aws-sdk-paymentcryptography 1.9.0 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c7aa4a071604523fde65f013e4cc282f56ebf1fe2fb0c97de8e8e5a513bfaf17
-  data.tar.gz: 20d8a0d35fe479de06a4a8218595d24eefacd758b793e53119c63c52c2d219ec
+  metadata.gz: c6a0e84f6b6cc4d1218749035c30c2c2b35902f0e761ab3f4ff9462e9aca82f5
+  data.tar.gz: a8ab6e055e99a67e605a5dc2a2b9d52b8dea6feaac755612e01cf98f2dc54c45
 SHA512:
-  metadata.gz: 9c6512aa8e25779a18200d54bcf5c13f4991eee13d6c7ddf9277ec7453dc8190320b92b905cb34f232585f533c98f4fad75e0f8a52e65a7b774df75aebb47687
-  data.tar.gz: bd7caa8efaadc61f63ab5e9ae1bb16fd992a7c0da26f5daf31d72b4816471b5f8c91fac86d0e9b8d6cbc178068c5838751c6136c768ab87b3ce72fb7f3566fbc
+  metadata.gz: 63a06d2b60f98c5393d555c8c4fae533990dc932cad3d7edea6bb342535ef31c7c33439e6018bbb3929b52f35f029410408cdba20c2919dba0ac87501b0b7c40
+  data.tar.gz: c4ddc6baf34492df16d76be8f3df87d68ceb2bde55a5750dec0bc0977459f63c73a0a5bdabb637641334389064ea889d8255bb6d80b147d402a0b6ae58287d4c

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.10.0 (2024-01-16)
+------------------
+
+* Feature - Provide an additional option for key exchange using RSA wrap/unwrap in addition to tr-34/tr-31 in ImportKey and ExportKey operations. Added new key usage (type) TR31_M1_ISO_9797_1_MAC_KEY, for use with Generate/VerifyMac dataplane operations  with ISO9797 Algorithm 1 MAC calculations.
+
 1.9.0 (2023-12-06)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.9.0
+1.10.0

data/lib/aws-sdk-paymentcryptography/client.rb

@@ -580,7 +580,7 @@ module Aws::PaymentCryptography
     #         verify: false,
     #         wrap: false,
     #       },
-    #       key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
+    #       key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
     #     },
     #     key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
     #     tags: [
@@ -610,7 +610,7 @@ module Aws::PaymentCryptography
     #   resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.key.key_check_value #=> String
     #   resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
     #   resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -738,7 +738,7 @@ module Aws::PaymentCryptography
     #   resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.key.key_check_value #=> String
     #   resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
     #   resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -768,17 +768,20 @@ module Aws::PaymentCryptography
     # For symmetric key exchange, Amazon Web Services Payment Cryptography
     # uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And
     # for asymmetric key exchange, Amazon Web Services Payment Cryptography
-    # supports ANSI X9 TR-34 norm . Asymmetric key exchange methods are
-    # typically used to establish bi-directional trust between the two
-    # parties exhanging keys and are used for initial key exchange such as
-    # Key Encryption Key (KEK). After which you can export working keys
-    # using symmetric method to perform various cryptographic operations
-    # within Amazon Web Services Payment Cryptography.
+    # supports ANSI X9 TR-34 norm and RSA wrap and unwrap key exchange
+    # mechanism. Asymmetric key exchange methods are typically used to
+    # establish bi-directional trust between the two parties exhanging keys
+    # and are used for initial key exchange such as Key Encryption Key
+    # (KEK). After which you can export working keys using symmetric method
+    # to perform various cryptographic operations within Amazon Web Services
+    # Payment Cryptography.
     #
     # The TR-34 norm is intended for exchanging 3DES keys only and keys are
     # imported in a WrappedKeyBlock format. Key attributes (such as
     # KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained
-    # within the key block.
+    # within the key block. With RSA wrap and unwrap, you can exchange both
+    # 3DES and AES-128 keys. The keys are imported in a WrappedKeyCryptogram
+    # format and you will need to specify the key attributes during import.
     #
     # You can also use `ExportKey` functionality to generate and export an
     # IPEK (Initial Pin Encryption Key) from Amazon Web Services Payment
@@ -788,7 +791,7 @@ module Aws::PaymentCryptography
     # within Amazon Web Services Payment Cryptography and has to be
     # re-generated each time during export.
     #
-    # **To export KEK or IPEK using TR-34**
+    # **To export initial keys (KEK) or IPEK using TR-34**
     #
     # Using this operation, you can export initial key using TR-34
     # asymmetric key exchange. You can only export KEK generated within
@@ -846,7 +849,33 @@ module Aws::PaymentCryptography
     # When this operation is successful, Amazon Web Services Payment
     # Cryptography returns the KEK or IPEK as a TR-34 WrappedKeyBlock.
     #
-    # **To export WK (Working Key) or IPEK using TR-31**
+    # **To export initial keys (KEK) or IPEK using RSA Wrap and Unwrap**
+    #
+    # Using this operation, you can export initial key using asymmetric RSA
+    # wrap and unwrap key exchange method. To initiate export, generate an
+    # asymmetric key pair on the receiving HSM and obtain the public key
+    # certificate in PEM format (base64 encoded) for the purpose of wrapping
+    # and the root certifiate chain. Import the root certificate into Amazon
+    # Web Services Payment Cryptography by calling ImportKey for
+    # `RootCertificatePublicKey`.
+    #
+    # Next call `ExportKey` and set the following parameters:
+    #
+    # * `CertificateAuthorityPublicKeyIdentifier`: The `KeyARN` of the
+    #   certificate chain that signed wrapping key certificate.
+    #
+    # * `KeyMaterial`: Set to `KeyCryptogram`.
+    #
+    # * `WrappingKeyCertificate`: The public key certificate in PEM format
+    #   (base64 encoded) obtained by the receiving HSM and signed by the
+    #   root certificate (CertificateAuthorityPublicKeyIdentifier) imported
+    #   into Amazon Web Services Payment Cryptography. The receiving HSM
+    #   uses its private key component to unwrap the WrappedKeyCryptogram.
+    #
+    # When this operation is successful, Amazon Web Services Payment
+    # Cryptography returns the WrappedKeyCryptogram.
+    #
+    # **To export working keys or IPEK using TR-31**
     #
     # Using this operation, you can export working keys or IPEK using TR-31
     # symmetric key exchange. In TR-31, you must use an initial key such as
@@ -864,7 +893,8 @@ module Aws::PaymentCryptography
     # * `KeyMaterial`: Use `Tr31KeyBlock` parameters.
     #
     # When this operation is successful, Amazon Web Services Payment
-    # Cryptography returns the WK or IPEK as a TR-31 WrappedKeyBlock.
+    # Cryptography returns the working key or IPEK as a TR-31
+    # WrappedKeyBlock.
     #
     # **Cross-account use:** This operation can't be used across different
     # Amazon Web Services accounts.
@@ -905,6 +935,11 @@ module Aws::PaymentCryptography
     #     },
     #     export_key_identifier: "KeyArnOrKeyAliasType", # required
     #     key_material: { # required
+    #       key_cryptogram: {
+    #         certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
+    #         wrapping_key_certificate: "CertificateType", # required
+    #         wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
+    #       },
     #       tr_31_key_block: {
     #         wrapping_key_identifier: "KeyArnOrKeyAliasType", # required
     #       },
@@ -1025,7 +1060,7 @@ module Aws::PaymentCryptography
     #   resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.key.key_check_value #=> String
     #   resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
     #   resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1082,7 +1117,7 @@ module Aws::PaymentCryptography
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_parameters_for_export({
-    #     key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE
+    #     key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE, KEY_CRYPTOGRAM
     #     signing_key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
     #   })
     #
@@ -1104,7 +1139,9 @@ module Aws::PaymentCryptography
     end
 
     # Gets the import token and the wrapping key certificate in PEM format
-    # (base64 encoded) to initiate a TR-34 WrappedKeyBlock.
+    # (base64 encoded) to initiate a TR-34 WrappedKeyBlock or a RSA
+    # WrappedKeyCryptogram import into Amazon Web Services Payment
+    # Cryptography.
     #
     # The wrapping key certificate wraps the key under import. The import
     # token and wrapping key certificate must be in place and operational
@@ -1123,7 +1160,8 @@ module Aws::PaymentCryptography
     #
     # @option params [required, String] :key_material_type
     #   The method to use for key material import. Import token is only
-    #   required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`).
+    #   required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`) and RSA
+    #   WrappedKeyCryptogram (`KEY_CRYPTOGRAM`).
     #
     #   Import token is not required for TR-31, root public key cerificate or
     #   trusted public key certificate.
@@ -1132,8 +1170,10 @@ module Aws::PaymentCryptography
     #   The wrapping key algorithm to generate a wrapping key certificate.
     #   This certificate wraps the key under import.
     #
-    #   At this time, `RSA_2048`, `RSA_3072`, `RSA_4096` are the only allowed
-    #   algorithms for TR-34 WrappedKeyBlock import.
+    #   At this time, `RSA_2048` is the allowed algorithm for TR-34
+    #   WrappedKeyBlock import. Additionally, `RSA_2048`, `RSA_3072`,
+    #   `RSA_4096` are the allowed algorithms for RSA WrappedKeyCryptogram
+    #   import.
     #
     # @return [Types::GetParametersForImportOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1146,7 +1186,7 @@ module Aws::PaymentCryptography
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_parameters_for_import({
-    #     key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE
+    #     key_material_type: "TR34_KEY_BLOCK", # required, accepts TR34_KEY_BLOCK, TR31_KEY_BLOCK, ROOT_PUBLIC_KEY_CERTIFICATE, TRUSTED_PUBLIC_KEY_CERTIFICATE, KEY_CRYPTOGRAM
     #     wrapping_key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
     #   })
     #
@@ -1219,18 +1259,20 @@ module Aws::PaymentCryptography
     # For symmetric key exchange, Amazon Web Services Payment Cryptography
     # uses the ANSI X9 TR-31 norm in accordance with PCI PIN guidelines. And
     # for asymmetric key exchange, Amazon Web Services Payment Cryptography
-    # supports ANSI X9 TR-34 norm . Asymmetric key exchange methods are
-    # typically used to establish bi-directional trust between the two
-    # parties exhanging keys and are used for initial key exchange such as
-    # Key Encryption Key (KEK) or Zone Master Key (ZMK). After which you can
-    # import working keys using symmetric method to perform various
-    # cryptographic operations within Amazon Web Services Payment
-    # Cryptography.
+    # supports ANSI X9 TR-34 norm and RSA wrap and unwrap key exchange
+    # mechanisms. Asymmetric key exchange methods are typically used to
+    # establish bi-directional trust between the two parties exhanging keys
+    # and are used for initial key exchange such as Key Encryption Key (KEK)
+    # or Zone Master Key (ZMK). After which you can import working keys
+    # using symmetric method to perform various cryptographic operations
+    # within Amazon Web Services Payment Cryptography.
     #
     # The TR-34 norm is intended for exchanging 3DES keys only and keys are
     # imported in a WrappedKeyBlock format. Key attributes (such as
     # KeyUsage, KeyAlgorithm, KeyModesOfUse, Exportability) are contained
-    # within the key block.
+    # within the key block. With RSA wrap and unwrap, you can exchange both
+    # 3DES and AES-128 keys. The keys are imported in a WrappedKeyCryptogram
+    # format and you will need to specify the key attributes during import.
     #
     # You can also import a *root public key certificate*, used to sign
     # other public key certificates, or a *trusted public key certificate*
@@ -1281,7 +1323,7 @@ module Aws::PaymentCryptography
     # * `PublicKeyCertificate`: The trusted public key certificate in PEM
     #   format (base64 encoded) under import.
     #
-    # **To import KEK or ZMK using TR-34**
+    # **To import initial keys (KEK or ZMK or similar) using TR-34**
     #
     # Using this operation, you can import initial key using TR-34
     # asymmetric key exchange. In TR-34 terminology, the sending party of
@@ -1327,7 +1369,25 @@ module Aws::PaymentCryptography
     #   certificate (CertificateAuthorityPublicKeyIdentifier) imported in
     #   Amazon Web Services Payment Cryptography.
     #
-    # **To import WK (Working Key) using TR-31**
+    # **To import initial keys (KEK or ZMK or similar) using RSA Wrap and
+    # Unwrap**
+    #
+    # Using this operation, you can import initial key using asymmetric RSA
+    # wrap and unwrap key exchange method. To initiate import, call
+    # GetParametersForImport with `KeyMaterial` set to `KEY_CRYPTOGRAM` to
+    # generate an import token. This operation also generates an encryption
+    # keypair for the purpose of key import, signs the key and returns back
+    # the wrapping key certificate in PEM format (base64 encoded) and its
+    # root certificate chain. The import token and associated KRD wrapping
+    # certificate expires after 7 days.
+    #
+    # You must trust and install the wrapping certificate and its
+    # certificate chain on the sending HSM and use it to wrap the key under
+    # export for WrappedKeyCryptogram generation. Next call `ImportKey` with
+    # `KeyMaterial` set to `KEY_CRYPTOGRAM` and provide the `ImportToken`
+    # and `KeyAttributes` for the key under import.
+    #
+    # **To import working keys using TR-31**
     #
     # Amazon Web Services Payment Cryptography uses TR-31 symmetric key
     # exchange norm to import working keys. A KEK must be established within
@@ -1410,6 +1470,28 @@ module Aws::PaymentCryptography
     #     enabled: false,
     #     key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24
     #     key_material: { # required
+    #       key_cryptogram: {
+    #         exportable: false, # required
+    #         import_token: "ImportTokenId", # required
+    #         key_attributes: { # required
+    #           key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
+    #           key_class: "SYMMETRIC_KEY", # required, accepts SYMMETRIC_KEY, ASYMMETRIC_KEY_PAIR, PRIVATE_KEY, PUBLIC_KEY
+    #           key_modes_of_use: { # required
+    #             decrypt: false,
+    #             derive_key: false,
+    #             encrypt: false,
+    #             generate: false,
+    #             no_restrictions: false,
+    #             sign: false,
+    #             unwrap: false,
+    #             verify: false,
+    #             wrap: false,
+    #           },
+    #           key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
+    #         },
+    #         wrapped_key_cryptogram: "WrappedKeyCryptogram", # required
+    #         wrapping_spec: "RSA_OAEP_SHA_256", # accepts RSA_OAEP_SHA_256, RSA_OAEP_SHA_512
+    #       },
     #       root_certificate_public_key: {
     #         key_attributes: { # required
     #           key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, RSA_2048, RSA_3072, RSA_4096
@@ -1425,7 +1507,7 @@ module Aws::PaymentCryptography
     #             verify: false,
     #             wrap: false,
     #           },
-    #           key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
+    #           key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
     #         },
     #         public_key_certificate: "CertificateType", # required
     #       },
@@ -1457,7 +1539,7 @@ module Aws::PaymentCryptography
     #             verify: false,
     #             wrap: false,
     #           },
-    #           key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
+    #           key_usage: "TR31_B0_BASE_DERIVATION_KEY", # required, accepts TR31_B0_BASE_DERIVATION_KEY, TR31_C0_CARD_VERIFICATION_KEY, TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY, TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION, TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS, TR31_E1_EMV_MKEY_CONFIDENTIALITY, TR31_E2_EMV_MKEY_INTEGRITY, TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS, TR31_E5_EMV_MKEY_CARD_PERSONALIZATION, TR31_E6_EMV_MKEY_OTHER, TR31_K0_KEY_ENCRYPTION_KEY, TR31_K1_KEY_BLOCK_PROTECTION_KEY, TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT, TR31_M3_ISO_9797_3_MAC_KEY, TR31_M1_ISO_9797_1_MAC_KEY, TR31_M6_ISO_9797_5_CMAC_KEY, TR31_M7_HMAC_KEY, TR31_P0_PIN_ENCRYPTION_KEY, TR31_P1_PIN_GENERATION_KEY, TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE, TR31_V1_IBM3624_PIN_VERIFICATION_KEY, TR31_V2_VISA_PIN_VERIFICATION_KEY, TR31_K2_TR34_ASYMMETRIC_KEY
     #         },
     #         public_key_certificate: "CertificateType", # required
     #       },
@@ -1489,7 +1571,7 @@ module Aws::PaymentCryptography
     #   resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.key.key_check_value #=> String
     #   resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
     #   resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1649,7 +1731,7 @@ module Aws::PaymentCryptography
     #   resp.keys[0].key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.keys[0].key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.keys[0].key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.keys[0].key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.keys[0].key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.keys[0].key_check_value #=> String
     #   resp.keys[0].key_state #=> String, one of "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE"
     #   resp.next_token #=> String
@@ -1782,7 +1864,7 @@ module Aws::PaymentCryptography
     #   resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.key.key_check_value #=> String
     #   resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
     #   resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1844,7 +1926,7 @@ module Aws::PaymentCryptography
     #   resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.key.key_check_value #=> String
     #   resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
     #   resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -1908,7 +1990,7 @@ module Aws::PaymentCryptography
     #   resp.key.key_attributes.key_modes_of_use.unwrap #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.verify #=> Boolean
     #   resp.key.key_attributes.key_modes_of_use.wrap #=> Boolean
-    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
+    #   resp.key.key_attributes.key_usage #=> String, one of "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY"
     #   resp.key.key_check_value #=> String
     #   resp.key.key_check_value_algorithm #=> String, one of "CMAC", "ANSI_X9_24"
     #   resp.key.key_origin #=> String, one of "EXTERNAL", "AWS_PAYMENT_CRYPTOGRAPHY"
@@ -2103,7 +2185,7 @@ module Aws::PaymentCryptography
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-paymentcryptography'
-      context[:gem_version] = '1.9.0'
+      context[:gem_version] = '1.10.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-paymentcryptography/client_api.rb

@@ -31,6 +31,7 @@ module Aws::PaymentCryptography
     DeleteKeyOutput = Shapes::StructureShape.new(name: 'DeleteKeyOutput')
     ExportAttributes = Shapes::StructureShape.new(name: 'ExportAttributes')
     ExportDukptInitialKey = Shapes::StructureShape.new(name: 'ExportDukptInitialKey')
+    ExportKeyCryptogram = Shapes::StructureShape.new(name: 'ExportKeyCryptogram')
     ExportKeyInput = Shapes::StructureShape.new(name: 'ExportKeyInput')
     ExportKeyMaterial = Shapes::UnionShape.new(name: 'ExportKeyMaterial')
     ExportKeyOutput = Shapes::StructureShape.new(name: 'ExportKeyOutput')
@@ -49,6 +50,7 @@ module Aws::PaymentCryptography
     GetPublicKeyCertificateOutput = Shapes::StructureShape.new(name: 'GetPublicKeyCertificateOutput')
     HexLength16 = Shapes::StringShape.new(name: 'HexLength16')
     HexLength20Or24 = Shapes::StringShape.new(name: 'HexLength20Or24')
+    ImportKeyCryptogram = Shapes::StructureShape.new(name: 'ImportKeyCryptogram')
     ImportKeyInput = Shapes::StructureShape.new(name: 'ImportKeyInput')
     ImportKeyMaterial = Shapes::UnionShape.new(name: 'ImportKeyMaterial')
     ImportKeyOutput = Shapes::StructureShape.new(name: 'ImportKeyOutput')
@@ -112,7 +114,9 @@ module Aws::PaymentCryptography
     UpdateAliasOutput = Shapes::StructureShape.new(name: 'UpdateAliasOutput')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     WrappedKey = Shapes::StructureShape.new(name: 'WrappedKey')
+    WrappedKeyCryptogram = Shapes::StringShape.new(name: 'WrappedKeyCryptogram')
     WrappedKeyMaterialFormat = Shapes::StringShape.new(name: 'WrappedKeyMaterialFormat')
+    WrappingKeySpec = Shapes::StringShape.new(name: 'WrappingKeySpec')
 
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
@@ -162,14 +166,21 @@ module Aws::PaymentCryptography
     ExportDukptInitialKey.add_member(:key_serial_number, Shapes::ShapeRef.new(shape: HexLength20Or24, required: true, location_name: "KeySerialNumber"))
     ExportDukptInitialKey.struct_class = Types::ExportDukptInitialKey
 
+    ExportKeyCryptogram.add_member(:certificate_authority_public_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "CertificateAuthorityPublicKeyIdentifier"))
+    ExportKeyCryptogram.add_member(:wrapping_key_certificate, Shapes::ShapeRef.new(shape: CertificateType, required: true, location_name: "WrappingKeyCertificate"))
+    ExportKeyCryptogram.add_member(:wrapping_spec, Shapes::ShapeRef.new(shape: WrappingKeySpec, location_name: "WrappingSpec"))
+    ExportKeyCryptogram.struct_class = Types::ExportKeyCryptogram
+
     ExportKeyInput.add_member(:export_attributes, Shapes::ShapeRef.new(shape: ExportAttributes, location_name: "ExportAttributes"))
     ExportKeyInput.add_member(:export_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "ExportKeyIdentifier"))
     ExportKeyInput.add_member(:key_material, Shapes::ShapeRef.new(shape: ExportKeyMaterial, required: true, location_name: "KeyMaterial"))
     ExportKeyInput.struct_class = Types::ExportKeyInput
 
+    ExportKeyMaterial.add_member(:key_cryptogram, Shapes::ShapeRef.new(shape: ExportKeyCryptogram, location_name: "KeyCryptogram"))
     ExportKeyMaterial.add_member(:tr_31_key_block, Shapes::ShapeRef.new(shape: ExportTr31KeyBlock, location_name: "Tr31KeyBlock"))
     ExportKeyMaterial.add_member(:tr_34_key_block, Shapes::ShapeRef.new(shape: ExportTr34KeyBlock, location_name: "Tr34KeyBlock"))
     ExportKeyMaterial.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    ExportKeyMaterial.add_member_subclass(:key_cryptogram, Types::ExportKeyMaterial::KeyCryptogram)
     ExportKeyMaterial.add_member_subclass(:tr_31_key_block, Types::ExportKeyMaterial::Tr31KeyBlock)
     ExportKeyMaterial.add_member_subclass(:tr_34_key_block, Types::ExportKeyMaterial::Tr34KeyBlock)
     ExportKeyMaterial.add_member_subclass(:unknown, Types::ExportKeyMaterial::Unknown)
@@ -229,17 +240,26 @@ module Aws::PaymentCryptography
     GetPublicKeyCertificateOutput.add_member(:key_certificate_chain, Shapes::ShapeRef.new(shape: CertificateType, required: true, location_name: "KeyCertificateChain"))
     GetPublicKeyCertificateOutput.struct_class = Types::GetPublicKeyCertificateOutput
 
+    ImportKeyCryptogram.add_member(:exportable, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "Exportable"))
+    ImportKeyCryptogram.add_member(:import_token, Shapes::ShapeRef.new(shape: ImportTokenId, required: true, location_name: "ImportToken"))
+    ImportKeyCryptogram.add_member(:key_attributes, Shapes::ShapeRef.new(shape: KeyAttributes, required: true, location_name: "KeyAttributes"))
+    ImportKeyCryptogram.add_member(:wrapped_key_cryptogram, Shapes::ShapeRef.new(shape: WrappedKeyCryptogram, required: true, location_name: "WrappedKeyCryptogram"))
+    ImportKeyCryptogram.add_member(:wrapping_spec, Shapes::ShapeRef.new(shape: WrappingKeySpec, location_name: "WrappingSpec"))
+    ImportKeyCryptogram.struct_class = Types::ImportKeyCryptogram
+
     ImportKeyInput.add_member(:enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enabled"))
     ImportKeyInput.add_member(:key_check_value_algorithm, Shapes::ShapeRef.new(shape: KeyCheckValueAlgorithm, location_name: "KeyCheckValueAlgorithm"))
     ImportKeyInput.add_member(:key_material, Shapes::ShapeRef.new(shape: ImportKeyMaterial, required: true, location_name: "KeyMaterial"))
     ImportKeyInput.add_member(:tags, Shapes::ShapeRef.new(shape: Tags, location_name: "Tags"))
     ImportKeyInput.struct_class = Types::ImportKeyInput
 
+    ImportKeyMaterial.add_member(:key_cryptogram, Shapes::ShapeRef.new(shape: ImportKeyCryptogram, location_name: "KeyCryptogram"))
     ImportKeyMaterial.add_member(:root_certificate_public_key, Shapes::ShapeRef.new(shape: RootCertificatePublicKey, location_name: "RootCertificatePublicKey"))
     ImportKeyMaterial.add_member(:tr_31_key_block, Shapes::ShapeRef.new(shape: ImportTr31KeyBlock, location_name: "Tr31KeyBlock"))
     ImportKeyMaterial.add_member(:tr_34_key_block, Shapes::ShapeRef.new(shape: ImportTr34KeyBlock, location_name: "Tr34KeyBlock"))
     ImportKeyMaterial.add_member(:trusted_certificate_public_key, Shapes::ShapeRef.new(shape: TrustedCertificatePublicKey, location_name: "TrustedCertificatePublicKey"))
     ImportKeyMaterial.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    ImportKeyMaterial.add_member_subclass(:key_cryptogram, Types::ImportKeyMaterial::KeyCryptogram)
     ImportKeyMaterial.add_member_subclass(:root_certificate_public_key, Types::ImportKeyMaterial::RootCertificatePublicKey)
     ImportKeyMaterial.add_member_subclass(:tr_31_key_block, Types::ImportKeyMaterial::Tr31KeyBlock)
     ImportKeyMaterial.add_member_subclass(:tr_34_key_block, Types::ImportKeyMaterial::Tr34KeyBlock)

data/lib/aws-sdk-paymentcryptography/types.rb

@@ -264,6 +264,34 @@ module Aws::PaymentCryptography
       include Aws::Structure
     end
 
+    # Parameter information for key material export using asymmetric RSA
+    # wrap and unwrap key exchange method.
+    #
+    # @!attribute [rw] certificate_authority_public_key_identifier
+    #   The `KeyARN` of the certificate chain that signs the wrapping key
+    #   certificate during RSA wrap and unwrap key export.
+    #   @return [String]
+    #
+    # @!attribute [rw] wrapping_key_certificate
+    #   The wrapping key certificate in PEM format (base64 encoded). Amazon
+    #   Web Services Payment Cryptography uses this certificate to wrap the
+    #   key under export.
+    #   @return [String]
+    #
+    # @!attribute [rw] wrapping_spec
+    #   The wrapping spec for the key under export.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyCryptogram AWS API Documentation
+    #
+    class ExportKeyCryptogram < Struct.new(
+      :certificate_authority_public_key_identifier,
+      :wrapping_key_certificate,
+      :wrapping_spec)
+      SENSITIVE = [:wrapping_key_certificate]
+      include Aws::Structure
+    end
+
     # @!attribute [rw] export_attributes
     #   The attributes for IPEK generation during export.
     #   @return [Types::ExportAttributes]
@@ -289,10 +317,16 @@ module Aws::PaymentCryptography
     end
 
     # Parameter information for key material export from Amazon Web Services
-    # Payment Cryptography using TR-31 or TR-34 key exchange method.
+    # Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
+    # exchange method.
     #
     # @note ExportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
     #
+    # @!attribute [rw] key_cryptogram
+    #   Parameter information for key material export using asymmetric RSA
+    #   wrap and unwrap key exchange method
+    #   @return [Types::ExportKeyCryptogram]
+    #
     # @!attribute [rw] tr_31_key_block
     #   Parameter information for key material export using symmetric TR-31
     #   key exchange method.
@@ -306,6 +340,7 @@ module Aws::PaymentCryptography
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyMaterial AWS API Documentation
     #
     class ExportKeyMaterial < Struct.new(
+      :key_cryptogram,
       :tr_31_key_block,
       :tr_34_key_block,
       :unknown)
@@ -313,6 +348,7 @@ module Aws::PaymentCryptography
       include Aws::Structure
       include Aws::Structure::Union
 
+      class KeyCryptogram < ExportKeyMaterial; end
       class Tr31KeyBlock < ExportKeyMaterial; end
       class Tr34KeyBlock < ExportKeyMaterial; end
       class Unknown < ExportKeyMaterial; end
@@ -320,7 +356,7 @@ module Aws::PaymentCryptography
 
     # @!attribute [rw] wrapped_key
     #   The key material under export as a TR-34 WrappedKeyBlock or a TR-31
-    #   WrappedKeyBlock.
+    #   WrappedKeyBlock. or a RSA WrappedKeyCryptogram.
     #   @return [Types::WrappedKey]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ExportKeyOutput AWS API Documentation
@@ -506,7 +542,8 @@ module Aws::PaymentCryptography
 
     # @!attribute [rw] key_material_type
     #   The method to use for key material import. Import token is only
-    #   required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`).
+    #   required for TR-34 WrappedKeyBlock (`TR34_KEY_BLOCK`) and RSA
+    #   WrappedKeyCryptogram (`KEY_CRYPTOGRAM`).
     #
     #   Import token is not required for TR-31, root public key cerificate
     #   or trusted public key certificate.
@@ -516,8 +553,10 @@ module Aws::PaymentCryptography
     #   The wrapping key algorithm to generate a wrapping key certificate.
     #   This certificate wraps the key under import.
     #
-    #   At this time, `RSA_2048`, `RSA_3072`, `RSA_4096` are the only
-    #   allowed algorithms for TR-34 WrappedKeyBlock import.
+    #   At this time, `RSA_2048` is the allowed algorithm for TR-34
+    #   WrappedKeyBlock import. Additionally, `RSA_2048`, `RSA_3072`,
+    #   `RSA_4096` are the allowed algorithms for RSA WrappedKeyCryptogram
+    #   import.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/GetParametersForImportInput AWS API Documentation
@@ -542,7 +581,7 @@ module Aws::PaymentCryptography
     #
     # @!attribute [rw] wrapping_key_algorithm
     #   The algorithm of the wrapping key for use within TR-34
-    #   WrappedKeyBlock.
+    #   WrappedKeyBlock or RSA WrappedKeyCryptogram.
     #   @return [String]
     #
     # @!attribute [rw] wrapping_key_certificate
@@ -602,6 +641,46 @@ module Aws::PaymentCryptography
       include Aws::Structure
     end
 
+    # Parameter information for key material import using asymmetric RSA
+    # wrap and unwrap key exchange method.
+    #
+    # @!attribute [rw] exportable
+    #   Specifies whether the key is exportable from the service.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] import_token
+    #   The import token that initiates key import using the asymmetric RSA
+    #   wrap and unwrap key exchange method into AWS Payment Cryptography.
+    #   It expires after 7 days. You can use the same import token to import
+    #   multiple keys to the same service account.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_attributes
+    #   The role of the key, the algorithm it supports, and the
+    #   cryptographic operations allowed with the key. This data is
+    #   immutable after the key is created.
+    #   @return [Types::KeyAttributes]
+    #
+    # @!attribute [rw] wrapped_key_cryptogram
+    #   The RSA wrapped key cryptogram under import.
+    #   @return [String]
+    #
+    # @!attribute [rw] wrapping_spec
+    #   The wrapping spec for the wrapped key cryptogram.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyCryptogram AWS API Documentation
+    #
+    class ImportKeyCryptogram < Struct.new(
+      :exportable,
+      :import_token,
+      :key_attributes,
+      :wrapped_key_cryptogram,
+      :wrapping_spec)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] enabled
     #   Specifies whether import key is enabled.
     #   @return [Boolean]
@@ -660,10 +739,16 @@ module Aws::PaymentCryptography
     end
 
     # Parameter information for key material import into Amazon Web Services
-    # Payment Cryptography using TR-31 or TR-34 key exchange method.
+    # Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key
+    # exchange method.
     #
     # @note ImportKeyMaterial is a union - when making an API calls you must set exactly one of the members.
     #
+    # @!attribute [rw] key_cryptogram
+    #   Parameter information for key material import using asymmetric RSA
+    #   wrap and unwrap key exchange method.
+    #   @return [Types::ImportKeyCryptogram]
+    #
     # @!attribute [rw] root_certificate_public_key
     #   Parameter information for root public key certificate import.
     #   @return [Types::RootCertificatePublicKey]
@@ -685,6 +770,7 @@ module Aws::PaymentCryptography
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ImportKeyMaterial AWS API Documentation
     #
     class ImportKeyMaterial < Struct.new(
+      :key_cryptogram,
       :root_certificate_public_key,
       :tr_31_key_block,
       :tr_34_key_block,
@@ -694,6 +780,7 @@ module Aws::PaymentCryptography
       include Aws::Structure
       include Aws::Structure::Union
 
+      class KeyCryptogram < ImportKeyMaterial; end
       class RootCertificatePublicKey < ImportKeyMaterial; end
       class Tr31KeyBlock < ImportKeyMaterial; end
       class Tr34KeyBlock < ImportKeyMaterial; end

data/lib/aws-sdk-paymentcryptography.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-paymentcryptography/customizations'
 # @!group service
 module Aws::PaymentCryptography
 
-  GEM_VERSION = '1.9.0'
+  GEM_VERSION = '1.10.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-paymentcryptography
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.10.0
 platform: ruby
 authors:
 - Amazon Web Services
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-06 00:00:00.000000000 Z
+date: 2024-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -72,7 +72,7 @@ licenses:
 metadata:
   source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-paymentcryptography
   changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-paymentcryptography/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -87,8 +87,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: AWS SDK for Ruby - Payment Cryptography Control Plane
 test_files: []