ -228,6 +309,7 @@ module Aws::PaymentCryptography
|
|
|
228
309
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyInput AWS API Documentation
|
|
229
310
|
#
|
|
230
311
|
class ExportKeyInput < Struct.new(
|
|
312
|
+
:export_attributes,
|
|
231
313
|
:export_key_identifier,
|
|
232
314
|
:key_material)
|
|
233
315
|
SENSITIVE = []
|
|
@@ -235,21 +317,30 @@ module Aws::PaymentCryptography
|
|
|
235
317
|
end
|
|
236
318
|
|
|
237
319
|
# Parameter information for key material export from Amazon Web Services
|
|
238
|
-
# Payment Cryptography
|
|
320
|
+
# Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
|
|
321
|
+
# exchange method.
|
|
239
322
|
#
|
|
240
323
|
# @note ExportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
|
|
241
324
|
#
|
|
325
|
+
# @!attribute [rw] key_cryptogram
|
|
326
|
+
# Parameter information for key material export using asymmetric RSA
|
|
327
|
+
# wrap and unwrap key exchange method
|
|
328
|
+
# @return [Types::ExportKeyCryptogram]
|
|
329
|
+
#
|
|
242
330
|
# @!attribute [rw] tr_31_key_block
|
|
243
|
-
# Parameter information for key material export using TR-31
|
|
331
|
+
# Parameter information for key material export using symmetric TR-31
|
|
332
|
+
# key exchange method.
|
|
244
333
|
# @return [Types::ExportTr31KeyBlock]
|
|
245
334
|
#
|
|
246
335
|
# @!attribute [rw] tr_34_key_block
|
|
247
|
-
# Parameter information for key material export using
|
|
336
|
+
# Parameter information for key material export using the asymmetric
|
|
337
|
+
# TR-34 key exchange method.
|
|
248
338
|
# @return [Types::ExportTr34KeyBlock]
|
|
249
339
|
#
|
|
250
340
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyMaterial AWS API Documentation
|
|
251
341
|
#
|
|
252
342
|
class ExportKeyMaterial < Struct.new(
|
|
343
|
+
:key_cryptogram,
|
|
253
344
|
:tr_31_key_block,
|
|
254
345
|
:tr_34_key_block,
|
|
255
346
|
:unknown)
|
|
@@ -257,13 +348,15 @@ module Aws::PaymentCryptography
|
|
|
257
348
|
include Aws::Structure
|
|
258
349
|
include Aws::Structure::Union
|
|
259
350
|
|
|
351
|
+
class KeyCryptogram < ExportKeyMaterial; end
|
|
260
352
|
class Tr31KeyBlock < ExportKeyMaterial; end
|
|
261
353
|
class Tr34KeyBlock < ExportKeyMaterial; end
|
|
262
354
|
class Unknown < ExportKeyMaterial; end
|
|
263
355
|
end
|
|
264
356
|
|
|
265
357
|
# @!attribute [rw] wrapped_key
|
|
266
|
-
# The key material under export as a TR-34 or TR-31
|
|
358
|
+
# The key material under export as a TR-34 WrappedKeyBlock or a TR-31
|
|
359
|
+
# WrappedKeyBlock. or a RSA WrappedKeyCryptogram.
|
|
267
360
|
# @return [Types::WrappedKey]
|
|
268
361
|
#
|
|
269
362
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyOutput AWS API Documentation
|
|
@@ -274,7 +367,8 @@ module Aws::PaymentCryptography
|
|
|
274
367
|
include Aws::Structure
|
|
275
368
|
end
|
|
276
369
|
|
|
277
|
-
# Parameter information for key material export using TR-31
|
|
370
|
+
# Parameter information for key material export using symmetric TR-31
|
|
371
|
+
# key exchange method.
|
|
278
372
|
#
|
|
279
373
|
# @!attribute [rw] wrapping_key_identifier
|
|
280
374
|
# The `KeyARN` of the the wrapping key. This key encrypts or wraps the
|
|
@@ -289,7 +383,8 @@ module Aws::PaymentCryptography
|
|
|
289
383
|
include Aws::Structure
|
|
290
384
|
end
|
|
291
385
|
|
|
292
|
-
# Parameter information for key material export using
|
|
386
|
+
# Parameter information for key material export using the asymmetric
|
|
387
|
+
# TR-34 key exchange method.
|
|
293
388
|
#
|
|
294
389
|
# @!attribute [rw] certificate_authority_public_key_identifier
|
|
295
390
|
# The `KeyARN` of the certificate chain that signs the wrapping key
|
|
@@ -393,8 +488,7 @@ module Aws::PaymentCryptography
|
|
|
393
488
|
# @!attribute [rw] signing_key_algorithm
|
|
394
489
|
# The signing key algorithm to generate a signing key certificate.
|
|
395
490
|
# This certificate signs the wrapped key under export within the TR-34
|
|
396
|
-
# key block
|
|
397
|
-
# allowed.
|
|
491
|
+
# key block. `RSA_2048` is the only signing key algorithm allowed.
|
|
398
492
|
# @return [String]
|
|
399
493
|
#
|
|
400
494
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportInput AWS API Documentation
|
|
@@ -424,14 +518,14 @@ module Aws::PaymentCryptography
|
|
|
424
518
|
# @return [String]
|
|
425
519
|
#
|
|
426
520
|
# @!attribute [rw] signing_key_certificate
|
|
427
|
-
# The signing key certificate
|
|
428
|
-
# the TR-34 key block
|
|
429
|
-
# days.
|
|
521
|
+
# The signing key certificate in PEM format (base64 encoded) of the
|
|
522
|
+
# public key for signature within the TR-34 key block. The certificate
|
|
523
|
+
# expires after 7 days.
|
|
430
524
|
# @return [String]
|
|
431
525
|
#
|
|
432
526
|
# @!attribute [rw] signing_key_certificate_chain
|
|
433
|
-
# The certificate
|
|
434
|
-
#
|
|
527
|
+
# The root certificate authority (CA) that signed the signing key
|
|
528
|
+
# certificate in PEM format (base64 encoded).
|
|
435
529
|
# @return [String]
|
|
436
530
|
#
|
|
437
531
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportOutput AWS API Documentation
|
|
@@ -447,16 +541,22 @@ module Aws::PaymentCryptography
|
|
|
447
541
|
end
|
|
448
542
|
|
|
449
543
|
# @!attribute [rw] key_material_type
|
|
450
|
-
# The
|
|
451
|
-
#
|
|
452
|
-
# `
|
|
544
|
+
# The method to use for key material import. Import token is only
|
|
545
|
+
# required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`) and RSA
|
|
546
|
+
# WrappedKeyCryptogram (`KEY_CRYPTOGRAM`).
|
|
547
|
+
#
|
|
548
|
+
# Import token is not required for TR-31, root public key cerificate
|
|
549
|
+
# or trusted public key certificate.
|
|
453
550
|
# @return [String]
|
|
454
551
|
#
|
|
455
552
|
# @!attribute [rw] wrapping_key_algorithm
|
|
456
553
|
# The wrapping key algorithm to generate a wrapping key certificate.
|
|
457
|
-
# This certificate wraps the key under import
|
|
458
|
-
#
|
|
459
|
-
# allowed
|
|
554
|
+
# This certificate wraps the key under import.
|
|
555
|
+
#
|
|
556
|
+
# At this time, `RSA_2048` is the allowed algorithm for TR-34
|
|
557
|
+
# WrappedKeyBlock import. Additionally, `RSA_2048`, `RSA_3072`,
|
|
558
|
+
# `RSA_4096` are the allowed algorithms for RSA WrappedKeyCryptogram
|
|
559
|
+
# import.
|
|
460
560
|
# @return [String]
|
|
461
561
|
#
|
|
462
562
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportInput AWS API Documentation
|
|
@@ -480,19 +580,20 @@ module Aws::PaymentCryptography
|
|
|
480
580
|
# @return [Time]
|
|
481
581
|
#
|
|
482
582
|
# @!attribute [rw] wrapping_key_algorithm
|
|
483
|
-
# The algorithm of the wrapping key for use within TR-34
|
|
484
|
-
#
|
|
583
|
+
# The algorithm of the wrapping key for use within TR-34
|
|
584
|
+
# WrappedKeyBlock or RSA WrappedKeyCryptogram.
|
|
485
585
|
# @return [String]
|
|
486
586
|
#
|
|
487
587
|
# @!attribute [rw] wrapping_key_certificate
|
|
488
|
-
# The wrapping key certificate
|
|
489
|
-
# TR-34 key block. The certificate
|
|
588
|
+
# The wrapping key certificate in PEM format (base64 encoded) of the
|
|
589
|
+
# wrapping key for use within the TR-34 key block. The certificate
|
|
590
|
+
# expires in 7 days.
|
|
490
591
|
# @return [String]
|
|
491
592
|
#
|
|
492
593
|
# @!attribute [rw] wrapping_key_certificate_chain
|
|
493
|
-
# The Amazon Web Services Payment Cryptography certificate
|
|
494
|
-
# signed the wrapping key certificate
|
|
495
|
-
#
|
|
594
|
+
# The Amazon Web Services Payment Cryptography root certificate
|
|
595
|
+
# authority (CA) that signed the wrapping key certificate in PEM
|
|
596
|
+
# format (base64 encoded).
|
|
496
597
|
# @return [String]
|
|
497
598
|
#
|
|
498
599
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportOutput AWS API Documentation
|
|
@@ -521,14 +622,14 @@ module Aws::PaymentCryptography
|
|
|
521
622
|
|
|
522
623
|
# @!attribute [rw] key_certificate
|
|
523
624
|
# The public key component of the asymmetric key pair in a certificate
|
|
524
|
-
#
|
|
525
|
-
#
|
|
625
|
+
# PEM format (base64 encoded). It is signed by the root certificate
|
|
626
|
+
# authority (CA). The certificate expires in 90 days.
|
|
526
627
|
# @return [String]
|
|
527
628
|
#
|
|
528
629
|
# @!attribute [rw] key_certificate_chain
|
|
529
|
-
# The certificate
|
|
530
|
-
#
|
|
531
|
-
#
|
|
630
|
+
# The root certificate authority (CA) that signed the public key
|
|
631
|
+
# certificate in PEM format (base64 encoded) of the asymmetric key
|
|
632
|
+
# pair.
|
|
532
633
|
# @return [String]
|
|
533
634
|
#
|
|
534
635
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificateOutput AWS API Documentation
|
|
@@ -540,20 +641,61 @@ module Aws::PaymentCryptography
|
|
|
540
641
|
include Aws::Structure
|
|
541
642
|
end
|
|
542
643
|
|
|
644
|
+
# Parameter information for key material import using asymmetric RSA
|
|
645
|
+
# wrap and unwrap key exchange method.
|
|
646
|
+
#
|
|
647
|
+
# @!attribute [rw] exportable
|
|
648
|
+
# Specifies whether the key is exportable from the service.
|
|
649
|
+
# @return [Boolean]
|
|
650
|
+
#
|
|
651
|
+
# @!attribute [rw] import_token
|
|
652
|
+
# The import token that initiates key import using the asymmetric RSA
|
|
653
|
+
# wrap and unwrap key exchange method into AWS Payment Cryptography.
|
|
654
|
+
# It expires after 7 days. You can use the same import token to import
|
|
655
|
+
# multiple keys to the same service account.
|
|
656
|
+
# @return [String]
|
|
657
|
+
#
|
|
658
|
+
# @!attribute [rw] key_attributes
|
|
659
|
+
# The role of the key, the algorithm it supports, and the
|
|
660
|
+
# cryptographic operations allowed with the key. This data is
|
|
661
|
+
# immutable after the key is created.
|
|
662
|
+
# @return [Types::KeyAttributes]
|
|
663
|
+
#
|
|
664
|
+
# @!attribute [rw] wrapped_key_cryptogram
|
|
665
|
+
# The RSA wrapped key cryptogram under import.
|
|
666
|
+
# @return [String]
|
|
667
|
+
#
|
|
668
|
+
# @!attribute [rw] wrapping_spec
|
|
669
|
+
# The wrapping spec for the wrapped key cryptogram.
|
|
670
|
+
# @return [String]
|
|
671
|
+
#
|
|
672
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyCryptogram AWS API Documentation
|
|
673
|
+
#
|
|
674
|
+
class ImportKeyCryptogram < Struct.new(
|
|
675
|
+
:exportable,
|
|
676
|
+
:import_token,
|
|
677
|
+
:key_attributes,
|
|
678
|
+
:wrapped_key_cryptogram,
|
|
679
|
+
:wrapping_spec)
|
|
680
|
+
SENSITIVE = []
|
|
681
|
+
include Aws::Structure
|
|
682
|
+
end
|
|
683
|
+
|
|
543
684
|
# @!attribute [rw] enabled
|
|
544
685
|
# Specifies whether import key is enabled.
|
|
545
686
|
# @return [Boolean]
|
|
546
687
|
#
|
|
547
688
|
# @!attribute [rw] key_check_value_algorithm
|
|
548
689
|
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
549
|
-
# calculate the key check value (KCV)
|
|
690
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
691
|
+
# integrity.
|
|
550
692
|
#
|
|
551
|
-
# For
|
|
552
|
-
# value
|
|
553
|
-
# order bytes of the encrypted result. For AES
|
|
554
|
-
# computed
|
|
555
|
-
#
|
|
556
|
-
#
|
|
693
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
694
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
695
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
696
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
697
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
698
|
+
# result.
|
|
557
699
|
# @return [String]
|
|
558
700
|
#
|
|
559
701
|
# @!attribute [rw] key_material
|
|
@@ -562,22 +704,22 @@ module Aws::PaymentCryptography
|
|
|
562
704
|
# @return [Types::ImportKeyMaterial]
|
|
563
705
|
#
|
|
564
706
|
# @!attribute [rw] tags
|
|
565
|
-
#
|
|
566
|
-
#
|
|
567
|
-
#
|
|
568
|
-
#
|
|
569
|
-
#
|
|
570
|
-
#
|
|
571
|
-
#
|
|
572
|
-
#
|
|
573
|
-
#
|
|
574
|
-
#
|
|
575
|
-
#
|
|
576
|
-
#
|
|
577
|
-
#
|
|
578
|
-
# Don't include confidential or sensitive information in
|
|
579
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
580
|
-
# other output.
|
|
707
|
+
# Assigns one or more tags to the Amazon Web Services Payment
|
|
708
|
+
# Cryptography key. Use this parameter to tag a key when it is
|
|
709
|
+
# imported. To tag an existing Amazon Web Services Payment
|
|
710
|
+
# Cryptography key, use the TagResource operation.
|
|
711
|
+
#
|
|
712
|
+
# Each tag consists of a tag key and a tag value. Both the tag key and
|
|
713
|
+
# the tag value are required, but the tag value can be an empty (null)
|
|
714
|
+
# string. You can't have more than one tag on an Amazon Web Services
|
|
715
|
+
# Payment Cryptography key with the same tag key. If you specify an
|
|
716
|
+
# existing tag key with a different tag value, Amazon Web Services
|
|
717
|
+
# Payment Cryptography replaces the current tag value with the
|
|
718
|
+
# specified one.
|
|
719
|
+
#
|
|
720
|
+
# Don't include personal, confidential or sensitive information in
|
|
721
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
722
|
+
# logs and other output.
|
|
581
723
|
#
|
|
582
724
|
# <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
|
|
583
725
|
# can allow or deny permission to the key.
|
|
@@ -596,20 +738,29 @@ module Aws::PaymentCryptography
|
|
|
596
738
|
include Aws::Structure
|
|
597
739
|
end
|
|
598
740
|
|
|
599
|
-
# Parameter information for key material import
|
|
741
|
+
# Parameter information for key material import into Amazon Web Services
|
|
742
|
+
# Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
|
|
743
|
+
# exchange method.
|
|
600
744
|
#
|
|
601
745
|
# @note ImportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
|
|
602
746
|
#
|
|
747
|
+
# @!attribute [rw] key_cryptogram
|
|
748
|
+
# Parameter information for key material import using asymmetric RSA
|
|
749
|
+
# wrap and unwrap key exchange method.
|
|
750
|
+
# @return [Types::ImportKeyCryptogram]
|
|
751
|
+
#
|
|
603
752
|
# @!attribute [rw] root_certificate_public_key
|
|
604
753
|
# Parameter information for root public key certificate import.
|
|
605
754
|
# @return [Types::RootCertificatePublicKey]
|
|
606
755
|
#
|
|
607
756
|
# @!attribute [rw] tr_31_key_block
|
|
608
|
-
# Parameter information for key material import using TR-31
|
|
757
|
+
# Parameter information for key material import using symmetric TR-31
|
|
758
|
+
# key exchange method.
|
|
609
759
|
# @return [Types::ImportTr31KeyBlock]
|
|
610
760
|
#
|
|
611
761
|
# @!attribute [rw] tr_34_key_block
|
|
612
|
-
# Parameter information for key material import using
|
|
762
|
+
# Parameter information for key material import using the asymmetric
|
|
763
|
+
# TR-34 key exchange method.
|
|
613
764
|
# @return [Types::ImportTr34KeyBlock]
|
|
614
765
|
#
|
|
615
766
|
# @!attribute [rw] trusted_certificate_public_key
|
|
@@ -619,6 +770,7 @@ module Aws::PaymentCryptography
|
|
|
619
770
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyMaterial AWS API Documentation
|
|
620
771
|
#
|
|
621
772
|
class ImportKeyMaterial < Struct.new(
|
|
773
|
+
:key_cryptogram,
|
|
622
774
|
:root_certificate_public_key,
|
|
623
775
|
:tr_31_key_block,
|
|
624
776
|
:tr_34_key_block,
|
|
@@ -628,6 +780,7 @@ module Aws::PaymentCryptography
|
|
|
628
780
|
include Aws::Structure
|
|
629
781
|
include Aws::Structure::Union
|
|
630
782
|
|
|
783
|
+
class KeyCryptogram < ImportKeyMaterial; end
|
|
631
784
|
class RootCertificatePublicKey < ImportKeyMaterial; end
|
|
632
785
|
class Tr31KeyBlock < ImportKeyMaterial; end
|
|
633
786
|
class Tr34KeyBlock < ImportKeyMaterial; end
|
|
@@ -648,10 +801,11 @@ module Aws::PaymentCryptography
|
|
|
648
801
|
include Aws::Structure
|
|
649
802
|
end
|
|
650
803
|
|
|
651
|
-
# Parameter information for key material import using TR-31
|
|
804
|
+
# Parameter information for key material import using symmetric TR-31
|
|
805
|
+
# key exchange method.
|
|
652
806
|
#
|
|
653
807
|
# @!attribute [rw] wrapped_key_block
|
|
654
|
-
# The TR-
|
|
808
|
+
# The TR-31 wrapped key block to import.
|
|
655
809
|
# @return [String]
|
|
656
810
|
#
|
|
657
811
|
# @!attribute [rw] wrapping_key_identifier
|
|
@@ -668,7 +822,8 @@ module Aws::PaymentCryptography
|
|
|
668
822
|
include Aws::Structure
|
|
669
823
|
end
|
|
670
824
|
|
|
671
|
-
# Parameter information for key material import using
|
|
825
|
+
# Parameter information for key material import using the asymmetric
|
|
826
|
+
# TR-34 key exchange method.
|
|
672
827
|
#
|
|
673
828
|
# @!attribute [rw] certificate_authority_public_key_identifier
|
|
674
829
|
# The `KeyARN` of the certificate chain that signs the signing key
|
|
@@ -676,9 +831,10 @@ module Aws::PaymentCryptography
|
|
|
676
831
|
# @return [String]
|
|
677
832
|
#
|
|
678
833
|
# @!attribute [rw] import_token
|
|
679
|
-
# The import token that initiates key import
|
|
680
|
-
#
|
|
681
|
-
#
|
|
834
|
+
# The import token that initiates key import using the asymmetric
|
|
835
|
+
# TR-34 key exchange method into Amazon Web Services Payment
|
|
836
|
+
# Cryptography. It expires after 7 days. You can use the same import
|
|
837
|
+
# token to import multiple keys to the same service account.
|
|
682
838
|
# @return [String]
|
|
683
839
|
#
|
|
684
840
|
# @!attribute [rw] key_block_format
|
|
@@ -694,7 +850,7 @@ module Aws::PaymentCryptography
|
|
|
694
850
|
#
|
|
695
851
|
# @!attribute [rw] signing_key_certificate
|
|
696
852
|
# The public key component in PEM certificate format of the private
|
|
697
|
-
# key that signs the KDH TR-34
|
|
853
|
+
# key that signs the KDH TR-34 WrappedKeyBlock.
|
|
698
854
|
# @return [String]
|
|
699
855
|
#
|
|
700
856
|
# @!attribute [rw] wrapped_key_block
|
|
@@ -770,21 +926,19 @@ module Aws::PaymentCryptography
|
|
|
770
926
|
# @!attribute [rw] key_check_value
|
|
771
927
|
# The key check value (KCV) is used to check if all parties holding a
|
|
772
928
|
# given key have the same key or to detect that a key has changed.
|
|
773
|
-
# Amazon Web Services Payment Cryptography calculates the KCV by using
|
|
774
|
-
# standard algorithms, typically by encrypting 8 or 16 bytes or "00"
|
|
775
|
-
# or "01" and then truncating the result to the first 3 bytes, or 6
|
|
776
|
-
# hex digits, of the resulting cryptogram.
|
|
777
929
|
# @return [String]
|
|
778
930
|
#
|
|
779
931
|
# @!attribute [rw] key_check_value_algorithm
|
|
780
|
-
# The algorithm
|
|
781
|
-
#
|
|
782
|
-
#
|
|
783
|
-
#
|
|
784
|
-
#
|
|
785
|
-
#
|
|
786
|
-
#
|
|
787
|
-
#
|
|
932
|
+
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
933
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
934
|
+
# integrity.
|
|
935
|
+
#
|
|
936
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
937
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
938
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
939
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
940
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
941
|
+
# result.
|
|
788
942
|
# @return [String]
|
|
789
943
|
#
|
|
790
944
|
# @!attribute [rw] key_origin
|
|
@@ -961,10 +1115,6 @@ module Aws::PaymentCryptography
|
|
|
961
1115
|
# @!attribute [rw] key_check_value
|
|
962
1116
|
# The key check value (KCV) is used to check if all parties holding a
|
|
963
1117
|
# given key have the same key or to detect that a key has changed.
|
|
964
|
-
# Amazon Web Services Payment Cryptography calculates the KCV by using
|
|
965
|
-
# standard algorithms, typically by encrypting 8 or 16 bytes or "00"
|
|
966
|
-
# or "01" and then truncating the result to the first 3 bytes, or 6
|
|
967
|
-
# hex digits, of the resulting cryptogram.
|
|
968
1118
|
# @return [String]
|
|
969
1119
|
#
|
|
970
1120
|
# @!attribute [rw] key_state
|
|
@@ -1039,6 +1189,10 @@ module Aws::PaymentCryptography
|
|
|
1039
1189
|
# When this value is present, Amazon Web Services Payment Cryptography
|
|
1040
1190
|
# does not return more than the specified number of items, but it
|
|
1041
1191
|
# might return fewer.
|
|
1192
|
+
#
|
|
1193
|
+
# This value is optional. If you include a value, it must be between 1
|
|
1194
|
+
# and 100, inclusive. If you do not include a value, it defaults to
|
|
1195
|
+
# 50.
|
|
1042
1196
|
# @return [Integer]
|
|
1043
1197
|
#
|
|
1044
1198
|
# @!attribute [rw] next_token
|
|
@@ -1081,6 +1235,10 @@ module Aws::PaymentCryptography
|
|
|
1081
1235
|
# When this value is present, Amazon Web Services Payment Cryptography
|
|
1082
1236
|
# does not return more than the specified number of items, but it
|
|
1083
1237
|
# might return fewer.
|
|
1238
|
+
#
|
|
1239
|
+
# This value is optional. If you include a value, it must be between 1
|
|
1240
|
+
# and 100, inclusive. If you do not include a value, it defaults to
|
|
1241
|
+
# 50.
|
|
1084
1242
|
# @return [Integer]
|
|
1085
1243
|
#
|
|
1086
1244
|
# @!attribute [rw] next_token
|
|
@@ -1290,16 +1448,16 @@ module Aws::PaymentCryptography
|
|
|
1290
1448
|
# different tag value, Amazon Web Services Payment Cryptography
|
|
1291
1449
|
# replaces the current tag value with the new one.
|
|
1292
1450
|
#
|
|
1293
|
-
# Don't include confidential or sensitive information in
|
|
1294
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
1295
|
-
# other output.
|
|
1451
|
+
# Don't include personal, confidential or sensitive information in
|
|
1452
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
1453
|
+
# logs and other output.
|
|
1296
1454
|
#
|
|
1297
1455
|
# To use this parameter, you must have TagResource permission in an
|
|
1298
1456
|
# IAM policy.
|
|
1299
1457
|
#
|
|
1300
|
-
# Don't include confidential or sensitive information in
|
|
1301
|
-
# This field may be displayed in plaintext in CloudTrail
|
|
1302
|
-
# other output.
|
|
1458
|
+
# Don't include personal, confidential or sensitive information in
|
|
1459
|
+
# this field. This field may be displayed in plaintext in CloudTrail
|
|
1460
|
+
# logs and other output.
|
|
1303
1461
|
# @return [Array<Types::Tag>]
|
|
1304
1462
|
#
|
|
1305
1463
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResourceInput AWS API Documentation
|
|
@@ -1424,12 +1582,30 @@ module Aws::PaymentCryptography
|
|
|
1424
1582
|
include Aws::Structure
|
|
1425
1583
|
end
|
|
1426
1584
|
|
|
1427
|
-
# Parameter information for generating a
|
|
1428
|
-
#
|
|
1585
|
+
# Parameter information for generating a WrappedKeyBlock for key
|
|
1586
|
+
# exchange.
|
|
1587
|
+
#
|
|
1588
|
+
# @!attribute [rw] key_check_value
|
|
1589
|
+
# The key check value (KCV) is used to check if all parties holding a
|
|
1590
|
+
# given key have the same key or to detect that a key has changed.
|
|
1591
|
+
# @return [String]
|
|
1592
|
+
#
|
|
1593
|
+
# @!attribute [rw] key_check_value_algorithm
|
|
1594
|
+
# The algorithm that Amazon Web Services Payment Cryptography uses to
|
|
1595
|
+
# calculate the key check value (KCV). It is used to validate the key
|
|
1596
|
+
# integrity.
|
|
1597
|
+
#
|
|
1598
|
+
# For TDES keys, the KCV is computed by encrypting 8 bytes, each with
|
|
1599
|
+
# value of zero, with the key to be checked and retaining the 3
|
|
1600
|
+
# highest order bytes of the encrypted result. For AES keys, the KCV
|
|
1601
|
+
# is computed using a CMAC algorithm where the input data is 16 bytes
|
|
1602
|
+
# of zero and retaining the 3 highest order bytes of the encrypted
|
|
1603
|
+
# result.
|
|
1604
|
+
# @return [String]
|
|
1429
1605
|
#
|
|
1430
1606
|
# @!attribute [rw] key_material
|
|
1431
1607
|
# Parameter information for generating a wrapped key using TR-31 or
|
|
1432
|
-
# TR-34
|
|
1608
|
+
# TR-34 skey exchange method.
|
|
1433
1609
|
# @return [String]
|
|
1434
1610
|
#
|
|
1435
1611
|
# @!attribute [rw] wrapped_key_material_format
|
|
@@ -1443,6 +1619,8 @@ module Aws::PaymentCryptography
|
|
|
1443
1619
|
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/WrappedKey AWS API Documentation
|
|
1444
1620
|
#
|
|
1445
1621
|
class WrappedKey < Struct.new(
|
|
1622
|
+
:key_check_value,
|
|
1623
|
+
:key_check_value_algorithm,
|
|
1446
1624
|
:key_material,
|
|
1447
1625
|
:wrapped_key_material_format,
|
|
1448
1626
|
:wrapping_key_arn)
|