@aws-sdk/client-payment-cryptography 3.349.0

package/dist-types/commands/CreateKeyCommand.d.ts

@@ -0,0 +1,175 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { CreateKeyInput, CreateKeyOutput } from "../models/models_0";
+import { PaymentCryptographyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PaymentCryptographyClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link CreateKeyCommand}.
+ */
+export interface CreateKeyCommandInput extends CreateKeyInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link CreateKeyCommand}.
+ */
+export interface CreateKeyCommandOutput extends CreateKeyOutput, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Creates an Amazon Web Services Payment Cryptography key, a logical representation of a cryptographic key, that is unique in your account and Amazon Web Services Region. You use keys for cryptographic functions such as encryption and decryption. </p>
+ *          <p>In addition to the key material used in cryptographic operations, an Amazon Web Services Payment Cryptography key includes metadata such as the key ARN, key usage, key origin, creation date, description, and key state.</p>
+ *          <p>When you create a key, you specify both immutable and mutable data about the key. The immutable data contains key attributes that defines the scope and cryptographic operations that you can perform using the key, for example key class (example: <code>SYMMETRIC_KEY</code>), key algorithm (example: <code>TDES_2KEY</code>), key usage (example: <code>TR31_P0_PIN_ENCRYPTION_KEY</code>) and key modes of use (example: <code>Encrypt</code>). For information about valid combinations of key attributes, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html">Understanding key attributes</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>. The mutable data contained within a key includes usage timestamp and key deletion timestamp and can be modified after creation.</p>
+ *          <p>Amazon Web Services Payment Cryptography binds key attributes to keys using key blocks when you store or export them. Amazon Web Services Payment Cryptography stores the key contents wrapped and never stores or transmits them in the clear. </p>
+ *          <p>
+ *             <b>Cross-account use</b>: This operation can't be used across different Amazon Web Services accounts.</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>DeleteKey</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>GetKey</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeys</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PaymentCryptographyClient, CreateKeyCommand } from "@aws-sdk/client-payment-cryptography"; // ES Modules import
+ * // const { PaymentCryptographyClient, CreateKeyCommand } = require("@aws-sdk/client-payment-cryptography"); // CommonJS import
+ * const client = new PaymentCryptographyClient(config);
+ * const input = { // CreateKeyInput
+ *   KeyAttributes: { // KeyAttributes
+ *     KeyUsage: "STRING_VALUE", // required
+ *     KeyClass: "STRING_VALUE", // required
+ *     KeyAlgorithm: "STRING_VALUE", // required
+ *     KeyModesOfUse: { // KeyModesOfUse
+ *       Encrypt: true || false,
+ *       Decrypt: true || false,
+ *       Wrap: true || false,
+ *       Unwrap: true || false,
+ *       Generate: true || false,
+ *       Sign: true || false,
+ *       Verify: true || false,
+ *       DeriveKey: true || false,
+ *       NoRestrictions: true || false,
+ *     },
+ *   },
+ *   KeyCheckValueAlgorithm: "STRING_VALUE",
+ *   Exportable: true || false, // required
+ *   Enabled: true || false,
+ *   Tags: [ // Tags
+ *     { // Tag
+ *       Key: "STRING_VALUE", // required
+ *       Value: "STRING_VALUE",
+ *     },
+ *   ],
+ * };
+ * const command = new CreateKeyCommand(input);
+ * const response = await client.send(command);
+ * // { // CreateKeyOutput
+ * //   Key: { // Key
+ * //     KeyArn: "STRING_VALUE", // required
+ * //     KeyAttributes: { // KeyAttributes
+ * //       KeyUsage: "STRING_VALUE", // required
+ * //       KeyClass: "STRING_VALUE", // required
+ * //       KeyAlgorithm: "STRING_VALUE", // required
+ * //       KeyModesOfUse: { // KeyModesOfUse
+ * //         Encrypt: true || false,
+ * //         Decrypt: true || false,
+ * //         Wrap: true || false,
+ * //         Unwrap: true || false,
+ * //         Generate: true || false,
+ * //         Sign: true || false,
+ * //         Verify: true || false,
+ * //         DeriveKey: true || false,
+ * //         NoRestrictions: true || false,
+ * //       },
+ * //     },
+ * //     KeyCheckValue: "STRING_VALUE", // required
+ * //     KeyCheckValueAlgorithm: "STRING_VALUE", // required
+ * //     Enabled: true || false, // required
+ * //     Exportable: true || false, // required
+ * //     KeyState: "STRING_VALUE", // required
+ * //     KeyOrigin: "STRING_VALUE", // required
+ * //     CreateTimestamp: new Date("TIMESTAMP"), // required
+ * //     UsageStartTimestamp: new Date("TIMESTAMP"),
+ * //     UsageStopTimestamp: new Date("TIMESTAMP"),
+ * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
+ * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param CreateKeyCommandInput - {@link CreateKeyCommandInput}
+ * @returns {@link CreateKeyCommandOutput}
+ * @see {@link CreateKeyCommandInput} for command's `input` shape.
+ * @see {@link CreateKeyCommandOutput} for command's `response` shape.
+ * @see {@link PaymentCryptographyClientResolvedConfig | config} for PaymentCryptographyClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request can cause an inconsistent state for the resource.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception, or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The request was denied due to an invalid resource error.</p>
+ *
+ * @throws {@link ServiceQuotaExceededException} (client fault)
+ *  <p>This request would cause a service quota to be exceeded.</p>
+ *
+ * @throws {@link ServiceUnavailableException} (server fault)
+ *  <p>The service cannot complete the request.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The request was denied due to an invalid request error.</p>
+ *
+ * @throws {@link PaymentCryptographyServiceException}
+ * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
+ *
+ */
+export declare class CreateKeyCommand extends $Command<CreateKeyCommandInput, CreateKeyCommandOutput, PaymentCryptographyClientResolvedConfig> {
+    readonly input: CreateKeyCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: CreateKeyCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PaymentCryptographyClientResolvedConfig, options?: __HttpHandlerOptions): Handler<CreateKeyCommandInput, CreateKeyCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/DeleteAliasCommand.d.ts

@@ -0,0 +1,120 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { DeleteAliasInput, DeleteAliasOutput } from "../models/models_0";
+import { PaymentCryptographyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PaymentCryptographyClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link DeleteAliasCommand}.
+ */
+export interface DeleteAliasCommandInput extends DeleteAliasInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link DeleteAliasCommand}.
+ */
+export interface DeleteAliasCommandOutput extends DeleteAliasOutput, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Deletes the alias, but doesn't affect the underlying key.</p>
+ *          <p>Each key can have multiple aliases. To get the aliases of all keys, use the <a>ListAliases</a> operation. To change the alias of a key, first use <a>DeleteAlias</a> to delete the current alias and then use <a>CreateAlias</a> to create a new alias. To associate an existing alias with a different key, call <a>UpdateAlias</a>.</p>
+ *          <p>
+ *             <b>Cross-account use:</b> This operation can't be used across different Amazon Web Services accounts.</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>CreateAlias</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>GetAlias</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListAliases</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>UpdateAlias</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PaymentCryptographyClient, DeleteAliasCommand } from "@aws-sdk/client-payment-cryptography"; // ES Modules import
+ * // const { PaymentCryptographyClient, DeleteAliasCommand } = require("@aws-sdk/client-payment-cryptography"); // CommonJS import
+ * const client = new PaymentCryptographyClient(config);
+ * const input = { // DeleteAliasInput
+ *   AliasName: "STRING_VALUE", // required
+ * };
+ * const command = new DeleteAliasCommand(input);
+ * const response = await client.send(command);
+ * // {};
+ *
+ * ```
+ *
+ * @param DeleteAliasCommandInput - {@link DeleteAliasCommandInput}
+ * @returns {@link DeleteAliasCommandOutput}
+ * @see {@link DeleteAliasCommandInput} for command's `input` shape.
+ * @see {@link DeleteAliasCommandOutput} for command's `response` shape.
+ * @see {@link PaymentCryptographyClientResolvedConfig | config} for PaymentCryptographyClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request can cause an inconsistent state for the resource.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception, or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The request was denied due to an invalid resource error.</p>
+ *
+ * @throws {@link ServiceUnavailableException} (server fault)
+ *  <p>The service cannot complete the request.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The request was denied due to an invalid request error.</p>
+ *
+ * @throws {@link PaymentCryptographyServiceException}
+ * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
+ *
+ */
+export declare class DeleteAliasCommand extends $Command<DeleteAliasCommandInput, DeleteAliasCommandOutput, PaymentCryptographyClientResolvedConfig> {
+    readonly input: DeleteAliasCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: DeleteAliasCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PaymentCryptographyClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DeleteAliasCommandInput, DeleteAliasCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/DeleteKeyCommand.d.ts

@@ -0,0 +1,149 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { DeleteKeyInput, DeleteKeyOutput } from "../models/models_0";
+import { PaymentCryptographyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PaymentCryptographyClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link DeleteKeyCommand}.
+ */
+export interface DeleteKeyCommandInput extends DeleteKeyInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link DeleteKeyCommand}.
+ */
+export interface DeleteKeyCommandOutput extends DeleteKeyOutput, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Deletes the key material and all metadata associated with Amazon Web Services Payment Cryptography key.</p>
+ *          <p>Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key. For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key, and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period. The default waiting period is 7 days. To set a different waiting period, set <code>DeleteKeyInDays</code>. During the waiting period, the <code>KeyState</code> is <code>DELETE_PENDING</code>. After the key is deleted, the <code>KeyState</code> is <code>DELETE_COMPLETE</code>.</p>
+ *          <p>If you delete key material, you can use <a>ImportKey</a> to reimport the same key material into the Amazon Web Services Payment Cryptography key.</p>
+ *          <p>You should delete a key only when you are sure that you don't need to use it anymore and no other parties are utilizing this key. If you aren't sure, consider deactivating it instead by calling <a>StopKeyUsage</a>.</p>
+ *          <p>
+ *             <b>Cross-account use:</b> This operation can't be used across different Amazon Web Services accounts.</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>RestoreKey</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>StartKeyUsage</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>StopKeyUsage</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PaymentCryptographyClient, DeleteKeyCommand } from "@aws-sdk/client-payment-cryptography"; // ES Modules import
+ * // const { PaymentCryptographyClient, DeleteKeyCommand } = require("@aws-sdk/client-payment-cryptography"); // CommonJS import
+ * const client = new PaymentCryptographyClient(config);
+ * const input = { // DeleteKeyInput
+ *   KeyIdentifier: "STRING_VALUE", // required
+ *   DeleteKeyInDays: Number("int"),
+ * };
+ * const command = new DeleteKeyCommand(input);
+ * const response = await client.send(command);
+ * // { // DeleteKeyOutput
+ * //   Key: { // Key
+ * //     KeyArn: "STRING_VALUE", // required
+ * //     KeyAttributes: { // KeyAttributes
+ * //       KeyUsage: "STRING_VALUE", // required
+ * //       KeyClass: "STRING_VALUE", // required
+ * //       KeyAlgorithm: "STRING_VALUE", // required
+ * //       KeyModesOfUse: { // KeyModesOfUse
+ * //         Encrypt: true || false,
+ * //         Decrypt: true || false,
+ * //         Wrap: true || false,
+ * //         Unwrap: true || false,
+ * //         Generate: true || false,
+ * //         Sign: true || false,
+ * //         Verify: true || false,
+ * //         DeriveKey: true || false,
+ * //         NoRestrictions: true || false,
+ * //       },
+ * //     },
+ * //     KeyCheckValue: "STRING_VALUE", // required
+ * //     KeyCheckValueAlgorithm: "STRING_VALUE", // required
+ * //     Enabled: true || false, // required
+ * //     Exportable: true || false, // required
+ * //     KeyState: "STRING_VALUE", // required
+ * //     KeyOrigin: "STRING_VALUE", // required
+ * //     CreateTimestamp: new Date("TIMESTAMP"), // required
+ * //     UsageStartTimestamp: new Date("TIMESTAMP"),
+ * //     UsageStopTimestamp: new Date("TIMESTAMP"),
+ * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
+ * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param DeleteKeyCommandInput - {@link DeleteKeyCommandInput}
+ * @returns {@link DeleteKeyCommandOutput}
+ * @see {@link DeleteKeyCommandInput} for command's `input` shape.
+ * @see {@link DeleteKeyCommandOutput} for command's `response` shape.
+ * @see {@link PaymentCryptographyClientResolvedConfig | config} for PaymentCryptographyClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request can cause an inconsistent state for the resource.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception, or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The request was denied due to an invalid resource error.</p>
+ *
+ * @throws {@link ServiceUnavailableException} (server fault)
+ *  <p>The service cannot complete the request.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The request was denied due to an invalid request error.</p>
+ *
+ * @throws {@link PaymentCryptographyServiceException}
+ * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
+ *
+ */
+export declare class DeleteKeyCommand extends $Command<DeleteKeyCommandInput, DeleteKeyCommandOutput, PaymentCryptographyClientResolvedConfig> {
+    readonly input: DeleteKeyCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: DeleteKeyCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PaymentCryptographyClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DeleteKeyCommandInput, DeleteKeyCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/ExportKeyCommand.d.ts

@@ -0,0 +1,153 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { ExportKeyInput, ExportKeyOutput } from "../models/models_0";
+import { PaymentCryptographyClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../PaymentCryptographyClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link ExportKeyCommand}.
+ */
+export interface ExportKeyCommandInput extends ExportKeyInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link ExportKeyCommand}.
+ */
+export interface ExportKeyCommandOutput extends ExportKeyOutput, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Exports a key from Amazon Web Services Payment Cryptography using either ANSI X9 TR-34 or TR-31 key export standard.</p>
+ *          <p>Amazon Web Services Payment Cryptography simplifies main or root key exchange process by eliminating the need of a paper-based key exchange process. It takes a modern and secure approach based of the ANSI X9 TR-34 key exchange standard.</p>
+ *          <p>You can use <code>ExportKey</code> to export main or root keys such as KEK (Key Encryption Key), using asymmetric key exchange technique following ANSI X9 TR-34 standard. The ANSI X9 TR-34 standard uses asymmetric keys to establishes bi-directional trust between the two parties exchanging keys. After which you can export working keys using the ANSI X9 TR-31 symmetric key exchange standard as mandated by PCI PIN. Using this operation, you can share your Amazon Web Services Payment Cryptography generated keys with other service partners to perform cryptographic operations outside of Amazon Web Services Payment Cryptography </p>
+ *          <p>
+ *             <b>TR-34 key export</b>
+ *          </p>
+ *          <p>Amazon Web Services Payment Cryptography uses TR-34 asymmetric key exchange standard to export main keys such as KEK. In TR-34 terminology, the sending party of the key is called Key Distribution Host (KDH) and the receiving party of the key is called Key Receiving Host (KRH). In key export process, KDH is Amazon Web Services Payment Cryptography which initiates key export. KRH is the user receiving the key. Before you initiate TR-34 key export, you must obtain an export token by calling <a>GetParametersForExport</a>. This operation also returns the signing key certificate that KDH uses to sign the wrapped key to generate a TR-34 wrapped key block. The export token expires after 7 days.</p>
+ *          <p>Set the following parameters:</p>
+ *          <dl>
+ *             <dt>CertificateAuthorityPublicKeyIdentifier</dt>
+ *             <dd>
+ *                <p>The <code>KeyARN</code> of the certificate chain that will sign the wrapping key certificate. This must exist within Amazon Web Services Payment Cryptography before you initiate TR-34 key export. If it does not exist, you can import it by calling <a>ImportKey</a> for <code>RootCertificatePublicKey</code>.</p>
+ *             </dd>
+ *             <dt>ExportToken</dt>
+ *             <dd>
+ *                <p>Obtained from KDH by calling <a>GetParametersForExport</a>.</p>
+ *             </dd>
+ *             <dt>WrappingKeyCertificate</dt>
+ *             <dd>
+ *                <p>Amazon Web Services Payment Cryptography uses this to wrap the key under export.</p>
+ *             </dd>
+ *          </dl>
+ *          <p>When this operation is successful, Amazon Web Services Payment Cryptography returns the TR-34 wrapped key block. </p>
+ *          <p>
+ *             <b>TR-31 key export</b>
+ *          </p>
+ *          <p>Amazon Web Services Payment Cryptography uses TR-31 symmetric key exchange standard to export working keys. In TR-31, you must use a main key such as KEK to encrypt or wrap the key under export. To establish a KEK, you can use <a>CreateKey</a> or <a>ImportKey</a>. When this operation is successful, Amazon Web Services Payment Cryptography returns a TR-31 wrapped key block. </p>
+ *          <p>
+ *             <b>Cross-account use:</b> This operation can't be used across different Amazon Web Services accounts.</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>GetParametersForExport</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ImportKey</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { PaymentCryptographyClient, ExportKeyCommand } from "@aws-sdk/client-payment-cryptography"; // ES Modules import
+ * // const { PaymentCryptographyClient, ExportKeyCommand } = require("@aws-sdk/client-payment-cryptography"); // CommonJS import
+ * const client = new PaymentCryptographyClient(config);
+ * const input = { // ExportKeyInput
+ *   KeyMaterial: { // ExportKeyMaterial Union: only one key present
+ *     Tr31KeyBlock: { // ExportTr31KeyBlock
+ *       WrappingKeyIdentifier: "STRING_VALUE", // required
+ *     },
+ *     Tr34KeyBlock: { // ExportTr34KeyBlock
+ *       CertificateAuthorityPublicKeyIdentifier: "STRING_VALUE", // required
+ *       WrappingKeyCertificate: "STRING_VALUE", // required
+ *       ExportToken: "STRING_VALUE", // required
+ *       KeyBlockFormat: "STRING_VALUE", // required
+ *       RandomNonce: "STRING_VALUE",
+ *     },
+ *   },
+ *   ExportKeyIdentifier: "STRING_VALUE", // required
+ * };
+ * const command = new ExportKeyCommand(input);
+ * const response = await client.send(command);
+ * // { // ExportKeyOutput
+ * //   WrappedKey: { // WrappedKey
+ * //     WrappingKeyArn: "STRING_VALUE", // required
+ * //     WrappedKeyMaterialFormat: "STRING_VALUE", // required
+ * //     KeyMaterial: "STRING_VALUE", // required
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param ExportKeyCommandInput - {@link ExportKeyCommandInput}
+ * @returns {@link ExportKeyCommandOutput}
+ * @see {@link ExportKeyCommandInput} for command's `input` shape.
+ * @see {@link ExportKeyCommandOutput} for command's `response` shape.
+ * @see {@link PaymentCryptographyClientResolvedConfig | config} for PaymentCryptographyClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>This request can cause an inconsistent state for the resource.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception, or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The request was denied due to an invalid resource error.</p>
+ *
+ * @throws {@link ServiceUnavailableException} (server fault)
+ *  <p>The service cannot complete the request.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The request was denied due to an invalid request error.</p>
+ *
+ * @throws {@link PaymentCryptographyServiceException}
+ * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
+ *
+ */
+export declare class ExportKeyCommand extends $Command<ExportKeyCommandInput, ExportKeyCommandOutput, PaymentCryptographyClientResolvedConfig> {
+    readonly input: ExportKeyCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: ExportKeyCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: PaymentCryptographyClientResolvedConfig, options?: __HttpHandlerOptions): Handler<ExportKeyCommandInput, ExportKeyCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}