aws-sdk-paymentcryptographydata 1.25.0 → 1.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-paymentcryptographydata/client.rb +249 -33
- data/lib/aws-sdk-paymentcryptographydata/client_api.rb +114 -4
- data/lib/aws-sdk-paymentcryptographydata/types.rb +423 -1
- data/lib/aws-sdk-paymentcryptographydata.rb +1 -1
- data/sig/client.rbs +68 -0
- data/sig/types.rbs +108 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1cee51842de4f9812872cf67ca217fb988c34615c188f62fa3729519f3bf1fe5
|
4
|
+
data.tar.gz: f34fd2c582c47642ba205dd75025d702810537628ddc752a946593996890213a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f375a68479f99dacda79e012106a115b94c0c7923834f570cd240b617b134c1b694430e76a8dba737af87c4431487cf49caaf2e68c84e98d86575b174466d7d8
|
7
|
+
data.tar.gz: d178f47a8b714d683ef5e68644f363209799bcc3245b13b3b367d7577eaf7a279ca354019f0d5577d20750b85f9fe70af70cbc1c965db298baf23f8d7f8702c8
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.26.0
|
@@ -452,8 +452,8 @@ module Aws::PaymentCryptographyData
|
|
452
452
|
# more information, see [Decrypt data][1] in the *Amazon Web Services
|
453
453
|
# Payment Cryptography User Guide*.
|
454
454
|
#
|
455
|
-
# You can use an
|
456
|
-
# Payment Cryptography, or you can import your own
|
455
|
+
# You can use an decryption key generated within Amazon Web Services
|
456
|
+
# Payment Cryptography, or you can import your own decryption key by
|
457
457
|
# calling [ImportKey][2]. For this operation, the key must have
|
458
458
|
# `KeyModesOfUse` set to `Decrypt`. In asymmetric decryption, Amazon Web
|
459
459
|
# Services Payment Cryptography decrypts the ciphertext using the
|
@@ -462,6 +462,17 @@ module Aws::PaymentCryptographyData
|
|
462
462
|
# can export the public component of the asymmetric key pair by calling
|
463
463
|
# [GetPublicCertificate][3].
|
464
464
|
#
|
465
|
+
# This operation also supports dynamic keys, allowing you to pass a
|
466
|
+
# dynamic decryption key as a TR-31 WrappedKeyBlock. This can be used
|
467
|
+
# when key material is frequently rotated, such as during every card
|
468
|
+
# transaction, and there is need to avoid importing short-lived keys
|
469
|
+
# into Amazon Web Services Payment Cryptography. To decrypt using
|
470
|
+
# dynamic keys, the `keyARN` is the Key Encryption Key (KEK) of the
|
471
|
+
# TR-31 wrapped decryption key material. The incoming wrapped key shall
|
472
|
+
# have a key purpose of D0 with a mode of use of B or D. For more
|
473
|
+
# information, see [Using Dynamic Keys][4] in the *Amazon Web Services
|
474
|
+
# Payment Cryptography User Guide*.
|
475
|
+
#
|
465
476
|
# For symmetric and DUKPT decryption, Amazon Web Services Payment
|
466
477
|
# Cryptography supports `TDES` and `AES` algorithms. For EMV decryption,
|
467
478
|
# Amazon Web Services Payment Cryptography supports `TDES` algorithms.
|
@@ -474,8 +485,8 @@ module Aws::PaymentCryptographyData
|
|
474
485
|
# size unless padding is enabled.
|
475
486
|
#
|
476
487
|
# For information about valid keys for this operation, see
|
477
|
-
# [Understanding key attributes][
|
478
|
-
# operations][
|
488
|
+
# [Understanding key attributes][5] and [Key types for specific data
|
489
|
+
# operations][6] in the *Amazon Web Services Payment Cryptography User
|
479
490
|
# Guide*.
|
480
491
|
#
|
481
492
|
# **Cross-account use**: This operation can't be used across different
|
@@ -494,8 +505,9 @@ module Aws::PaymentCryptographyData
|
|
494
505
|
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html
|
495
506
|
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
496
507
|
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
|
497
|
-
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
498
|
-
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
508
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html
|
509
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
510
|
+
# [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
499
511
|
#
|
500
512
|
# @option params [required, String] :key_identifier
|
501
513
|
# The `keyARN` of the encryption key that Amazon Web Services Payment
|
@@ -581,11 +593,24 @@ module Aws::PaymentCryptographyData
|
|
581
593
|
#
|
582
594
|
# You can generate an encryption key within Amazon Web Services Payment
|
583
595
|
# Cryptography by calling [CreateKey][2]. You can import your own
|
584
|
-
# encryption key by calling [ImportKey][3].
|
585
|
-
#
|
586
|
-
#
|
587
|
-
#
|
588
|
-
#
|
596
|
+
# encryption key by calling [ImportKey][3].
|
597
|
+
#
|
598
|
+
# For this operation, the key must have `KeyModesOfUse` set to
|
599
|
+
# `Encrypt`. In asymmetric encryption, plaintext is encrypted using
|
600
|
+
# public component. You can import the public component of an asymmetric
|
601
|
+
# key pair created outside Amazon Web Services Payment Cryptography by
|
602
|
+
# calling [ImportKey][3].
|
603
|
+
#
|
604
|
+
# This operation also supports dynamic keys, allowing you to pass a
|
605
|
+
# dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used
|
606
|
+
# when key material is frequently rotated, such as during every card
|
607
|
+
# transaction, and there is need to avoid importing short-lived keys
|
608
|
+
# into Amazon Web Services Payment Cryptography. To encrypt using
|
609
|
+
# dynamic keys, the `keyARN` is the Key Encryption Key (KEK) of the
|
610
|
+
# TR-31 wrapped encryption key material. The incoming wrapped key shall
|
611
|
+
# have a key purpose of D0 with a mode of use of B or D. For more
|
612
|
+
# information, see [Using Dynamic Keys][4] in the *Amazon Web Services
|
613
|
+
# Payment Cryptography User Guide*.
|
589
614
|
#
|
590
615
|
# For symmetric and DUKPT encryption, Amazon Web Services Payment
|
591
616
|
# Cryptography supports `TDES` and `AES` algorithms. For EMV encryption,
|
@@ -605,8 +630,8 @@ module Aws::PaymentCryptographyData
|
|
605
630
|
# your account with `KeyModesOfUse` set to `DeriveKey`.
|
606
631
|
#
|
607
632
|
# For information about valid keys for this operation, see
|
608
|
-
# [Understanding key attributes][
|
609
|
-
# operations][
|
633
|
+
# [Understanding key attributes][5] and [Key types for specific data
|
634
|
+
# operations][6] in the *Amazon Web Services Payment Cryptography User
|
610
635
|
# Guide*.
|
611
636
|
#
|
612
637
|
# **Cross-account use**: This operation can't be used across different
|
@@ -616,7 +641,7 @@ module Aws::PaymentCryptographyData
|
|
616
641
|
#
|
617
642
|
# * DecryptData
|
618
643
|
#
|
619
|
-
# * [GetPublicCertificate][
|
644
|
+
# * [GetPublicCertificate][7]
|
620
645
|
#
|
621
646
|
# * [ImportKey][3]
|
622
647
|
#
|
@@ -627,9 +652,10 @@ module Aws::PaymentCryptographyData
|
|
627
652
|
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html
|
628
653
|
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
|
629
654
|
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
630
|
-
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
631
|
-
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
632
|
-
# [6]: https://docs.aws.amazon.com/payment-cryptography/latest/
|
655
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html
|
656
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
657
|
+
# [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
658
|
+
# [7]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
|
633
659
|
#
|
634
660
|
# @option params [required, String] :key_identifier
|
635
661
|
# The `keyARN` of the encryption key that Amazon Web Services Payment
|
@@ -906,7 +932,7 @@ module Aws::PaymentCryptographyData
|
|
906
932
|
# session_key_derivation_mode: "EMV_COMMON_SESSION_KEY", # required, accepts EMV_COMMON_SESSION_KEY, EMV2000, AMEX, MASTERCARD_SESSION_KEY, VISA
|
907
933
|
# session_key_derivation_value: { # required
|
908
934
|
# application_cryptogram: "ApplicationCryptogramType",
|
909
|
-
# application_transaction_counter: "
|
935
|
+
# application_transaction_counter: "HexLengthEquals4",
|
910
936
|
# },
|
911
937
|
# },
|
912
938
|
# dukpt_iso_9797_algorithm_1: {
|
@@ -943,6 +969,173 @@ module Aws::PaymentCryptographyData
|
|
943
969
|
req.send_request(options)
|
944
970
|
end
|
945
971
|
|
972
|
+
# Generates an issuer script mac for EMV payment cards that use offline
|
973
|
+
# PINs as the cardholder verification method (CVM).
|
974
|
+
#
|
975
|
+
# This operation generates an authenticated issuer script response by
|
976
|
+
# appending the incoming message data (APDU command) with the target
|
977
|
+
# encrypted PIN block in ISO2 format. The command structure and method
|
978
|
+
# to send the issuer script update to the card is not defined by this
|
979
|
+
# operation and is typically determined by the applicable payment card
|
980
|
+
# scheme.
|
981
|
+
#
|
982
|
+
# The primary inputs to this operation include the incoming new
|
983
|
+
# encrypted pinblock, PIN encryption key (PEK), issuer master key (IMK),
|
984
|
+
# primary account number (PAN), and the payment card derivation method.
|
985
|
+
#
|
986
|
+
# The operation uses two issuer master keys - secure messaging for
|
987
|
+
# confidentiality (IMK-SMC) and secure messaging for integrity
|
988
|
+
# (IMK-SMI). The SMC key is used to internally derive a key to secure
|
989
|
+
# the pin, while SMI key is used to internally derive a key to
|
990
|
+
# authenticate the script reponse as per the [EMV 4.4 - Book 2 -
|
991
|
+
# Security and Key Management][1] specification.
|
992
|
+
#
|
993
|
+
# This operation supports Amex, EMV2000, EMVCommon, Mastercard and Visa
|
994
|
+
# derivation methods, each requiring specific input parameters. Users
|
995
|
+
# must follow the specific derivation method and input parameters
|
996
|
+
# defined by the respective payment card scheme.
|
997
|
+
#
|
998
|
+
# <note markdown="1"> Use GenerateMac operation when sending a script update to an EMV card
|
999
|
+
# that does not involve PIN change. When assigning IAM permissions, it
|
1000
|
+
# is important to understand that EncryptData using EMV keys and
|
1001
|
+
# GenerateMac perform similar functions to this command.
|
1002
|
+
#
|
1003
|
+
# </note>
|
1004
|
+
#
|
1005
|
+
# **Cross-account use**: This operation can't be used across different
|
1006
|
+
# Amazon Web Services accounts.
|
1007
|
+
#
|
1008
|
+
# **Related operations:**
|
1009
|
+
#
|
1010
|
+
# * EncryptData
|
1011
|
+
#
|
1012
|
+
# * GenerateMac
|
1013
|
+
#
|
1014
|
+
#
|
1015
|
+
#
|
1016
|
+
# [1]: https://www.emvco.com/specifications/
|
1017
|
+
#
|
1018
|
+
# @option params [required, String] :new_pin_pek_identifier
|
1019
|
+
# The `keyARN` of the PEK protecting the incoming new encrypted PIN
|
1020
|
+
# block.
|
1021
|
+
#
|
1022
|
+
# @option params [required, String] :new_encrypted_pin_block
|
1023
|
+
# The incoming new encrypted PIN block data for offline pin change on an
|
1024
|
+
# EMV card.
|
1025
|
+
#
|
1026
|
+
# @option params [required, String] :pin_block_format
|
1027
|
+
# The PIN encoding format of the incoming new encrypted PIN block as
|
1028
|
+
# specified in ISO 9564.
|
1029
|
+
#
|
1030
|
+
# @option params [required, String] :secure_messaging_integrity_key_identifier
|
1031
|
+
# The `keyARN` of the issuer master key (IMK-SMI) used to authenticate
|
1032
|
+
# the issuer script response.
|
1033
|
+
#
|
1034
|
+
# @option params [required, String] :secure_messaging_confidentiality_key_identifier
|
1035
|
+
# The `keyARN` of the issuer master key (IMK-SMC) used to protect the
|
1036
|
+
# PIN block data in the issuer script response.
|
1037
|
+
#
|
1038
|
+
# @option params [required, String] :message_data
|
1039
|
+
# The message data is the APDU command from the card reader or terminal.
|
1040
|
+
# The target encrypted PIN block, after translation to ISO2 format, is
|
1041
|
+
# appended to this message data to generate an issuer script response.
|
1042
|
+
#
|
1043
|
+
# @option params [required, Types::DerivationMethodAttributes] :derivation_method_attributes
|
1044
|
+
# The attributes and data values to derive payment card specific
|
1045
|
+
# confidentiality and integrity keys.
|
1046
|
+
#
|
1047
|
+
# @return [Types::GenerateMacEmvPinChangeOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1048
|
+
#
|
1049
|
+
# * {Types::GenerateMacEmvPinChangeOutput#new_pin_pek_arn #new_pin_pek_arn} => String
|
1050
|
+
# * {Types::GenerateMacEmvPinChangeOutput#secure_messaging_integrity_key_arn #secure_messaging_integrity_key_arn} => String
|
1051
|
+
# * {Types::GenerateMacEmvPinChangeOutput#secure_messaging_confidentiality_key_arn #secure_messaging_confidentiality_key_arn} => String
|
1052
|
+
# * {Types::GenerateMacEmvPinChangeOutput#mac #mac} => String
|
1053
|
+
# * {Types::GenerateMacEmvPinChangeOutput#encrypted_pin_block #encrypted_pin_block} => String
|
1054
|
+
# * {Types::GenerateMacEmvPinChangeOutput#new_pin_pek_key_check_value #new_pin_pek_key_check_value} => String
|
1055
|
+
# * {Types::GenerateMacEmvPinChangeOutput#secure_messaging_integrity_key_check_value #secure_messaging_integrity_key_check_value} => String
|
1056
|
+
# * {Types::GenerateMacEmvPinChangeOutput#secure_messaging_confidentiality_key_check_value #secure_messaging_confidentiality_key_check_value} => String
|
1057
|
+
# * {Types::GenerateMacEmvPinChangeOutput#visa_amex_derivation_outputs #visa_amex_derivation_outputs} => Types::VisaAmexDerivationOutputs
|
1058
|
+
#
|
1059
|
+
# @example Request syntax with placeholder values
|
1060
|
+
#
|
1061
|
+
# resp = client.generate_mac_emv_pin_change({
|
1062
|
+
# new_pin_pek_identifier: "KeyArnOrKeyAliasType", # required
|
1063
|
+
# new_encrypted_pin_block: "PinBlockLengthEquals16", # required
|
1064
|
+
# pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_1, ISO_FORMAT_3
|
1065
|
+
# secure_messaging_integrity_key_identifier: "KeyArnOrKeyAliasType", # required
|
1066
|
+
# secure_messaging_confidentiality_key_identifier: "KeyArnOrKeyAliasType", # required
|
1067
|
+
# message_data: "CommandMessageDataType", # required
|
1068
|
+
# derivation_method_attributes: { # required
|
1069
|
+
# emv_common: {
|
1070
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
1071
|
+
# primary_account_number: "PrimaryAccountNumberType", # required
|
1072
|
+
# pan_sequence_number: "NumberLengthEquals2", # required
|
1073
|
+
# application_cryptogram: "ApplicationCryptogramType", # required
|
1074
|
+
# mode: "ECB", # required, accepts ECB, CBC
|
1075
|
+
# pin_block_padding_type: "NO_PADDING", # required, accepts NO_PADDING, ISO_IEC_7816_4
|
1076
|
+
# pin_block_length_position: "NONE", # required, accepts NONE, FRONT_OF_PIN_BLOCK
|
1077
|
+
# },
|
1078
|
+
# amex: {
|
1079
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
1080
|
+
# primary_account_number: "PrimaryAccountNumberType", # required
|
1081
|
+
# pan_sequence_number: "NumberLengthEquals2", # required
|
1082
|
+
# application_transaction_counter: "HexLengthEquals4", # required
|
1083
|
+
# authorization_request_key_identifier: "KeyArnOrKeyAliasType", # required
|
1084
|
+
# current_pin_attributes: {
|
1085
|
+
# current_pin_pek_identifier: "KeyArnOrKeyAliasType", # required
|
1086
|
+
# current_encrypted_pin_block: "PinBlockLengthEquals16", # required
|
1087
|
+
# },
|
1088
|
+
# },
|
1089
|
+
# visa: {
|
1090
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
1091
|
+
# primary_account_number: "PrimaryAccountNumberType", # required
|
1092
|
+
# pan_sequence_number: "NumberLengthEquals2", # required
|
1093
|
+
# application_transaction_counter: "HexLengthEquals4", # required
|
1094
|
+
# authorization_request_key_identifier: "KeyArnOrKeyAliasType", # required
|
1095
|
+
# current_pin_attributes: {
|
1096
|
+
# current_pin_pek_identifier: "KeyArnOrKeyAliasType", # required
|
1097
|
+
# current_encrypted_pin_block: "PinBlockLengthEquals16", # required
|
1098
|
+
# },
|
1099
|
+
# },
|
1100
|
+
# emv_2000: {
|
1101
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
1102
|
+
# primary_account_number: "PrimaryAccountNumberType", # required
|
1103
|
+
# pan_sequence_number: "NumberLengthEquals2", # required
|
1104
|
+
# application_transaction_counter: "HexLengthEquals4", # required
|
1105
|
+
# },
|
1106
|
+
# mastercard: {
|
1107
|
+
# major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
|
1108
|
+
# primary_account_number: "PrimaryAccountNumberType", # required
|
1109
|
+
# pan_sequence_number: "NumberLengthEquals2", # required
|
1110
|
+
# application_cryptogram: "ApplicationCryptogramType", # required
|
1111
|
+
# },
|
1112
|
+
# },
|
1113
|
+
# })
|
1114
|
+
#
|
1115
|
+
# @example Response structure
|
1116
|
+
#
|
1117
|
+
# resp.new_pin_pek_arn #=> String
|
1118
|
+
# resp.secure_messaging_integrity_key_arn #=> String
|
1119
|
+
# resp.secure_messaging_confidentiality_key_arn #=> String
|
1120
|
+
# resp.mac #=> String
|
1121
|
+
# resp.encrypted_pin_block #=> String
|
1122
|
+
# resp.new_pin_pek_key_check_value #=> String
|
1123
|
+
# resp.secure_messaging_integrity_key_check_value #=> String
|
1124
|
+
# resp.secure_messaging_confidentiality_key_check_value #=> String
|
1125
|
+
# resp.visa_amex_derivation_outputs.authorization_request_key_arn #=> String
|
1126
|
+
# resp.visa_amex_derivation_outputs.authorization_request_key_check_value #=> String
|
1127
|
+
# resp.visa_amex_derivation_outputs.current_pin_pek_arn #=> String
|
1128
|
+
# resp.visa_amex_derivation_outputs.current_pin_pek_key_check_value #=> String
|
1129
|
+
#
|
1130
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateMacEmvPinChange AWS API Documentation
|
1131
|
+
#
|
1132
|
+
# @overload generate_mac_emv_pin_change(params = {})
|
1133
|
+
# @param [Hash] params ({})
|
1134
|
+
def generate_mac_emv_pin_change(params = {}, options = {})
|
1135
|
+
req = build_request(:generate_mac_emv_pin_change, params)
|
1136
|
+
req.send_request(options)
|
1137
|
+
end
|
1138
|
+
|
946
1139
|
# Generates pin-related data such as PIN, PIN Verification Value (PVV),
|
947
1140
|
# PIN Block, and PIN Offset during new card issuance or reissuance. For
|
948
1141
|
# more information, see [Generate PIN data][1] in the *Amazon Web
|
@@ -1086,6 +1279,17 @@ module Aws::PaymentCryptographyData
|
|
1086
1279
|
# this operation must be in a compatible key state with `KeyModesOfUse`
|
1087
1280
|
# set to `Encrypt`.
|
1088
1281
|
#
|
1282
|
+
# This operation also supports dynamic keys, allowing you to pass a
|
1283
|
+
# dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used
|
1284
|
+
# when key material is frequently rotated, such as during every card
|
1285
|
+
# transaction, and there is need to avoid importing short-lived keys
|
1286
|
+
# into Amazon Web Services Payment Cryptography. To re-encrypt using
|
1287
|
+
# dynamic keys, the `keyARN` is the Key Encryption Key (KEK) of the
|
1288
|
+
# TR-31 wrapped encryption key material. The incoming wrapped key shall
|
1289
|
+
# have a key purpose of D0 with a mode of use of B or D. For more
|
1290
|
+
# information, see [Using Dynamic Keys][3] in the *Amazon Web Services
|
1291
|
+
# Payment Cryptography User Guide*.
|
1292
|
+
#
|
1089
1293
|
# For symmetric and DUKPT encryption, Amazon Web Services Payment
|
1090
1294
|
# Cryptography supports `TDES` and `AES` algorithms. To encrypt using
|
1091
1295
|
# DUKPT, a DUKPT key must already exist within your account with
|
@@ -1093,8 +1297,8 @@ module Aws::PaymentCryptographyData
|
|
1093
1297
|
# calling [CreateKey][1].
|
1094
1298
|
#
|
1095
1299
|
# For information about valid keys for this operation, see
|
1096
|
-
# [Understanding key attributes][
|
1097
|
-
# operations][
|
1300
|
+
# [Understanding key attributes][4] and [Key types for specific data
|
1301
|
+
# operations][5] in the *Amazon Web Services Payment Cryptography User
|
1098
1302
|
# Guide*.
|
1099
1303
|
#
|
1100
1304
|
# **Cross-account use**: This operation can't be used across different
|
@@ -1106,7 +1310,7 @@ module Aws::PaymentCryptographyData
|
|
1106
1310
|
#
|
1107
1311
|
# * EncryptData
|
1108
1312
|
#
|
1109
|
-
# * [GetPublicCertificate][
|
1313
|
+
# * [GetPublicCertificate][6]
|
1110
1314
|
#
|
1111
1315
|
# * [ImportKey][2]
|
1112
1316
|
#
|
@@ -1114,9 +1318,10 @@ module Aws::PaymentCryptographyData
|
|
1114
1318
|
#
|
1115
1319
|
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
|
1116
1320
|
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
|
1117
|
-
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
1118
|
-
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
1119
|
-
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/
|
1321
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html
|
1322
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
1323
|
+
# [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
1324
|
+
# [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
|
1120
1325
|
#
|
1121
1326
|
# @option params [required, String] :incoming_key_identifier
|
1122
1327
|
# The `keyARN` of the encryption key of incoming ciphertext data.
|
@@ -1231,6 +1436,16 @@ module Aws::PaymentCryptographyData
|
|
1231
1436
|
# Cryptography supports `TDES` and `AES` key derivation type for DUKPT
|
1232
1437
|
# translations.
|
1233
1438
|
#
|
1439
|
+
# This operation also supports dynamic keys, allowing you to pass a
|
1440
|
+
# dynamic PEK as a TR-31 WrappedKeyBlock. This can be used when key
|
1441
|
+
# material is frequently rotated, such as during every card transaction,
|
1442
|
+
# and there is need to avoid importing short-lived keys into Amazon Web
|
1443
|
+
# Services Payment Cryptography. To translate PIN block using dynamic
|
1444
|
+
# keys, the `keyARN` is the Key Encryption Key (KEK) of the TR-31
|
1445
|
+
# wrapped PEK. The incoming wrapped key shall have a key purpose of P0
|
1446
|
+
# with a mode of use of B or D. For more information, see [Using Dynamic
|
1447
|
+
# Keys][2] in the *Amazon Web Services Payment Cryptography User Guide*.
|
1448
|
+
#
|
1234
1449
|
# The allowed combinations of PIN block format translations are guided
|
1235
1450
|
# by PCI. It is important to note that not all encrypted PIN block
|
1236
1451
|
# formats (example, format 1) require PAN (Primary Account Number) as
|
@@ -1239,8 +1454,8 @@ module Aws::PaymentCryptographyData
|
|
1239
1454
|
# not require a PAN for generation.
|
1240
1455
|
#
|
1241
1456
|
# For information about valid keys for this operation, see
|
1242
|
-
# [Understanding key attributes][
|
1243
|
-
# operations][
|
1457
|
+
# [Understanding key attributes][3] and [Key types for specific data
|
1458
|
+
# operations][4] in the *Amazon Web Services Payment Cryptography User
|
1244
1459
|
# Guide*.
|
1245
1460
|
#
|
1246
1461
|
# <note markdown="1"> Amazon Web Services Payment Cryptography currently supports ISO PIN
|
@@ -1261,8 +1476,9 @@ module Aws::PaymentCryptographyData
|
|
1261
1476
|
#
|
1262
1477
|
#
|
1263
1478
|
# [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/translate-pin-data.html
|
1264
|
-
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
1265
|
-
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/
|
1479
|
+
# [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html
|
1480
|
+
# [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
|
1481
|
+
# [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
|
1266
1482
|
#
|
1267
1483
|
# @option params [required, String] :incoming_key_identifier
|
1268
1484
|
# The `keyARN` of the encryption key under which incoming PIN block data
|
@@ -1468,18 +1684,18 @@ module Aws::PaymentCryptographyData
|
|
1468
1684
|
# emv_common: {
|
1469
1685
|
# primary_account_number: "PrimaryAccountNumberType", # required
|
1470
1686
|
# pan_sequence_number: "NumberLengthEquals2", # required
|
1471
|
-
# application_transaction_counter: "
|
1687
|
+
# application_transaction_counter: "HexLengthEquals4", # required
|
1472
1688
|
# },
|
1473
1689
|
# mastercard: {
|
1474
1690
|
# primary_account_number: "PrimaryAccountNumberType", # required
|
1475
1691
|
# pan_sequence_number: "NumberLengthEquals2", # required
|
1476
|
-
# application_transaction_counter: "
|
1692
|
+
# application_transaction_counter: "HexLengthEquals4", # required
|
1477
1693
|
# unpredictable_number: "HexLengthBetween2And8", # required
|
1478
1694
|
# },
|
1479
1695
|
# emv_2000: {
|
1480
1696
|
# primary_account_number: "PrimaryAccountNumberType", # required
|
1481
1697
|
# pan_sequence_number: "NumberLengthEquals2", # required
|
1482
|
-
# application_transaction_counter: "
|
1698
|
+
# application_transaction_counter: "HexLengthEquals4", # required
|
1483
1699
|
# },
|
1484
1700
|
# amex: {
|
1485
1701
|
# primary_account_number: "PrimaryAccountNumberType", # required
|
@@ -1702,7 +1918,7 @@ module Aws::PaymentCryptographyData
|
|
1702
1918
|
# session_key_derivation_mode: "EMV_COMMON_SESSION_KEY", # required, accepts EMV_COMMON_SESSION_KEY, EMV2000, AMEX, MASTERCARD_SESSION_KEY, VISA
|
1703
1919
|
# session_key_derivation_value: { # required
|
1704
1920
|
# application_cryptogram: "ApplicationCryptogramType",
|
1705
|
-
# application_transaction_counter: "
|
1921
|
+
# application_transaction_counter: "HexLengthEquals4",
|
1706
1922
|
# },
|
1707
1923
|
# },
|
1708
1924
|
# dukpt_iso_9797_algorithm_1: {
|
@@ -1874,7 +2090,7 @@ module Aws::PaymentCryptographyData
|
|
1874
2090
|
tracer: tracer
|
1875
2091
|
)
|
1876
2092
|
context[:gem_name] = 'aws-sdk-paymentcryptographydata'
|
1877
|
-
context[:gem_version] = '1.
|
2093
|
+
context[:gem_version] = '1.26.0'
|
1878
2094
|
Seahorse::Client::Request.new(handlers, context)
|
1879
2095
|
end
|
1880
2096
|
|