aws-sdk-paymentcryptography 1.9.0 → 1.11.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-paymentcryptography/client.rb +120 -38
  5. data/lib/aws-sdk-paymentcryptography/client_api.rb +20 -0
  6. data/lib/aws-sdk-paymentcryptography/plugins/endpoints.rb +1 -0
  7. data/lib/aws-sdk-paymentcryptography/types.rb +94 -7
  8. data/lib/aws-sdk-paymentcryptography.rb +1 -1
  9. data/sig/client.rbs +433 -0
  10. data/sig/errors.rbs +40 -0
  11. data/sig/resource.rbs +80 -0
  12. data/sig/types.rbs +457 -0
  13. data/sig/waiters.rbs +13 -0
  14. metadata +13 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c7aa4a071604523fde65f013e4cc282f56ebf1fe2fb0c97de8e8e5a513bfaf17
4
- data.tar.gz: 20d8a0d35fe479de06a4a8218595d24eefacd758b793e53119c63c52c2d219ec
3
+ metadata.gz: bdacd8bcd5a4deac957c2a36fc22ace69d148a233b2bc0f42fdeaf7c57c01ccf
4
+ data.tar.gz: 8b8548a77c90dd374d7427a73b0a51c6ef141ffcf9bc9aeb14926b3bf4080c6b
5
5
  SHA512:
6
- metadata.gz: 9c6512aa8e25779a18200d54bcf5c13f4991eee13d6c7ddf9277ec7453dc8190320b92b905cb34f232585f533c98f4fad75e0f8a52e65a7b774df75aebb47687
7
- data.tar.gz: bd7caa8efaadc61f63ab5e9ae1bb16fd992a7c0da26f5daf31d72b4816471b5f8c91fac86d0e9b8d6cbc178068c5838751c6136c768ab87b3ce72fb7f3566fbc
6
+ metadata.gz: 251d559852a55a2f28e4015acdd8d0df8eec4fd71cb9a04e307a19956051f59c6e2e8d0b6efd58ccd36932f5ea429972c919a21fec1f68ed220c8ebd7592f63e
7
+ data.tar.gz: 56c8978da27e6fdf64cc54190ed8aabbb954aecd59b34d31f50f2684b861b868eeabd892ef1ee53fb3413677fad3f2ffe7af901fd770ad0fd0c5a8489f3a9695
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.11.0 (2024-01-26)
5
+ ------------------
6
+
7
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
8
+
9
+ 1.10.0 (2024-01-16)
10
+ ------------------
11
+
12
+ * Feature - Provide an additional option for key exchange using RSA wrap/unwrap in addition to tr-34/tr-31 in ImportKey and ExportKey operations. Added new key usage (type) TR31_M1_ISO_9797_1_MAC_KEY, for use with Generate/VerifyMac dataplane operations with ISO9797 Algorithm 1 MAC calculations.
13
+
4
14
  1.9.0 (2023-12-06)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.9.0
1
+ 1.11.0
data/lib/aws-sdk-paymentcryptography/client.rb CHANGED
@@ -580,7 +580,7 @@ module Aws::PaymentCryptography
580
580
  # verify: false,
581
581
  # wrap: false,
582
582
  # },
583
- # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
583
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
584
584
  # },
585
585
  # key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
586
586
  # tags: [
@@ -610,7 +610,7 @@ module Aws::PaymentCryptography
610
610
  # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
611
611
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
612
612
  # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
613
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
613
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
614
614
  # resp.key.key_check_value #=> String
615
615
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
616
616
  # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -738,7 +738,7 @@ module Aws::PaymentCryptography
738
738
  # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
739
739
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
740
740
  # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
741
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
741
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
742
742
  # resp.key.key_check_value #=> String
743
743
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
744
744
  # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -768,17 +768,20 @@ module Aws::PaymentCryptography
768
768
  # For symmetric key exchange, Amazon Web Services Payment Cryptography
769
769
  # uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And
770
770
  # for asymmetric key exchange, Amazon Web Services Payment Cryptography
771
- # supports ANSI X9 TR-34 norm . Asymmetric key exchange methods are
772
- # typically used to establish bi-directional trust between the two
773
- # parties exhanging keys and are used for initial key exchange such as
774
- # Key Encryption Key (KEK). After which you can export working keys
775
- # using symmetric method to perform various cryptographic operations
776
- # within Amazon Web Services Payment Cryptography.
771
+ # supports ANSI X9 TR-34 norm and RSA wrap and unwrap key exchange
772
+ # mechanism. Asymmetric key exchange methods are typically used to
773
+ # establish bi-directional trust between the two parties exhanging keys
774
+ # and are used for initial key exchange such as Key Encryption Key
775
+ # (KEK). After which you can export working keys using symmetric method
776
+ # to perform various cryptographic operations within Amazon Web Services
777
+ # Payment Cryptography.
777
778
  #
778
779
  # The TR-34 norm is intended for exchanging 3DES keys only and keys are
779
780
  # imported in a WrappedKeyBlock format. Key attributes (such as
780
781
  # KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained
781
- # within the key block.
782
+ # within the key block. With RSA wrap and unwrap, you can exchange both
783
+ # 3DES and AES-128 keys. The keys are imported in a WrappedKeyCryptogram
784
+ # format and you will need to specify the key attributes during import.
782
785
  #
783
786
  # You can also use `ExportKey` functionality to generate and export an
784
787
  # IPEK (Initial Pin Encryption Key) from Amazon Web Services Payment
@@ -788,7 +791,7 @@ module Aws::PaymentCryptography
788
791
  # within Amazon Web Services Payment Cryptography and has to be
789
792
  # re-generated each time during export.
790
793
  #
791
- # **To export KEK or IPEK using TR-34**
794
+ # **To export initial keys (KEK) or IPEK using TR-34**
792
795
  #
793
796
  # Using this operation, you can export initial key using TR-34
794
797
  # asymmetric key exchange. You can only export KEK generated within
@@ -846,7 +849,33 @@ module Aws::PaymentCryptography
846
849
  # When this operation is successful, Amazon Web Services Payment
847
850
  # Cryptography returns the KEK or IPEK as a TR-34 WrappedKeyBlock.
848
851
  #
849
- # **To export WK (Working Key) or IPEK using TR-31**
852
+ # **To export initial keys (KEK) or IPEK using RSA Wrap and Unwrap**
853
+ #
854
+ # Using this operation, you can export initial key using asymmetric RSA
855
+ # wrap and unwrap key exchange method. To initiate export, generate an
856
+ # asymmetric key pair on the receiving HSM and obtain the public key
857
+ # certificate in PEM format (base64 encoded) for the purpose of wrapping
858
+ # and the root certifiate chain. Import the root certificate into Amazon
859
+ # Web Services Payment Cryptography by calling ImportKey for
860
+ # `RootCertificatePublicKey`.
861
+ #
862
+ # Next call `ExportKey` and set the following parameters:
863
+ #
864
+ # * `CertificateAuthorityPublicKeyIdentifier`: The `KeyARN` of the
865
+ # certificate chain that signed wrapping key certificate.
866
+ #
867
+ # * `KeyMaterial`: Set to `KeyCryptogram`.
868
+ #
869
+ # * `WrappingKeyCertificate`: The public key certificate in PEM format
870
+ # (base64 encoded) obtained by the receiving HSM and signed by the
871
+ # root certificate (CertificateAuthorityPublicKeyIdentifier) imported
872
+ # into Amazon Web Services Payment Cryptography. The receiving HSM
873
+ # uses its private key component to unwrap the WrappedKeyCryptogram.
874
+ #
875
+ # When this operation is successful, Amazon Web Services Payment
876
+ # Cryptography returns the WrappedKeyCryptogram.
877
+ #
878
+ # **To export working keys or IPEK using TR-31**
850
879
  #
851
880
  # Using this operation, you can export working keys or IPEK using TR-31
852
881
  # symmetric key exchange. In TR-31, you must use an initial key such as
@@ -864,7 +893,8 @@ module Aws::PaymentCryptography
864
893
  # * `KeyMaterial`: Use `Tr31KeyBlock` parameters.
865
894
  #
866
895
  # When this operation is successful, Amazon Web Services Payment
867
- # Cryptography returns the WK or IPEK as a TR-31 WrappedKeyBlock.
896
+ # Cryptography returns the working key or IPEK as a TR-31
897
+ # WrappedKeyBlock.
868
898
  #
869
899
  # **Cross-account use:** This operation can't be used across different
870
900
  # Amazon Web Services accounts.
@@ -905,6 +935,11 @@ module Aws::PaymentCryptography
905
935
  # },
906
936
  # export_key_identifier: "KeyArnOrKeyAliasType", # required
907
937
  # key_material: { # required
938
+ # key_cryptogram: {
939
+ # certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
940
+ # wrapping_key_certificate: "CertificateType", # required
941
+ # wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
942
+ # },
908
943
  # tr_31_key_block: {
909
944
  # wrapping_key_identifier: "KeyArnOrKeyAliasType", # required
910
945
  # },
@@ -1025,7 +1060,7 @@ module Aws::PaymentCryptography
1025
1060
  # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1026
1061
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1027
1062
  # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1028
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1063
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1029
1064
  # resp.key.key_check_value #=> String
1030
1065
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1031
1066
  # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1082,7 +1117,7 @@ module Aws::PaymentCryptography
1082
1117
  # @example Request syntax with placeholder values
1083
1118
  #
1084
1119
  # resp = client.get_parameters_for_export({
1085
- # key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE
1120
+ # key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE, KEY_CRYPTOGRAM
1086
1121
  # signing_key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1087
1122
  # })
1088
1123
  #
@@ -1104,7 +1139,9 @@ module Aws::PaymentCryptography
1104
1139
  end
1105
1140
 
1106
1141
  # Gets the import token and the wrapping key certificate in PEM format
1107
- # (base64 encoded) to initiate a TR-34 WrappedKeyBlock.
1142
+ # (base64 encoded) to initiate a TR-34 WrappedKeyBlock or a RSA
1143
+ # WrappedKeyCryptogram import into Amazon Web Services Payment
1144
+ # Cryptography.
1108
1145
  #
1109
1146
  # The wrapping key certificate wraps the key under import. The import
1110
1147
  # token and wrapping key certificate must be in place and operational
@@ -1123,7 +1160,8 @@ module Aws::PaymentCryptography
1123
1160
  #
1124
1161
  # @option params [required, String] :key_material_type
1125
1162
  # The method to use for key material import. Import token is only
1126
- # required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`).
1163
+ # required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`) and RSA
1164
+ # WrappedKeyCryptogram (`KEY_CRYPTOGRAM`).
1127
1165
  #
1128
1166
  # Import token is not required for TR-31, root public key cerificate or
1129
1167
  # trusted public key certificate.
@@ -1132,8 +1170,10 @@ module Aws::PaymentCryptography
1132
1170
  # The wrapping key algorithm to generate a wrapping key certificate.
1133
1171
  # This certificate wraps the key under import.
1134
1172
  #
1135
- # At this time, `RSA_2048`, `RSA_3072`, `RSA_4096` are the only allowed
1136
- # algorithms for TR-34 WrappedKeyBlock import.
1173
+ # At this time, `RSA_2048` is the allowed algorithm for TR-34
1174
+ # WrappedKeyBlock import. Additionally, `RSA_2048`, `RSA_3072`,
1175
+ # `RSA_4096` are the allowed algorithms for RSA WrappedKeyCryptogram
1176
+ # import.
1137
1177
  #
1138
1178
  # @return [Types::GetParametersForImportOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1139
1179
  #
@@ -1146,7 +1186,7 @@ module Aws::PaymentCryptography
1146
1186
  # @example Request syntax with placeholder values
1147
1187
  #
1148
1188
  # resp = client.get_parameters_for_import({
1149
- # key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE
1189
+ # key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE, KEY_CRYPTOGRAM
1150
1190
  # wrapping_key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1151
1191
  # })
1152
1192
  #
@@ -1219,18 +1259,20 @@ module Aws::PaymentCryptography
1219
1259
  # For symmetric key exchange, Amazon Web Services Payment Cryptography
1220
1260
  # uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And
1221
1261
  # for asymmetric key exchange, Amazon Web Services Payment Cryptography
1222
- # supports ANSI X9 TR-34 norm . Asymmetric key exchange methods are
1223
- # typically used to establish bi-directional trust between the two
1224
- # parties exhanging keys and are used for initial key exchange such as
1225
- # Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can
1226
- # import working keys using symmetric method to perform various
1227
- # cryptographic operations within Amazon Web Services Payment
1228
- # Cryptography.
1262
+ # supports ANSI X9 TR-34 norm and RSA wrap and unwrap key exchange
1263
+ # mechanisms. Asymmetric key exchange methods are typically used to
1264
+ # establish bi-directional trust between the two parties exhanging keys
1265
+ # and are used for initial key exchange such as Key Encryption Key (KEK)
1266
+ # or Zone Master Key (ZMK). After which you can import working keys
1267
+ # using symmetric method to perform various cryptographic operations
1268
+ # within Amazon Web Services Payment Cryptography.
1229
1269
  #
1230
1270
  # The TR-34 norm is intended for exchanging 3DES keys only and keys are
1231
1271
  # imported in a WrappedKeyBlock format. Key attributes (such as
1232
1272
  # KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained
1233
- # within the key block.
1273
+ # within the key block. With RSA wrap and unwrap, you can exchange both
1274
+ # 3DES and AES-128 keys. The keys are imported in a WrappedKeyCryptogram
1275
+ # format and you will need to specify the key attributes during import.
1234
1276
  #
1235
1277
  # You can also import a *root public key certificate*, used to sign
1236
1278
  # other public key certificates, or a *trusted public key certificate*
@@ -1281,7 +1323,7 @@ module Aws::PaymentCryptography
1281
1323
  # * `PublicKeyCertificate`: The trusted public key certificate in PEM
1282
1324
  # format (base64 encoded) under import.
1283
1325
  #
1284
- # **To import KEK or ZMK using TR-34**
1326
+ # **To import initial keys (KEK or ZMK or similar) using TR-34**
1285
1327
  #
1286
1328
  # Using this operation, you can import initial key using TR-34
1287
1329
  # asymmetric key exchange. In TR-34 terminology, the sending party of
@@ -1327,7 +1369,25 @@ module Aws::PaymentCryptography
1327
1369
  # certificate (CertificateAuthorityPublicKeyIdentifier) imported in
1328
1370
  # Amazon Web Services Payment Cryptography.
1329
1371
  #
1330
- # **To import WK (Working Key) using TR-31**
1372
+ # **To import initial keys (KEK or ZMK or similar) using RSA Wrap and
1373
+ # Unwrap**
1374
+ #
1375
+ # Using this operation, you can import initial key using asymmetric RSA
1376
+ # wrap and unwrap key exchange method. To initiate import, call
1377
+ # GetParametersForImport with `KeyMaterial` set to `KEY_CRYPTOGRAM` to
1378
+ # generate an import token. This operation also generates an encryption
1379
+ # keypair for the purpose of key import, signs the key and returns back
1380
+ # the wrapping key certificate in PEM format (base64 encoded) and its
1381
+ # root certificate chain. The import token and associated KRD wrapping
1382
+ # certificate expires after 7 days.
1383
+ #
1384
+ # You must trust and install the wrapping certificate and its
1385
+ # certificate chain on the sending HSM and use it to wrap the key under
1386
+ # export for WrappedKeyCryptogram generation. Next call `ImportKey` with
1387
+ # `KeyMaterial` set to `KEY_CRYPTOGRAM` and provide the `ImportToken`
1388
+ # and `KeyAttributes` for the key under import.
1389
+ #
1390
+ # **To import working keys using TR-31**
1331
1391
  #
1332
1392
  # Amazon Web Services Payment Cryptography uses TR-31 symmetric key
1333
1393
  # exchange norm to import working keys. A KEK must be established within
@@ -1410,6 +1470,28 @@ module Aws::PaymentCryptography
1410
1470
  # enabled: false,
1411
1471
  # key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
1412
1472
  # key_material: { # required
1473
+ # key_cryptogram: {
1474
+ # exportable: false, # required
1475
+ # import_token: "ImportTokenId", # required
1476
+ # key_attributes: { # required
1477
+ # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
1478
+ # key_class: "SYMMETRIC_KEY", # required, accepts SYMMETRIC_KEY, ASYMMETRIC_KEY_PAIR, PRIVATE_KEY, PUBLIC_KEY
1479
+ # key_modes_of_use: { # required
1480
+ # decrypt: false,
1481
+ # derive_key: false,
1482
+ # encrypt: false,
1483
+ # generate: false,
1484
+ # no_restrictions: false,
1485
+ # sign: false,
1486
+ # unwrap: false,
1487
+ # verify: false,
1488
+ # wrap: false,
1489
+ # },
1490
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1491
+ # },
1492
+ # wrapped_key_cryptogram: "WrappedKeyCryptogram", # required
1493
+ # wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
1494
+ # },
1413
1495
  # root_certificate_public_key: {
1414
1496
  # key_attributes: { # required
1415
1497
  # key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
@@ -1425,7 +1507,7 @@ module Aws::PaymentCryptography
1425
1507
  # verify: false,
1426
1508
  # wrap: false,
1427
1509
  # },
1428
- # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1510
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1429
1511
  # },
1430
1512
  # public_key_certificate: "CertificateType", # required
1431
1513
  # },
@@ -1457,7 +1539,7 @@ module Aws::PaymentCryptography
1457
1539
  # verify: false,
1458
1540
  # wrap: false,
1459
1541
  # },
1460
- # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1542
+ # key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
1461
1543
  # },
1462
1544
  # public_key_certificate: "CertificateType", # required
1463
1545
  # },
@@ -1489,7 +1571,7 @@ module Aws::PaymentCryptography
1489
1571
  # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1490
1572
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1491
1573
  # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1492
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1574
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1493
1575
  # resp.key.key_check_value #=> String
1494
1576
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1495
1577
  # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1649,7 +1731,7 @@ module Aws::PaymentCryptography
1649
1731
  # resp.keys[0].key_attributes.key_modes_of_use.unwrap #=> Boolean
1650
1732
  # resp.keys[0].key_attributes.key_modes_of_use.verify #=> Boolean
1651
1733
  # resp.keys[0].key_attributes.key_modes_of_use.wrap #=> Boolean
1652
- # resp.keys[0].key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1734
+ # resp.keys[0].key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1653
1735
  # resp.keys[0].key_check_value #=> String
1654
1736
  # resp.keys[0].key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
1655
1737
  # resp.next_token #=> String
@@ -1782,7 +1864,7 @@ module Aws::PaymentCryptography
1782
1864
  # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1783
1865
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1784
1866
  # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1785
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1867
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1786
1868
  # resp.key.key_check_value #=> String
1787
1869
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1788
1870
  # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1844,7 +1926,7 @@ module Aws::PaymentCryptography
1844
1926
  # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1845
1927
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1846
1928
  # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1847
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1929
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1848
1930
  # resp.key.key_check_value #=> String
1849
1931
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1850
1932
  # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1908,7 +1990,7 @@ module Aws::PaymentCryptography
1908
1990
  # resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
1909
1991
  # resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
1910
1992
  # resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
1911
- # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1993
+ # resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
1912
1994
  # resp.key.key_check_value #=> String
1913
1995
  # resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
1914
1996
  # resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -2103,7 +2185,7 @@ module Aws::PaymentCryptography
2103
2185
  params: params,
2104
2186
  config: config)
2105
2187
  context[:gem_name] = 'aws-sdk-paymentcryptography'
2106
- context[:gem_version] = '1.9.0'
2188
+ context[:gem_version] = '1.11.0'
2107
2189
  Seahorse::Client::Request.new(handlers, context)
2108
2190
  end
2109
2191
 
data/lib/aws-sdk-paymentcryptography/client_api.rb CHANGED
@@ -31,6 +31,7 @@ module Aws::PaymentCryptography
31
31
  DeleteKeyOutput = Shapes::StructureShape.new(name: 'DeleteKeyOutput')
32
32
  ExportAttributes = Shapes::StructureShape.new(name: 'ExportAttributes')
33
33
  ExportDukptInitialKey = Shapes::StructureShape.new(name: 'ExportDukptInitialKey')
34
+ ExportKeyCryptogram = Shapes::StructureShape.new(name: 'ExportKeyCryptogram')
34
35
  ExportKeyInput = Shapes::StructureShape.new(name: 'ExportKeyInput')
35
36
  ExportKeyMaterial = Shapes::UnionShape.new(name: 'ExportKeyMaterial')
36
37
  ExportKeyOutput = Shapes::StructureShape.new(name: 'ExportKeyOutput')
@@ -49,6 +50,7 @@ module Aws::PaymentCryptography
49
50
  GetPublicKeyCertificateOutput = Shapes::StructureShape.new(name: 'GetPublicKeyCertificateOutput')
50
51
  HexLength16 = Shapes::StringShape.new(name: 'HexLength16')
51
52
  HexLength20Or24 = Shapes::StringShape.new(name: 'HexLength20Or24')
53
+ ImportKeyCryptogram = Shapes::StructureShape.new(name: 'ImportKeyCryptogram')
52
54
  ImportKeyInput = Shapes::StructureShape.new(name: 'ImportKeyInput')
53
55
  ImportKeyMaterial = Shapes::UnionShape.new(name: 'ImportKeyMaterial')
54
56
  ImportKeyOutput = Shapes::StructureShape.new(name: 'ImportKeyOutput')
@@ -112,7 +114,9 @@ module Aws::PaymentCryptography
112
114
  UpdateAliasOutput = Shapes::StructureShape.new(name: 'UpdateAliasOutput')
113
115
  ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
114
116
  WrappedKey = Shapes::StructureShape.new(name: 'WrappedKey')
117
+ WrappedKeyCryptogram = Shapes::StringShape.new(name: 'WrappedKeyCryptogram')
115
118
  WrappedKeyMaterialFormat = Shapes::StringShape.new(name: 'WrappedKeyMaterialFormat')
119
+ WrappingKeySpec = Shapes::StringShape.new(name: 'WrappingKeySpec')
116
120
 
117
121
  AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
118
122
  AccessDeniedException.struct_class = Types::AccessDeniedException
@@ -162,14 +166,21 @@ module Aws::PaymentCryptography
162
166
  ExportDukptInitialKey.add_member(:key_serial_number, Shapes::ShapeRef.new(shape: HexLength20Or24, required: true, location_name: "KeySerialNumber"))
163
167
  ExportDukptInitialKey.struct_class = Types::ExportDukptInitialKey
164
168
 
169
+ ExportKeyCryptogram.add_member(:certificate_authority_public_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "CertificateAuthorityPublicKeyIdentifier"))
170
+ ExportKeyCryptogram.add_member(:wrapping_key_certificate, Shapes::ShapeRef.new(shape: CertificateType, required: true, location_name: "WrappingKeyCertificate"))
171
+ ExportKeyCryptogram.add_member(:wrapping_spec, Shapes::ShapeRef.new(shape: WrappingKeySpec, location_name: "WrappingSpec"))
172
+ ExportKeyCryptogram.struct_class = Types::ExportKeyCryptogram
173
+
165
174
  ExportKeyInput.add_member(:export_attributes, Shapes::ShapeRef.new(shape: ExportAttributes, location_name: "ExportAttributes"))
166
175
  ExportKeyInput.add_member(:export_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "ExportKeyIdentifier"))
167
176
  ExportKeyInput.add_member(:key_material, Shapes::ShapeRef.new(shape: ExportKeyMaterial, required: true, location_name: "KeyMaterial"))
168
177
  ExportKeyInput.struct_class = Types::ExportKeyInput
169
178
 
179
+ ExportKeyMaterial.add_member(:key_cryptogram, Shapes::ShapeRef.new(shape: ExportKeyCryptogram, location_name: "KeyCryptogram"))
170
180
  ExportKeyMaterial.add_member(:tr_31_key_block, Shapes::ShapeRef.new(shape: ExportTr31KeyBlock, location_name: "Tr31KeyBlock"))
171
181
  ExportKeyMaterial.add_member(:tr_34_key_block, Shapes::ShapeRef.new(shape: ExportTr34KeyBlock, location_name: "Tr34KeyBlock"))
172
182
  ExportKeyMaterial.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
183
+ ExportKeyMaterial.add_member_subclass(:key_cryptogram, Types::ExportKeyMaterial::KeyCryptogram)
173
184
  ExportKeyMaterial.add_member_subclass(:tr_31_key_block, Types::ExportKeyMaterial::Tr31KeyBlock)
174
185
  ExportKeyMaterial.add_member_subclass(:tr_34_key_block, Types::ExportKeyMaterial::Tr34KeyBlock)
175
186
  ExportKeyMaterial.add_member_subclass(:unknown, Types::ExportKeyMaterial::Unknown)
@@ -229,17 +240,26 @@ module Aws::PaymentCryptography
229
240
  GetPublicKeyCertificateOutput.add_member(:key_certificate_chain, Shapes::ShapeRef.new(shape: CertificateType, required: true, location_name: "KeyCertificateChain"))
230
241
  GetPublicKeyCertificateOutput.struct_class = Types::GetPublicKeyCertificateOutput
231
242
 
243
+ ImportKeyCryptogram.add_member(:exportable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "Exportable"))
244
+ ImportKeyCryptogram.add_member(:import_token, Shapes::ShapeRef.new(shape: ImportTokenId, required: true, location_name: "ImportToken"))
245
+ ImportKeyCryptogram.add_member(:key_attributes, Shapes::ShapeRef.new(shape: KeyAttributes, required: true, location_name: "KeyAttributes"))
246
+ ImportKeyCryptogram.add_member(:wrapped_key_cryptogram, Shapes::ShapeRef.new(shape: WrappedKeyCryptogram, required: true, location_name: "WrappedKeyCryptogram"))
247
+ ImportKeyCryptogram.add_member(:wrapping_spec, Shapes::ShapeRef.new(shape: WrappingKeySpec, location_name: "WrappingSpec"))
248
+ ImportKeyCryptogram.struct_class = Types::ImportKeyCryptogram
249
+
232
250
  ImportKeyInput.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
233
251
  ImportKeyInput.add_member(:key_check_value_algorithm, Shapes::ShapeRef.new(shape: KeyCheckValueAlgorithm, location_name: "KeyCheckValueAlgorithm"))
234
252
  ImportKeyInput.add_member(:key_material, Shapes::ShapeRef.new(shape: ImportKeyMaterial, required: true, location_name: "KeyMaterial"))
235
253
  ImportKeyInput.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
236
254
  ImportKeyInput.struct_class = Types::ImportKeyInput
237
255
 
256
+ ImportKeyMaterial.add_member(:key_cryptogram, Shapes::ShapeRef.new(shape: ImportKeyCryptogram, location_name: "KeyCryptogram"))
238
257
  ImportKeyMaterial.add_member(:root_certificate_public_key, Shapes::ShapeRef.new(shape: RootCertificatePublicKey, location_name: "RootCertificatePublicKey"))
239
258
  ImportKeyMaterial.add_member(:tr_31_key_block, Shapes::ShapeRef.new(shape: ImportTr31KeyBlock, location_name: "Tr31KeyBlock"))
240
259
  ImportKeyMaterial.add_member(:tr_34_key_block, Shapes::ShapeRef.new(shape: ImportTr34KeyBlock, location_name: "Tr34KeyBlock"))
241
260
  ImportKeyMaterial.add_member(:trusted_certificate_public_key, Shapes::ShapeRef.new(shape: TrustedCertificatePublicKey, location_name: "TrustedCertificatePublicKey"))
242
261
  ImportKeyMaterial.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
262
+ ImportKeyMaterial.add_member_subclass(:key_cryptogram, Types::ImportKeyMaterial::KeyCryptogram)
243
263
  ImportKeyMaterial.add_member_subclass(:root_certificate_public_key, Types::ImportKeyMaterial::RootCertificatePublicKey)
244
264
  ImportKeyMaterial.add_member_subclass(:tr_31_key_block, Types::ImportKeyMaterial::Tr31KeyBlock)
245
265
  ImportKeyMaterial.add_member_subclass(:tr_34_key_block, Types::ImportKeyMaterial::Tr34KeyBlock)
data/lib/aws-sdk-paymentcryptography/plugins/endpoints.rb CHANGED
@@ -14,6 +14,7 @@ module Aws::PaymentCryptography
14
14
  option(
15
15
  :endpoint_provider,
16
16
  doc_type: 'Aws::PaymentCryptography::EndpointProvider',
17
+ rbs_type: 'untyped',
17
18
  docstring: 'The endpoint provider used to resolve endpoints. Any '\
18
19
  'object that responds to `#resolve_endpoint(parameters)` '\
19
20
  'where `parameters` is a Struct similar to '\