@aws-sdk/client-payment-cryptography-data 3.600.0 → 3.608.0

package/dist-cjs/index.js

@@ -48,6 +48,7 @@ __export(src_exports, {
   GeneratePinDataCommand: () => GeneratePinDataCommand,
   GeneratePinDataInputFilterSensitiveLog: () => GeneratePinDataInputFilterSensitiveLog,
   InternalServerException: () => InternalServerException,
+  KeyCheckValueAlgorithm: () => KeyCheckValueAlgorithm,
   MacAlgorithm: () => MacAlgorithm,
   MacAlgorithmEmvFilterSensitiveLog: () => MacAlgorithmEmvFilterSensitiveLog,
   MacAttributes: () => MacAttributes,
@@ -94,6 +95,9 @@ __export(src_exports, {
   VerifyMacInputFilterSensitiveLog: () => VerifyMacInputFilterSensitiveLog,
   VerifyPinDataCommand: () => VerifyPinDataCommand,
   VerifyPinDataInputFilterSensitiveLog: () => VerifyPinDataInputFilterSensitiveLog,
+  WrappedKeyFilterSensitiveLog: () => WrappedKeyFilterSensitiveLog,
+  WrappedKeyMaterial: () => WrappedKeyMaterial,
+  WrappedKeyMaterialFilterSensitiveLog: () => WrappedKeyMaterialFilterSensitiveLog,
   __Client: () => import_smithy_client.Client
 });
 module.exports = __toCommonJS(src_exports);
@@ -391,6 +395,18 @@ var EncryptionDecryptionAttributes;
     return visitor._(value.$unknown[0], value.$unknown[1]);
   }, "visit");
 })(EncryptionDecryptionAttributes || (EncryptionDecryptionAttributes = {}));
+var KeyCheckValueAlgorithm = {
+  ANSI_X9_24: "ANSI_X9_24",
+  CMAC: "CMAC"
+};
+var WrappedKeyMaterial;
+((WrappedKeyMaterial3) => {
+  WrappedKeyMaterial3.visit = /* @__PURE__ */ __name((value, visitor) => {
+    if (value.Tr31KeyBlock !== void 0)
+      return visitor.Tr31KeyBlock(value.Tr31KeyBlock);
+    return visitor._(value.$unknown[0], value.$unknown[1]);
+  }, "visit");
+})(WrappedKeyMaterial || (WrappedKeyMaterial = {}));
 var _InternalServerException = class _InternalServerException extends PaymentCryptographyDataServiceException {
   /**
    * @internal
@@ -641,12 +657,23 @@ var EncryptionDecryptionAttributesFilterSensitiveLog = /* @__PURE__ */ __name((o
   if (obj.$unknown !== void 0)
     return { [obj.$unknown[0]]: "UNKNOWN" };
 }, "EncryptionDecryptionAttributesFilterSensitiveLog");
+var WrappedKeyMaterialFilterSensitiveLog = /* @__PURE__ */ __name((obj) => {
+  if (obj.Tr31KeyBlock !== void 0)
+    return { Tr31KeyBlock: import_smithy_client.SENSITIVE_STRING };
+  if (obj.$unknown !== void 0)
+    return { [obj.$unknown[0]]: "UNKNOWN" };
+}, "WrappedKeyMaterialFilterSensitiveLog");
+var WrappedKeyFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
+  ...obj,
+  ...obj.WrappedKeyMaterial && { WrappedKeyMaterial: WrappedKeyMaterialFilterSensitiveLog(obj.WrappedKeyMaterial) }
+}), "WrappedKeyFilterSensitiveLog");
 var DecryptDataInputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
   ...obj.CipherText && { CipherText: import_smithy_client.SENSITIVE_STRING },
   ...obj.DecryptionAttributes && {
     DecryptionAttributes: EncryptionDecryptionAttributesFilterSensitiveLog(obj.DecryptionAttributes)
-  }
+  },
+  ...obj.WrappedKey && { WrappedKey: WrappedKeyFilterSensitiveLog(obj.WrappedKey) }
 }), "DecryptDataInputFilterSensitiveLog");
 var DecryptDataOutputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
@@ -657,7 +684,8 @@ var EncryptDataInputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj.PlainText && { PlainText: import_smithy_client.SENSITIVE_STRING },
   ...obj.EncryptionAttributes && {
     EncryptionAttributes: EncryptionDecryptionAttributesFilterSensitiveLog(obj.EncryptionAttributes)
-  }
+  },
+  ...obj.WrappedKey && { WrappedKey: WrappedKeyFilterSensitiveLog(obj.WrappedKey) }
 }), "EncryptDataInputFilterSensitiveLog");
 var EncryptDataOutputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
@@ -713,7 +741,9 @@ var ReEncryptDataInputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   },
   ...obj.OutgoingEncryptionAttributes && {
     OutgoingEncryptionAttributes: ReEncryptionAttributesFilterSensitiveLog(obj.OutgoingEncryptionAttributes)
-  }
+  },
+  ...obj.IncomingWrappedKey && { IncomingWrappedKey: WrappedKeyFilterSensitiveLog(obj.IncomingWrappedKey) },
+  ...obj.OutgoingWrappedKey && { OutgoingWrappedKey: WrappedKeyFilterSensitiveLog(obj.OutgoingWrappedKey) }
 }), "ReEncryptDataInputFilterSensitiveLog");
 var ReEncryptDataOutputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
@@ -743,7 +773,9 @@ var TranslatePinDataInputFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj.OutgoingTranslationAttributes && {
     OutgoingTranslationAttributes: TranslationIsoFormatsFilterSensitiveLog(obj.OutgoingTranslationAttributes)
   },
-  ...obj.EncryptedPinBlock && { EncryptedPinBlock: import_smithy_client.SENSITIVE_STRING }
+  ...obj.EncryptedPinBlock && { EncryptedPinBlock: import_smithy_client.SENSITIVE_STRING },
+  ...obj.IncomingWrappedKey && { IncomingWrappedKey: WrappedKeyFilterSensitiveLog(obj.IncomingWrappedKey) },
+  ...obj.OutgoingWrappedKey && { OutgoingWrappedKey: WrappedKeyFilterSensitiveLog(obj.OutgoingWrappedKey) }
 }), "TranslatePinDataInputFilterSensitiveLog");
 var SessionKeyAmexFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
@@ -820,7 +852,8 @@ var se_DecryptDataCommand = /* @__PURE__ */ __name(async (input, context) => {
   body = JSON.stringify(
     (0, import_smithy_client.take)(input, {
       CipherText: [],
-      DecryptionAttributes: (_) => (0, import_smithy_client._json)(_)
+      DecryptionAttributes: (_) => (0, import_smithy_client._json)(_),
+      WrappedKey: (_) => (0, import_smithy_client._json)(_)
     })
   );
   b.m("POST").h(headers).b(body);
@@ -837,7 +870,8 @@ var se_EncryptDataCommand = /* @__PURE__ */ __name(async (input, context) => {
   body = JSON.stringify(
     (0, import_smithy_client.take)(input, {
       EncryptionAttributes: (_) => (0, import_smithy_client._json)(_),
-      PlainText: []
+      PlainText: [],
+      WrappedKey: (_) => (0, import_smithy_client._json)(_)
     })
   );
   b.m("POST").h(headers).b(body);
@@ -911,8 +945,10 @@ var se_ReEncryptDataCommand = /* @__PURE__ */ __name(async (input, context) => {
     (0, import_smithy_client.take)(input, {
       CipherText: [],
       IncomingEncryptionAttributes: (_) => (0, import_smithy_client._json)(_),
+      IncomingWrappedKey: (_) => (0, import_smithy_client._json)(_),
       OutgoingEncryptionAttributes: (_) => (0, import_smithy_client._json)(_),
-      OutgoingKeyIdentifier: []
+      OutgoingKeyIdentifier: [],
+      OutgoingWrappedKey: (_) => (0, import_smithy_client._json)(_)
     })
   );
   b.m("POST").h(headers).b(body);
@@ -931,9 +967,11 @@ var se_TranslatePinDataCommand = /* @__PURE__ */ __name(async (input, context) =
       IncomingDukptAttributes: (_) => (0, import_smithy_client._json)(_),
       IncomingKeyIdentifier: [],
       IncomingTranslationAttributes: (_) => (0, import_smithy_client._json)(_),
+      IncomingWrappedKey: (_) => (0, import_smithy_client._json)(_),
       OutgoingDukptAttributes: (_) => (0, import_smithy_client._json)(_),
       OutgoingKeyIdentifier: [],
-      OutgoingTranslationAttributes: (_) => (0, import_smithy_client._json)(_)
+      OutgoingTranslationAttributes: (_) => (0, import_smithy_client._json)(_),
+      OutgoingWrappedKey: (_) => (0, import_smithy_client._json)(_)
     })
   );
   b.m("POST").h(headers).b(body);
@@ -1541,6 +1579,8 @@ var PaymentCryptographyData = _PaymentCryptographyData;
   EmvEncryptionMode,
   EncryptionMode,
   EncryptionDecryptionAttributes,
+  KeyCheckValueAlgorithm,
+  WrappedKeyMaterial,
   InternalServerException,
   ResourceNotFoundException,
   ThrottlingException,
@@ -1563,6 +1603,8 @@ var PaymentCryptographyData = _PaymentCryptographyData;
   EmvEncryptionAttributesFilterSensitiveLog,
   SymmetricEncryptionAttributesFilterSensitiveLog,
   EncryptionDecryptionAttributesFilterSensitiveLog,
+  WrappedKeyMaterialFilterSensitiveLog,
+  WrappedKeyFilterSensitiveLog,
   DecryptDataInputFilterSensitiveLog,
   DecryptDataOutputFilterSensitiveLog,
   EncryptDataInputFilterSensitiveLog,

package/dist-es/models/models_0.js

@@ -119,6 +119,18 @@ export var EncryptionDecryptionAttributes;
         return visitor._(value.$unknown[0], value.$unknown[1]);
     };
 })(EncryptionDecryptionAttributes || (EncryptionDecryptionAttributes = {}));
+export const KeyCheckValueAlgorithm = {
+    ANSI_X9_24: "ANSI_X9_24",
+    CMAC: "CMAC",
+};
+export var WrappedKeyMaterial;
+(function (WrappedKeyMaterial) {
+    WrappedKeyMaterial.visit = (value, visitor) => {
+        if (value.Tr31KeyBlock !== undefined)
+            return visitor.Tr31KeyBlock(value.Tr31KeyBlock);
+        return visitor._(value.$unknown[0], value.$unknown[1]);
+    };
+})(WrappedKeyMaterial || (WrappedKeyMaterial = {}));
 export class InternalServerException extends __BaseException {
     constructor(opts) {
         super({
@@ -344,12 +356,23 @@ export const EncryptionDecryptionAttributesFilterSensitiveLog = (obj) => {
     if (obj.$unknown !== undefined)
         return { [obj.$unknown[0]]: "UNKNOWN" };
 };
+export const WrappedKeyMaterialFilterSensitiveLog = (obj) => {
+    if (obj.Tr31KeyBlock !== undefined)
+        return { Tr31KeyBlock: SENSITIVE_STRING };
+    if (obj.$unknown !== undefined)
+        return { [obj.$unknown[0]]: "UNKNOWN" };
+};
+export const WrappedKeyFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.WrappedKeyMaterial && { WrappedKeyMaterial: WrappedKeyMaterialFilterSensitiveLog(obj.WrappedKeyMaterial) }),
+});
 export const DecryptDataInputFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.CipherText && { CipherText: SENSITIVE_STRING }),
     ...(obj.DecryptionAttributes && {
         DecryptionAttributes: EncryptionDecryptionAttributesFilterSensitiveLog(obj.DecryptionAttributes),
     }),
+    ...(obj.WrappedKey && { WrappedKey: WrappedKeyFilterSensitiveLog(obj.WrappedKey) }),
 });
 export const DecryptDataOutputFilterSensitiveLog = (obj) => ({
     ...obj,
@@ -361,6 +384,7 @@ export const EncryptDataInputFilterSensitiveLog = (obj) => ({
     ...(obj.EncryptionAttributes && {
         EncryptionAttributes: EncryptionDecryptionAttributesFilterSensitiveLog(obj.EncryptionAttributes),
     }),
+    ...(obj.WrappedKey && { WrappedKey: WrappedKeyFilterSensitiveLog(obj.WrappedKey) }),
 });
 export const EncryptDataOutputFilterSensitiveLog = (obj) => ({
     ...obj,
@@ -417,6 +441,8 @@ export const ReEncryptDataInputFilterSensitiveLog = (obj) => ({
     ...(obj.OutgoingEncryptionAttributes && {
         OutgoingEncryptionAttributes: ReEncryptionAttributesFilterSensitiveLog(obj.OutgoingEncryptionAttributes),
     }),
+    ...(obj.IncomingWrappedKey && { IncomingWrappedKey: WrappedKeyFilterSensitiveLog(obj.IncomingWrappedKey) }),
+    ...(obj.OutgoingWrappedKey && { OutgoingWrappedKey: WrappedKeyFilterSensitiveLog(obj.OutgoingWrappedKey) }),
 });
 export const ReEncryptDataOutputFilterSensitiveLog = (obj) => ({
     ...obj,
@@ -447,6 +473,8 @@ export const TranslatePinDataInputFilterSensitiveLog = (obj) => ({
         OutgoingTranslationAttributes: TranslationIsoFormatsFilterSensitiveLog(obj.OutgoingTranslationAttributes),
     }),
     ...(obj.EncryptedPinBlock && { EncryptedPinBlock: SENSITIVE_STRING }),
+    ...(obj.IncomingWrappedKey && { IncomingWrappedKey: WrappedKeyFilterSensitiveLog(obj.IncomingWrappedKey) }),
+    ...(obj.OutgoingWrappedKey && { OutgoingWrappedKey: WrappedKeyFilterSensitiveLog(obj.OutgoingWrappedKey) }),
 });
 export const SessionKeyAmexFilterSensitiveLog = (obj) => ({
     ...obj,

package/dist-es/protocols/Aws_restJson1.js

@@ -14,6 +14,7 @@ export const se_DecryptDataCommand = async (input, context) => {
     body = JSON.stringify(take(input, {
         CipherText: [],
         DecryptionAttributes: (_) => _json(_),
+        WrappedKey: (_) => _json(_),
     }));
     b.m("POST").h(headers).b(body);
     return b.build();
@@ -29,6 +30,7 @@ export const se_EncryptDataCommand = async (input, context) => {
     body = JSON.stringify(take(input, {
         EncryptionAttributes: (_) => _json(_),
         PlainText: [],
+        WrappedKey: (_) => _json(_),
     }));
     b.m("POST").h(headers).b(body);
     return b.build();
@@ -94,8 +96,10 @@ export const se_ReEncryptDataCommand = async (input, context) => {
     body = JSON.stringify(take(input, {
         CipherText: [],
         IncomingEncryptionAttributes: (_) => _json(_),
+        IncomingWrappedKey: (_) => _json(_),
         OutgoingEncryptionAttributes: (_) => _json(_),
         OutgoingKeyIdentifier: [],
+        OutgoingWrappedKey: (_) => _json(_),
     }));
     b.m("POST").h(headers).b(body);
     return b.build();
@@ -112,9 +116,11 @@ export const se_TranslatePinDataCommand = async (input, context) => {
         IncomingDukptAttributes: (_) => _json(_),
         IncomingKeyIdentifier: [],
         IncomingTranslationAttributes: (_) => _json(_),
+        IncomingWrappedKey: (_) => _json(_),
         OutgoingDukptAttributes: (_) => _json(_),
         OutgoingKeyIdentifier: [],
         OutgoingTranslationAttributes: (_) => _json(_),
+        OutgoingWrappedKey: (_) => _json(_),
     }));
     b.m("POST").h(headers).b(body);
     return b.build();

package/dist-types/commands/DecryptDataCommand.d.ts

@@ -88,6 +88,12 @@ declare const DecryptDataCommand_base: {
  *       InitializationVector: "STRING_VALUE",
  *     },
  *   },
+ *   WrappedKey: { // WrappedKey
+ *     WrappedKeyMaterial: { // WrappedKeyMaterial Union: only one key present
+ *       Tr31KeyBlock: "STRING_VALUE",
+ *     },
+ *     KeyCheckValueAlgorithm: "STRING_VALUE",
+ *   },
  * };
  * const command = new DecryptDataCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/EncryptDataCommand.d.ts

@@ -94,6 +94,12 @@ declare const EncryptDataCommand_base: {
  *       InitializationVector: "STRING_VALUE",
  *     },
  *   },
+ *   WrappedKey: { // WrappedKey
+ *     WrappedKeyMaterial: { // WrappedKeyMaterial Union: only one key present
+ *       Tr31KeyBlock: "STRING_VALUE",
+ *     },
+ *     KeyCheckValueAlgorithm: "STRING_VALUE",
+ *   },
  * };
  * const command = new EncryptDataCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/ReEncryptDataCommand.d.ts

@@ -27,9 +27,9 @@ declare const ReEncryptDataCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric  Data Encryption Keys. </p>
- *          <p>You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a> or import your own encryption key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. The <code>KeyArn</code> for use with this operation must be in a compatible key state with <code>KeyModesOfUse</code> set to <code>Encrypt</code>. In asymmetric encryption, ciphertext is encrypted using public component (imported by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>) of the asymmetric key pair created outside of Amazon Web Services Payment Cryptography. </p>
- *          <p>For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. For asymmetric encryption, Amazon Web Services Payment Cryptography supports <code>RSA</code>. To encrypt using DUKPT, a DUKPT key must already exist within your account with <code>KeyModesOfUse</code> set to <code>DeriveKey</code> or a new DUKPT can be generated by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a>.</p>
+ * <p>Re-encrypt ciphertext using DUKPT or Symmetric data encryption keys. </p>
+ *          <p>You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a> or import your own encryption key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. The <code>KeyArn</code> for use with this operation must be in a compatible key state with <code>KeyModesOfUse</code> set to <code>Encrypt</code>. </p>
+ *          <p>For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. To encrypt using DUKPT, a DUKPT key must already exist within your account with <code>KeyModesOfUse</code> set to <code>DeriveKey</code> or a new DUKPT can be generated by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a>.</p>
  *          <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p>
  *          <p>
  *             <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p>
@@ -96,6 +96,18 @@ declare const ReEncryptDataCommand_base: {
  *       InitializationVector: "STRING_VALUE",
  *     },
  *   },
+ *   IncomingWrappedKey: { // WrappedKey
+ *     WrappedKeyMaterial: { // WrappedKeyMaterial Union: only one key present
+ *       Tr31KeyBlock: "STRING_VALUE",
+ *     },
+ *     KeyCheckValueAlgorithm: "STRING_VALUE",
+ *   },
+ *   OutgoingWrappedKey: {
+ *     WrappedKeyMaterial: {//  Union: only one key present
+ *       Tr31KeyBlock: "STRING_VALUE",
+ *     },
+ *     KeyCheckValueAlgorithm: "STRING_VALUE",
+ *   },
  * };
  * const command = new ReEncryptDataCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/TranslatePinDataCommand.d.ts

@@ -93,6 +93,18 @@ declare const TranslatePinDataCommand_base: {
  *     DukptKeyDerivationType: "STRING_VALUE",
  *     DukptKeyVariant: "STRING_VALUE",
  *   },
+ *   IncomingWrappedKey: { // WrappedKey
+ *     WrappedKeyMaterial: { // WrappedKeyMaterial Union: only one key present
+ *       Tr31KeyBlock: "STRING_VALUE",
+ *     },
+ *     KeyCheckValueAlgorithm: "STRING_VALUE",
+ *   },
+ *   OutgoingWrappedKey: {
+ *     WrappedKeyMaterial: {//  Union: only one key present
+ *       Tr31KeyBlock: "STRING_VALUE",
+ *     },
+ *     KeyCheckValueAlgorithm: "STRING_VALUE",
+ *   },
  * };
  * const command = new TranslatePinDataCommand(input);
  * const response = await client.send(command);

package/dist-types/models/models_0.d.ts

@@ -787,12 +787,72 @@ export declare namespace EncryptionDecryptionAttributes {
     }
     const visit: <T>(value: EncryptionDecryptionAttributes, visitor: Visitor<T>) => T;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyCheckValueAlgorithm: {
+    readonly ANSI_X9_24: "ANSI_X9_24";
+    readonly CMAC: "CMAC";
+};
+/**
+ * @public
+ */
+export type KeyCheckValueAlgorithm = (typeof KeyCheckValueAlgorithm)[keyof typeof KeyCheckValueAlgorithm];
+/**
+ * <p>Parameter information of a WrappedKeyBlock for encryption key exchange.</p>
+ * @public
+ */
+export type WrappedKeyMaterial = WrappedKeyMaterial.Tr31KeyBlockMember | WrappedKeyMaterial.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace WrappedKeyMaterial {
+    /**
+     * <p>The TR-31 wrapped key block.</p>
+     * @public
+     */
+    interface Tr31KeyBlockMember {
+        Tr31KeyBlock: string;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        Tr31KeyBlock?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        Tr31KeyBlock: (value: string) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: WrappedKeyMaterial, visitor: Visitor<T>) => T;
+}
+/**
+ * <p>Parameter information of a WrappedKeyBlock for encryption key exchange.</p>
+ * @public
+ */
+export interface WrappedKey {
+    /**
+     * <p>Parameter information of a WrappedKeyBlock for encryption key exchange.</p>
+     * @public
+     */
+    WrappedKeyMaterial: WrappedKeyMaterial | undefined;
+    /**
+     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p>
+     *          <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
+     * @public
+     */
+    KeyCheckValueAlgorithm?: KeyCheckValueAlgorithm;
+}
 /**
  * @public
  */
 export interface DecryptDataInput {
     /**
      * <p>The <code>keyARN</code> of the encryption key that Amazon Web Services Payment Cryptography uses for ciphertext decryption.</p>
+     *          <p>When a WrappedKeyBlock is provided, this value will be the identifier to the key wrapping key. Otherwise, it is the key identifier used to perform the operation.</p>
      * @public
      */
     KeyIdentifier: string | undefined;
@@ -806,6 +866,11 @@ export interface DecryptDataInput {
      * @public
      */
     DecryptionAttributes: EncryptionDecryptionAttributes | undefined;
+    /**
+     * <p>The WrappedKeyBlock containing the encryption key for ciphertext decryption.</p>
+     * @public
+     */
+    WrappedKey?: WrappedKey;
 }
 /**
  * @public
@@ -948,6 +1013,7 @@ export interface DukptDerivationAttributes {
 export interface EncryptDataInput {
     /**
      * <p>The <code>keyARN</code> of the encryption key that Amazon Web Services Payment Cryptography uses for plaintext encryption.</p>
+     *          <p>When a WrappedKeyBlock is provided, this value will be the identifier to the key wrapping key. Otherwise, it is the key identifier used to perform the operation.</p>
      * @public
      */
     KeyIdentifier: string | undefined;
@@ -964,6 +1030,11 @@ export interface EncryptDataInput {
      * @public
      */
     EncryptionAttributes: EncryptionDecryptionAttributes | undefined;
+    /**
+     * <p>The WrappedKeyBlock containing the encryption key for plaintext encryption.</p>
+     * @public
+     */
+    WrappedKey?: WrappedKey;
 }
 /**
  * @public
@@ -1739,6 +1810,7 @@ export declare namespace ReEncryptionAttributes {
 export interface ReEncryptDataInput {
     /**
      * <p>The <code>keyARN</code> of the encryption key of incoming ciphertext data.</p>
+     *          <p>When a WrappedKeyBlock is provided, this value will be the identifier to the key wrapping key. Otherwise, it is the key identifier used to perform the operation.</p>
      * @public
      */
     IncomingKeyIdentifier: string | undefined;
@@ -1762,6 +1834,16 @@ export interface ReEncryptDataInput {
      * @public
      */
     OutgoingEncryptionAttributes: ReEncryptionAttributes | undefined;
+    /**
+     * <p>The WrappedKeyBlock containing the encryption key of incoming ciphertext data.</p>
+     * @public
+     */
+    IncomingWrappedKey?: WrappedKey;
+    /**
+     * <p>The WrappedKeyBlock containing the encryption key of outgoing ciphertext data after encryption by Amazon Web Services Payment Cryptography.</p>
+     * @public
+     */
+    OutgoingWrappedKey?: WrappedKey;
 }
 /**
  * @public
@@ -1879,6 +1961,7 @@ export declare namespace TranslationIsoFormats {
 export interface TranslatePinDataInput {
     /**
      * <p>The <code>keyARN</code> of the encryption key under which incoming PIN block data is encrypted. This key type can be PEK or BDK.</p>
+     *          <p>When a WrappedKeyBlock is provided, this value will be the identifier to the key wrapping key for PIN block. Otherwise, it is the key identifier used to perform the operation.</p>
      * @public
      */
     IncomingKeyIdentifier: string | undefined;
@@ -1912,6 +1995,16 @@ export interface TranslatePinDataInput {
      * @public
      */
     OutgoingDukptAttributes?: DukptDerivationAttributes;
+    /**
+     * <p>The WrappedKeyBlock containing the encryption key under which incoming PIN block data is encrypted.</p>
+     * @public
+     */
+    IncomingWrappedKey?: WrappedKey;
+    /**
+     * <p>The WrappedKeyBlock containing the encryption key for encrypting outgoing PIN block data.</p>
+     * @public
+     */
+    OutgoingWrappedKey?: WrappedKey;
 }
 /**
  * @public
@@ -2447,6 +2540,14 @@ export declare const SymmetricEncryptionAttributesFilterSensitiveLog: (obj: Symm
  * @internal
  */
 export declare const EncryptionDecryptionAttributesFilterSensitiveLog: (obj: EncryptionDecryptionAttributes) => any;
+/**
+ * @internal
+ */
+export declare const WrappedKeyMaterialFilterSensitiveLog: (obj: WrappedKeyMaterial) => any;
+/**
+ * @internal
+ */
+export declare const WrappedKeyFilterSensitiveLog: (obj: WrappedKey) => any;
 /**
  * @internal
  */

package/dist-types/ts3.4/models/models_0.d.ts

@@ -435,10 +435,39 @@ export declare namespace EncryptionDecryptionAttributes {
     visitor: Visitor<T>
   ) => T;
 }
+export declare const KeyCheckValueAlgorithm: {
+  readonly ANSI_X9_24: "ANSI_X9_24";
+  readonly CMAC: "CMAC";
+};
+export type KeyCheckValueAlgorithm =
+  (typeof KeyCheckValueAlgorithm)[keyof typeof KeyCheckValueAlgorithm];
+export type WrappedKeyMaterial =
+  | WrappedKeyMaterial.Tr31KeyBlockMember
+  | WrappedKeyMaterial.$UnknownMember;
+export declare namespace WrappedKeyMaterial {
+  interface Tr31KeyBlockMember {
+    Tr31KeyBlock: string;
+    $unknown?: never;
+  }
+  interface $UnknownMember {
+    Tr31KeyBlock?: never;
+    $unknown: [string, any];
+  }
+  interface Visitor<T> {
+    Tr31KeyBlock: (value: string) => T;
+    _: (name: string, value: any) => T;
+  }
+  const visit: <T>(value: WrappedKeyMaterial, visitor: Visitor<T>) => T;
+}
+export interface WrappedKey {
+  WrappedKeyMaterial: WrappedKeyMaterial | undefined;
+  KeyCheckValueAlgorithm?: KeyCheckValueAlgorithm;
+}
 export interface DecryptDataInput {
   KeyIdentifier: string | undefined;
   CipherText: string | undefined;
   DecryptionAttributes: EncryptionDecryptionAttributes | undefined;
+  WrappedKey?: WrappedKey;
 }
 export interface DecryptDataOutput {
   KeyArn: string | undefined;
@@ -494,6 +523,7 @@ export interface EncryptDataInput {
   KeyIdentifier: string | undefined;
   PlainText: string | undefined;
   EncryptionAttributes: EncryptionDecryptionAttributes | undefined;
+  WrappedKey?: WrappedKey;
 }
 export interface EncryptDataOutput {
   KeyArn: string | undefined;
@@ -852,6 +882,8 @@ export interface ReEncryptDataInput {
   CipherText: string | undefined;
   IncomingEncryptionAttributes: ReEncryptionAttributes | undefined;
   OutgoingEncryptionAttributes: ReEncryptionAttributes | undefined;
+  IncomingWrappedKey?: WrappedKey;
+  OutgoingWrappedKey?: WrappedKey;
 }
 export interface ReEncryptDataOutput {
   KeyArn: string | undefined;
@@ -921,6 +953,8 @@ export interface TranslatePinDataInput {
   EncryptedPinBlock: string | undefined;
   IncomingDukptAttributes?: DukptDerivationAttributes;
   OutgoingDukptAttributes?: DukptDerivationAttributes;
+  IncomingWrappedKey?: WrappedKey;
+  OutgoingWrappedKey?: WrappedKey;
 }
 export interface TranslatePinDataOutput {
   PinBlock: string | undefined;
@@ -1127,6 +1161,10 @@ export declare const SymmetricEncryptionAttributesFilterSensitiveLog: (
 export declare const EncryptionDecryptionAttributesFilterSensitiveLog: (
   obj: EncryptionDecryptionAttributes
 ) => any;
+export declare const WrappedKeyMaterialFilterSensitiveLog: (
+  obj: WrappedKeyMaterial
+) => any;
+export declare const WrappedKeyFilterSensitiveLog: (obj: WrappedKey) => any;
 export declare const DecryptDataInputFilterSensitiveLog: (
   obj: DecryptDataInput
 ) => any;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-payment-cryptography-data",
   "description": "AWS SDK for JavaScript Payment Cryptography Data Client for Node.js, Browser and React Native",
-  "version": "3.600.0",
+  "version": "3.608.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-payment-cryptography-data",
@@ -20,8 +20,8 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "3.600.0",
-    "@aws-sdk/client-sts": "3.600.0",
+    "@aws-sdk/client-sso-oidc": "3.606.0",
+    "@aws-sdk/client-sts": "3.606.0",
     "@aws-sdk/core": "3.598.0",
     "@aws-sdk/credential-provider-node": "3.600.0",
     "@aws-sdk/middleware-host-header": "3.598.0",