aws-sdk-paymentcryptography 1.8.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -61,14 +61,14 @@ module Aws::PaymentCryptography
61
61
  end
62
62
 
63
63
  # @!attribute [rw] alias_name
64
- # A friendly name that you can use to refer a key. An alias must begin
65
- # with `alias/` followed by a name, for example `alias/ExampleAlias`.
66
- # It can contain only alphanumeric characters, forward slashes (/),
67
- # underscores (\_), and dashes (-).
64
+ # A friendly name that you can use to refer to a key. An alias must
65
+ # begin with `alias/` followed by a name, for example
66
+ # `alias/ExampleAlias`. It can contain only alphanumeric characters,
67
+ # forward slashes (/), underscores (\_), and dashes (-).
68
68
  #
69
- # Don't include confidential or sensitive information in this field.
70
- # This field may be displayed in plaintext in CloudTrail logs and
71
- # other output.
69
+ # Don't include personal, confidential or sensitive information in
70
+ # this field. This field may be displayed in plaintext in CloudTrail
71
+ # logs and other output.
72
72
  # @return [String]
73
73
  #
74
74
  # @!attribute [rw] key_arn
@@ -98,8 +98,8 @@ module Aws::PaymentCryptography
98
98
 
99
99
  # @!attribute [rw] enabled
100
100
  # Specifies whether to enable the key. If the key is enabled, it is
101
- # activated for use within the service. If the key not enabled, then
102
- # it is created but not activated. The default value is enabled.
101
+ # activated for use within the service. If the key is not enabled,
102
+ # then it is created but not activated. The default value is enabled.
103
103
  # @return [Boolean]
104
104
  #
105
105
  # @!attribute [rw] exportable
@@ -114,28 +114,31 @@ module Aws::PaymentCryptography
114
114
  #
115
115
  # @!attribute [rw] key_check_value_algorithm
116
116
  # The algorithm that Amazon Web Services Payment Cryptography uses to
117
- # calculate the key check value (KCV) for DES and AES keys.
117
+ # calculate the key check value (KCV). It is used to validate the key
118
+ # integrity.
118
119
  #
119
- # For DES key, the KCV is computed by encrypting 8 bytes, each with
120
- # value '00', with the key to be checked and retaining the 3 highest
121
- # order bytes of the encrypted result. For AES key, the KCV is
122
- # computed by encrypting 8 bytes, each with value '01', with the key
123
- # to be checked and retaining the 3 highest order bytes of the
124
- # encrypted result.
120
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
121
+ # value of zero, with the key to be checked and retaining the 3
122
+ # highest order bytes of the encrypted result. For AES keys, the KCV
123
+ # is computed using a CMAC algorithm where the input data is 16 bytes
124
+ # of zero and retaining the 3 highest order bytes of the encrypted
125
+ # result.
125
126
  # @return [String]
126
127
  #
127
128
  # @!attribute [rw] tags
128
- # The tags to attach to the key. Each tag consists of a tag key and a
129
- # tag value. Both the tag key and the tag value are required, but the
130
- # tag value can be an empty (null) string. You can't have more than
131
- # one tag on an Amazon Web Services Payment Cryptography key with the
132
- # same tag key.
129
+ # Assigns one or more tags to the Amazon Web Services Payment
130
+ # Cryptography key. Use this parameter to tag a key when it is
131
+ # created. To tag an existing Amazon Web Services Payment Cryptography
132
+ # key, use the TagResource operation.
133
133
  #
134
- # To use this parameter, you must have `TagResource` permission.
134
+ # Each tag consists of a tag key and a tag value. Both the tag key and
135
+ # the tag value are required, but the tag value can be an empty (null)
136
+ # string. You can't have more than one tag on an Amazon Web Services
137
+ # Payment Cryptography key with the same tag key.
135
138
  #
136
- # Don't include confidential or sensitive information in this field.
137
- # This field may be displayed in plaintext in CloudTrail logs and
138
- # other output.
139
+ # Don't include personal, confidential or sensitive information in
140
+ # this field. This field may be displayed in plaintext in CloudTrail
141
+ # logs and other output.
139
142
  #
140
143
  # <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
141
144
  # can allow or deny permission to the key.
@@ -215,6 +218,84 @@ module Aws::PaymentCryptography
215
218
  include Aws::Structure
216
219
  end
217
220
 
221
+ # The attributes for IPEK generation during export.
222
+ #
223
+ # @!attribute [rw] export_dukpt_initial_key
224
+ # Parameter information for IPEK export.
225
+ # @return [Types::ExportDukptInitialKey]
226
+ #
227
+ # @!attribute [rw] key_check_value_algorithm
228
+ # The algorithm that Amazon Web Services Payment Cryptography uses to
229
+ # calculate the key check value (KCV). It is used to validate the key
230
+ # integrity. Specify KCV for IPEK export only.
231
+ #
232
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
233
+ # value of zero, with the key to be checked and retaining the 3
234
+ # highest order bytes of the encrypted result. For AES keys, the KCV
235
+ # is computed using a CMAC algorithm where the input data is 16 bytes
236
+ # of zero and retaining the 3 highest order bytes of the encrypted
237
+ # result.
238
+ # @return [String]
239
+ #
240
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportAttributes AWS API Documentation
241
+ #
242
+ class ExportAttributes < Struct.new(
243
+ :export_dukpt_initial_key,
244
+ :key_check_value_algorithm)
245
+ SENSITIVE = []
246
+ include Aws::Structure
247
+ end
248
+
249
+ # Parameter information for IPEK generation during export.
250
+ #
251
+ # @!attribute [rw] key_serial_number
252
+ # The KSN for IPEK generation using DUKPT.
253
+ #
254
+ # KSN must be padded before sending to Amazon Web Services Payment
255
+ # Cryptography. KSN hex length should be 20 for a TDES\_2KEY key or 24
256
+ # for an AES key.
257
+ # @return [String]
258
+ #
259
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportDukptInitialKey AWS API Documentation
260
+ #
261
+ class ExportDukptInitialKey < Struct.new(
262
+ :key_serial_number)
263
+ SENSITIVE = []
264
+ include Aws::Structure
265
+ end
266
+
267
+ # Parameter information for key material export using asymmetric RSA
268
+ # wrap and unwrap key exchange method.
269
+ #
270
+ # @!attribute [rw] certificate_authority_public_key_identifier
271
+ # The `KeyARN` of the certificate chain that signs the wrapping key
272
+ # certificate during RSA wrap and unwrap key export.
273
+ # @return [String]
274
+ #
275
+ # @!attribute [rw] wrapping_key_certificate
276
+ # The wrapping key certificate in PEM format (base64 encoded). Amazon
277
+ # Web Services Payment Cryptography uses this certificate to wrap the
278
+ # key under export.
279
+ # @return [String]
280
+ #
281
+ # @!attribute [rw] wrapping_spec
282
+ # The wrapping spec for the key under export.
283
+ # @return [String]
284
+ #
285
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyCryptogram AWS API Documentation
286
+ #
287
+ class ExportKeyCryptogram < Struct.new(
288
+ :certificate_authority_public_key_identifier,
289
+ :wrapping_key_certificate,
290
+ :wrapping_spec)
291
+ SENSITIVE = [:wrapping_key_certificate]
292
+ include Aws::Structure
293
+ end
294
+
295
+ # @!attribute [rw] export_attributes
296
+ # The attributes for IPEK generation during export.
297
+ # @return [Types::ExportAttributes]
298
+ #
218
299
  # @!attribute [rw] export_key_identifier
219
300
  # The `KeyARN` of the key under export from Amazon Web Services
220
301
  # Payment Cryptography.
@@ -228,6 +309,7 @@ module Aws::PaymentCryptography
228
309
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyInput AWS API Documentation
229
310
  #
230
311
  class ExportKeyInput < Struct.new(
312
+ :export_attributes,
231
313
  :export_key_identifier,
232
314
  :key_material)
233
315
  SENSITIVE = []
@@ -235,21 +317,30 @@ module Aws::PaymentCryptography
235
317
  end
236
318
 
237
319
  # Parameter information for key material export from Amazon Web Services
238
- # Payment Cryptography.
320
+ # Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
321
+ # exchange method.
239
322
  #
240
323
  # @note ExportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
241
324
  #
325
+ # @!attribute [rw] key_cryptogram
326
+ # Parameter information for key material export using asymmetric RSA
327
+ # wrap and unwrap key exchange method
328
+ # @return [Types::ExportKeyCryptogram]
329
+ #
242
330
  # @!attribute [rw] tr_31_key_block
243
- # Parameter information for key material export using TR-31 standard.
331
+ # Parameter information for key material export using symmetric TR-31
332
+ # key exchange method.
244
333
  # @return [Types::ExportTr31KeyBlock]
245
334
  #
246
335
  # @!attribute [rw] tr_34_key_block
247
- # Parameter information for key material export using TR-34 standard.
336
+ # Parameter information for key material export using the asymmetric
337
+ # TR-34 key exchange method.
248
338
  # @return [Types::ExportTr34KeyBlock]
249
339
  #
250
340
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyMaterial AWS API Documentation
251
341
  #
252
342
  class ExportKeyMaterial < Struct.new(
343
+ :key_cryptogram,
253
344
  :tr_31_key_block,
254
345
  :tr_34_key_block,
255
346
  :unknown)
@@ -257,13 +348,15 @@ module Aws::PaymentCryptography
257
348
  include Aws::Structure
258
349
  include Aws::Structure::Union
259
350
 
351
+ class KeyCryptogram < ExportKeyMaterial; end
260
352
  class Tr31KeyBlock < ExportKeyMaterial; end
261
353
  class Tr34KeyBlock < ExportKeyMaterial; end
262
354
  class Unknown < ExportKeyMaterial; end
263
355
  end
264
356
 
265
357
  # @!attribute [rw] wrapped_key
266
- # The key material under export as a TR-34 or TR-31 wrapped key block.
358
+ # The key material under export as a TR-34 WrappedKeyBlock or a TR-31
359
+ # WrappedKeyBlock. or a RSA WrappedKeyCryptogram.
267
360
  # @return [Types::WrappedKey]
268
361
  #
269
362
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyOutput AWS API Documentation
@@ -274,7 +367,8 @@ module Aws::PaymentCryptography
274
367
  include Aws::Structure
275
368
  end
276
369
 
277
- # Parameter information for key material export using TR-31 standard.
370
+ # Parameter information for key material export using symmetric TR-31
371
+ # key exchange method.
278
372
  #
279
373
  # @!attribute [rw] wrapping_key_identifier
280
374
  # The `KeyARN` of the the wrapping key. This key encrypts or wraps the
@@ -289,7 +383,8 @@ module Aws::PaymentCryptography
289
383
  include Aws::Structure
290
384
  end
291
385
 
292
- # Parameter information for key material export using TR-34 standard.
386
+ # Parameter information for key material export using the asymmetric
387
+ # TR-34 key exchange method.
293
388
  #
294
389
  # @!attribute [rw] certificate_authority_public_key_identifier
295
390
  # The `KeyARN` of the certificate chain that signs the wrapping key
@@ -393,8 +488,7 @@ module Aws::PaymentCryptography
393
488
  # @!attribute [rw] signing_key_algorithm
394
489
  # The signing key algorithm to generate a signing key certificate.
395
490
  # This certificate signs the wrapped key under export within the TR-34
396
- # key block cryptogram. `RSA_2048` is the only signing key algorithm
397
- # allowed.
491
+ # key block. `RSA_2048` is the only signing key algorithm allowed.
398
492
  # @return [String]
399
493
  #
400
494
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportInput AWS API Documentation
@@ -424,14 +518,14 @@ module Aws::PaymentCryptography
424
518
  # @return [String]
425
519
  #
426
520
  # @!attribute [rw] signing_key_certificate
427
- # The signing key certificate of the public key for signature within
428
- # the TR-34 key block cryptogram. The certificate expires after 7
429
- # days.
521
+ # The signing key certificate in PEM format (base64 encoded) of the
522
+ # public key for signature within the TR-34 key block. The certificate
523
+ # expires after 7 days.
430
524
  # @return [String]
431
525
  #
432
526
  # @!attribute [rw] signing_key_certificate_chain
433
- # The certificate chain that signed the signing key certificate. This
434
- # is the root certificate authority (CA) within your service account.
527
+ # The root certificate authority (CA) that signed the signing key
528
+ # certificate in PEM format (base64 encoded).
435
529
  # @return [String]
436
530
  #
437
531
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForExportOutput AWS API Documentation
@@ -447,16 +541,22 @@ module Aws::PaymentCryptography
447
541
  end
448
542
 
449
543
  # @!attribute [rw] key_material_type
450
- # The key block format type such as TR-34 or TR-31 to use during key
451
- # material import. Import token is only required for TR-34 key import
452
- # `TR34_KEY_BLOCK`. Import token is not required for TR-31 key import.
544
+ # The method to use for key material import. Import token is only
545
+ # required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`) and RSA
546
+ # WrappedKeyCryptogram (`KEY_CRYPTOGRAM`).
547
+ #
548
+ # Import token is not required for TR-31, root public key cerificate
549
+ # or trusted public key certificate.
453
550
  # @return [String]
454
551
  #
455
552
  # @!attribute [rw] wrapping_key_algorithm
456
553
  # The wrapping key algorithm to generate a wrapping key certificate.
457
- # This certificate wraps the key under import within the TR-34 key
458
- # block cryptogram. `RSA_2048` is the only wrapping key algorithm
459
- # allowed.
554
+ # This certificate wraps the key under import.
555
+ #
556
+ # At this time, `RSA_2048` is the allowed algorithm for TR-34
557
+ # WrappedKeyBlock import. Additionally, `RSA_2048`, `RSA_3072`,
558
+ # `RSA_4096` are the allowed algorithms for RSA WrappedKeyCryptogram
559
+ # import.
460
560
  # @return [String]
461
561
  #
462
562
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportInput AWS API Documentation
@@ -480,19 +580,20 @@ module Aws::PaymentCryptography
480
580
  # @return [Time]
481
581
  #
482
582
  # @!attribute [rw] wrapping_key_algorithm
483
- # The algorithm of the wrapping key for use within TR-34 key block.
484
- # `RSA_2048` is the only wrapping key algorithm allowed.
583
+ # The algorithm of the wrapping key for use within TR-34
584
+ # WrappedKeyBlock or RSA WrappedKeyCryptogram.
485
585
  # @return [String]
486
586
  #
487
587
  # @!attribute [rw] wrapping_key_certificate
488
- # The wrapping key certificate of the wrapping key for use within the
489
- # TR-34 key block. The certificate expires in 7 days.
588
+ # The wrapping key certificate in PEM format (base64 encoded) of the
589
+ # wrapping key for use within the TR-34 key block. The certificate
590
+ # expires in 7 days.
490
591
  # @return [String]
491
592
  #
492
593
  # @!attribute [rw] wrapping_key_certificate_chain
493
- # The Amazon Web Services Payment Cryptography certificate chain that
494
- # signed the wrapping key certificate. This is the root certificate
495
- # authority (CA) within your service account.
594
+ # The Amazon Web Services Payment Cryptography root certificate
595
+ # authority (CA) that signed the wrapping key certificate in PEM
596
+ # format (base64 encoded).
496
597
  # @return [String]
497
598
  #
498
599
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportOutput AWS API Documentation
@@ -521,14 +622,14 @@ module Aws::PaymentCryptography
521
622
 
522
623
  # @!attribute [rw] key_certificate
523
624
  # The public key component of the asymmetric key pair in a certificate
524
- # (PEM) format. It is signed by the root certificate authority (CA)
525
- # within your service account. The certificate expires in 90 days.
625
+ # PEM format (base64 encoded). It is signed by the root certificate
626
+ # authority (CA). The certificate expires in 90 days.
526
627
  # @return [String]
527
628
  #
528
629
  # @!attribute [rw] key_certificate_chain
529
- # The certificate chain that signed the public key certificate of the
530
- # asymmetric key pair. This is the root certificate authority (CA)
531
- # within your service account.
630
+ # The root certificate authority (CA) that signed the public key
631
+ # certificate in PEM format (base64 encoded) of the asymmetric key
632
+ # pair.
532
633
  # @return [String]
533
634
  #
534
635
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetPublicKeyCertificateOutput AWS API Documentation
@@ -540,20 +641,61 @@ module Aws::PaymentCryptography
540
641
  include Aws::Structure
541
642
  end
542
643
 
644
+ # Parameter information for key material import using asymmetric RSA
645
+ # wrap and unwrap key exchange method.
646
+ #
647
+ # @!attribute [rw] exportable
648
+ # Specifies whether the key is exportable from the service.
649
+ # @return [Boolean]
650
+ #
651
+ # @!attribute [rw] import_token
652
+ # The import token that initiates key import using the asymmetric RSA
653
+ # wrap and unwrap key exchange method into AWS Payment Cryptography.
654
+ # It expires after 7 days. You can use the same import token to import
655
+ # multiple keys to the same service account.
656
+ # @return [String]
657
+ #
658
+ # @!attribute [rw] key_attributes
659
+ # The role of the key, the algorithm it supports, and the
660
+ # cryptographic operations allowed with the key. This data is
661
+ # immutable after the key is created.
662
+ # @return [Types::KeyAttributes]
663
+ #
664
+ # @!attribute [rw] wrapped_key_cryptogram
665
+ # The RSA wrapped key cryptogram under import.
666
+ # @return [String]
667
+ #
668
+ # @!attribute [rw] wrapping_spec
669
+ # The wrapping spec for the wrapped key cryptogram.
670
+ # @return [String]
671
+ #
672
+ # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyCryptogram AWS API Documentation
673
+ #
674
+ class ImportKeyCryptogram < Struct.new(
675
+ :exportable,
676
+ :import_token,
677
+ :key_attributes,
678
+ :wrapped_key_cryptogram,
679
+ :wrapping_spec)
680
+ SENSITIVE = []
681
+ include Aws::Structure
682
+ end
683
+
543
684
  # @!attribute [rw] enabled
544
685
  # Specifies whether import key is enabled.
545
686
  # @return [Boolean]
546
687
  #
547
688
  # @!attribute [rw] key_check_value_algorithm
548
689
  # The algorithm that Amazon Web Services Payment Cryptography uses to
549
- # calculate the key check value (KCV) for DES and AES keys.
690
+ # calculate the key check value (KCV). It is used to validate the key
691
+ # integrity.
550
692
  #
551
- # For DES key, the KCV is computed by encrypting 8 bytes, each with
552
- # value '00', with the key to be checked and retaining the 3 highest
553
- # order bytes of the encrypted result. For AES key, the KCV is
554
- # computed by encrypting 8 bytes, each with value '01', with the key
555
- # to be checked and retaining the 3 highest order bytes of the
556
- # encrypted result.
693
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
694
+ # value of zero, with the key to be checked and retaining the 3
695
+ # highest order bytes of the encrypted result. For AES keys, the KCV
696
+ # is computed using a CMAC algorithm where the input data is 16 bytes
697
+ # of zero and retaining the 3 highest order bytes of the encrypted
698
+ # result.
557
699
  # @return [String]
558
700
  #
559
701
  # @!attribute [rw] key_material
@@ -562,22 +704,22 @@ module Aws::PaymentCryptography
562
704
  # @return [Types::ImportKeyMaterial]
563
705
  #
564
706
  # @!attribute [rw] tags
565
- # The tags to attach to the key. Each tag consists of a tag key and a
566
- # tag value. Both the tag key and the tag value are required, but the
567
- # tag value can be an empty (null) string. You can't have more than
568
- # one tag on an Amazon Web Services Payment Cryptography key with the
569
- # same tag key.
570
- #
571
- # You can't have more than one tag on an Amazon Web Services Payment
572
- # Cryptography key with the same tag key. If you specify an existing
573
- # tag key with a different tag value, Amazon Web Services Payment
574
- # Cryptography replaces the current tag value with the specified one.
575
- #
576
- # To use this parameter, you must have `TagResource` permission.
577
- #
578
- # Don't include confidential or sensitive information in this field.
579
- # This field may be displayed in plaintext in CloudTrail logs and
580
- # other output.
707
+ # Assigns one or more tags to the Amazon Web Services Payment
708
+ # Cryptography key. Use this parameter to tag a key when it is
709
+ # imported. To tag an existing Amazon Web Services Payment
710
+ # Cryptography key, use the TagResource operation.
711
+ #
712
+ # Each tag consists of a tag key and a tag value. Both the tag key and
713
+ # the tag value are required, but the tag value can be an empty (null)
714
+ # string. You can't have more than one tag on an Amazon Web Services
715
+ # Payment Cryptography key with the same tag key. If you specify an
716
+ # existing tag key with a different tag value, Amazon Web Services
717
+ # Payment Cryptography replaces the current tag value with the
718
+ # specified one.
719
+ #
720
+ # Don't include personal, confidential or sensitive information in
721
+ # this field. This field may be displayed in plaintext in CloudTrail
722
+ # logs and other output.
581
723
  #
582
724
  # <note markdown="1"> Tagging or untagging an Amazon Web Services Payment Cryptography key
583
725
  # can allow or deny permission to the key.
@@ -596,20 +738,29 @@ module Aws::PaymentCryptography
596
738
  include Aws::Structure
597
739
  end
598
740
 
599
- # Parameter information for key material import.
741
+ # Parameter information for key material import into Amazon Web Services
742
+ # Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
743
+ # exchange method.
600
744
  #
601
745
  # @note ImportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
602
746
  #
747
+ # @!attribute [rw] key_cryptogram
748
+ # Parameter information for key material import using asymmetric RSA
749
+ # wrap and unwrap key exchange method.
750
+ # @return [Types::ImportKeyCryptogram]
751
+ #
603
752
  # @!attribute [rw] root_certificate_public_key
604
753
  # Parameter information for root public key certificate import.
605
754
  # @return [Types::RootCertificatePublicKey]
606
755
  #
607
756
  # @!attribute [rw] tr_31_key_block
608
- # Parameter information for key material import using TR-31 standard.
757
+ # Parameter information for key material import using symmetric TR-31
758
+ # key exchange method.
609
759
  # @return [Types::ImportTr31KeyBlock]
610
760
  #
611
761
  # @!attribute [rw] tr_34_key_block
612
- # Parameter information for key material import using TR-34 standard.
762
+ # Parameter information for key material import using the asymmetric
763
+ # TR-34 key exchange method.
613
764
  # @return [Types::ImportTr34KeyBlock]
614
765
  #
615
766
  # @!attribute [rw] trusted_certificate_public_key
@@ -619,6 +770,7 @@ module Aws::PaymentCryptography
619
770
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyMaterial AWS API Documentation
620
771
  #
621
772
  class ImportKeyMaterial < Struct.new(
773
+ :key_cryptogram,
622
774
  :root_certificate_public_key,
623
775
  :tr_31_key_block,
624
776
  :tr_34_key_block,
@@ -628,6 +780,7 @@ module Aws::PaymentCryptography
628
780
  include Aws::Structure
629
781
  include Aws::Structure::Union
630
782
 
783
+ class KeyCryptogram < ImportKeyMaterial; end
631
784
  class RootCertificatePublicKey < ImportKeyMaterial; end
632
785
  class Tr31KeyBlock < ImportKeyMaterial; end
633
786
  class Tr34KeyBlock < ImportKeyMaterial; end
@@ -648,10 +801,11 @@ module Aws::PaymentCryptography
648
801
  include Aws::Structure
649
802
  end
650
803
 
651
- # Parameter information for key material import using TR-31 standard.
804
+ # Parameter information for key material import using symmetric TR-31
805
+ # key exchange method.
652
806
  #
653
807
  # @!attribute [rw] wrapped_key_block
654
- # The TR-34 wrapped key block to import.
808
+ # The TR-31 wrapped key block to import.
655
809
  # @return [String]
656
810
  #
657
811
  # @!attribute [rw] wrapping_key_identifier
@@ -668,7 +822,8 @@ module Aws::PaymentCryptography
668
822
  include Aws::Structure
669
823
  end
670
824
 
671
- # Parameter information for key material import using TR-34 standard.
825
+ # Parameter information for key material import using the asymmetric
826
+ # TR-34 key exchange method.
672
827
  #
673
828
  # @!attribute [rw] certificate_authority_public_key_identifier
674
829
  # The `KeyARN` of the certificate chain that signs the signing key
@@ -676,9 +831,10 @@ module Aws::PaymentCryptography
676
831
  # @return [String]
677
832
  #
678
833
  # @!attribute [rw] import_token
679
- # The import token that initiates key import into Amazon Web Services
680
- # Payment Cryptography. It expires after 7 days. You can use the same
681
- # import token to import multiple keys to the same service account.
834
+ # The import token that initiates key import using the asymmetric
835
+ # TR-34 key exchange method into Amazon Web Services Payment
836
+ # Cryptography. It expires after 7 days. You can use the same import
837
+ # token to import multiple keys to the same service account.
682
838
  # @return [String]
683
839
  #
684
840
  # @!attribute [rw] key_block_format
@@ -694,7 +850,7 @@ module Aws::PaymentCryptography
694
850
  #
695
851
  # @!attribute [rw] signing_key_certificate
696
852
  # The public key component in PEM certificate format of the private
697
- # key that signs the KDH TR-34 wrapped key block.
853
+ # key that signs the KDH TR-34 WrappedKeyBlock.
698
854
  # @return [String]
699
855
  #
700
856
  # @!attribute [rw] wrapped_key_block
@@ -770,21 +926,19 @@ module Aws::PaymentCryptography
770
926
  # @!attribute [rw] key_check_value
771
927
  # The key check value (KCV) is used to check if all parties holding a
772
928
  # given key have the same key or to detect that a key has changed.
773
- # Amazon Web Services Payment Cryptography calculates the KCV by using
774
- # standard algorithms, typically by encrypting 8 or 16 bytes or "00"
775
- # or "01" and then truncating the result to the first 3 bytes, or 6
776
- # hex digits, of the resulting cryptogram.
777
929
  # @return [String]
778
930
  #
779
931
  # @!attribute [rw] key_check_value_algorithm
780
- # The algorithm used for calculating key check value (KCV) for DES and
781
- # AES keys. For a DES key, Amazon Web Services Payment Cryptography
782
- # computes the KCV by encrypting 8 bytes, each with value '00', with
783
- # the key to be checked and retaining the 3 highest order bytes of the
784
- # encrypted result. For an AES key, Amazon Web Services Payment
785
- # Cryptography computes the KCV by encrypting 8 bytes, each with value
786
- # '01', with the key to be checked and retaining the 3 highest order
787
- # bytes of the encrypted result.
932
+ # The algorithm that Amazon Web Services Payment Cryptography uses to
933
+ # calculate the key check value (KCV). It is used to validate the key
934
+ # integrity.
935
+ #
936
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
937
+ # value of zero, with the key to be checked and retaining the 3
938
+ # highest order bytes of the encrypted result. For AES keys, the KCV
939
+ # is computed using a CMAC algorithm where the input data is 16 bytes
940
+ # of zero and retaining the 3 highest order bytes of the encrypted
941
+ # result.
788
942
  # @return [String]
789
943
  #
790
944
  # @!attribute [rw] key_origin
@@ -961,10 +1115,6 @@ module Aws::PaymentCryptography
961
1115
  # @!attribute [rw] key_check_value
962
1116
  # The key check value (KCV) is used to check if all parties holding a
963
1117
  # given key have the same key or to detect that a key has changed.
964
- # Amazon Web Services Payment Cryptography calculates the KCV by using
965
- # standard algorithms, typically by encrypting 8 or 16 bytes or "00"
966
- # or "01" and then truncating the result to the first 3 bytes, or 6
967
- # hex digits, of the resulting cryptogram.
968
1118
  # @return [String]
969
1119
  #
970
1120
  # @!attribute [rw] key_state
@@ -1039,6 +1189,10 @@ module Aws::PaymentCryptography
1039
1189
  # When this value is present, Amazon Web Services Payment Cryptography
1040
1190
  # does not return more than the specified number of items, but it
1041
1191
  # might return fewer.
1192
+ #
1193
+ # This value is optional. If you include a value, it must be between 1
1194
+ # and 100, inclusive. If you do not include a value, it defaults to
1195
+ # 50.
1042
1196
  # @return [Integer]
1043
1197
  #
1044
1198
  # @!attribute [rw] next_token
@@ -1081,6 +1235,10 @@ module Aws::PaymentCryptography
1081
1235
  # When this value is present, Amazon Web Services Payment Cryptography
1082
1236
  # does not return more than the specified number of items, but it
1083
1237
  # might return fewer.
1238
+ #
1239
+ # This value is optional. If you include a value, it must be between 1
1240
+ # and 100, inclusive. If you do not include a value, it defaults to
1241
+ # 50.
1084
1242
  # @return [Integer]
1085
1243
  #
1086
1244
  # @!attribute [rw] next_token
@@ -1290,16 +1448,16 @@ module Aws::PaymentCryptography
1290
1448
  # different tag value, Amazon Web Services Payment Cryptography
1291
1449
  # replaces the current tag value with the new one.
1292
1450
  #
1293
- # Don't include confidential or sensitive information in this field.
1294
- # This field may be displayed in plaintext in CloudTrail logs and
1295
- # other output.
1451
+ # Don't include personal, confidential or sensitive information in
1452
+ # this field. This field may be displayed in plaintext in CloudTrail
1453
+ # logs and other output.
1296
1454
  #
1297
1455
  # To use this parameter, you must have TagResource permission in an
1298
1456
  # IAM policy.
1299
1457
  #
1300
- # Don't include confidential or sensitive information in this field.
1301
- # This field may be displayed in plaintext in CloudTrail logs and
1302
- # other output.
1458
+ # Don't include personal, confidential or sensitive information in
1459
+ # this field. This field may be displayed in plaintext in CloudTrail
1460
+ # logs and other output.
1303
1461
  # @return [Array<Types::Tag>]
1304
1462
  #
1305
1463
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/TagResourceInput AWS API Documentation
@@ -1424,12 +1582,30 @@ module Aws::PaymentCryptography
1424
1582
  include Aws::Structure
1425
1583
  end
1426
1584
 
1427
- # Parameter information for generating a wrapped key using TR-31 or
1428
- # TR-34 standard.
1585
+ # Parameter information for generating a WrappedKeyBlock for key
1586
+ # exchange.
1587
+ #
1588
+ # @!attribute [rw] key_check_value
1589
+ # The key check value (KCV) is used to check if all parties holding a
1590
+ # given key have the same key or to detect that a key has changed.
1591
+ # @return [String]
1592
+ #
1593
+ # @!attribute [rw] key_check_value_algorithm
1594
+ # The algorithm that Amazon Web Services Payment Cryptography uses to
1595
+ # calculate the key check value (KCV). It is used to validate the key
1596
+ # integrity.
1597
+ #
1598
+ # For TDES keys, the KCV is computed by encrypting 8 bytes, each with
1599
+ # value of zero, with the key to be checked and retaining the 3
1600
+ # highest order bytes of the encrypted result. For AES keys, the KCV
1601
+ # is computed using a CMAC algorithm where the input data is 16 bytes
1602
+ # of zero and retaining the 3 highest order bytes of the encrypted
1603
+ # result.
1604
+ # @return [String]
1429
1605
  #
1430
1606
  # @!attribute [rw] key_material
1431
1607
  # Parameter information for generating a wrapped key using TR-31 or
1432
- # TR-34 standard.
1608
+ # TR-34 skey exchange method.
1433
1609
  # @return [String]
1434
1610
  #
1435
1611
  # @!attribute [rw] wrapped_key_material_format
@@ -1443,6 +1619,8 @@ module Aws::PaymentCryptography
1443
1619
  # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/WrappedKey AWS API Documentation
1444
1620
  #
1445
1621
  class WrappedKey < Struct.new(
1622
+ :key_check_value,
1623
+ :key_check_value_algorithm,
1446
1624
  :key_material,
1447
1625
  :wrapped_key_material_format,
1448
1626
  :wrapping_key_arn)