npm - @aws-sdk/client-payment-cryptography-data - Versions diffs - 3.670.0 → 3.676.0 - Mend

@aws-sdk/client-payment-cryptography-data 3.670.0 → 3.676.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/README.md +8 -0
package/dist-cjs/index.js +179 -5
package/dist-es/PaymentCryptographyData.js +2 -0
package/dist-es/commands/GenerateMacEmvPinChangeCommand.js +23 -0
package/dist-es/commands/index.js +1 -0
package/dist-es/models/models_0.js +92 -4
package/dist-es/protocols/Aws_restJson1.js +41 -0
package/dist-types/PaymentCryptographyData.d.ts +7 -0
package/dist-types/PaymentCryptographyDataClient.d.ts +3 -2
package/dist-types/commands/DecryptDataCommand.d.ts +10 -9
package/dist-types/commands/EncryptDataCommand.d.ts +11 -9
package/dist-types/commands/GenerateMacCommand.d.ts +9 -9
package/dist-types/commands/GenerateMacEmvPinChangeCommand.d.ts +173 -0
package/dist-types/commands/GeneratePinDataCommand.d.ts +1 -1
package/dist-types/commands/ReEncryptDataCommand.d.ts +11 -10
package/dist-types/commands/TranslatePinDataCommand.d.ts +5 -4
package/dist-types/commands/VerifyAuthRequestCryptogramCommand.d.ts +1 -1
package/dist-types/commands/VerifyMacCommand.d.ts +9 -9
package/dist-types/commands/VerifyPinDataCommand.d.ts +2 -2
package/dist-types/commands/index.d.ts +1 -0
package/dist-types/models/models_0.d.ts +475 -13
package/dist-types/protocols/Aws_restJson1.d.ts +9 -0
package/dist-types/runtimeConfig.browser.d.ts +1 -1
package/dist-types/runtimeConfig.native.d.ts +1 -1
package/dist-types/ts3.4/PaymentCryptographyData.d.ts +17 -0
package/dist-types/ts3.4/PaymentCryptographyDataClient.d.ts +6 -0
package/dist-types/ts3.4/commands/GenerateMacEmvPinChangeCommand.d.ts +51 -0
package/dist-types/ts3.4/commands/index.d.ts +1 -0
package/dist-types/ts3.4/models/models_0.d.ts +185 -6
package/dist-types/ts3.4/protocols/Aws_restJson1.d.ts +12 -0
package/dist-types/ts3.4/runtimeConfig.browser.d.ts +3 -1
package/dist-types/ts3.4/runtimeConfig.native.d.ts +3 -1
package/package.json +5 -5

package/dist-types/commands/DecryptDataCommand.d.ts CHANGED Viewed

@@ -28,7 +28,8 @@ declare const DecryptDataCommand_base: {
 };
 /**
  * <p>Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html">Decrypt data</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
- *          <p>You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. For this operation, the key must have <code>KeyModesOfUse</code> set to <code>Decrypt</code>. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html">GetPublicCertificate</a>.</p>
+ *          <p>You can use an decryption key generated within Amazon Web Services Payment Cryptography, or you can import your own decryption key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. For this operation, the key must have <code>KeyModesOfUse</code> set to <code>Decrypt</code>. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html">GetPublicCertificate</a>.</p>
+ *          <p>This operation also supports dynamic keys, allowing you to pass a dynamic decryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To decrypt using dynamic keys, the <code>keyARN</code> is the Key Encryption Key (KEK) of the TR-31 wrapped decryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html">Using Dynamic Keys</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
  *          <p>For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. For EMV decryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports <code>RSA</code>. </p>
  *          <p>When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.</p>
  *          <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p>
@@ -65,26 +66,26 @@ declare const DecryptDataCommand_base: {
  *   CipherText: "STRING_VALUE", // required
  *   DecryptionAttributes: { // EncryptionDecryptionAttributes Union: only one key present
  *     Symmetric: { // SymmetricEncryptionAttributes
- *       Mode: "STRING_VALUE", // required
+ *       Mode: "ECB" || "CBC" || "CFB" || "CFB1" || "CFB8" || "CFB64" || "CFB128" || "OFB", // required
  *       InitializationVector: "STRING_VALUE",
- *       PaddingType: "STRING_VALUE",
+ *       PaddingType: "PKCS1" || "OAEP_SHA1" || "OAEP_SHA256" || "OAEP_SHA512",
  *     },
  *     Asymmetric: { // AsymmetricEncryptionAttributes
- *       PaddingType: "STRING_VALUE",
+ *       PaddingType: "PKCS1" || "OAEP_SHA1" || "OAEP_SHA256" || "OAEP_SHA512",
  *     },
  *     Dukpt: { // DukptEncryptionAttributes
  *       KeySerialNumber: "STRING_VALUE", // required
- *       Mode: "STRING_VALUE",
- *       DukptKeyDerivationType: "STRING_VALUE",
- *       DukptKeyVariant: "STRING_VALUE",
+ *       Mode: "ECB" || "CBC",
+ *       DukptKeyDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE",
  *       InitializationVector: "STRING_VALUE",
  *     },
  *     Emv: { // EmvEncryptionAttributes
- *       MajorKeyDerivationMode: "STRING_VALUE", // required
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
  *       PrimaryAccountNumber: "STRING_VALUE", // required
  *       PanSequenceNumber: "STRING_VALUE", // required
  *       SessionDerivationData: "STRING_VALUE", // required
- *       Mode: "STRING_VALUE",
+ *       Mode: "ECB" || "CBC",
  *       InitializationVector: "STRING_VALUE",
  *     },
  *   },

package/dist-types/commands/EncryptDataCommand.d.ts CHANGED Viewed

@@ -28,7 +28,9 @@ declare const EncryptDataCommand_base: {
 };
 /**
  * <p>Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html">Encrypt data</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
- *          <p>You can generate an encryption key within Amazon Web Services Payment Cryptography by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a>. You can import your own encryption key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. For this operation, the key must have <code>KeyModesOfUse</code> set to <code>Encrypt</code>. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. </p>
+ *          <p>You can generate an encryption key within Amazon Web Services Payment Cryptography by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a>. You can import your own encryption key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>.</p>
+ *          <p>For this operation, the key must have <code>KeyModesOfUse</code> set to <code>Encrypt</code>. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. </p>
+ *          <p>This operation also supports dynamic keys, allowing you to pass a dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To encrypt using dynamic keys, the <code>keyARN</code> is the Key Encryption Key (KEK) of the TR-31 wrapped encryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html">Using Dynamic Keys</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
  *          <p>For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports <code>RSA</code>. </p>
  *          <p>When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.</p>
  *          <p>To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with <code>KeyModesOfUse</code> set to <code>DeriveKey</code>, or you can generate a new DUKPT key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a>. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with <code>KeyModesOfUse</code> set to <code>DeriveKey</code>.</p>
@@ -71,26 +73,26 @@ declare const EncryptDataCommand_base: {
  *   PlainText: "STRING_VALUE", // required
  *   EncryptionAttributes: { // EncryptionDecryptionAttributes Union: only one key present
  *     Symmetric: { // SymmetricEncryptionAttributes
- *       Mode: "STRING_VALUE", // required
+ *       Mode: "ECB" || "CBC" || "CFB" || "CFB1" || "CFB8" || "CFB64" || "CFB128" || "OFB", // required
  *       InitializationVector: "STRING_VALUE",
- *       PaddingType: "STRING_VALUE",
+ *       PaddingType: "PKCS1" || "OAEP_SHA1" || "OAEP_SHA256" || "OAEP_SHA512",
  *     },
  *     Asymmetric: { // AsymmetricEncryptionAttributes
- *       PaddingType: "STRING_VALUE",
+ *       PaddingType: "PKCS1" || "OAEP_SHA1" || "OAEP_SHA256" || "OAEP_SHA512",
  *     },
  *     Dukpt: { // DukptEncryptionAttributes
  *       KeySerialNumber: "STRING_VALUE", // required
- *       Mode: "STRING_VALUE",
- *       DukptKeyDerivationType: "STRING_VALUE",
- *       DukptKeyVariant: "STRING_VALUE",
+ *       Mode: "ECB" || "CBC",
+ *       DukptKeyDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE",
  *       InitializationVector: "STRING_VALUE",
  *     },
  *     Emv: { // EmvEncryptionAttributes
- *       MajorKeyDerivationMode: "STRING_VALUE", // required
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
  *       PrimaryAccountNumber: "STRING_VALUE", // required
  *       PanSequenceNumber: "STRING_VALUE", // required
  *       SessionDerivationData: "STRING_VALUE", // required
- *       Mode: "STRING_VALUE",
+ *       Mode: "ECB" || "CBC",
  *       InitializationVector: "STRING_VALUE",
  *     },
  *   },

package/dist-types/commands/GenerateMacCommand.d.ts CHANGED Viewed

@@ -53,12 +53,12 @@ declare const GenerateMacCommand_base: {
  *   KeyIdentifier: "STRING_VALUE", // required
  *   MessageData: "STRING_VALUE", // required
  *   GenerationAttributes: { // MacAttributes Union: only one key present
- *     Algorithm: "STRING_VALUE",
+ *     Algorithm: "ISO9797_ALGORITHM1" || "ISO9797_ALGORITHM3" || "CMAC" || "HMAC_SHA224" || "HMAC_SHA256" || "HMAC_SHA384" || "HMAC_SHA512",
  *     EmvMac: { // MacAlgorithmEmv
- *       MajorKeyDerivationMode: "STRING_VALUE", // required
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
  *       PrimaryAccountNumber: "STRING_VALUE", // required
  *       PanSequenceNumber: "STRING_VALUE", // required
- *       SessionKeyDerivationMode: "STRING_VALUE", // required
+ *       SessionKeyDerivationMode: "EMV_COMMON_SESSION_KEY" || "EMV2000" || "AMEX" || "MASTERCARD_SESSION_KEY" || "VISA", // required
  *       SessionKeyDerivationValue: { // SessionKeyDerivationValue Union: only one key present
  *         ApplicationCryptogram: "STRING_VALUE",
  *         ApplicationTransactionCounter: "STRING_VALUE",
@@ -66,18 +66,18 @@ declare const GenerateMacCommand_base: {
  *     },
  *     DukptIso9797Algorithm1: { // MacAlgorithmDukpt
  *       KeySerialNumber: "STRING_VALUE", // required
- *       DukptKeyVariant: "STRING_VALUE", // required
- *       DukptDerivationType: "STRING_VALUE",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE", // required
+ *       DukptDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
  *     },
  *     DukptIso9797Algorithm3: {
  *       KeySerialNumber: "STRING_VALUE", // required
- *       DukptKeyVariant: "STRING_VALUE", // required
- *       DukptDerivationType: "STRING_VALUE",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE", // required
+ *       DukptDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
  *     },
  *     DukptCmac: {
  *       KeySerialNumber: "STRING_VALUE", // required
- *       DukptKeyVariant: "STRING_VALUE", // required
- *       DukptDerivationType: "STRING_VALUE",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE", // required
+ *       DukptDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
  *     },
  *   },
  *   MacLength: Number("int"),

package/dist-types/commands/GenerateMacEmvPinChangeCommand.d.ts ADDED Viewed

@@ -0,0 +1,173 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { GenerateMacEmvPinChangeInput, GenerateMacEmvPinChangeOutput } from "../models/models_0";
+import { PaymentCryptographyDataClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PaymentCryptographyDataClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GenerateMacEmvPinChangeCommand}.
+ */
+export interface GenerateMacEmvPinChangeCommandInput extends GenerateMacEmvPinChangeInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link GenerateMacEmvPinChangeCommand}.
+ */
+export interface GenerateMacEmvPinChangeCommandOutput extends GenerateMacEmvPinChangeOutput, __MetadataBearer {
+}
+declare const GenerateMacEmvPinChangeCommand_base: {
+    new (input: GenerateMacEmvPinChangeCommandInput): import("@smithy/smithy-client").CommandImpl<GenerateMacEmvPinChangeCommandInput, GenerateMacEmvPinChangeCommandOutput, PaymentCryptographyDataClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: GenerateMacEmvPinChangeCommandInput): import("@smithy/smithy-client").CommandImpl<GenerateMacEmvPinChangeCommandInput, GenerateMacEmvPinChangeCommandOutput, PaymentCryptographyDataClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Generates an issuer script mac for EMV payment cards that use offline PINs as the cardholder verification method (CVM).</p>
+ *          <p>This operation generates an authenticated issuer script response by appending the incoming message data (APDU command) with the target encrypted PIN block in ISO2 format. The command structure and method to send the issuer script update to the card is not defined by this operation and is typically determined by the applicable payment card scheme.</p>
+ *          <p>The primary inputs to this operation include the incoming new encrypted pinblock, PIN encryption key (PEK), issuer master key (IMK), primary account number (PAN), and the payment card derivation method.</p>
+ *          <p>The operation uses two issuer master keys - secure messaging for confidentiality (IMK-SMC) and secure messaging for integrity (IMK-SMI). The SMC key is used to internally derive a key to secure the pin, while SMI key is used to internally derive a key to authenticate the script reponse as per the <a href="https://www.emvco.com/specifications/">EMV 4.4 - Book 2 - Security and Key Management</a> specification. </p>
+ *          <p>This operation supports Amex, EMV2000, EMVCommon, Mastercard and Visa derivation methods, each requiring specific input parameters. Users must follow the specific derivation method and input parameters defined by the respective payment card scheme.</p>
+ *          <note>
+ *             <p>Use <a>GenerateMac</a> operation when sending a script update to an EMV card that does not involve PIN change. When assigning IAM permissions, it is important to understand that <a>EncryptData</a> using EMV keys and <a>GenerateMac</a> perform similar functions to this command.</p>
+ *          </note>
+ *          <p>
+ *             <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>EncryptData</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>GenerateMac</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PaymentCryptographyDataClient, GenerateMacEmvPinChangeCommand } from "@aws-sdk/client-payment-cryptography-data"; // ES Modules import
+ * // const { PaymentCryptographyDataClient, GenerateMacEmvPinChangeCommand } = require("@aws-sdk/client-payment-cryptography-data"); // CommonJS import
+ * const client = new PaymentCryptographyDataClient(config);
+ * const input = { // GenerateMacEmvPinChangeInput
+ *   NewPinPekIdentifier: "STRING_VALUE", // required
+ *   NewEncryptedPinBlock: "STRING_VALUE", // required
+ *   PinBlockFormat: "ISO_FORMAT_0" || "ISO_FORMAT_1" || "ISO_FORMAT_3", // required
+ *   SecureMessagingIntegrityKeyIdentifier: "STRING_VALUE", // required
+ *   SecureMessagingConfidentialityKeyIdentifier: "STRING_VALUE", // required
+ *   MessageData: "STRING_VALUE", // required
+ *   DerivationMethodAttributes: { // DerivationMethodAttributes Union: only one key present
+ *     EmvCommon: { // EmvCommonAttributes
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
+ *       PrimaryAccountNumber: "STRING_VALUE", // required
+ *       PanSequenceNumber: "STRING_VALUE", // required
+ *       ApplicationCryptogram: "STRING_VALUE", // required
+ *       Mode: "ECB" || "CBC", // required
+ *       PinBlockPaddingType: "NO_PADDING" || "ISO_IEC_7816_4", // required
+ *       PinBlockLengthPosition: "NONE" || "FRONT_OF_PIN_BLOCK", // required
+ *     },
+ *     Amex: { // AmexAttributes
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
+ *       PrimaryAccountNumber: "STRING_VALUE", // required
+ *       PanSequenceNumber: "STRING_VALUE", // required
+ *       ApplicationTransactionCounter: "STRING_VALUE", // required
+ *       AuthorizationRequestKeyIdentifier: "STRING_VALUE", // required
+ *       CurrentPinAttributes: { // CurrentPinAttributes
+ *         CurrentPinPekIdentifier: "STRING_VALUE", // required
+ *         CurrentEncryptedPinBlock: "STRING_VALUE", // required
+ *       },
+ *     },
+ *     Visa: { // VisaAttributes
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
+ *       PrimaryAccountNumber: "STRING_VALUE", // required
+ *       PanSequenceNumber: "STRING_VALUE", // required
+ *       ApplicationTransactionCounter: "STRING_VALUE", // required
+ *       AuthorizationRequestKeyIdentifier: "STRING_VALUE", // required
+ *       CurrentPinAttributes: {
+ *         CurrentPinPekIdentifier: "STRING_VALUE", // required
+ *         CurrentEncryptedPinBlock: "STRING_VALUE", // required
+ *       },
+ *     },
+ *     Emv2000: { // Emv2000Attributes
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
+ *       PrimaryAccountNumber: "STRING_VALUE", // required
+ *       PanSequenceNumber: "STRING_VALUE", // required
+ *       ApplicationTransactionCounter: "STRING_VALUE", // required
+ *     },
+ *     Mastercard: { // MasterCardAttributes
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
+ *       PrimaryAccountNumber: "STRING_VALUE", // required
+ *       PanSequenceNumber: "STRING_VALUE", // required
+ *       ApplicationCryptogram: "STRING_VALUE", // required
+ *     },
+ *   },
+ * };
+ * const command = new GenerateMacEmvPinChangeCommand(input);
+ * const response = await client.send(command);
+ * // { // GenerateMacEmvPinChangeOutput
+ * //   NewPinPekArn: "STRING_VALUE", // required
+ * //   SecureMessagingIntegrityKeyArn: "STRING_VALUE", // required
+ * //   SecureMessagingConfidentialityKeyArn: "STRING_VALUE", // required
+ * //   Mac: "STRING_VALUE", // required
+ * //   EncryptedPinBlock: "STRING_VALUE", // required
+ * //   NewPinPekKeyCheckValue: "STRING_VALUE", // required
+ * //   SecureMessagingIntegrityKeyCheckValue: "STRING_VALUE", // required
+ * //   SecureMessagingConfidentialityKeyCheckValue: "STRING_VALUE", // required
+ * //   VisaAmexDerivationOutputs: { // VisaAmexDerivationOutputs
+ * //     AuthorizationRequestKeyArn: "STRING_VALUE", // required
+ * //     AuthorizationRequestKeyCheckValue: "STRING_VALUE", // required
+ * //     CurrentPinPekArn: "STRING_VALUE",
+ * //     CurrentPinPekKeyCheckValue: "STRING_VALUE",
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param GenerateMacEmvPinChangeCommandInput - {@link GenerateMacEmvPinChangeCommandInput}
+ * @returns {@link GenerateMacEmvPinChangeCommandOutput}
+ * @see {@link GenerateMacEmvPinChangeCommandInput} for command's `input` shape.
+ * @see {@link GenerateMacEmvPinChangeCommandOutput} for command's `response` shape.
+ * @see {@link PaymentCryptographyDataClientResolvedConfig | config} for PaymentCryptographyDataClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception, or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The request was denied due to an invalid resource error.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The request was denied due to an invalid request error.</p>
+ *
+ * @throws {@link PaymentCryptographyDataServiceException}
+ * <p>Base exception class for all service exceptions from PaymentCryptographyData service.</p>
+ *
+ * @public
+ */
+export declare class GenerateMacEmvPinChangeCommand extends GenerateMacEmvPinChangeCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: GenerateMacEmvPinChangeInput;
+            output: GenerateMacEmvPinChangeOutput;
+        };
+        sdk: {
+            input: GenerateMacEmvPinChangeCommandInput;
+            output: GenerateMacEmvPinChangeCommandOutput;
+        };
+    };
+}

package/dist-types/commands/GeneratePinDataCommand.d.ts CHANGED Viewed

@@ -94,7 +94,7 @@ declare const GeneratePinDataCommand_base: {
  *   },
  *   PinDataLength: Number("int"),
  *   PrimaryAccountNumber: "STRING_VALUE", // required
- *   PinBlockFormat: "STRING_VALUE", // required
+ *   PinBlockFormat: "ISO_FORMAT_0" || "ISO_FORMAT_3", // required
  * };
  * const command = new GeneratePinDataCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/ReEncryptDataCommand.d.ts CHANGED Viewed

@@ -29,6 +29,7 @@ declare const ReEncryptDataCommand_base: {
 /**
  * <p>Re-encrypt ciphertext using DUKPT or Symmetric data encryption keys. </p>
  *          <p>You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a> or import your own encryption key by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a>. The <code>KeyArn</code> for use with this operation must be in a compatible key state with <code>KeyModesOfUse</code> set to <code>Encrypt</code>. </p>
+ *          <p>This operation also supports dynamic keys, allowing you to pass a dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To re-encrypt using dynamic keys, the <code>keyARN</code> is the Key Encryption Key (KEK) of the TR-31 wrapped encryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html">Using Dynamic Keys</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
  *          <p>For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> algorithms. To encrypt using DUKPT, a DUKPT key must already exist within your account with <code>KeyModesOfUse</code> set to <code>DeriveKey</code> or a new DUKPT can be generated by calling <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a>.</p>
  *          <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p>
  *          <p>
@@ -70,29 +71,29 @@ declare const ReEncryptDataCommand_base: {
  *   CipherText: "STRING_VALUE", // required
  *   IncomingEncryptionAttributes: { // ReEncryptionAttributes Union: only one key present
  *     Symmetric: { // SymmetricEncryptionAttributes
- *       Mode: "STRING_VALUE", // required
+ *       Mode: "ECB" || "CBC" || "CFB" || "CFB1" || "CFB8" || "CFB64" || "CFB128" || "OFB", // required
  *       InitializationVector: "STRING_VALUE",
- *       PaddingType: "STRING_VALUE",
+ *       PaddingType: "PKCS1" || "OAEP_SHA1" || "OAEP_SHA256" || "OAEP_SHA512",
  *     },
  *     Dukpt: { // DukptEncryptionAttributes
  *       KeySerialNumber: "STRING_VALUE", // required
- *       Mode: "STRING_VALUE",
- *       DukptKeyDerivationType: "STRING_VALUE",
- *       DukptKeyVariant: "STRING_VALUE",
+ *       Mode: "ECB" || "CBC",
+ *       DukptKeyDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE",
  *       InitializationVector: "STRING_VALUE",
  *     },
  *   },
  *   OutgoingEncryptionAttributes: {//  Union: only one key present
  *     Symmetric: {
- *       Mode: "STRING_VALUE", // required
+ *       Mode: "ECB" || "CBC" || "CFB" || "CFB1" || "CFB8" || "CFB64" || "CFB128" || "OFB", // required
  *       InitializationVector: "STRING_VALUE",
- *       PaddingType: "STRING_VALUE",
+ *       PaddingType: "PKCS1" || "OAEP_SHA1" || "OAEP_SHA256" || "OAEP_SHA512",
  *     },
  *     Dukpt: {
  *       KeySerialNumber: "STRING_VALUE", // required
- *       Mode: "STRING_VALUE",
- *       DukptKeyDerivationType: "STRING_VALUE",
- *       DukptKeyVariant: "STRING_VALUE",
+ *       Mode: "ECB" || "CBC",
+ *       DukptKeyDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE",
  *       InitializationVector: "STRING_VALUE",
  *     },
  *   },

package/dist-types/commands/TranslatePinDataCommand.d.ts CHANGED Viewed

@@ -29,6 +29,7 @@ declare const TranslatePinDataCommand_base: {
 /**
  * <p>Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/translate-pin-data.html">Translate PIN data</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
  *          <p>PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports <code>TDES</code> and <code>AES</code> key derivation type for DUKPT translations. </p>
+ *          <p>This operation also supports dynamic keys, allowing you to pass a dynamic PEK as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To translate PIN block using dynamic keys, the <code>keyARN</code> is the Key Encryption Key (KEK) of the TR-31 wrapped PEK. The incoming wrapped key shall have a key purpose of P0 with a mode of use of B or D. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html">Using Dynamic Keys</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
  *          <p>The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation. </p>
  *          <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p>
  *          <note>
@@ -85,13 +86,13 @@ declare const TranslatePinDataCommand_base: {
  *   EncryptedPinBlock: "STRING_VALUE", // required
  *   IncomingDukptAttributes: { // DukptDerivationAttributes
  *     KeySerialNumber: "STRING_VALUE", // required
- *     DukptKeyDerivationType: "STRING_VALUE",
- *     DukptKeyVariant: "STRING_VALUE",
+ *     DukptKeyDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
+ *     DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE",
  *   },
  *   OutgoingDukptAttributes: {
  *     KeySerialNumber: "STRING_VALUE", // required
- *     DukptKeyDerivationType: "STRING_VALUE",
- *     DukptKeyVariant: "STRING_VALUE",
+ *     DukptKeyDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
+ *     DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE",
  *   },
  *   IncomingWrappedKey: { // WrappedKey
  *     WrappedKeyMaterial: { // WrappedKeyMaterial Union: only one key present

package/dist-types/commands/VerifyAuthRequestCryptogramCommand.d.ts CHANGED Viewed

@@ -57,7 +57,7 @@ declare const VerifyAuthRequestCryptogramCommand_base: {
  *   KeyIdentifier: "STRING_VALUE", // required
  *   TransactionData: "STRING_VALUE", // required
  *   AuthRequestCryptogram: "STRING_VALUE", // required
- *   MajorKeyDerivationMode: "STRING_VALUE", // required
+ *   MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
  *   SessionKeyDerivationAttributes: { // SessionKeyDerivation Union: only one key present
  *     EmvCommon: { // SessionKeyEmvCommon
  *       PrimaryAccountNumber: "STRING_VALUE", // required

package/dist-types/commands/VerifyMacCommand.d.ts CHANGED Viewed

@@ -53,12 +53,12 @@ declare const VerifyMacCommand_base: {
  *   MessageData: "STRING_VALUE", // required
  *   Mac: "STRING_VALUE", // required
  *   VerificationAttributes: { // MacAttributes Union: only one key present
- *     Algorithm: "STRING_VALUE",
+ *     Algorithm: "ISO9797_ALGORITHM1" || "ISO9797_ALGORITHM3" || "CMAC" || "HMAC_SHA224" || "HMAC_SHA256" || "HMAC_SHA384" || "HMAC_SHA512",
  *     EmvMac: { // MacAlgorithmEmv
- *       MajorKeyDerivationMode: "STRING_VALUE", // required
+ *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
  *       PrimaryAccountNumber: "STRING_VALUE", // required
  *       PanSequenceNumber: "STRING_VALUE", // required
- *       SessionKeyDerivationMode: "STRING_VALUE", // required
+ *       SessionKeyDerivationMode: "EMV_COMMON_SESSION_KEY" || "EMV2000" || "AMEX" || "MASTERCARD_SESSION_KEY" || "VISA", // required
  *       SessionKeyDerivationValue: { // SessionKeyDerivationValue Union: only one key present
  *         ApplicationCryptogram: "STRING_VALUE",
  *         ApplicationTransactionCounter: "STRING_VALUE",
@@ -66,18 +66,18 @@ declare const VerifyMacCommand_base: {
  *     },
  *     DukptIso9797Algorithm1: { // MacAlgorithmDukpt
  *       KeySerialNumber: "STRING_VALUE", // required
- *       DukptKeyVariant: "STRING_VALUE", // required
- *       DukptDerivationType: "STRING_VALUE",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE", // required
+ *       DukptDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
  *     },
  *     DukptIso9797Algorithm3: {
  *       KeySerialNumber: "STRING_VALUE", // required
- *       DukptKeyVariant: "STRING_VALUE", // required
- *       DukptDerivationType: "STRING_VALUE",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE", // required
+ *       DukptDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
  *     },
  *     DukptCmac: {
  *       KeySerialNumber: "STRING_VALUE", // required
- *       DukptKeyVariant: "STRING_VALUE", // required
- *       DukptDerivationType: "STRING_VALUE",
+ *       DukptKeyVariant: "BIDIRECTIONAL" || "REQUEST" || "RESPONSE", // required
+ *       DukptDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256",
  *     },
  *   },
  *   MacLength: Number("int"),

package/dist-types/commands/VerifyPinDataCommand.d.ts CHANGED Viewed

@@ -70,11 +70,11 @@ declare const VerifyPinDataCommand_base: {
  *   },
  *   EncryptedPinBlock: "STRING_VALUE", // required
  *   PrimaryAccountNumber: "STRING_VALUE", // required
- *   PinBlockFormat: "STRING_VALUE", // required
+ *   PinBlockFormat: "ISO_FORMAT_0" || "ISO_FORMAT_3", // required
  *   PinDataLength: Number("int"),
  *   DukptAttributes: { // DukptAttributes
  *     KeySerialNumber: "STRING_VALUE", // required
- *     DukptDerivationType: "STRING_VALUE", // required
+ *     DukptDerivationType: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256", // required
  *   },
  * };
  * const command = new VerifyPinDataCommand(input);

package/dist-types/commands/index.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ export * from "./DecryptDataCommand";
 export * from "./EncryptDataCommand";
 export * from "./GenerateCardValidationDataCommand";
 export * from "./GenerateMacCommand";
+export * from "./GenerateMacEmvPinChangeCommand";
 export * from "./GeneratePinDataCommand";
 export * from "./ReEncryptDataCommand";
 export * from "./TranslatePinDataCommand";