aws-sdk-paymentcryptographydata 1.40.0 → 1.41.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f7a988cb691a76c341ff4752a33db0bf178fab283306971d706bd1d432391b87
-  data.tar.gz: 1584efa94a364e93db46cfce48115cbb15a621c08442a87aeecdf3d2480ec9eb
+  metadata.gz: 1d4d6281b3b0f070359c045251c85d178c9313f41e9b08c4da673056f3b886ed
+  data.tar.gz: 1bc7ed971b2c2d9794f030b49cb19e10b3be96eb1ad9f71bb70c9be3d751a9ea
 SHA512:
-  metadata.gz: cc11373d2c9562b9566a780d984c0d8d86570e138f92d9bb61b6055a753a372c5da88038ee71f1eb4c4703ac784f7e24546e8fbab39e4872fafb43d80b069825
-  data.tar.gz: d86faadede30e90c059ae9dd6ae0c5ee316b2c942d9f82a0216975b2a54dab7e73614774f295bc56e75ddc2da2b3ba95dc8e1e7a28176d5286fac3a072ab26c4
+  metadata.gz: 992e61b5595680a082c3337edb27abc6ce692311ed055d999ad38395c811277b80d97b38fb6bce8e0542f7b382d0cfa8e09e3f30c3018094ec3405b1e651d3ea
+  data.tar.gz: 441ae30230bc96c32163930137d0c1b4f9db05ded2ba6cfa10a6eb367ab09fa083171440b1cbd67f1ca55223d219474a89ed571cb39aa501cd8671e47fe3c419

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.41.0 (2025-10-03)
+------------------
+
+* Feature - Added a new API - translateKeyMaterial; allows keys wrapped by ECDH derived keys to be rewrapped under a static AES keyblock without first importing the key into the service.
+
 1.40.0 (2025-08-27)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.40.0
+1.41.0

data/lib/aws-sdk-paymentcryptographydata/client.rb

@@ -921,8 +921,8 @@ module Aws::PaymentCryptographyData
     # You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC
     # by setting generation attributes and algorithm to the associated
     # values. The MAC generation encryption key must have valid values for
-    # `KeyUsage` such as `TR31_M7_HMAC_KEY` for HMAC generation, and they
-    # key must have `KeyModesOfUse` set to `Generate` and `Verify`.
+    # `KeyUsage` such as `TR31_M7_HMAC_KEY` for HMAC generation, and the key
+    # must have `KeyModesOfUse` set to `Generate` and `Verify`.
     #
     # For information about valid keys for this operation, see
     # [Understanding key attributes][1] and [Key types for specific data
@@ -1241,15 +1241,15 @@ module Aws::PaymentCryptographyData
     # @option params [Integer] :pin_data_length
     #   The length of PIN under generation.
     #
-    # @option params [required, String] :primary_account_number
+    # @option params [String] :primary_account_number
     #   The Primary Account Number (PAN), a unique identifier for a payment
     #   credit or debit card that associates the card with a specific account
     #   holder.
     #
     # @option params [required, String] :pin_block_format
     #   The PIN encoding format for pin data generation as specified in ISO
-    #   9564. Amazon Web Services Payment Cryptography supports `ISO_Format_0`
-    #   and `ISO_Format_3`.
+    #   9564. Amazon Web Services Payment Cryptography supports
+    #   `ISO_Format_0`, `ISO_Format_3` and `ISO_Format_4`.
     #
     #   The `ISO_Format_0` PIN block format is equivalent to the ANSI X9.8,
     #   VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN
@@ -1258,6 +1258,10 @@ module Aws::PaymentCryptographyData
     #   The `ISO_Format_3` PIN block format is the same as `ISO_Format_0`
     #   except that the fill digits are random values from 10 to 15.
     #
+    #   The `ISO_Format_4` PIN block format is the only one supporting AES
+    #   encryption. It is similar to `ISO_Format_3` but doubles the pin block
+    #   length by padding with fill digit A and random values from 10 to 15.
+    #
     # @option params [Types::WrappedKey] :encryption_wrapped_key
     #   Parameter information of a WrappedKeyBlock for encryption key
     #   exchange.
@@ -1308,8 +1312,8 @@ module Aws::PaymentCryptographyData
     #       },
     #     },
     #     pin_data_length: 1,
-    #     primary_account_number: "PrimaryAccountNumberType", # required
-    #     pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_3, ISO_FORMAT_4
+    #     primary_account_number: "PrimaryAccountNumberType",
+    #     pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_1, ISO_FORMAT_3, ISO_FORMAT_4
     #     encryption_wrapped_key: {
     #       wrapped_key_material: { # required
     #         tr_31_key_block: "Tr31WrappedKeyBlock",
@@ -1513,6 +1517,109 @@ module Aws::PaymentCryptographyData
       req.send_request(options)
     end
 
+    # Translates an encryption key between different wrapping keys without
+    # importing the key into Amazon Web Services Payment Cryptography.
+    #
+    # This operation can be used when key material is frequently rotated,
+    # such as during every card transaction, and there is a need to avoid
+    # importing short-lived keys into Amazon Web Services Payment
+    # Cryptography. It translates short-lived transaction keys such as Pin
+    # Encryption Key (PEK) generated for each transaction and wrapped with
+    # an ECDH (Elliptic Curve Diffie-Hellman) derived wrapping key to
+    # another KEK (Key Encryption Key) wrapping key.
+    #
+    # Before using this operation, you must first request the public key
+    # certificate of the ECC key pair generated within Amazon Web Services
+    # Payment Cryptography to establish an ECDH key agreement. In
+    # `TranslateKeyData`, the service uses its own ECC key pair, public
+    # certificate of receiving ECC key pair, and the key derivation
+    # parameters to generate a derived key. The service uses this derived
+    # key to unwrap the incoming transaction key received as a
+    # TR31WrappedKeyBlock and re-wrap using a user provided KEK to generate
+    # an outgoing Tr31WrappedKeyBlock. For more information on establishing
+    # ECDH derived keys, see the [Creating keys][1] in the *Amazon Web
+    # Services Payment Cryptography User Guide*.
+    #
+    # For information about valid keys for this operation, see
+    # [Understanding key attributes][2] and [Key types for specific data
+    # operations][3] in the *Amazon Web Services Payment Cryptography User
+    # Guide*.
+    #
+    # **Cross-account use**: This operation can't be used across different
+    # Amazon Web Services accounts.
+    #
+    # **Related operations:**
+    #
+    # * [CreateKey][4]
+    #
+    # * [GetPublicCertificate][5]
+    #
+    # * [ImportKey][6]
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/create-keys.html
+    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
+    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
+    # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
+    #
+    # @option params [required, Types::IncomingKeyMaterial] :incoming_key_material
+    #   Parameter information of the TR31WrappedKeyBlock containing the
+    #   transaction key.
+    #
+    # @option params [required, Types::OutgoingKeyMaterial] :outgoing_key_material
+    #   Parameter information of the wrapping key used to wrap the transaction
+    #   key in the outgoing TR31WrappedKeyBlock.
+    #
+    # @option params [String] :key_check_value_algorithm
+    #   The key check value (KCV) algorithm used for calculating the KCV.
+    #
+    # @return [Types::TranslateKeyMaterialOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::TranslateKeyMaterialOutput#wrapped_key #wrapped_key} => Types::WrappedWorkingKey
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.translate_key_material({
+    #     incoming_key_material: { # required
+    #       diffie_hellman_tr_31_key_block: {
+    #         private_key_identifier: "KeyArnOrKeyAliasType", # required
+    #         certificate_authority_public_key_identifier: "KeyArnOrKeyAliasType", # required
+    #         public_key_certificate: "CertificateType", # required
+    #         derive_key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, HMAC_SHA224
+    #         key_derivation_function: "NIST_SP800", # required, accepts NIST_SP800, ANSI_X963
+    #         key_derivation_hash_algorithm: "SHA_256", # required, accepts SHA_256, SHA_384, SHA_512
+    #         derivation_data: { # required
+    #           shared_information: "SharedInformation",
+    #         },
+    #         wrapped_key_block: "Tr31WrappedKeyBlock", # required
+    #       },
+    #     },
+    #     outgoing_key_material: { # required
+    #       tr_31_key_block: {
+    #         wrapping_key_identifier: "KeyArnOrKeyAliasType", # required
+    #       },
+    #     },
+    #     key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24, HMAC, SHA_1
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.wrapped_key.wrapped_key_material #=> String
+    #   resp.wrapped_key.key_check_value #=> String
+    #   resp.wrapped_key.wrapped_key_material_format #=> String, one of "KEY_CRYPTOGRAM", "TR31_KEY_BLOCK", "TR34_KEY_BLOCK"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslateKeyMaterial AWS API Documentation
+    #
+    # @overload translate_key_material(params = {})
+    # @param [Hash] params ({})
+    def translate_key_material(params = {}, options = {})
+      req = build_request(:translate_key_material, params)
+      req.send_request(options)
+    end
+
     # Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4.
     # For more information, see [Translate PIN data][1] in the *Amazon Web
     # Services Payment Cryptography User Guide*.
@@ -1545,7 +1652,7 @@ module Aws::PaymentCryptographyData
     # encrypted PIN block for use within the service. You can also use ECDH
     # for reveal PIN, wherein the service translates the PIN block from PEK
     # to a ECDH derived encryption key. For more information on establishing
-    # ECDH derived keys, see the [Generating keys][3] in the *Amazon Web
+    # ECDH derived keys, see the [Creating keys][3] in the *Amazon Web
     # Services Payment Cryptography User Guide*.
     #
     # The allowed combinations of PIN block format translations are guided
@@ -2119,7 +2226,7 @@ module Aws::PaymentCryptographyData
     #   The encrypted PIN block data that Amazon Web Services Payment
     #   Cryptography verifies.
     #
-    # @option params [required, String] :primary_account_number
+    # @option params [String] :primary_account_number
     #   The Primary Account Number (PAN), a unique identifier for a payment
     #   credit or debit card that associates the card with a specific account
     #   holder.
@@ -2171,8 +2278,8 @@ module Aws::PaymentCryptographyData
     #       },
     #     },
     #     encrypted_pin_block: "EncryptedPinBlockType", # required
-    #     primary_account_number: "PrimaryAccountNumberType", # required
-    #     pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_3, ISO_FORMAT_4
+    #     primary_account_number: "PrimaryAccountNumberType",
+    #     pin_block_format: "ISO_FORMAT_0", # required, accepts ISO_FORMAT_0, ISO_FORMAT_1, ISO_FORMAT_3, ISO_FORMAT_4
     #     pin_data_length: 1,
     #     dukpt_attributes: {
     #       key_serial_number: "HexLength16Or20Or24", # required
@@ -2228,7 +2335,7 @@ module Aws::PaymentCryptographyData
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-paymentcryptographydata'
-      context[:gem_version] = '1.40.0'
+      context[:gem_version] = '1.41.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-paymentcryptographydata/client_api.rb

@@ -39,6 +39,7 @@ module Aws::PaymentCryptographyData
     DecryptDataInput = Shapes::StructureShape.new(name: 'DecryptDataInput')
     DecryptDataOutput = Shapes::StructureShape.new(name: 'DecryptDataOutput')
     DerivationMethodAttributes = Shapes::UnionShape.new(name: 'DerivationMethodAttributes')
+    DiffieHellmanDerivationData = Shapes::UnionShape.new(name: 'DiffieHellmanDerivationData')
     DiscoverDynamicCardVerificationCode = Shapes::StructureShape.new(name: 'DiscoverDynamicCardVerificationCode')
     DukptAttributes = Shapes::StructureShape.new(name: 'DukptAttributes')
     DukptDerivationAttributes = Shapes::StructureShape.new(name: 'DukptDerivationAttributes')
@@ -79,6 +80,8 @@ module Aws::PaymentCryptographyData
     Ibm3624PinOffset = Shapes::StructureShape.new(name: 'Ibm3624PinOffset')
     Ibm3624PinVerification = Shapes::StructureShape.new(name: 'Ibm3624PinVerification')
     Ibm3624RandomPin = Shapes::StructureShape.new(name: 'Ibm3624RandomPin')
+    IncomingDiffieHellmanTr31KeyBlock = Shapes::StructureShape.new(name: 'IncomingDiffieHellmanTr31KeyBlock')
+    IncomingKeyMaterial = Shapes::UnionShape.new(name: 'IncomingKeyMaterial')
     InitializationVectorType = Shapes::StringShape.new(name: 'InitializationVectorType')
     IntegerRangeBetween0And6 = Shapes::IntegerShape.new(name: 'IntegerRangeBetween0And6')
     IntegerRangeBetween3And5Type = Shapes::IntegerShape.new(name: 'IntegerRangeBetween3And5Type')
@@ -91,6 +94,7 @@ module Aws::PaymentCryptographyData
     KeyCheckValueAlgorithm = Shapes::StringShape.new(name: 'KeyCheckValueAlgorithm')
     KeyDerivationFunction = Shapes::StringShape.new(name: 'KeyDerivationFunction')
     KeyDerivationHashAlgorithm = Shapes::StringShape.new(name: 'KeyDerivationHashAlgorithm')
+    KeyMaterial = Shapes::StringShape.new(name: 'KeyMaterial')
     MacAlgorithm = Shapes::StringShape.new(name: 'MacAlgorithm')
     MacAlgorithmDukpt = Shapes::StructureShape.new(name: 'MacAlgorithmDukpt')
     MacAlgorithmEmv = Shapes::StructureShape.new(name: 'MacAlgorithmEmv')
@@ -101,6 +105,8 @@ module Aws::PaymentCryptographyData
     MasterCardAttributes = Shapes::StructureShape.new(name: 'MasterCardAttributes')
     MessageDataType = Shapes::StringShape.new(name: 'MessageDataType')
     NumberLengthEquals2 = Shapes::StringShape.new(name: 'NumberLengthEquals2')
+    OutgoingKeyMaterial = Shapes::UnionShape.new(name: 'OutgoingKeyMaterial')
+    OutgoingTr31KeyBlock = Shapes::StructureShape.new(name: 'OutgoingTr31KeyBlock')
     PaddingType = Shapes::StringShape.new(name: 'PaddingType')
     PinBlockFormatForEmvPinChange = Shapes::StringShape.new(name: 'PinBlockFormatForEmvPinChange')
     PinBlockFormatForPinData = Shapes::StringShape.new(name: 'PinBlockFormatForPinData')
@@ -139,6 +145,8 @@ module Aws::PaymentCryptographyData
     Tr31WrappedKeyBlock = Shapes::StringShape.new(name: 'Tr31WrappedKeyBlock')
     TrackDataType = Shapes::StringShape.new(name: 'TrackDataType')
     TransactionDataType = Shapes::StringShape.new(name: 'TransactionDataType')
+    TranslateKeyMaterialInput = Shapes::StructureShape.new(name: 'TranslateKeyMaterialInput')
+    TranslateKeyMaterialOutput = Shapes::StructureShape.new(name: 'TranslateKeyMaterialOutput')
     TranslatePinDataInput = Shapes::StructureShape.new(name: 'TranslatePinDataInput')
     TranslatePinDataOutput = Shapes::StructureShape.new(name: 'TranslatePinDataOutput')
     TranslationIsoFormats = Shapes::UnionShape.new(name: 'TranslationIsoFormats')
@@ -166,6 +174,8 @@ module Aws::PaymentCryptographyData
     VisaPinVerificationValue = Shapes::StructureShape.new(name: 'VisaPinVerificationValue')
     WrappedKey = Shapes::StructureShape.new(name: 'WrappedKey')
     WrappedKeyMaterial = Shapes::UnionShape.new(name: 'WrappedKeyMaterial')
+    WrappedKeyMaterialFormat = Shapes::StringShape.new(name: 'WrappedKeyMaterialFormat')
+    WrappedWorkingKey = Shapes::StructureShape.new(name: 'WrappedWorkingKey')
 
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
@@ -282,6 +292,12 @@ module Aws::PaymentCryptographyData
     DerivationMethodAttributes.add_member_subclass(:unknown, Types::DerivationMethodAttributes::Unknown)
     DerivationMethodAttributes.struct_class = Types::DerivationMethodAttributes
 
+    DiffieHellmanDerivationData.add_member(:shared_information, Shapes::ShapeRef.new(shape: SharedInformation, location_name: "SharedInformation"))
+    DiffieHellmanDerivationData.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    DiffieHellmanDerivationData.add_member_subclass(:shared_information, Types::DiffieHellmanDerivationData::SharedInformation)
+    DiffieHellmanDerivationData.add_member_subclass(:unknown, Types::DiffieHellmanDerivationData::Unknown)
+    DiffieHellmanDerivationData.struct_class = Types::DiffieHellmanDerivationData
+
     DiscoverDynamicCardVerificationCode.add_member(:card_expiry_date, Shapes::ShapeRef.new(shape: CardExpiryDateType, required: true, location_name: "CardExpiryDate"))
     DiscoverDynamicCardVerificationCode.add_member(:unpredictable_number, Shapes::ShapeRef.new(shape: HexLengthBetween2And8, required: true, location_name: "UnpredictableNumber"))
     DiscoverDynamicCardVerificationCode.add_member(:application_transaction_counter, Shapes::ShapeRef.new(shape: HexLengthBetween2And4, required: true, location_name: "ApplicationTransactionCounter"))
@@ -415,7 +431,7 @@ module Aws::PaymentCryptographyData
     GeneratePinDataInput.add_member(:encryption_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "EncryptionKeyIdentifier"))
     GeneratePinDataInput.add_member(:generation_attributes, Shapes::ShapeRef.new(shape: PinGenerationAttributes, required: true, location_name: "GenerationAttributes"))
     GeneratePinDataInput.add_member(:pin_data_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And12, location_name: "PinDataLength"))
-    GeneratePinDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
+    GeneratePinDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, location_name: "PrimaryAccountNumber"))
     GeneratePinDataInput.add_member(:pin_block_format, Shapes::ShapeRef.new(shape: PinBlockFormatForPinData, required: true, location_name: "PinBlockFormat"))
     GeneratePinDataInput.add_member(:encryption_wrapped_key, Shapes::ShapeRef.new(shape: WrappedKey, location_name: "EncryptionWrappedKey"))
     GeneratePinDataInput.struct_class = Types::GeneratePinDataInput
@@ -456,6 +472,22 @@ module Aws::PaymentCryptographyData
     Ibm3624RandomPin.add_member(:pin_validation_data, Shapes::ShapeRef.new(shape: PinValidationDataType, required: true, location_name: "PinValidationData"))
     Ibm3624RandomPin.struct_class = Types::Ibm3624RandomPin
 
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:private_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "PrivateKeyIdentifier"))
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:certificate_authority_public_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "CertificateAuthorityPublicKeyIdentifier"))
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:public_key_certificate, Shapes::ShapeRef.new(shape: CertificateType, required: true, location_name: "PublicKeyCertificate"))
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:derive_key_algorithm, Shapes::ShapeRef.new(shape: SymmetricKeyAlgorithm, required: true, location_name: "DeriveKeyAlgorithm"))
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:key_derivation_function, Shapes::ShapeRef.new(shape: KeyDerivationFunction, required: true, location_name: "KeyDerivationFunction"))
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:key_derivation_hash_algorithm, Shapes::ShapeRef.new(shape: KeyDerivationHashAlgorithm, required: true, location_name: "KeyDerivationHashAlgorithm"))
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:derivation_data, Shapes::ShapeRef.new(shape: DiffieHellmanDerivationData, required: true, location_name: "DerivationData"))
+    IncomingDiffieHellmanTr31KeyBlock.add_member(:wrapped_key_block, Shapes::ShapeRef.new(shape: Tr31WrappedKeyBlock, required: true, location_name: "WrappedKeyBlock"))
+    IncomingDiffieHellmanTr31KeyBlock.struct_class = Types::IncomingDiffieHellmanTr31KeyBlock
+
+    IncomingKeyMaterial.add_member(:diffie_hellman_tr_31_key_block, Shapes::ShapeRef.new(shape: IncomingDiffieHellmanTr31KeyBlock, location_name: "DiffieHellmanTr31KeyBlock"))
+    IncomingKeyMaterial.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    IncomingKeyMaterial.add_member_subclass(:diffie_hellman_tr_31_key_block, Types::IncomingKeyMaterial::DiffieHellmanTr31KeyBlock)
+    IncomingKeyMaterial.add_member_subclass(:unknown, Types::IncomingKeyMaterial::Unknown)
+    IncomingKeyMaterial.struct_class = Types::IncomingKeyMaterial
+
     InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
     InternalServerException.struct_class = Types::InternalServerException
 
@@ -491,6 +523,15 @@ module Aws::PaymentCryptographyData
     MasterCardAttributes.add_member(:application_cryptogram, Shapes::ShapeRef.new(shape: ApplicationCryptogramType, required: true, location_name: "ApplicationCryptogram"))
     MasterCardAttributes.struct_class = Types::MasterCardAttributes
 
+    OutgoingKeyMaterial.add_member(:tr_31_key_block, Shapes::ShapeRef.new(shape: OutgoingTr31KeyBlock, location_name: "Tr31KeyBlock"))
+    OutgoingKeyMaterial.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    OutgoingKeyMaterial.add_member_subclass(:tr_31_key_block, Types::OutgoingKeyMaterial::Tr31KeyBlock)
+    OutgoingKeyMaterial.add_member_subclass(:unknown, Types::OutgoingKeyMaterial::Unknown)
+    OutgoingKeyMaterial.struct_class = Types::OutgoingKeyMaterial
+
+    OutgoingTr31KeyBlock.add_member(:wrapping_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "WrappingKeyIdentifier"))
+    OutgoingTr31KeyBlock.struct_class = Types::OutgoingTr31KeyBlock
+
     PinData.add_member(:pin_offset, Shapes::ShapeRef.new(shape: PinOffsetType, location_name: "PinOffset"))
     PinData.add_member(:verification_value, Shapes::ShapeRef.new(shape: VerificationValueType, location_name: "VerificationValue"))
     PinData.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
@@ -602,6 +643,14 @@ module Aws::PaymentCryptographyData
     ThrottlingException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
     ThrottlingException.struct_class = Types::ThrottlingException
 
+    TranslateKeyMaterialInput.add_member(:incoming_key_material, Shapes::ShapeRef.new(shape: IncomingKeyMaterial, required: true, location_name: "IncomingKeyMaterial"))
+    TranslateKeyMaterialInput.add_member(:outgoing_key_material, Shapes::ShapeRef.new(shape: OutgoingKeyMaterial, required: true, location_name: "OutgoingKeyMaterial"))
+    TranslateKeyMaterialInput.add_member(:key_check_value_algorithm, Shapes::ShapeRef.new(shape: KeyCheckValueAlgorithm, location_name: "KeyCheckValueAlgorithm"))
+    TranslateKeyMaterialInput.struct_class = Types::TranslateKeyMaterialInput
+
+    TranslateKeyMaterialOutput.add_member(:wrapped_key, Shapes::ShapeRef.new(shape: WrappedWorkingKey, required: true, location_name: "WrappedKey"))
+    TranslateKeyMaterialOutput.struct_class = Types::TranslateKeyMaterialOutput
+
     TranslatePinDataInput.add_member(:incoming_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "IncomingKeyIdentifier"))
     TranslatePinDataInput.add_member(:outgoing_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "OutgoingKeyIdentifier"))
     TranslatePinDataInput.add_member(:incoming_translation_attributes, Shapes::ShapeRef.new(shape: TranslationIsoFormats, required: true, location_name: "IncomingTranslationAttributes"))
@@ -687,7 +736,7 @@ module Aws::PaymentCryptographyData
     VerifyPinDataInput.add_member(:encryption_key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "EncryptionKeyIdentifier"))
     VerifyPinDataInput.add_member(:verification_attributes, Shapes::ShapeRef.new(shape: PinVerificationAttributes, required: true, location_name: "VerificationAttributes"))
     VerifyPinDataInput.add_member(:encrypted_pin_block, Shapes::ShapeRef.new(shape: EncryptedPinBlockType, required: true, location_name: "EncryptedPinBlock"))
-    VerifyPinDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
+    VerifyPinDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, location_name: "PrimaryAccountNumber"))
     VerifyPinDataInput.add_member(:pin_block_format, Shapes::ShapeRef.new(shape: PinBlockFormatForPinData, required: true, location_name: "PinBlockFormat"))
     VerifyPinDataInput.add_member(:pin_data_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And12, location_name: "PinDataLength"))
     VerifyPinDataInput.add_member(:dukpt_attributes, Shapes::ShapeRef.new(shape: DukptAttributes, location_name: "DukptAttributes"))
@@ -737,6 +786,11 @@ module Aws::PaymentCryptographyData
     WrappedKeyMaterial.add_member_subclass(:unknown, Types::WrappedKeyMaterial::Unknown)
     WrappedKeyMaterial.struct_class = Types::WrappedKeyMaterial
 
+    WrappedWorkingKey.add_member(:wrapped_key_material, Shapes::ShapeRef.new(shape: KeyMaterial, required: true, location_name: "WrappedKeyMaterial"))
+    WrappedWorkingKey.add_member(:key_check_value, Shapes::ShapeRef.new(shape: KeyCheckValue, required: true, location_name: "KeyCheckValue"))
+    WrappedWorkingKey.add_member(:wrapped_key_material_format, Shapes::ShapeRef.new(shape: WrappedKeyMaterialFormat, required: true, location_name: "WrappedKeyMaterialFormat"))
+    WrappedWorkingKey.struct_class = Types::WrappedWorkingKey
+
 
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|
@@ -847,6 +901,19 @@ module Aws::PaymentCryptographyData
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
       end)
 
+      api.add_operation(:translate_key_material, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "TranslateKeyMaterial"
+        o.http_method = "POST"
+        o.http_request_uri = "/keymaterial/translate"
+        o.input = Shapes::ShapeRef.new(shape: TranslateKeyMaterialInput)
+        o.output = Shapes::ShapeRef.new(shape: TranslateKeyMaterialOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+      end)
+
       api.add_operation(:translate_pin_data, Seahorse::Model::Operation.new.tap do |o|
         o.name = "TranslatePinData"
         o.http_method = "POST"

data/lib/aws-sdk-paymentcryptographydata/types.rb

@@ -522,6 +522,35 @@ module Aws::PaymentCryptographyData
       class Unknown < DerivationMethodAttributes; end
     end
 
+    # The shared information used when deriving a key using ECDH.
+    #
+    # @note DiffieHellmanDerivationData is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] shared_information
+    #   A string containing information that binds the ECDH derived key to
+    #   the two parties involved or to the context of the key.
+    #
+    #   It may include details like identities of the two parties deriving
+    #   the key, context of the operation, session IDs, and optionally a
+    #   nonce. It must not contain zero bytes. It is not recommended to
+    #   reuse shared information for multiple ECDH key derivations, as it
+    #   could result in derived key material being the same across different
+    #   derivations.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DiffieHellmanDerivationData AWS API Documentation
+    #
+    class DiffieHellmanDerivationData < Struct.new(
+      :shared_information,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class SharedInformation < DiffieHellmanDerivationData; end
+      class Unknown < DiffieHellmanDerivationData; end
+    end
+
     # Parameters that are required to generate or verify dCVC (Dynamic Card
     # Verification Code).
     #
@@ -757,7 +786,7 @@ module Aws::PaymentCryptographyData
       :key_derivation_function,
       :key_derivation_hash_algorithm,
       :shared_information)
-      SENSITIVE = [:public_key_certificate]
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1269,7 +1298,7 @@ module Aws::PaymentCryptographyData
     # @!attribute [rw] pin_block_format
     #   The PIN encoding format for pin data generation as specified in ISO
     #   9564. Amazon Web Services Payment Cryptography supports
-    #   `ISO_Format_0` and `ISO_Format_3`.
+    #   `ISO_Format_0`, `ISO_Format_3` and `ISO_Format_4`.
     #
     #   The `ISO_Format_0` PIN block format is equivalent to the ANSI X9.8,
     #   VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN
@@ -1277,6 +1306,11 @@ module Aws::PaymentCryptographyData
     #
     #   The `ISO_Format_3` PIN block format is the same as `ISO_Format_0`
     #   except that the fill digits are random values from 10 to 15.
+    #
+    #   The `ISO_Format_4` PIN block format is the only one supporting AES
+    #   encryption. It is similar to `ISO_Format_3` but doubles the pin
+    #   block length by padding with fill digit A and random values from 10
+    #   to 15.
     #   @return [String]
     #
     # @!attribute [rw] encryption_wrapped_key
@@ -1504,6 +1538,82 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # Parameter information of a TR31KeyBlock wrapped using an ECDH derived
+    # key.
+    #
+    # @!attribute [rw] private_key_identifier
+    #   The `keyARN` of the asymmetric ECC key pair.
+    #   @return [String]
+    #
+    # @!attribute [rw] certificate_authority_public_key_identifier
+    #   The `keyArn` of the certificate that signed the client's
+    #   `PublicKeyCertificate`.
+    #   @return [String]
+    #
+    # @!attribute [rw] public_key_certificate
+    #   The client's public key certificate in PEM format (base64 encoded)
+    #   to use for ECDH key derivation.
+    #   @return [String]
+    #
+    # @!attribute [rw] derive_key_algorithm
+    #   The key algorithm of the derived ECDH key.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_derivation_function
+    #   The key derivation function to use for deriving a key using ECDH.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_derivation_hash_algorithm
+    #   The hash type to use for deriving a key using ECDH.
+    #   @return [String]
+    #
+    # @!attribute [rw] derivation_data
+    #   The shared information used when deriving a key using ECDH.
+    #   @return [Types::DiffieHellmanDerivationData]
+    #
+    # @!attribute [rw] wrapped_key_block
+    #   The WrappedKeyBlock containing the transaction key wrapped using an
+    #   ECDH dervied key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/IncomingDiffieHellmanTr31KeyBlock AWS API Documentation
+    #
+    class IncomingDiffieHellmanTr31KeyBlock < Struct.new(
+      :private_key_identifier,
+      :certificate_authority_public_key_identifier,
+      :public_key_certificate,
+      :derive_key_algorithm,
+      :key_derivation_function,
+      :key_derivation_hash_algorithm,
+      :derivation_data,
+      :wrapped_key_block)
+      SENSITIVE = [:wrapped_key_block]
+      include Aws::Structure
+    end
+
+    # Parameter information of the incoming WrappedKeyBlock containing the
+    # transaction key.
+    #
+    # @note IncomingKeyMaterial is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] diffie_hellman_tr_31_key_block
+    #   Parameter information of the TR31WrappedKeyBlock containing the
+    #   transaction key wrapped using an ECDH dervied key.
+    #   @return [Types::IncomingDiffieHellmanTr31KeyBlock]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/IncomingKeyMaterial AWS API Documentation
+    #
+    class IncomingKeyMaterial < Struct.new(
+      :diffie_hellman_tr_31_key_block,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class DiffieHellmanTr31KeyBlock < IncomingKeyMaterial; end
+      class Unknown < IncomingKeyMaterial; end
+    end
+
     # The request processing has failed because of an unknown error,
     # exception, or failure.
     #
@@ -1672,6 +1782,44 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # Parameter information of the outgoing TR31WrappedKeyBlock containing
+    # the transaction key.
+    #
+    # @note OutgoingKeyMaterial is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] tr_31_key_block
+    #   Parameter information of the TR31WrappedKeyBlock containing the
+    #   transaction key wrapped using a KEK.
+    #   @return [Types::OutgoingTr31KeyBlock]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/OutgoingKeyMaterial AWS API Documentation
+    #
+    class OutgoingKeyMaterial < Struct.new(
+      :tr_31_key_block,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class Tr31KeyBlock < OutgoingKeyMaterial; end
+      class Unknown < OutgoingKeyMaterial; end
+    end
+
+    # Parameter information of the TR31WrappedKeyBlock containing the
+    # transaction key wrapped using a KEK.
+    #
+    # @!attribute [rw] wrapping_key_identifier
+    #   The `keyARN` of the KEK used to wrap the transaction key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/OutgoingTr31KeyBlock AWS API Documentation
+    #
+    class OutgoingTr31KeyBlock < Struct.new(
+      :wrapping_key_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Parameters that are required to generate, translate, or verify PIN
     # data.
     #
@@ -2161,6 +2309,42 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # @!attribute [rw] incoming_key_material
+    #   Parameter information of the TR31WrappedKeyBlock containing the
+    #   transaction key.
+    #   @return [Types::IncomingKeyMaterial]
+    #
+    # @!attribute [rw] outgoing_key_material
+    #   Parameter information of the wrapping key used to wrap the
+    #   transaction key in the outgoing TR31WrappedKeyBlock.
+    #   @return [Types::OutgoingKeyMaterial]
+    #
+    # @!attribute [rw] key_check_value_algorithm
+    #   The key check value (KCV) algorithm used for calculating the KCV.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslateKeyMaterialInput AWS API Documentation
+    #
+    class TranslateKeyMaterialInput < Struct.new(
+      :incoming_key_material,
+      :outgoing_key_material,
+      :key_check_value_algorithm)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] wrapped_key
+    #   The outgoing KEK wrapped TR31WrappedKeyBlock.
+    #   @return [Types::WrappedWorkingKey]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslateKeyMaterialOutput AWS API Documentation
+    #
+    class TranslateKeyMaterialOutput < Struct.new(
+      :wrapped_key)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] incoming_key_identifier
     #   The `keyARN` of the encryption key under which incoming PIN block
     #   data is encrypted. This key type can be PEK or BDK.
@@ -2863,6 +3047,40 @@ module Aws::PaymentCryptographyData
       class Unknown < WrappedKeyMaterial; end
     end
 
+    # The parameter information of the outgoing wrapped key block.
+    #
+    # @!attribute [rw] wrapped_key_material
+    #   The wrapped key block of the outgoing transaction key.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_check_value
+    #   The key check value (KCV) of the key contained within the outgoing
+    #   TR31WrappedKeyBlock.
+    #
+    #   The KCV is used to check if all parties holding a given key have the
+    #   same key or to detect that a key has changed. For more information
+    #   on KCV, see [KCV][1] in the *Amazon Web Services Payment
+    #   Cryptography User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.kcv
+    #   @return [String]
+    #
+    # @!attribute [rw] wrapped_key_material_format
+    #   The key block format of the wrapped key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/WrappedWorkingKey AWS API Documentation
+    #
+    class WrappedWorkingKey < Struct.new(
+      :wrapped_key_material,
+      :key_check_value,
+      :wrapped_key_material_format)
+      SENSITIVE = [:wrapped_key_material]
+      include Aws::Structure
+    end
+
   end
 end
 

data/lib/aws-sdk-paymentcryptographydata.rb

@@ -55,7 +55,7 @@ module Aws::PaymentCryptographyData
   autoload :EndpointProvider, 'aws-sdk-paymentcryptographydata/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-paymentcryptographydata/endpoints'
 
-  GEM_VERSION = '1.40.0'
+  GEM_VERSION = '1.41.0'
 
 end
 

data/sig/client.rbs

@@ -384,8 +384,8 @@ module Aws
                                  }?
                                },
                                ?pin_data_length: ::Integer,
-                               primary_account_number: ::String,
-                               pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_3" | "ISO_FORMAT_4"),
+                               ?primary_account_number: ::String,
+                               pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_1" | "ISO_FORMAT_3" | "ISO_FORMAT_4"),
                                ?encryption_wrapped_key: {
                                  wrapped_key_material: {
                                    tr_31_key_block: ::String?,
@@ -473,6 +473,35 @@ module Aws
                            ) -> _ReEncryptDataResponseSuccess
                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ReEncryptDataResponseSuccess
 
+      interface _TranslateKeyMaterialResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::TranslateKeyMaterialOutput]
+        def wrapped_key: () -> Types::WrappedWorkingKey
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/PaymentCryptographyData/Client.html#translate_key_material-instance_method
+      def translate_key_material: (
+                                    incoming_key_material: {
+                                      diffie_hellman_tr_31_key_block: {
+                                        private_key_identifier: ::String,
+                                        certificate_authority_public_key_identifier: ::String,
+                                        public_key_certificate: ::String,
+                                        derive_key_algorithm: ("TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224"),
+                                        key_derivation_function: ("NIST_SP800" | "ANSI_X963"),
+                                        key_derivation_hash_algorithm: ("SHA_256" | "SHA_384" | "SHA_512"),
+                                        derivation_data: {
+                                          shared_information: ::String?
+                                        },
+                                        wrapped_key_block: ::String
+                                      }?
+                                    },
+                                    outgoing_key_material: {
+                                      tr_31_key_block: {
+                                        wrapping_key_identifier: ::String
+                                      }?
+                                    },
+                                    ?key_check_value_algorithm: ("CMAC" | "ANSI_X9_24" | "HMAC" | "SHA_1")
+                                  ) -> _TranslateKeyMaterialResponseSuccess
+                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _TranslateKeyMaterialResponseSuccess
+
       interface _TranslatePinDataResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::TranslatePinDataOutput]
         def pin_block: () -> ::String
@@ -718,8 +747,8 @@ module Aws
                                }?
                              },
                              encrypted_pin_block: ::String,
-                             primary_account_number: ::String,
-                             pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_3" | "ISO_FORMAT_4"),
+                             ?primary_account_number: ::String,
+                             pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_1" | "ISO_FORMAT_3" | "ISO_FORMAT_4"),
                              ?pin_data_length: ::Integer,
                              ?dukpt_attributes: {
                                key_serial_number: ::String,

data/sig/types.rbs

@@ -187,6 +187,17 @@ module Aws::PaymentCryptographyData
       end
     end
 
+    class DiffieHellmanDerivationData
+      attr_accessor shared_information: ::String
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class SharedInformation < DiffieHellmanDerivationData
+      end
+      class Unknown < DiffieHellmanDerivationData
+      end
+    end
+
     class DiscoverDynamicCardVerificationCode
       attr_accessor card_expiry_date: ::String
       attr_accessor unpredictable_number: ::String
@@ -239,7 +250,7 @@ module Aws::PaymentCryptographyData
       attr_accessor key_derivation_function: ("NIST_SP800" | "ANSI_X963")
       attr_accessor key_derivation_hash_algorithm: ("SHA_256" | "SHA_384" | "SHA_512")
       attr_accessor shared_information: ::String
-      SENSITIVE: [:public_key_certificate]
+      SENSITIVE: []
     end
 
     class Emv2000Attributes
@@ -366,7 +377,7 @@ module Aws::PaymentCryptographyData
       attr_accessor generation_attributes: Types::PinGenerationAttributes
       attr_accessor pin_data_length: ::Integer
       attr_accessor primary_account_number: ::String
-      attr_accessor pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_3" | "ISO_FORMAT_4")
+      attr_accessor pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_1" | "ISO_FORMAT_3" | "ISO_FORMAT_4")
       attr_accessor encryption_wrapped_key: Types::WrappedKey
       SENSITIVE: [:primary_account_number]
     end
@@ -419,6 +430,29 @@ module Aws::PaymentCryptographyData
       SENSITIVE: [:decimalization_table, :pin_validation_data]
     end
 
+    class IncomingDiffieHellmanTr31KeyBlock
+      attr_accessor private_key_identifier: ::String
+      attr_accessor certificate_authority_public_key_identifier: ::String
+      attr_accessor public_key_certificate: ::String
+      attr_accessor derive_key_algorithm: ("TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224")
+      attr_accessor key_derivation_function: ("NIST_SP800" | "ANSI_X963")
+      attr_accessor key_derivation_hash_algorithm: ("SHA_256" | "SHA_384" | "SHA_512")
+      attr_accessor derivation_data: Types::DiffieHellmanDerivationData
+      attr_accessor wrapped_key_block: ::String
+      SENSITIVE: [:wrapped_key_block]
+    end
+
+    class IncomingKeyMaterial
+      attr_accessor diffie_hellman_tr_31_key_block: Types::IncomingDiffieHellmanTr31KeyBlock
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class DiffieHellmanTr31KeyBlock < IncomingKeyMaterial
+      end
+      class Unknown < IncomingKeyMaterial
+      end
+    end
+
     class InternalServerException
       attr_accessor message: ::String
       SENSITIVE: []
@@ -471,6 +505,22 @@ module Aws::PaymentCryptographyData
       SENSITIVE: [:primary_account_number, :application_cryptogram]
     end
 
+    class OutgoingKeyMaterial
+      attr_accessor tr_31_key_block: Types::OutgoingTr31KeyBlock
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class Tr31KeyBlock < OutgoingKeyMaterial
+      end
+      class Unknown < OutgoingKeyMaterial
+      end
+    end
+
+    class OutgoingTr31KeyBlock
+      attr_accessor wrapping_key_identifier: ::String
+      SENSITIVE: []
+    end
+
     class PinData
       attr_accessor pin_offset: ::String
       attr_accessor verification_value: ::String
@@ -645,6 +695,18 @@ module Aws::PaymentCryptographyData
       SENSITIVE: []
     end
 
+    class TranslateKeyMaterialInput
+      attr_accessor incoming_key_material: Types::IncomingKeyMaterial
+      attr_accessor outgoing_key_material: Types::OutgoingKeyMaterial
+      attr_accessor key_check_value_algorithm: ("CMAC" | "ANSI_X9_24" | "HMAC" | "SHA_1")
+      SENSITIVE: []
+    end
+
+    class TranslateKeyMaterialOutput
+      attr_accessor wrapped_key: Types::WrappedWorkingKey
+      SENSITIVE: []
+    end
+
     class TranslatePinDataInput
       attr_accessor incoming_key_identifier: ::String
       attr_accessor outgoing_key_identifier: ::String
@@ -763,7 +825,7 @@ module Aws::PaymentCryptographyData
       attr_accessor verification_attributes: Types::PinVerificationAttributes
       attr_accessor encrypted_pin_block: ::String
       attr_accessor primary_account_number: ::String
-      attr_accessor pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_3" | "ISO_FORMAT_4")
+      attr_accessor pin_block_format: ("ISO_FORMAT_0" | "ISO_FORMAT_1" | "ISO_FORMAT_3" | "ISO_FORMAT_4")
       attr_accessor pin_data_length: ::Integer
       attr_accessor dukpt_attributes: Types::DukptAttributes
       attr_accessor encryption_wrapped_key: Types::WrappedKey
@@ -832,5 +894,12 @@ module Aws::PaymentCryptographyData
       class Unknown < WrappedKeyMaterial
       end
     end
+
+    class WrappedWorkingKey
+      attr_accessor wrapped_key_material: ::String
+      attr_accessor key_check_value: ::String
+      attr_accessor wrapped_key_material_format: ("KEY_CRYPTOGRAM" | "TR31_KEY_BLOCK" | "TR34_KEY_BLOCK")
+      SENSITIVE: [:wrapped_key_material]
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-paymentcryptographydata
 version: !ruby/object:Gem::Version
-  version: 1.40.0
+  version: 1.41.0
 platform: ruby
 authors:
 - Amazon Web Services