aws-sdk-paymentcryptographydata 1.9.0 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7edf8086296d3beeb8b9ba8672b86c9575688b3c2f4b20d136997a9a6c0a9577
-  data.tar.gz: a058ede4258aac1b77fc5ddb5d80aa27762f50b68b9d127ef0939fa59ec52117
+  metadata.gz: 6126989706af46778cf434cc347a8c7d3612827a1001706d0e213e05d5cd9612
+  data.tar.gz: a8a99a810c24b25b8ba1b9f30b7fc03d295cb426c41ff77e207dfe888a3654b9
 SHA512:
-  metadata.gz: 319930fff955a252a87eaa25d0074f54a9adfdbb4304807db1c8a01a4399eabf4ad362cea5232a6c06b770efe9f183eabc786652f09ff06a1f35c34b944012ac
-  data.tar.gz: d87ad4d1d55041f0b602bf657c7de4322720841daceee94fbcf6364c7cb462ea0ed498dbe01d4edc96dfd030968a7ecb971a27c792af75f70e320c3e82e420cb
+  metadata.gz: 1c69e8560dd194bdfaf4d56ae5ffaaeb3b00fd4a79531eae91657eb4d8095c469d9bb8ec5b19820ce97c8c179abc57351f132fa829bb9ff336c6a5664eadade1
+  data.tar.gz: d274c07082e1aa888f464d77ab4aa465a6a479a276b07537752850fa537d2601994e2a383974a57d80ca1f3605f9e6beaacf910df91f8252dab7c11380ad41dd

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.10.0 (2024-03-07)
+------------------
+
+* Feature - AWS Payment Cryptography EMV Decrypt Feature  Release
+
 1.9.0 (2024-01-26)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.9.0
+1.10.0

data/lib/aws-sdk-paymentcryptographydata/client.rb

@@ -388,9 +388,10 @@ module Aws::PaymentCryptographyData
 
     # @!group API Operations
 
-    # Decrypts ciphertext data to plaintext using symmetric, asymmetric, or
-    # DUKPT data encryption key. For more information, see [Decrypt data][1]
-    # in the *Amazon Web Services Payment Cryptography User Guide*.
+    # Decrypts ciphertext data to plaintext using a symmetric (TDES, AES),
+    # asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For
+    # more information, see [Decrypt data][1] in the *Amazon Web Services
+    # Payment Cryptography User Guide*.
     #
     # You can use an encryption key generated within Amazon Web Services
     # Payment Cryptography, or you can import your own encryption key by
@@ -403,11 +404,15 @@ module Aws::PaymentCryptographyData
     # [GetPublicCertificate][3].
     #
     # For symmetric and DUKPT decryption, Amazon Web Services Payment
-    # Cryptography supports `TDES` and `AES` algorithms. For asymmetric
-    # decryption, Amazon Web Services Payment Cryptography supports `RSA`.
-    # When you use DUKPT, for `TDES` algorithm, the ciphertext data length
-    # must be a multiple of 16 bytes. For `AES` algorithm, the ciphertext
-    # data length must be a multiple of 32 bytes.
+    # Cryptography supports `TDES` and `AES` algorithms. For EMV decryption,
+    # Amazon Web Services Payment Cryptography supports `TDES` algorithms.
+    # For asymmetric decryption, Amazon Web Services Payment Cryptography
+    # supports `RSA`.
+    #
+    # When you use TDES or TDES DUKPT, the ciphertext data length must be a
+    # multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length
+    # must be a multiple of 16 bytes. For RSA, it sould be equal to the key
+    # size unless padding is enabled.
     #
     # For information about valid keys for this operation, see
     # [Understanding key attributes][4] and [Key types for specific data
@@ -464,6 +469,14 @@ module Aws::PaymentCryptographyData
     #         key_serial_number: "HexLengthBetween10And24", # required
     #         mode: "ECB", # accepts ECB, CBC
     #       },
+    #       emv: {
+    #         initialization_vector: "HexLength16Or32",
+    #         major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
+    #         mode: "ECB", # accepts ECB, CBC
+    #         pan_sequence_number: "HexLengthEquals2", # required
+    #         primary_account_number: "NumberLengthBetween12And19", # required
+    #         session_derivation_data: "HexLengthEquals16", # required
+    #       },
     #       symmetric: {
     #         initialization_vector: "HexLength16Or32",
     #         mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
@@ -488,9 +501,10 @@ module Aws::PaymentCryptographyData
       req.send_request(options)
     end
 
-    # Encrypts plaintext data to ciphertext using symmetric, asymmetric, or
-    # DUKPT data encryption key. For more information, see [Encrypt data][1]
-    # in the *Amazon Web Services Payment Cryptography User Guide*.
+    # Encrypts plaintext data to ciphertext using a symmetric (TDES, AES),
+    # asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For
+    # more information, see [Encrypt data][1] in the *Amazon Web Services
+    # Payment Cryptography User Guide*.
     #
     # You can generate an encryption key within Amazon Web Services Payment
     # Cryptography by calling [CreateKey][2]. You can import your own
@@ -498,14 +512,24 @@ module Aws::PaymentCryptographyData
     # must have `KeyModesOfUse` set to `Encrypt`. In asymmetric encryption,
     # plaintext is encrypted using public component. You can import the
     # public component of an asymmetric key pair created outside Amazon Web
-    # Services Payment Cryptography by calling [ImportKey][3]).
+    # Services Payment Cryptography by calling [ImportKey][3].
     #
-    # for symmetric and DUKPT encryption, Amazon Web Services Payment
-    # Cryptography supports `TDES` and `AES` algorithms. For asymmetric
-    # encryption, Amazon Web Services Payment Cryptography supports `RSA`.
-    # To encrypt using DUKPT, you must already have a DUKPT key in your
-    # account with `KeyModesOfUse` set to `DeriveKey`, or you can generate a
-    # new DUKPT key by calling [CreateKey][2].
+    # For symmetric and DUKPT encryption, Amazon Web Services Payment
+    # Cryptography supports `TDES` and `AES` algorithms. For EMV encryption,
+    # Amazon Web Services Payment Cryptography supports `TDES`
+    # algorithms.For asymmetric encryption, Amazon Web Services Payment
+    # Cryptography supports `RSA`.
+    #
+    # When you use TDES or TDES DUKPT, the plaintext data length must be a
+    # multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length
+    # must be a multiple of 16 bytes. For RSA, it sould be equal to the key
+    # size unless padding is enabled.
+    #
+    # To encrypt using DUKPT, you must already have a BDK (Base Derivation
+    # Key) key in your account with `KeyModesOfUse` set to `DeriveKey`, or
+    # you can generate a new DUKPT key by calling [CreateKey][2]. To encrypt
+    # using EMV, you must already have an IMK (Issuer Master Key) key in
+    # your account with `KeyModesOfUse` set to `DeriveKey`.
     #
     # For information about valid keys for this operation, see
     # [Understanding key attributes][4] and [Key types for specific data
@@ -544,6 +568,18 @@ module Aws::PaymentCryptographyData
     # @option params [required, String] :plain_text
     #   The plaintext to be encrypted.
     #
+    #   <note markdown="1"> For encryption using asymmetric keys, plaintext data length is
+    #   constrained by encryption key strength that you define in
+    #   `KeyAlgorithm` and padding type that you define in
+    #   `AsymmetricEncryptionAttributes`. For more information, see [Encrypt
+    #   data][1] in the *Amazon Web Services Payment Cryptography User Guide*.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html
+    #
     # @return [Types::EncryptDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::EncryptDataOutput#cipher_text #cipher_text} => String
@@ -564,6 +600,14 @@ module Aws::PaymentCryptographyData
     #         key_serial_number: "HexLengthBetween10And24", # required
     #         mode: "ECB", # accepts ECB, CBC
     #       },
+    #       emv: {
+    #         initialization_vector: "HexLength16Or32",
+    #         major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
+    #         mode: "ECB", # accepts ECB, CBC
+    #         pan_sequence_number: "HexLengthEquals2", # required
+    #         primary_account_number: "NumberLengthBetween12And19", # required
+    #         session_derivation_data: "HexLengthEquals16", # required
+    #       },
     #       symmetric: {
     #         initialization_vector: "HexLength16Or32",
     #         mode: "ECB", # required, accepts ECB, CBC, CFB, CFB1, CFB8, CFB64, CFB128, OFB
@@ -708,15 +752,19 @@ module Aws::PaymentCryptographyData
     # Generates a Message Authentication Code (MAC) cryptogram within Amazon
     # Web Services Payment Cryptography.
     #
-    # You can use this operation when keys won't be shared but mutual data
-    # is present on both ends for validation. In this case, known data
-    # values are used to generate a MAC on both ends for comparision without
-    # sending or receiving data in ciphertext or plaintext. You can use this
-    # operation to generate a DUPKT, HMAC or EMV MAC by setting generation
-    # attributes and algorithm to the associated values. The MAC generation
-    # encryption key must have valid values for `KeyUsage` such as
-    # `TR31_M7_HMAC_KEY` for HMAC generation, and they key must have
-    # `KeyModesOfUse` set to `Generate` and `Verify`.
+    # You can use this operation to authenticate card-related data by using
+    # known data values to generate MAC for data validation between the
+    # sending and receiving parties. This operation uses message data, a
+    # secret encryption key and MAC algorithm to generate a unique MAC value
+    # for transmission. The receiving party of the MAC must use the same
+    # message data, secret encryption key and MAC algorithm to reproduce
+    # another MAC value for comparision.
+    #
+    # You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC
+    # by setting generation attributes and algorithm to the associated
+    # values. The MAC generation encryption key must have valid values for
+    # `KeyUsage` such as `TR31_M7_HMAC_KEY` for HMAC generation, and they
+    # key must have `KeyModesOfUse` set to `Generate` and `Verify`.
     #
     # For information about valid keys for this operation, see
     # [Understanding key attributes][1] and [Key types for specific data
@@ -748,7 +796,8 @@ module Aws::PaymentCryptographyData
     #   The length of a MAC under generation.
     #
     # @option params [required, String] :message_data
-    #   The data for which a MAC is under generation.
+    #   The data for which a MAC is under generation. This value must be
+    #   hexBinary.
     #
     # @return [Types::GenerateMacOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1073,10 +1122,7 @@ module Aws::PaymentCryptographyData
     # can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for
     # DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment
     # Cryptography supports `TDES` and `AES` key derivation type for DUKPT
-    # tranlations. You can use this operation for P2PE (Point to Point
-    # Encryption) use cases where the encryption keys should change but the
-    # processing system either does not need to, or is not permitted to,
-    # decrypt the data.
+    # translations.
     #
     # The allowed combinations of PIN block format translations are guided
     # by PCI. It is important to note that not all encrypted PIN block
@@ -1090,8 +1136,9 @@ module Aws::PaymentCryptographyData
     # operations][3] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # <note markdown="1"> At this time, Amazon Web Services Payment Cryptography does not
-    # support translations to PIN format 4.
+    # <note markdown="1"> Amazon Web Services Payment Cryptography currently supports ISO PIN
+    # block 4 translation for PIN block built using legacy PAN length. That
+    # is, PAN is the right most 12 digits excluding the check digits.
     #
     #  </note>
     #
@@ -1116,15 +1163,15 @@ module Aws::PaymentCryptographyData
     #
     # @option params [Types::DukptDerivationAttributes] :incoming_dukpt_attributes
     #   The attributes and values to use for incoming DUKPT encryption key for
-    #   PIN block tranlation.
+    #   PIN block translation.
     #
     # @option params [required, String] :incoming_key_identifier
     #   The `keyARN` of the encryption key under which incoming PIN block data
     #   is encrypted. This key type can be PEK or BDK.
     #
     # @option params [required, Types::TranslationIsoFormats] :incoming_translation_attributes
-    #   The format of the incoming PIN block data for tranlation within Amazon
-    #   Web Services Payment Cryptography.
+    #   The format of the incoming PIN block data for translation within
+    #   Amazon Web Services Payment Cryptography.
     #
     # @option params [Types::DukptDerivationAttributes] :outgoing_dukpt_attributes
     #   The attributes and values to use for outgoing DUKPT encryption key
@@ -1135,7 +1182,7 @@ module Aws::PaymentCryptographyData
     #   data. This key type can be PEK or BDK.
     #
     # @option params [required, Types::TranslationIsoFormats] :outgoing_translation_attributes
-    #   The format of the outgoing PIN block data after tranlation by Amazon
+    #   The format of the outgoing PIN block data after translation by Amazon
     #   Web Services Payment Cryptography.
     #
     # @return [Types::TranslatePinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1460,13 +1507,12 @@ module Aws::PaymentCryptographyData
 
     # Verifies a Message Authentication Code (MAC).
     #
-    # You can use this operation when keys won't be shared but mutual data
-    # is present on both ends for validation. In this case, known data
-    # values are used to generate a MAC on both ends for verification
-    # without sending or receiving data in ciphertext or plaintext. You can
-    # use this operation to verify a DUPKT, HMAC or EMV MAC by setting
-    # generation attributes and algorithm to the associated values. Use the
-    # same encryption key for MAC verification as you use for GenerateMac.
+    # You can use this operation to verify MAC for message data
+    # authentication such as . In this operation, you must use the same
+    # message data, secret encryption key and MAC algorithm that was used to
+    # generate MAC. You can use this operation to verify a DUPKT, CMAC, HMAC
+    # or EMV MAC by setting generation attributes and algorithm to the
+    # associated values.
     #
     # For information about valid keys for this operation, see
     # [Understanding key attributes][1] and [Key types for specific data
@@ -1498,7 +1544,8 @@ module Aws::PaymentCryptographyData
     #   The length of the MAC.
     #
     # @option params [required, String] :message_data
-    #   The data on for which MAC is under verification.
+    #   The data on for which MAC is under verification. This value must be
+    #   hexBinary.
     #
     # @option params [required, Types::MacAttributes] :verification_attributes
     #   The attributes and data values to use for MAC verification within
@@ -1691,7 +1738,7 @@ module Aws::PaymentCryptographyData
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-paymentcryptographydata'
-      context[:gem_version] = '1.9.0'
+      context[:gem_version] = '1.10.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-paymentcryptographydata/client_api.rb

@@ -36,6 +36,9 @@ module Aws::PaymentCryptographyData
     DukptKeyVariant = Shapes::StringShape.new(name: 'DukptKeyVariant')
     DynamicCardVerificationCode = Shapes::StructureShape.new(name: 'DynamicCardVerificationCode')
     DynamicCardVerificationValue = Shapes::StructureShape.new(name: 'DynamicCardVerificationValue')
+    EmvEncryptionAttributes = Shapes::StructureShape.new(name: 'EmvEncryptionAttributes')
+    EmvEncryptionMode = Shapes::StringShape.new(name: 'EmvEncryptionMode')
+    EmvMajorKeyDerivationMode = Shapes::StringShape.new(name: 'EmvMajorKeyDerivationMode')
     EncryptDataInput = Shapes::StructureShape.new(name: 'EncryptDataInput')
     EncryptDataOutput = Shapes::StructureShape.new(name: 'EncryptDataOutput')
     EncryptionDecryptionAttributes = Shapes::UnionShape.new(name: 'EncryptionDecryptionAttributes')
@@ -253,6 +256,14 @@ module Aws::PaymentCryptographyData
     DynamicCardVerificationValue.add_member(:service_code, Shapes::ShapeRef.new(shape: NumberLengthEquals3, required: true, location_name: "ServiceCode"))
     DynamicCardVerificationValue.struct_class = Types::DynamicCardVerificationValue
 
+    EmvEncryptionAttributes.add_member(:initialization_vector, Shapes::ShapeRef.new(shape: HexLength16Or32, location_name: "InitializationVector"))
+    EmvEncryptionAttributes.add_member(:major_key_derivation_mode, Shapes::ShapeRef.new(shape: EmvMajorKeyDerivationMode, required: true, location_name: "MajorKeyDerivationMode"))
+    EmvEncryptionAttributes.add_member(:mode, Shapes::ShapeRef.new(shape: EmvEncryptionMode, location_name: "Mode"))
+    EmvEncryptionAttributes.add_member(:pan_sequence_number, Shapes::ShapeRef.new(shape: HexLengthEquals2, required: true, location_name: "PanSequenceNumber"))
+    EmvEncryptionAttributes.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: NumberLengthBetween12And19, required: true, location_name: "PrimaryAccountNumber"))
+    EmvEncryptionAttributes.add_member(:session_derivation_data, Shapes::ShapeRef.new(shape: HexLengthEquals16, required: true, location_name: "SessionDerivationData"))
+    EmvEncryptionAttributes.struct_class = Types::EmvEncryptionAttributes
+
     EncryptDataInput.add_member(:encryption_attributes, Shapes::ShapeRef.new(shape: EncryptionDecryptionAttributes, required: true, location_name: "EncryptionAttributes"))
     EncryptDataInput.add_member(:key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location: "uri", location_name: "KeyIdentifier"))
     EncryptDataInput.add_member(:plain_text, Shapes::ShapeRef.new(shape: HexEvenLengthBetween16And4064, required: true, location_name: "PlainText"))
@@ -265,10 +276,12 @@ module Aws::PaymentCryptographyData
 
     EncryptionDecryptionAttributes.add_member(:asymmetric, Shapes::ShapeRef.new(shape: AsymmetricEncryptionAttributes, location_name: "Asymmetric"))
     EncryptionDecryptionAttributes.add_member(:dukpt, Shapes::ShapeRef.new(shape: DukptEncryptionAttributes, location_name: "Dukpt"))
+    EncryptionDecryptionAttributes.add_member(:emv, Shapes::ShapeRef.new(shape: EmvEncryptionAttributes, location_name: "Emv"))
     EncryptionDecryptionAttributes.add_member(:symmetric, Shapes::ShapeRef.new(shape: SymmetricEncryptionAttributes, location_name: "Symmetric"))
     EncryptionDecryptionAttributes.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     EncryptionDecryptionAttributes.add_member_subclass(:asymmetric, Types::EncryptionDecryptionAttributes::Asymmetric)
     EncryptionDecryptionAttributes.add_member_subclass(:dukpt, Types::EncryptionDecryptionAttributes::Dukpt)
+    EncryptionDecryptionAttributes.add_member_subclass(:emv, Types::EncryptionDecryptionAttributes::Emv)
     EncryptionDecryptionAttributes.add_member_subclass(:symmetric, Types::EncryptionDecryptionAttributes::Symmetric)
     EncryptionDecryptionAttributes.add_member_subclass(:unknown, Types::EncryptionDecryptionAttributes::Unknown)
     EncryptionDecryptionAttributes.struct_class = Types::EncryptionDecryptionAttributes
@@ -299,7 +312,7 @@ module Aws::PaymentCryptographyData
     GeneratePinDataInput.add_member(:generation_attributes, Shapes::ShapeRef.new(shape: PinGenerationAttributes, required: true, location_name: "GenerationAttributes"))
     GeneratePinDataInput.add_member(:generation_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "GenerationKeyIdentifier"))
     GeneratePinDataInput.add_member(:pin_block_format, Shapes::ShapeRef.new(shape: PinBlockFormatForPinData, required: true, location_name: "PinBlockFormat"))
-    GeneratePinDataInput.add_member(:pin_data_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And12, location_name: "PinDataLength", metadata: {"box"=>true}))
+    GeneratePinDataInput.add_member(:pin_data_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And12, location_name: "PinDataLength"))
     GeneratePinDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: NumberLengthBetween12And19, required: true, location_name: "PrimaryAccountNumber"))
     GeneratePinDataInput.struct_class = Types::GeneratePinDataInput
 
@@ -560,7 +573,7 @@ module Aws::PaymentCryptographyData
     VerifyPinDataInput.add_member(:encrypted_pin_block, Shapes::ShapeRef.new(shape: HexLengthBetween16And32, required: true, location_name: "EncryptedPinBlock"))
     VerifyPinDataInput.add_member(:encryption_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "EncryptionKeyIdentifier"))
     VerifyPinDataInput.add_member(:pin_block_format, Shapes::ShapeRef.new(shape: PinBlockFormatForPinData, required: true, location_name: "PinBlockFormat"))
-    VerifyPinDataInput.add_member(:pin_data_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And12, location_name: "PinDataLength", metadata: {"box"=>true}))
+    VerifyPinDataInput.add_member(:pin_data_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And12, location_name: "PinDataLength"))
     VerifyPinDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: NumberLengthBetween12And19, required: true, location_name: "PrimaryAccountNumber"))
     VerifyPinDataInput.add_member(:verification_attributes, Shapes::ShapeRef.new(shape: PinVerificationAttributes, required: true, location_name: "VerificationAttributes"))
     VerifyPinDataInput.add_member(:verification_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "VerificationKeyIdentifier"))

data/lib/aws-sdk-paymentcryptographydata/endpoint_provider.rb

@@ -32,7 +32,7 @@ module Aws::PaymentCryptographyData
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               return Aws::Endpoints::Endpoint.new(url: "https://dataplane.payment-cryptography-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"

data/lib/aws-sdk-paymentcryptographydata/types.rb

@@ -376,15 +376,14 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @!attribute [rw] plain_text
-    #   The decrypted plaintext data.
+    #   The decrypted plaintext data in hexBinary format.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DecryptDataOutput AWS API Documentation
@@ -494,11 +493,8 @@ module Aws::PaymentCryptographyData
     #   @return [String]
     #
     # @!attribute [rw] initialization_vector
-    #   An input to cryptographic primitive used to provide the intial
-    #   state. Typically the `InitializationVector` must have a random or
-    #   psuedo-random value, but sometimes it only needs to be unpredictable
-    #   or unique. If you don't provide a value, Amazon Web Services
-    #   Payment Cryptography generates a random value.
+    #   An input used to provide the intial state. If no value is provided,
+    #   Amazon Web Services Payment Cryptography defaults it to zero.
     #   @return [String]
     #
     # @!attribute [rw] key_serial_number
@@ -509,12 +505,7 @@ module Aws::PaymentCryptographyData
     #   @return [String]
     #
     # @!attribute [rw] mode
-    #   The block cipher mode of operation. Block ciphers are designed to
-    #   encrypt a block of data of fixed size, for example, 128 bits. The
-    #   size of the input block is usually same as the size of the encrypted
-    #   output block, while the key length can be different. A mode of
-    #   operation describes how to repeatedly apply a cipher's single-block
-    #   operation to securely transform amounts of data larger than a block.
+    #   The block cipher method to use for encryption.
     #
     #   The default is CBC.
     #   @return [String]
@@ -597,6 +588,53 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # Parameters for plaintext encryption using EMV keys.
+    #
+    # @!attribute [rw] initialization_vector
+    #   An input used to provide the intial state. If no value is provided,
+    #   Amazon Web Services Payment Cryptography defaults it to zero.
+    #   @return [String]
+    #
+    # @!attribute [rw] major_key_derivation_mode
+    #   The EMV derivation mode to use for ICC master key derivation as per
+    #   EMV version 4.3 book 2.
+    #   @return [String]
+    #
+    # @!attribute [rw] mode
+    #   The block cipher method to use for encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] pan_sequence_number
+    #   A number that identifies and differentiates payment cards with the
+    #   same Primary Account Number (PAN).
+    #   @return [String]
+    #
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN), a unique identifier for a payment
+    #   credit or debit card and associates the card to a specific account
+    #   holder.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_derivation_data
+    #   The derivation value used to derive the ICC session key. It is
+    #   typically the application transaction counter value padded with
+    #   zeros or previous ARQC value padded with zeros as per EMV version
+    #   4.3 book 2.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EmvEncryptionAttributes AWS API Documentation
+    #
+    class EmvEncryptionAttributes < Struct.new(
+      :initialization_vector,
+      :major_key_derivation_mode,
+      :mode,
+      :pan_sequence_number,
+      :primary_account_number,
+      :session_derivation_data)
+      SENSITIVE = [:initialization_vector, :primary_account_number]
+      include Aws::Structure
+    end
+
     # @!attribute [rw] encryption_attributes
     #   The encryption key type and attributes for plaintext encryption.
     #   @return [Types::EncryptionDecryptionAttributes]
@@ -608,6 +646,19 @@ module Aws::PaymentCryptographyData
     #
     # @!attribute [rw] plain_text
     #   The plaintext to be encrypted.
+    #
+    #   <note markdown="1"> For encryption using asymmetric keys, plaintext data length is
+    #   constrained by encryption key strength that you define in
+    #   `KeyAlgorithm` and padding type that you define in
+    #   `AsymmetricEncryptionAttributes`. For more information, see [Encrypt
+    #   data][1] in the *Amazon Web Services Payment Cryptography User
+    #   Guide*.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptDataInput AWS API Documentation
@@ -632,11 +683,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptDataOutput AWS API Documentation
@@ -662,6 +712,10 @@ module Aws::PaymentCryptographyData
     #   Parameters that are required to encrypt plaintext data using DUKPT.
     #   @return [Types::DukptEncryptionAttributes]
     #
+    # @!attribute [rw] emv
+    #   Parameters for plaintext encryption using EMV keys.
+    #   @return [Types::EmvEncryptionAttributes]
+    #
     # @!attribute [rw] symmetric
     #   Parameters that are required to perform encryption and decryption
     #   using symmetric keys.
@@ -672,6 +726,7 @@ module Aws::PaymentCryptographyData
     class EncryptionDecryptionAttributes < Struct.new(
       :asymmetric,
       :dukpt,
+      :emv,
       :symmetric,
       :unknown)
       SENSITIVE = []
@@ -680,6 +735,7 @@ module Aws::PaymentCryptographyData
 
       class Asymmetric < EncryptionDecryptionAttributes; end
       class Dukpt < EncryptionDecryptionAttributes; end
+      class Emv < EncryptionDecryptionAttributes; end
       class Symmetric < EncryptionDecryptionAttributes; end
       class Unknown < EncryptionDecryptionAttributes; end
     end
@@ -724,11 +780,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @!attribute [rw] validation_data
@@ -760,7 +815,8 @@ module Aws::PaymentCryptographyData
     #   @return [Integer]
     #
     # @!attribute [rw] message_data
-    #   The data for which a MAC is under generation.
+    #   The data for which a MAC is under generation. This value must be
+    #   hexBinary.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateMacInput AWS API Documentation
@@ -782,11 +838,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @!attribute [rw] mac
@@ -870,11 +925,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] encryption_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @!attribute [rw] generation_key_arn
@@ -885,11 +939,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] generation_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @!attribute [rw] pin_data
@@ -1168,7 +1221,7 @@ module Aws::PaymentCryptographyData
     #
     # @!attribute [rw] dukpt_iso_9797_algorithm_3
     #   Parameters that are required for MAC generation or verification
-    #   using DUKPT ISO 9797 algorithm2.
+    #   using DUKPT ISO 9797 algorithm3.
     #   @return [Types::MacAlgorithmDukpt]
     #
     # @!attribute [rw] emv_mac
@@ -1357,11 +1410,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptDataOutput AWS API Documentation
@@ -1635,20 +1687,12 @@ module Aws::PaymentCryptographyData
     # Parameters requried to encrypt plaintext data using symmetric keys.
     #
     # @!attribute [rw] initialization_vector
-    #   An input to cryptographic primitive used to provide the intial
-    #   state. The `InitializationVector` is typically required have a
-    #   random or psuedo-random value, but sometimes it only needs to be
-    #   unpredictable or unique. If a value is not provided, Amazon Web
-    #   Services Payment Cryptography generates a random value.
+    #   An input used to provide the intial state. If no value is provided,
+    #   Amazon Web Services Payment Cryptography defaults it to zero.
     #   @return [String]
     #
     # @!attribute [rw] mode
-    #   The block cipher mode of operation. Block ciphers are designed to
-    #   encrypt a block of data of fixed size (for example, 128 bits). The
-    #   size of the input block is usually same as the size of the encrypted
-    #   output block, while the key length can be different. A mode of
-    #   operation describes how to repeatedly apply a cipher's single-block
-    #   operation to securely transform amounts of data larger than a block.
+    #   The block cipher method to use for encryption.
     #   @return [String]
     #
     # @!attribute [rw] padding_type
@@ -1685,7 +1729,7 @@ module Aws::PaymentCryptographyData
     #
     # @!attribute [rw] incoming_dukpt_attributes
     #   The attributes and values to use for incoming DUKPT encryption key
-    #   for PIN block tranlation.
+    #   for PIN block translation.
     #   @return [Types::DukptDerivationAttributes]
     #
     # @!attribute [rw] incoming_key_identifier
@@ -1694,7 +1738,7 @@ module Aws::PaymentCryptographyData
     #   @return [String]
     #
     # @!attribute [rw] incoming_translation_attributes
-    #   The format of the incoming PIN block data for tranlation within
+    #   The format of the incoming PIN block data for translation within
     #   Amazon Web Services Payment Cryptography.
     #   @return [Types::TranslationIsoFormats]
     #
@@ -1709,8 +1753,8 @@ module Aws::PaymentCryptographyData
     #   @return [String]
     #
     # @!attribute [rw] outgoing_translation_attributes
-    #   The format of the outgoing PIN block data after tranlation by Amazon
-    #   Web Services Payment Cryptography.
+    #   The format of the outgoing PIN block data after translation by
+    #   Amazon Web Services Payment Cryptography.
     #   @return [Types::TranslationIsoFormats]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinDataInput AWS API Documentation
@@ -1736,15 +1780,14 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @!attribute [rw] pin_block
-    #   The ougoing encrypted PIN block data after tranlation.
+    #   The outgoing encrypted PIN block data after translation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinDataOutput AWS API Documentation
@@ -1940,11 +1983,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyAuthRequestCryptogramOutput AWS API Documentation
@@ -1997,11 +2039,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyCardValidationDataOutput AWS API Documentation
@@ -2027,7 +2068,8 @@ module Aws::PaymentCryptographyData
     #   @return [Integer]
     #
     # @!attribute [rw] message_data
-    #   The data on for which MAC is under verification.
+    #   The data on for which MAC is under verification. This value must be
+    #   hexBinary.
     #   @return [String]
     #
     # @!attribute [rw] verification_attributes
@@ -2055,11 +2097,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyMacOutput AWS API Documentation
@@ -2139,11 +2180,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] encryption_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @!attribute [rw] verification_key_arn
@@ -2154,11 +2194,10 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] verification_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
-    #   detect that a key has changed. Amazon Web Services Payment
-    #   Cryptography calculates the KCV by using standard algorithms,
-    #   typically by encrypting 8 or 16 bytes or "00" or "01" and then
-    #   truncating the result to the first 3 bytes, or 6 hex digits, of the
-    #   resulting cryptogram.
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyPinDataOutput AWS API Documentation

data/lib/aws-sdk-paymentcryptographydata.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-paymentcryptographydata/customizations'
 # @!group service
 module Aws::PaymentCryptographyData
 
-  GEM_VERSION = '1.9.0'
+  GEM_VERSION = '1.10.0'
 
 end

data/sig/client.rbs

@@ -92,6 +92,14 @@ module Aws
                               key_serial_number: ::String,
                               mode: ("ECB" | "CBC")?
                             }?,
+                            emv: {
+                              initialization_vector: ::String?,
+                              major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B"),
+                              mode: ("ECB" | "CBC")?,
+                              pan_sequence_number: ::String,
+                              primary_account_number: ::String,
+                              session_derivation_data: ::String
+                            }?,
                             symmetric: {
                               initialization_vector: ::String?,
                               mode: ("ECB" | "CBC" | "CFB" | "CFB1" | "CFB8" | "CFB64" | "CFB128" | "OFB"),
@@ -121,6 +129,14 @@ module Aws
                               key_serial_number: ::String,
                               mode: ("ECB" | "CBC")?
                             }?,
+                            emv: {
+                              initialization_vector: ::String?,
+                              major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B"),
+                              mode: ("ECB" | "CBC")?,
+                              pan_sequence_number: ::String,
+                              primary_account_number: ::String,
+                              session_derivation_data: ::String
+                            }?,
                             symmetric: {
                               initialization_vector: ::String?,
                               mode: ("ECB" | "CBC" | "CFB" | "CFB1" | "CFB8" | "CFB64" | "CFB128" | "OFB"),

data/sig/types.rbs

@@ -192,6 +192,16 @@ module Aws::PaymentCryptographyData
       SENSITIVE: []
     end
 
+    class EmvEncryptionAttributes
+      attr_accessor initialization_vector: ::String
+      attr_accessor major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B")
+      attr_accessor mode: ("ECB" | "CBC")
+      attr_accessor pan_sequence_number: ::String
+      attr_accessor primary_account_number: ::String
+      attr_accessor session_derivation_data: ::String
+      SENSITIVE: [:initialization_vector, :primary_account_number]
+    end
+
     class EncryptDataInput
       attr_accessor encryption_attributes: Types::EncryptionDecryptionAttributes
       attr_accessor key_identifier: ::String
@@ -209,6 +219,7 @@ module Aws::PaymentCryptographyData
     class EncryptionDecryptionAttributes
       attr_accessor asymmetric: Types::AsymmetricEncryptionAttributes
       attr_accessor dukpt: Types::DukptEncryptionAttributes
+      attr_accessor emv: Types::EmvEncryptionAttributes
       attr_accessor symmetric: Types::SymmetricEncryptionAttributes
       attr_accessor unknown: untyped
       SENSITIVE: []
@@ -217,6 +228,8 @@ module Aws::PaymentCryptographyData
       end
       class Dukpt < EncryptionDecryptionAttributes
       end
+      class Emv < EncryptionDecryptionAttributes
+      end
       class Symmetric < EncryptionDecryptionAttributes
       end
       class Unknown < EncryptionDecryptionAttributes

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-paymentcryptographydata
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.10.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-26 00:00:00.000000000 Z
+date: 2024-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core