@aws-sdk/client-payment-cryptography-data 3.952.0 → 3.954.0

package/dist-types/PaymentCryptographyData.d.ts

@@ -1,6 +1,7 @@
 import type { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
 import { DecryptDataCommandInput, DecryptDataCommandOutput } from "./commands/DecryptDataCommand";
 import { EncryptDataCommandInput, EncryptDataCommandOutput } from "./commands/EncryptDataCommand";
+import { GenerateAs2805KekValidationCommandInput, GenerateAs2805KekValidationCommandOutput } from "./commands/GenerateAs2805KekValidationCommand";
 import { GenerateCardValidationDataCommandInput, GenerateCardValidationDataCommandOutput } from "./commands/GenerateCardValidationDataCommand";
 import { GenerateMacCommandInput, GenerateMacCommandOutput } from "./commands/GenerateMacCommand";
 import { GenerateMacEmvPinChangeCommandInput, GenerateMacEmvPinChangeCommandOutput } from "./commands/GenerateMacEmvPinChangeCommand";
@@ -26,6 +27,12 @@ export interface PaymentCryptographyData {
     encryptData(args: EncryptDataCommandInput, options?: __HttpHandlerOptions): Promise<EncryptDataCommandOutput>;
     encryptData(args: EncryptDataCommandInput, cb: (err: any, data?: EncryptDataCommandOutput) => void): void;
     encryptData(args: EncryptDataCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: EncryptDataCommandOutput) => void): void;
+    /**
+     * @see {@link GenerateAs2805KekValidationCommand}
+     */
+    generateAs2805KekValidation(args: GenerateAs2805KekValidationCommandInput, options?: __HttpHandlerOptions): Promise<GenerateAs2805KekValidationCommandOutput>;
+    generateAs2805KekValidation(args: GenerateAs2805KekValidationCommandInput, cb: (err: any, data?: GenerateAs2805KekValidationCommandOutput) => void): void;
+    generateAs2805KekValidation(args: GenerateAs2805KekValidationCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GenerateAs2805KekValidationCommandOutput) => void): void;
     /**
      * @see {@link GenerateCardValidationDataCommand}
      */

package/dist-types/PaymentCryptographyDataClient.d.ts

@@ -5,10 +5,11 @@ import { type EndpointInputConfig, type EndpointResolvedConfig } from "@smithy/m
 import { type RetryInputConfig, type RetryResolvedConfig } from "@smithy/middleware-retry";
 import type { HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/protocol-http";
 import { type DefaultsMode as __DefaultsMode, type SmithyConfiguration as __SmithyConfiguration, type SmithyResolvedConfiguration as __SmithyResolvedConfiguration, Client as __Client } from "@smithy/smithy-client";
-import { type BodyLengthCalculator as __BodyLengthCalculator, type CheckOptionalClientConfig as __CheckOptionalClientConfig, type ChecksumConstructor as __ChecksumConstructor, type ClientProtocol, type Decoder as __Decoder, type Encoder as __Encoder, type HashConstructor as __HashConstructor, type HttpHandlerOptions as __HttpHandlerOptions, type HttpRequest, type HttpResponse, type Logger as __Logger, type Provider as __Provider, type StreamCollector as __StreamCollector, type UrlParser as __UrlParser, AwsCredentialIdentityProvider, Provider, UserAgent as __UserAgent } from "@smithy/types";
+import { type BodyLengthCalculator as __BodyLengthCalculator, type CheckOptionalClientConfig as __CheckOptionalClientConfig, type ChecksumConstructor as __ChecksumConstructor, type Decoder as __Decoder, type Encoder as __Encoder, type HashConstructor as __HashConstructor, type HttpHandlerOptions as __HttpHandlerOptions, type Logger as __Logger, type Provider as __Provider, type StreamCollector as __StreamCollector, type UrlParser as __UrlParser, AwsCredentialIdentityProvider, Provider, UserAgent as __UserAgent } from "@smithy/types";
 import { type HttpAuthSchemeInputConfig, type HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider";
 import { DecryptDataCommandInput, DecryptDataCommandOutput } from "./commands/DecryptDataCommand";
 import { EncryptDataCommandInput, EncryptDataCommandOutput } from "./commands/EncryptDataCommand";
+import { GenerateAs2805KekValidationCommandInput, GenerateAs2805KekValidationCommandOutput } from "./commands/GenerateAs2805KekValidationCommand";
 import { GenerateCardValidationDataCommandInput, GenerateCardValidationDataCommandOutput } from "./commands/GenerateCardValidationDataCommand";
 import { GenerateMacCommandInput, GenerateMacCommandOutput } from "./commands/GenerateMacCommand";
 import { GenerateMacEmvPinChangeCommandInput, GenerateMacEmvPinChangeCommandOutput } from "./commands/GenerateMacEmvPinChangeCommand";
@@ -26,11 +27,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = DecryptDataCommandInput | EncryptDataCommandInput | GenerateCardValidationDataCommandInput | GenerateMacCommandInput | GenerateMacEmvPinChangeCommandInput | GeneratePinDataCommandInput | ReEncryptDataCommandInput | TranslateKeyMaterialCommandInput | TranslatePinDataCommandInput | VerifyAuthRequestCryptogramCommandInput | VerifyCardValidationDataCommandInput | VerifyMacCommandInput | VerifyPinDataCommandInput;
+export type ServiceInputTypes = DecryptDataCommandInput | EncryptDataCommandInput | GenerateAs2805KekValidationCommandInput | GenerateCardValidationDataCommandInput | GenerateMacCommandInput | GenerateMacEmvPinChangeCommandInput | GeneratePinDataCommandInput | ReEncryptDataCommandInput | TranslateKeyMaterialCommandInput | TranslatePinDataCommandInput | VerifyAuthRequestCryptogramCommandInput | VerifyCardValidationDataCommandInput | VerifyMacCommandInput | VerifyPinDataCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = DecryptDataCommandOutput | EncryptDataCommandOutput | GenerateCardValidationDataCommandOutput | GenerateMacCommandOutput | GenerateMacEmvPinChangeCommandOutput | GeneratePinDataCommandOutput | ReEncryptDataCommandOutput | TranslateKeyMaterialCommandOutput | TranslatePinDataCommandOutput | VerifyAuthRequestCryptogramCommandOutput | VerifyCardValidationDataCommandOutput | VerifyMacCommandOutput | VerifyPinDataCommandOutput;
+export type ServiceOutputTypes = DecryptDataCommandOutput | EncryptDataCommandOutput | GenerateAs2805KekValidationCommandOutput | GenerateCardValidationDataCommandOutput | GenerateMacCommandOutput | GenerateMacEmvPinChangeCommandOutput | GeneratePinDataCommandOutput | ReEncryptDataCommandOutput | TranslateKeyMaterialCommandOutput | TranslatePinDataCommandOutput | VerifyAuthRequestCryptogramCommandOutput | VerifyCardValidationDataCommandOutput | VerifyMacCommandOutput | VerifyPinDataCommandOutput;
 /**
  * @public
  */
@@ -154,15 +155,6 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
      * Optional extensions
      */
     extensions?: RuntimeExtension[];
-    /**
-     * The protocol controlling the message type (e.g. HTTP) and format (e.g. JSON)
-     * may be overridden. A default will always be set by the client.
-     * Available options depend on the service's supported protocols and will not be validated by
-     * the client.
-     * @alpha
-     *
-     */
-    protocol?: ClientProtocol<HttpRequest, HttpResponse>;
     /**
      * The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK.
      */

package/dist-types/commands/GenerateAs2805KekValidationCommand.d.ts

@@ -0,0 +1,101 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import type { GenerateAs2805KekValidationInput, GenerateAs2805KekValidationOutput } from "../models/models_0";
+import type { PaymentCryptographyDataClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PaymentCryptographyDataClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GenerateAs2805KekValidationCommand}.
+ */
+export interface GenerateAs2805KekValidationCommandInput extends GenerateAs2805KekValidationInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link GenerateAs2805KekValidationCommand}.
+ */
+export interface GenerateAs2805KekValidationCommandOutput extends GenerateAs2805KekValidationOutput, __MetadataBearer {
+}
+declare const GenerateAs2805KekValidationCommand_base: {
+    new (input: GenerateAs2805KekValidationCommandInput): import("@smithy/smithy-client").CommandImpl<GenerateAs2805KekValidationCommandInput, GenerateAs2805KekValidationCommandOutput, PaymentCryptographyDataClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (input: GenerateAs2805KekValidationCommandInput): import("@smithy/smithy-client").CommandImpl<GenerateAs2805KekValidationCommandInput, GenerateAs2805KekValidationCommandOutput, PaymentCryptographyDataClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Establishes node-to-node initialization between payment processing nodes such as an acquirer, issuer or payment network using Australian Standard 2805 (AS2805).</p> <p>During node-to-node initialization, both communicating nodes must validate that they possess the correct Key Encrypting Keys (KEKs) before proceeding with session key exchange. In AS2805, the sending KEK (KEKs) of one node corresponds to the receiving KEK (KEKr) of its partner node. Each node uses its KEK to encrypt and decrypt session keys exchanged between the nodes. A KEK can be created or imported into Amazon Web Services Payment Cryptography using either the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a> or <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a> operations.</p> <p>The node initiating communication can use <code>GenerateAS2805KekValidation</code> to generate a combined KEK validation request and KEK validation response to send to the partnering node for validation. When invoked, the API internally generates a random sending key encrypted under KEKs and provides a receiving key encrypted under KEKr as response. The initiating node sends the response returned by this API to its partner for validation.</p> <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p> <p> <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PaymentCryptographyDataClient, GenerateAs2805KekValidationCommand } from "@aws-sdk/client-payment-cryptography-data"; // ES Modules import
+ * // const { PaymentCryptographyDataClient, GenerateAs2805KekValidationCommand } = require("@aws-sdk/client-payment-cryptography-data"); // CommonJS import
+ * // import type { PaymentCryptographyDataClientConfig } from "@aws-sdk/client-payment-cryptography-data";
+ * const config = {}; // type is PaymentCryptographyDataClientConfig
+ * const client = new PaymentCryptographyDataClient(config);
+ * const input = { // GenerateAs2805KekValidationInput
+ *   KeyIdentifier: "STRING_VALUE", // required
+ *   KekValidationType: { // As2805KekValidationType Union: only one key present
+ *     KekValidationRequest: { // KekValidationRequest
+ *       DeriveKeyAlgorithm: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256" || "HMAC_SHA256" || "HMAC_SHA384" || "HMAC_SHA512" || "HMAC_SHA224", // required
+ *     },
+ *     KekValidationResponse: { // KekValidationResponse
+ *       RandomKeySend: "STRING_VALUE", // required
+ *     },
+ *   },
+ *   RandomKeySendVariantMask: "VARIANT_MASK_82C0" || "VARIANT_MASK_82", // required
+ * };
+ * const command = new GenerateAs2805KekValidationCommand(input);
+ * const response = await client.send(command);
+ * // { // GenerateAs2805KekValidationOutput
+ * //   KeyArn: "STRING_VALUE", // required
+ * //   KeyCheckValue: "STRING_VALUE", // required
+ * //   RandomKeySend: "STRING_VALUE", // required
+ * //   RandomKeyReceive: "STRING_VALUE", // required
+ * // };
+ *
+ * ```
+ *
+ * @param GenerateAs2805KekValidationCommandInput - {@link GenerateAs2805KekValidationCommandInput}
+ * @returns {@link GenerateAs2805KekValidationCommandOutput}
+ * @see {@link GenerateAs2805KekValidationCommandInput} for command's `input` shape.
+ * @see {@link GenerateAs2805KekValidationCommandOutput} for command's `response` shape.
+ * @see {@link PaymentCryptographyDataClientResolvedConfig | config} for PaymentCryptographyDataClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception, or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The request was denied due to an invalid resource error.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The request was denied due to an invalid request error.</p>
+ *
+ * @throws {@link PaymentCryptographyDataServiceException}
+ * <p>Base exception class for all service exceptions from PaymentCryptographyData service.</p>
+ *
+ *
+ * @public
+ */
+export declare class GenerateAs2805KekValidationCommand extends GenerateAs2805KekValidationCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: GenerateAs2805KekValidationInput;
+            output: GenerateAs2805KekValidationOutput;
+        };
+        sdk: {
+            input: GenerateAs2805KekValidationCommandInput;
+            output: GenerateAs2805KekValidationCommandOutput;
+        };
+    };
+}

package/dist-types/commands/GenerateMacCommand.d.ts

@@ -27,7 +27,7 @@ declare const GenerateMacCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. </p> <p>You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.</p> <p>You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for <code>KeyUsage</code> such as <code>TR31_M7_HMAC_KEY</code> for HMAC generation, and the key must have <code>KeyModesOfUse</code> set to <code>Generate</code> and <code>Verify</code>.</p> <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p> <p> <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a>VerifyMac</a> </p> </li> </ul>
+ * <p>Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. </p> <p>You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.</p> <p>You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for <code>KeyUsage</code> such as <code>TR31_M7_HMAC_KEY</code> for HMAC generation, and the key must have <code>KeyModesOfUse</code> set to <code>Generate</code>.</p> <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p> <p> <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a>VerifyMac</a> </p> </li> </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -40,7 +40,7 @@ declare const GenerateMacCommand_base: {
  *   KeyIdentifier: "STRING_VALUE", // required
  *   MessageData: "STRING_VALUE", // required
  *   GenerationAttributes: { // MacAttributes Union: only one key present
- *     Algorithm: "ISO9797_ALGORITHM1" || "ISO9797_ALGORITHM3" || "CMAC" || "HMAC" || "HMAC_SHA224" || "HMAC_SHA256" || "HMAC_SHA384" || "HMAC_SHA512",
+ *     Algorithm: "ISO9797_ALGORITHM1" || "ISO9797_ALGORITHM3" || "CMAC" || "HMAC" || "HMAC_SHA224" || "HMAC_SHA256" || "HMAC_SHA384" || "HMAC_SHA512" || "AS2805_4_1",
  *     EmvMac: { // MacAlgorithmEmv
  *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
  *       PrimaryAccountNumber: "STRING_VALUE", // required

package/dist-types/commands/TranslateKeyMaterialCommand.d.ts

@@ -27,7 +27,7 @@ declare const TranslateKeyMaterialCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Translates an encryption key between different wrapping keys without importing the key into Amazon Web Services Payment Cryptography.</p> <p>This operation can be used when key material is frequently rotated, such as during every card transaction, and there is a need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. It translates short-lived transaction keys such as Pin Encryption Key (PEK) generated for each transaction and wrapped with an ECDH (Elliptic Curve Diffie-Hellman) derived wrapping key to another KEK (Key Encryption Key) wrapping key. </p> <p>Before using this operation, you must first request the public key certificate of the ECC key pair generated within Amazon Web Services Payment Cryptography to establish an ECDH key agreement. In <code>TranslateKeyData</code>, the service uses its own ECC key pair, public certificate of receiving ECC key pair, and the key derivation parameters to generate a derived key. The service uses this derived key to unwrap the incoming transaction key received as a TR31WrappedKeyBlock and re-wrap using a user provided KEK to generate an outgoing Tr31WrappedKeyBlock. For more information on establishing ECDH derived keys, see the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/create-keys.html">Creating keys</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.</p> <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p> <p> <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a> </p> </li> <li> <p> <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html">GetPublicCertificate</a> </p> </li> <li> <p> <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a> </p> </li> </ul>
+ * <p>Translates an cryptographic key between different wrapping keys without importing the key into Amazon Web Services Payment Cryptography.</p> <p>This operation can be used when key material is frequently rotated, such as during every card transaction, and there is a need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. It translates short-lived transaction keys such as <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.pek">PEK</a> generated for each transaction and wrapped with an <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.ecdh">ECDH</a> derived wrapping key to another <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.kek">KEK</a> wrapping key. </p> <p>Before using this operation, you must first request the public key certificate of the ECC key pair generated within Amazon Web Services Payment Cryptography to establish an ECDH key agreement. In <code>TranslateKeyData</code>, the service uses its own ECC key pair, public certificate of receiving ECC key pair, and the key derivation parameters to generate a derived key. The service uses this derived key to unwrap the incoming transaction key received as a TR31WrappedKeyBlock and re-wrap using a user provided KEK to generate an outgoing Tr31WrappedKeyBlock.</p> <p>For information about valid keys for this operation, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> and <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html">Key types for specific data operations</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. </p> <p> <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html">CreateKey</a> </p> </li> <li> <p> <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html">GetPublicCertificate</a> </p> </li> <li> <p> <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html">ImportKey</a> </p> </li> </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/TranslatePinDataCommand.d.ts

@@ -50,6 +50,9 @@ declare const TranslatePinDataCommand_base: {
  *     IsoFormat4: {
  *       PrimaryAccountNumber: "STRING_VALUE", // required
  *     },
+ *     As2805Format0: { // TranslationPinDataAs2805Format0
+ *       PrimaryAccountNumber: "STRING_VALUE", // required
+ *     },
  *   },
  *   OutgoingTranslationAttributes: {//  Union: only one key present
  *     IsoFormat0: {
@@ -60,6 +63,9 @@ declare const TranslatePinDataCommand_base: {
  *       PrimaryAccountNumber: "STRING_VALUE", // required
  *     },
  *     IsoFormat4: "<TranslationPinDataIsoFormat034>",
+ *     As2805Format0: {
+ *       PrimaryAccountNumber: "STRING_VALUE", // required
+ *     },
  *   },
  *   EncryptedPinBlock: "STRING_VALUE", // required
  *   IncomingDukptAttributes: { // DukptDerivationAttributes
@@ -100,6 +106,10 @@ declare const TranslatePinDataCommand_base: {
  *     },
  *     KeyCheckValueAlgorithm: "STRING_VALUE",
  *   },
+ *   IncomingAs2805Attributes: { // As2805PekDerivationAttributes
+ *     SystemTraceAuditNumber: "STRING_VALUE", // required
+ *     TransactionAmount: "STRING_VALUE", // required
+ *   },
  * };
  * const command = new TranslatePinDataCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/VerifyMacCommand.d.ts

@@ -41,7 +41,7 @@ declare const VerifyMacCommand_base: {
  *   MessageData: "STRING_VALUE", // required
  *   Mac: "STRING_VALUE", // required
  *   VerificationAttributes: { // MacAttributes Union: only one key present
- *     Algorithm: "ISO9797_ALGORITHM1" || "ISO9797_ALGORITHM3" || "CMAC" || "HMAC" || "HMAC_SHA224" || "HMAC_SHA256" || "HMAC_SHA384" || "HMAC_SHA512",
+ *     Algorithm: "ISO9797_ALGORITHM1" || "ISO9797_ALGORITHM3" || "CMAC" || "HMAC" || "HMAC_SHA224" || "HMAC_SHA256" || "HMAC_SHA384" || "HMAC_SHA512" || "AS2805_4_1",
  *     EmvMac: { // MacAlgorithmEmv
  *       MajorKeyDerivationMode: "EMV_OPTION_A" || "EMV_OPTION_B", // required
  *       PrimaryAccountNumber: "STRING_VALUE", // required

package/dist-types/commands/index.d.ts

@@ -1,5 +1,6 @@
 export * from "./DecryptDataCommand";
 export * from "./EncryptDataCommand";
+export * from "./GenerateAs2805KekValidationCommand";
 export * from "./GenerateCardValidationDataCommand";
 export * from "./GenerateMacCommand";
 export * from "./GenerateMacEmvPinChangeCommand";

package/dist-types/index.d.ts

@@ -9,6 +9,7 @@ export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
 export type { RuntimeExtension } from "./runtimeExtensions";
 export type { PaymentCryptographyDataExtensionConfiguration } from "./extensionConfiguration";
 export * from "./commands";
+export * from "./schemas/schemas_0";
 export * from "./models/enums";
 export * from "./models/errors";
 export type * from "./models/models_0";

package/dist-types/models/enums.d.ts

@@ -10,6 +10,25 @@ export declare const MajorKeyDerivationMode: {
  * @public
  */
 export type MajorKeyDerivationMode = (typeof MajorKeyDerivationMode)[keyof typeof MajorKeyDerivationMode];
+/**
+ * @public
+ * @enum
+ */
+export declare const SymmetricKeyAlgorithm: {
+    readonly AES_128: "AES_128";
+    readonly AES_192: "AES_192";
+    readonly AES_256: "AES_256";
+    readonly HMAC_SHA224: "HMAC_SHA224";
+    readonly HMAC_SHA256: "HMAC_SHA256";
+    readonly HMAC_SHA384: "HMAC_SHA384";
+    readonly HMAC_SHA512: "HMAC_SHA512";
+    readonly TDES_2KEY: "TDES_2KEY";
+    readonly TDES_3KEY: "TDES_3KEY";
+};
+/**
+ * @public
+ */
+export type SymmetricKeyAlgorithm = (typeof SymmetricKeyAlgorithm)[keyof typeof SymmetricKeyAlgorithm];
 /**
  * @public
  * @enum
@@ -120,25 +139,6 @@ export declare const KeyCheckValueAlgorithm: {
  * @public
  */
 export type KeyCheckValueAlgorithm = (typeof KeyCheckValueAlgorithm)[keyof typeof KeyCheckValueAlgorithm];
-/**
- * @public
- * @enum
- */
-export declare const SymmetricKeyAlgorithm: {
-    readonly AES_128: "AES_128";
-    readonly AES_192: "AES_192";
-    readonly AES_256: "AES_256";
-    readonly HMAC_SHA224: "HMAC_SHA224";
-    readonly HMAC_SHA256: "HMAC_SHA256";
-    readonly HMAC_SHA384: "HMAC_SHA384";
-    readonly HMAC_SHA512: "HMAC_SHA512";
-    readonly TDES_2KEY: "TDES_2KEY";
-    readonly TDES_3KEY: "TDES_3KEY";
-};
-/**
- * @public
- */
-export type SymmetricKeyAlgorithm = (typeof SymmetricKeyAlgorithm)[keyof typeof SymmetricKeyAlgorithm];
 /**
  * @public
  * @enum
@@ -188,11 +188,24 @@ export declare const PinBlockPaddingType: {
  * @public
  */
 export type PinBlockPaddingType = (typeof PinBlockPaddingType)[keyof typeof PinBlockPaddingType];
+/**
+ * @public
+ * @enum
+ */
+export declare const RandomKeySendVariantMask: {
+    readonly VARIANT_MASK_82: "VARIANT_MASK_82";
+    readonly VARIANT_MASK_82C0: "VARIANT_MASK_82C0";
+};
+/**
+ * @public
+ */
+export type RandomKeySendVariantMask = (typeof RandomKeySendVariantMask)[keyof typeof RandomKeySendVariantMask];
 /**
  * @public
  * @enum
  */
 export declare const MacAlgorithm: {
+    readonly AS2805_4_1: "AS2805_4_1";
     readonly CMAC: "CMAC";
     readonly HMAC: "HMAC";
     readonly HMAC_SHA224: "HMAC_SHA224";

package/dist-types/models/models_0.d.ts

@@ -1,4 +1,4 @@
-import { DukptDerivationType, DukptEncryptionMode, DukptKeyVariant, EmvEncryptionMode, EmvMajorKeyDerivationMode, EncryptionMode, KeyCheckValueAlgorithm, KeyDerivationFunction, KeyDerivationHashAlgorithm, MacAlgorithm, MajorKeyDerivationMode, PaddingType, PinBlockFormatForEmvPinChange, PinBlockFormatForPinData, PinBlockLengthPosition, PinBlockPaddingType, SessionKeyDerivationMode, SymmetricKeyAlgorithm, WrappedKeyMaterialFormat } from "./enums";
+import { DukptDerivationType, DukptEncryptionMode, DukptKeyVariant, EmvEncryptionMode, EmvMajorKeyDerivationMode, EncryptionMode, KeyCheckValueAlgorithm, KeyDerivationFunction, KeyDerivationHashAlgorithm, MacAlgorithm, MajorKeyDerivationMode, PaddingType, PinBlockFormatForEmvPinChange, PinBlockFormatForPinData, PinBlockLengthPosition, PinBlockPaddingType, RandomKeySendVariantMask, SessionKeyDerivationMode, SymmetricKeyAlgorithm, WrappedKeyMaterialFormat } from "./enums";
 /**
  * <p>The parameter values of the current PIN to be changed on the EMV chip card.</p>
  * @public
@@ -78,6 +78,89 @@ export interface AmexCardSecurityCodeVersion2 {
      */
     ServiceCode: string | undefined;
 }
+/**
+ * <p>Parameter information for generating a KEK validation request during node-to-node initialization.</p>
+ * @public
+ */
+export interface KekValidationRequest {
+    /**
+     * <p>The key derivation algorithm to use for generating a KEK validation request.</p>
+     * @public
+     */
+    DeriveKeyAlgorithm: SymmetricKeyAlgorithm | undefined;
+}
+/**
+ * <p>Parameter information for generating a KEK validation response during node-to-node initialization.</p>
+ * @public
+ */
+export interface KekValidationResponse {
+    /**
+     * <p>The random key for generating a KEK validation response.</p>
+     * @public
+     */
+    RandomKeySend: string | undefined;
+}
+/**
+ * <p>Parameter information for generating a random key for KEK validation to perform node-to-node initialization.</p>
+ * @public
+ */
+export type As2805KekValidationType = As2805KekValidationType.KekValidationRequestMember | As2805KekValidationType.KekValidationResponseMember | As2805KekValidationType.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace As2805KekValidationType {
+    /**
+     * <p>Parameter information for generating a KEK validation request during node-to-node initialization.</p>
+     * @public
+     */
+    interface KekValidationRequestMember {
+        KekValidationRequest: KekValidationRequest;
+        KekValidationResponse?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>Parameter information for generating a KEK validation response during node-to-node initialization.</p>
+     * @public
+     */
+    interface KekValidationResponseMember {
+        KekValidationRequest?: never;
+        KekValidationResponse: KekValidationResponse;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        KekValidationRequest?: never;
+        KekValidationResponse?: never;
+        $unknown: [string, any];
+    }
+    /**
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        KekValidationRequest: (value: KekValidationRequest) => T;
+        KekValidationResponse: (value: KekValidationResponse) => T;
+        _: (name: string, value: any) => T;
+    }
+}
+/**
+ * <p>Parameter information to use a PEK derived using AS2805.</p>
+ * @public
+ */
+export interface As2805PekDerivationAttributes {
+    /**
+     * <p>The system trace audit number for the transaction.</p>
+     * @public
+     */
+    SystemTraceAuditNumber: string | undefined;
+    /**
+     * <p>The transaction amount for the transaction.</p>
+     * @public
+     */
+    TransactionAmount: string | undefined;
+}
 /**
  * <p>Parameters for plaintext encryption using asymmetric keys.</p>
  * @public
@@ -1234,6 +1317,51 @@ export interface EncryptDataOutput {
      */
     CipherText: string | undefined;
 }
+/**
+ * @public
+ */
+export interface GenerateAs2805KekValidationInput {
+    /**
+     * <p>The <code>keyARN</code> of sending KEK that Amazon Web Services Payment Cryptography uses for node-to-node initialization</p>
+     * @public
+     */
+    KeyIdentifier: string | undefined;
+    /**
+     * <p>Parameter information for generating a random key for KEK validation to perform node-to-node initialization.</p>
+     * @public
+     */
+    KekValidationType: As2805KekValidationType | undefined;
+    /**
+     * <p>The key variant to use for generating a random key for KEK validation during node-to-node initialization.</p>
+     * @public
+     */
+    RandomKeySendVariantMask: RandomKeySendVariantMask | undefined;
+}
+/**
+ * @public
+ */
+export interface GenerateAs2805KekValidationOutput {
+    /**
+     * <p>The <code>keyARN</code> of sending KEK that Amazon Web Services Payment Cryptography validates for node-to-node initialization</p>
+     * @public
+     */
+    KeyArn: string | undefined;
+    /**
+     * <p>The key check value (KCV) of the sending KEK that Amazon Web Services Payment Cryptography validates for node-to-node initialization.</p>
+     * @public
+     */
+    KeyCheckValue: string | undefined;
+    /**
+     * <p>The random key generated for sending KEK validation.</p>
+     * @public
+     */
+    RandomKeySend: string | undefined;
+    /**
+     * <p>The random key generated for receiving KEK validation. The initiating node sends this key to its partner node for validation.</p>
+     * @public
+     */
+    RandomKeyReceive: string | undefined;
+}
 /**
  * @public
  */
@@ -1894,7 +2022,7 @@ export interface GeneratePinDataInput {
      */
     PrimaryAccountNumber?: string | undefined;
     /**
-     * <p>The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports <code>ISO_Format_0</code>, <code>ISO_Format_3</code> and <code>ISO_Format_4</code>.</p> <p>The <code>ISO_Format_0</code> PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.</p> <p>The <code>ISO_Format_3</code> PIN block format is the same as <code>ISO_Format_0</code> except that the fill digits are random values from 10 to 15.</p> <p>The <code>ISO_Format_4</code> PIN block format is the only one supporting AES encryption. It is similar to <code>ISO_Format_3</code> but doubles the pin block length by padding with fill digit A and random values from 10 to 15.</p>
+     * <p>The PIN encoding format for pin data generation as specified in ISO 9564. Amazon Web Services Payment Cryptography supports <code>ISO_Format_0</code>, <code>ISO_Format_3</code> and <code>ISO_Format_4</code>.</p> <p>The <code>ISO_Format_0</code> PIN block format is equivalent to the ANSI X9.8, VISA-1, and ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports a PIN from 4 to 12 digits in length.</p> <p>The <code>ISO_Format_3</code> PIN block format is the same as <code>ISO_Format_0</code> except that the fill digits are random values from 10 to 15.</p> <p>The <code>ISO_Format_4</code> PIN block format is the only one supporting AES encryption.</p>
      * @public
      */
     PinBlockFormat: PinBlockFormatForPinData | undefined;
@@ -2253,7 +2381,7 @@ export interface TranslateKeyMaterialInput {
      */
     OutgoingKeyMaterial: OutgoingKeyMaterial | undefined;
     /**
-     * <p>The key check value (KCV) algorithm used for calculating the KCV.</p>
+     * <p>The key check value (KCV) algorithm used for calculating the KCV of the derived key.</p>
      * @public
      */
     KeyCheckValueAlgorithm?: KeyCheckValueAlgorithm | undefined;
@@ -2290,7 +2418,18 @@ export interface TranslateKeyMaterialOutput {
     WrappedKey: WrappedWorkingKey | undefined;
 }
 /**
- * <p>Parameters that are required for tranlation between ISO9564 PIN format 0,3,4 tranlation.</p>
+ * <p>Parameters that are required for translation between AS2805 PIN format 0 translation.</p>
+ * @public
+ */
+export interface TranslationPinDataAs2805Format0 {
+    /**
+     * <p>The Primary Account Number (PAN) of the cardholder. A PAN is a unique identifier for a payment credit or debit card and associates the card to a specific account holder.</p>
+     * @public
+     */
+    PrimaryAccountNumber: string | undefined;
+}
+/**
+ * <p>Parameters that are required for translation between ISO9564 PIN format 0,3,4 translation.</p>
  * @public
  */
 export interface TranslationPinDataIsoFormat034 {
@@ -2301,7 +2440,7 @@ export interface TranslationPinDataIsoFormat034 {
     PrimaryAccountNumber: string | undefined;
 }
 /**
- * <p>Parameters that are required for ISO9564 PIN format 1 tranlation.</p>
+ * <p>Parameters that are required for ISO9564 PIN format 1 translation.</p>
  * @public
  */
 export interface TranslationPinDataIsoFormat1 {
@@ -2310,13 +2449,13 @@ export interface TranslationPinDataIsoFormat1 {
  * <p>Parameters that are required for translation between ISO9564 PIN block formats 0,1,3,4.</p>
  * @public
  */
-export type TranslationIsoFormats = TranslationIsoFormats.IsoFormat0Member | TranslationIsoFormats.IsoFormat1Member | TranslationIsoFormats.IsoFormat3Member | TranslationIsoFormats.IsoFormat4Member | TranslationIsoFormats.$UnknownMember;
+export type TranslationIsoFormats = TranslationIsoFormats.As2805Format0Member | TranslationIsoFormats.IsoFormat0Member | TranslationIsoFormats.IsoFormat1Member | TranslationIsoFormats.IsoFormat3Member | TranslationIsoFormats.IsoFormat4Member | TranslationIsoFormats.$UnknownMember;
 /**
  * @public
  */
 export declare namespace TranslationIsoFormats {
     /**
-     * <p>Parameters that are required for ISO9564 PIN format 0 tranlation.</p>
+     * <p>Parameters that are required for ISO9564 PIN format 0 translation.</p>
      * @public
      */
     interface IsoFormat0Member {
@@ -2324,10 +2463,11 @@ export declare namespace TranslationIsoFormats {
         IsoFormat1?: never;
         IsoFormat3?: never;
         IsoFormat4?: never;
+        As2805Format0?: never;
         $unknown?: never;
     }
     /**
-     * <p>Parameters that are required for ISO9564 PIN format 1 tranlation.</p>
+     * <p>Parameters that are required for ISO9564 PIN format 1 translation.</p>
      * @public
      */
     interface IsoFormat1Member {
@@ -2335,10 +2475,11 @@ export declare namespace TranslationIsoFormats {
         IsoFormat1: TranslationPinDataIsoFormat1;
         IsoFormat3?: never;
         IsoFormat4?: never;
+        As2805Format0?: never;
         $unknown?: never;
     }
     /**
-     * <p>Parameters that are required for ISO9564 PIN format 3 tranlation.</p>
+     * <p>Parameters that are required for ISO9564 PIN format 3 translation.</p>
      * @public
      */
     interface IsoFormat3Member {
@@ -2346,10 +2487,11 @@ export declare namespace TranslationIsoFormats {
         IsoFormat1?: never;
         IsoFormat3: TranslationPinDataIsoFormat034;
         IsoFormat4?: never;
+        As2805Format0?: never;
         $unknown?: never;
     }
     /**
-     * <p>Parameters that are required for ISO9564 PIN format 4 tranlation.</p>
+     * <p>Parameters that are required for ISO9564 PIN format 4 translation.</p>
      * @public
      */
     interface IsoFormat4Member {
@@ -2357,6 +2499,19 @@ export declare namespace TranslationIsoFormats {
         IsoFormat1?: never;
         IsoFormat3?: never;
         IsoFormat4: TranslationPinDataIsoFormat034;
+        As2805Format0?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>Parameters that are required for AS2805 PIN format 0 translation.</p>
+     * @public
+     */
+    interface As2805Format0Member {
+        IsoFormat0?: never;
+        IsoFormat1?: never;
+        IsoFormat3?: never;
+        IsoFormat4?: never;
+        As2805Format0: TranslationPinDataAs2805Format0;
         $unknown?: never;
     }
     /**
@@ -2367,6 +2522,7 @@ export declare namespace TranslationIsoFormats {
         IsoFormat1?: never;
         IsoFormat3?: never;
         IsoFormat4?: never;
+        As2805Format0?: never;
         $unknown: [string, any];
     }
     /**
@@ -2378,6 +2534,7 @@ export declare namespace TranslationIsoFormats {
         IsoFormat1: (value: TranslationPinDataIsoFormat1) => T;
         IsoFormat3: (value: TranslationPinDataIsoFormat034) => T;
         IsoFormat4: (value: TranslationPinDataIsoFormat034) => T;
+        As2805Format0: (value: TranslationPinDataAs2805Format0) => T;
         _: (name: string, value: any) => T;
     }
 }
@@ -2430,6 +2587,11 @@ export interface TranslatePinDataInput {
      * @public
      */
     OutgoingWrappedKey?: WrappedKey | undefined;
+    /**
+     * <p>The attributes and values to use for incoming AS2805 encryption key for PIN block translation.</p>
+     * @public
+     */
+    IncomingAs2805Attributes?: As2805PekDerivationAttributes | undefined;
 }
 /**
  * @public