@aws-sdk/client-payment-cryptography 3.775.0 → 3.778.0

package/dist-types/commands/StopKeyUsageCommand.d.ts

@@ -87,6 +87,7 @@ declare const StopKeyUsageCommand_base: {
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *
@@ -125,6 +126,7 @@ declare const StopKeyUsageCommand_base: {
  * @throws {@link PaymentCryptographyServiceException}
  * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
  *
+ *
  * @public
  */
 export declare class StopKeyUsageCommand extends StopKeyUsageCommand_base {

package/dist-types/commands/TagResourceCommand.d.ts

@@ -103,6 +103,7 @@ declare const TagResourceCommand_base: {
  * @throws {@link PaymentCryptographyServiceException}
  * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
  *
+ *
  * @public
  */
 export declare class TagResourceCommand extends TagResourceCommand_base {

package/dist-types/commands/UntagResourceCommand.d.ts

@@ -96,6 +96,7 @@ declare const UntagResourceCommand_base: {
  * @throws {@link PaymentCryptographyServiceException}
  * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
  *
+ *
  * @public
  */
 export declare class UntagResourceCommand extends UntagResourceCommand_base {

package/dist-types/commands/UpdateAliasCommand.d.ts

@@ -106,6 +106,7 @@ declare const UpdateAliasCommand_base: {
  * @throws {@link PaymentCryptographyServiceException}
  * <p>Base exception class for all service exceptions from PaymentCryptography service.</p>
  *
+ *
  * @public
  */
 export declare class UpdateAliasCommand extends UpdateAliasCommand_base {

package/dist-types/models/models_0.d.ts

@@ -251,6 +251,35 @@ export interface UpdateAliasOutput {
      */
     Alias: Alias | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const DeriveKeyUsage: {
+    readonly TR31_B0_BASE_DERIVATION_KEY: "TR31_B0_BASE_DERIVATION_KEY";
+    readonly TR31_C0_CARD_VERIFICATION_KEY: "TR31_C0_CARD_VERIFICATION_KEY";
+    readonly TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY: "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY";
+    readonly TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS: "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS";
+    readonly TR31_E1_EMV_MKEY_CONFIDENTIALITY: "TR31_E1_EMV_MKEY_CONFIDENTIALITY";
+    readonly TR31_E2_EMV_MKEY_INTEGRITY: "TR31_E2_EMV_MKEY_INTEGRITY";
+    readonly TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS: "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS";
+    readonly TR31_E5_EMV_MKEY_CARD_PERSONALIZATION: "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION";
+    readonly TR31_E6_EMV_MKEY_OTHER: "TR31_E6_EMV_MKEY_OTHER";
+    readonly TR31_K0_KEY_ENCRYPTION_KEY: "TR31_K0_KEY_ENCRYPTION_KEY";
+    readonly TR31_K1_KEY_BLOCK_PROTECTION_KEY: "TR31_K1_KEY_BLOCK_PROTECTION_KEY";
+    readonly TR31_M1_ISO_9797_1_MAC_KEY: "TR31_M1_ISO_9797_1_MAC_KEY";
+    readonly TR31_M3_ISO_9797_3_MAC_KEY: "TR31_M3_ISO_9797_3_MAC_KEY";
+    readonly TR31_M6_ISO_9797_5_CMAC_KEY: "TR31_M6_ISO_9797_5_CMAC_KEY";
+    readonly TR31_M7_HMAC_KEY: "TR31_M7_HMAC_KEY";
+    readonly TR31_P0_PIN_ENCRYPTION_KEY: "TR31_P0_PIN_ENCRYPTION_KEY";
+    readonly TR31_P1_PIN_GENERATION_KEY: "TR31_P1_PIN_GENERATION_KEY";
+    readonly TR31_V1_IBM3624_PIN_VERIFICATION_KEY: "TR31_V1_IBM3624_PIN_VERIFICATION_KEY";
+    readonly TR31_V2_VISA_PIN_VERIFICATION_KEY: "TR31_V2_VISA_PIN_VERIFICATION_KEY";
+};
+/**
+ * @public
+ */
+export type DeriveKeyUsage = (typeof DeriveKeyUsage)[keyof typeof DeriveKeyUsage];
 /**
  * @public
  * @enum
@@ -261,6 +290,7 @@ export declare const KeyAlgorithm: {
     readonly AES_256: "AES_256";
     readonly ECC_NIST_P256: "ECC_NIST_P256";
     readonly ECC_NIST_P384: "ECC_NIST_P384";
+    readonly ECC_NIST_P521: "ECC_NIST_P521";
     readonly RSA_2048: "RSA_2048";
     readonly RSA_3072: "RSA_3072";
     readonly RSA_4096: "RSA_4096";
@@ -461,6 +491,11 @@ export interface CreateKeyInput {
      * @public
      */
     Tags?: Tag[] | undefined;
+    /**
+     * <p>The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.</p>
+     * @public
+     */
+    DeriveKeyUsage?: DeriveKeyUsage | undefined;
 }
 /**
  * @public
@@ -559,6 +594,11 @@ export interface Key {
      * @public
      */
     DeleteTimestamp?: Date | undefined;
+    /**
+     * <p>The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.</p>
+     * @public
+     */
+    DeriveKeyUsage?: DeriveKeyUsage | undefined;
 }
 /**
  * @public
@@ -595,6 +635,37 @@ export interface DeleteKeyOutput {
      */
     Key: Key | undefined;
 }
+/**
+ * <p>Derivation data used to derive an ECDH key.</p>
+ * @public
+ */
+export type DiffieHellmanDerivationData = DiffieHellmanDerivationData.SharedInformationMember | DiffieHellmanDerivationData.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace DiffieHellmanDerivationData {
+    /**
+     * <p>A byte string containing information that binds the ECDH derived key to the two parties involved or to the context of the key.</p>
+     *          <p>It may include details like identities of the two parties deriving the key, context of the operation, session IDs, and optionally a nonce. It must not contain zero bytes, and re-using shared information for multiple ECDH key derivations is not recommended.</p>
+     * @public
+     */
+    interface SharedInformationMember {
+        SharedInformation: string;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        SharedInformation?: never;
+        $unknown: [string, any];
+    }
+    interface Visitor<T> {
+        SharedInformation: (value: string) => T;
+        _: (name: string, value: any) => T;
+    }
+    const visit: <T>(value: DiffieHellmanDerivationData, visitor: Visitor<T>) => T;
+}
 /**
  * <p>Parameter information for IPEK generation during export.</p>
  * @public
@@ -628,35 +699,17 @@ export interface ExportAttributes {
  * @public
  * @enum
  */
-export declare const WrappingKeySpec: {
-    readonly RSA_OAEP_SHA_256: "RSA_OAEP_SHA_256";
-    readonly RSA_OAEP_SHA_512: "RSA_OAEP_SHA_512";
+export declare const SymmetricKeyAlgorithm: {
+    readonly AES_128: "AES_128";
+    readonly AES_192: "AES_192";
+    readonly AES_256: "AES_256";
+    readonly TDES_2KEY: "TDES_2KEY";
+    readonly TDES_3KEY: "TDES_3KEY";
 };
 /**
  * @public
  */
-export type WrappingKeySpec = (typeof WrappingKeySpec)[keyof typeof WrappingKeySpec];
-/**
- * <p>Parameter information for key material export using asymmetric RSA wrap and unwrap key exchange method.</p>
- * @public
- */
-export interface ExportKeyCryptogram {
-    /**
-     * <p>The <code>KeyARN</code> of the certificate chain that signs the wrapping key certificate during RSA wrap and unwrap key export.</p>
-     * @public
-     */
-    CertificateAuthorityPublicKeyIdentifier: string | undefined;
-    /**
-     * <p>The wrapping key certificate in PEM format (base64 encoded). Amazon Web Services Payment Cryptography uses this certificate to wrap the key under export.</p>
-     * @public
-     */
-    WrappingKeyCertificate: string | undefined;
-    /**
-     * <p>The wrapping spec for the key under export.</p>
-     * @public
-     */
-    WrappingSpec?: WrappingKeySpec | undefined;
-}
+export type SymmetricKeyAlgorithm = (typeof SymmetricKeyAlgorithm)[keyof typeof SymmetricKeyAlgorithm];
 /**
  * @public
  * @enum
@@ -698,6 +751,110 @@ export interface KeyBlockHeaders {
      */
     OptionalBlocks?: Record<string, string> | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyDerivationFunction: {
+    readonly ANSI_X963: "ANSI_X963";
+    readonly NIST_SP800: "NIST_SP800";
+};
+/**
+ * @public
+ */
+export type KeyDerivationFunction = (typeof KeyDerivationFunction)[keyof typeof KeyDerivationFunction];
+/**
+ * @public
+ * @enum
+ */
+export declare const KeyDerivationHashAlgorithm: {
+    readonly SHA_256: "SHA_256";
+    readonly SHA_384: "SHA_384";
+    readonly SHA_512: "SHA_512";
+};
+/**
+ * @public
+ */
+export type KeyDerivationHashAlgorithm = (typeof KeyDerivationHashAlgorithm)[keyof typeof KeyDerivationHashAlgorithm];
+/**
+ * <p>Parameter information for key material export using the asymmetric ECDH key exchange method.</p>
+ * @public
+ */
+export interface ExportDiffieHellmanTr31KeyBlock {
+    /**
+     * <p>The <code>keyARN</code> of the asymmetric ECC key.</p>
+     * @public
+     */
+    PrivateKeyIdentifier: string | undefined;
+    /**
+     * <p>The <code>keyARN</code> of the certificate that signed the client's <code>PublicKeyCertificate</code>.</p>
+     * @public
+     */
+    CertificateAuthorityPublicKeyIdentifier: string | undefined;
+    /**
+     * <p>The client's public key certificate in PEM format (base64 encoded) to use for ECDH key derivation.</p>
+     * @public
+     */
+    PublicKeyCertificate: string | undefined;
+    /**
+     * <p>The key algorithm of the derived ECDH key.</p>
+     * @public
+     */
+    DeriveKeyAlgorithm: SymmetricKeyAlgorithm | undefined;
+    /**
+     * <p>The key derivation function to use for deriving a key using ECDH.</p>
+     * @public
+     */
+    KeyDerivationFunction: KeyDerivationFunction | undefined;
+    /**
+     * <p>The hash type to use for deriving a key using ECDH.</p>
+     * @public
+     */
+    KeyDerivationHashAlgorithm: KeyDerivationHashAlgorithm | undefined;
+    /**
+     * <p>Derivation data used to derive an ECDH key.</p>
+     * @public
+     */
+    DerivationData: DiffieHellmanDerivationData | undefined;
+    /**
+     * <p>Optional metadata for export associated with the key material. This data is signed but transmitted in clear text.</p>
+     * @public
+     */
+    KeyBlockHeaders?: KeyBlockHeaders | undefined;
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const WrappingKeySpec: {
+    readonly RSA_OAEP_SHA_256: "RSA_OAEP_SHA_256";
+    readonly RSA_OAEP_SHA_512: "RSA_OAEP_SHA_512";
+};
+/**
+ * @public
+ */
+export type WrappingKeySpec = (typeof WrappingKeySpec)[keyof typeof WrappingKeySpec];
+/**
+ * <p>Parameter information for key material export using asymmetric RSA wrap and unwrap key exchange method.</p>
+ * @public
+ */
+export interface ExportKeyCryptogram {
+    /**
+     * <p>The <code>KeyARN</code> of the certificate chain that signs the wrapping key certificate during RSA wrap and unwrap key export.</p>
+     * @public
+     */
+    CertificateAuthorityPublicKeyIdentifier: string | undefined;
+    /**
+     * <p>The wrapping key certificate in PEM format (base64 encoded). Amazon Web Services Payment Cryptography uses this certificate to wrap the key under export.</p>
+     * @public
+     */
+    WrappingKeyCertificate: string | undefined;
+    /**
+     * <p>The wrapping spec for the key under export.</p>
+     * @public
+     */
+    WrappingSpec?: WrappingKeySpec | undefined;
+}
 /**
  * <p>Parameter information for key material export using symmetric TR-31 key exchange method.</p>
  * @public
@@ -765,7 +922,7 @@ export interface ExportTr34KeyBlock {
  * <p>Parameter information for key material export from Amazon Web Services Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.</p>
  * @public
  */
-export type ExportKeyMaterial = ExportKeyMaterial.KeyCryptogramMember | ExportKeyMaterial.Tr31KeyBlockMember | ExportKeyMaterial.Tr34KeyBlockMember | ExportKeyMaterial.$UnknownMember;
+export type ExportKeyMaterial = ExportKeyMaterial.DiffieHellmanTr31KeyBlockMember | ExportKeyMaterial.KeyCryptogramMember | ExportKeyMaterial.Tr31KeyBlockMember | ExportKeyMaterial.Tr34KeyBlockMember | ExportKeyMaterial.$UnknownMember;
 /**
  * @public
  */
@@ -778,6 +935,7 @@ export declare namespace ExportKeyMaterial {
         Tr31KeyBlock: ExportTr31KeyBlock;
         Tr34KeyBlock?: never;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown?: never;
     }
     /**
@@ -788,6 +946,7 @@ export declare namespace ExportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock: ExportTr34KeyBlock;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown?: never;
     }
     /**
@@ -798,6 +957,18 @@ export declare namespace ExportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock?: never;
         KeyCryptogram: ExportKeyCryptogram;
+        DiffieHellmanTr31KeyBlock?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>Parameter information for key material export using the asymmetric ECDH key exchange method.</p>
+     * @public
+     */
+    interface DiffieHellmanTr31KeyBlockMember {
+        Tr31KeyBlock?: never;
+        Tr34KeyBlock?: never;
+        KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock: ExportDiffieHellmanTr31KeyBlock;
         $unknown?: never;
     }
     /**
@@ -807,12 +978,14 @@ export declare namespace ExportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock?: never;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown: [string, any];
     }
     interface Visitor<T> {
         Tr31KeyBlock: (value: ExportTr31KeyBlock) => T;
         Tr34KeyBlock: (value: ExportTr34KeyBlock) => T;
         KeyCryptogram: (value: ExportKeyCryptogram) => T;
+        DiffieHellmanTr31KeyBlock: (value: ExportDiffieHellmanTr31KeyBlock) => T;
         _: (name: string, value: any) => T;
     }
     const visit: <T>(value: ExportKeyMaterial, visitor: Visitor<T>) => T;
@@ -1044,6 +1217,52 @@ export interface GetPublicKeyCertificateOutput {
      */
     KeyCertificateChain: string | undefined;
 }
+/**
+ * <p>Parameter information for key material import using the asymmetric ECDH key exchange method.</p>
+ * @public
+ */
+export interface ImportDiffieHellmanTr31KeyBlock {
+    /**
+     * <p>The <code>keyARN</code> of the asymmetric ECC key.</p>
+     * @public
+     */
+    PrivateKeyIdentifier: string | undefined;
+    /**
+     * <p>The <code>keyARN</code> of the certificate that signed the client's <code>PublicKeyCertificate</code>.</p>
+     * @public
+     */
+    CertificateAuthorityPublicKeyIdentifier: string | undefined;
+    /**
+     * <p>The client's public key certificate in PEM format (base64 encoded) to use for ECDH key derivation.</p>
+     * @public
+     */
+    PublicKeyCertificate: string | undefined;
+    /**
+     * <p>The key algorithm of the derived ECDH key.</p>
+     * @public
+     */
+    DeriveKeyAlgorithm: SymmetricKeyAlgorithm | undefined;
+    /**
+     * <p>The key derivation function to use for deriving a key using ECDH.</p>
+     * @public
+     */
+    KeyDerivationFunction: KeyDerivationFunction | undefined;
+    /**
+     * <p>The hash type to use for deriving a key using ECDH.</p>
+     * @public
+     */
+    KeyDerivationHashAlgorithm: KeyDerivationHashAlgorithm | undefined;
+    /**
+     * <p>Derivation data used to derive an ECDH key.</p>
+     * @public
+     */
+    DerivationData: DiffieHellmanDerivationData | undefined;
+    /**
+     * <p>The ECDH wrapped key block to import.</p>
+     * @public
+     */
+    WrappedKeyBlock: string | undefined;
+}
 /**
  * <p>Parameter information for key material import using asymmetric RSA wrap and unwrap key exchange method.</p>
  * @public
@@ -1168,7 +1387,7 @@ export interface TrustedCertificatePublicKey {
  * <p>Parameter information for key material import into Amazon Web Services Payment Cryptography using TR-31 or TR-34 or RSA wrap and unwrap key exchange method.</p>
  * @public
  */
-export type ImportKeyMaterial = ImportKeyMaterial.KeyCryptogramMember | ImportKeyMaterial.RootCertificatePublicKeyMember | ImportKeyMaterial.Tr31KeyBlockMember | ImportKeyMaterial.Tr34KeyBlockMember | ImportKeyMaterial.TrustedCertificatePublicKeyMember | ImportKeyMaterial.$UnknownMember;
+export type ImportKeyMaterial = ImportKeyMaterial.DiffieHellmanTr31KeyBlockMember | ImportKeyMaterial.KeyCryptogramMember | ImportKeyMaterial.RootCertificatePublicKeyMember | ImportKeyMaterial.Tr31KeyBlockMember | ImportKeyMaterial.Tr34KeyBlockMember | ImportKeyMaterial.TrustedCertificatePublicKeyMember | ImportKeyMaterial.$UnknownMember;
 /**
  * @public
  */
@@ -1183,6 +1402,7 @@ export declare namespace ImportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock?: never;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown?: never;
     }
     /**
@@ -1195,6 +1415,7 @@ export declare namespace ImportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock?: never;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown?: never;
     }
     /**
@@ -1207,6 +1428,7 @@ export declare namespace ImportKeyMaterial {
         Tr31KeyBlock: ImportTr31KeyBlock;
         Tr34KeyBlock?: never;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown?: never;
     }
     /**
@@ -1219,6 +1441,7 @@ export declare namespace ImportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock: ImportTr34KeyBlock;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown?: never;
     }
     /**
@@ -1231,6 +1454,20 @@ export declare namespace ImportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock?: never;
         KeyCryptogram: ImportKeyCryptogram;
+        DiffieHellmanTr31KeyBlock?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>Parameter information for key material import using the asymmetric ECDH key exchange method.</p>
+     * @public
+     */
+    interface DiffieHellmanTr31KeyBlockMember {
+        RootCertificatePublicKey?: never;
+        TrustedCertificatePublicKey?: never;
+        Tr31KeyBlock?: never;
+        Tr34KeyBlock?: never;
+        KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock: ImportDiffieHellmanTr31KeyBlock;
         $unknown?: never;
     }
     /**
@@ -1242,6 +1479,7 @@ export declare namespace ImportKeyMaterial {
         Tr31KeyBlock?: never;
         Tr34KeyBlock?: never;
         KeyCryptogram?: never;
+        DiffieHellmanTr31KeyBlock?: never;
         $unknown: [string, any];
     }
     interface Visitor<T> {
@@ -1250,6 +1488,7 @@ export declare namespace ImportKeyMaterial {
         Tr31KeyBlock: (value: ImportTr31KeyBlock) => T;
         Tr34KeyBlock: (value: ImportTr34KeyBlock) => T;
         KeyCryptogram: (value: ImportKeyCryptogram) => T;
+        DiffieHellmanTr31KeyBlock: (value: ImportDiffieHellmanTr31KeyBlock) => T;
         _: (name: string, value: any) => T;
     }
     const visit: <T>(value: ImportKeyMaterial, visitor: Visitor<T>) => T;
@@ -1516,11 +1755,15 @@ export interface UntagResourceOutput {
 /**
  * @internal
  */
-export declare const ExportKeyCryptogramFilterSensitiveLog: (obj: ExportKeyCryptogram) => any;
+export declare const KeyBlockHeadersFilterSensitiveLog: (obj: KeyBlockHeaders) => any;
 /**
  * @internal
  */
-export declare const KeyBlockHeadersFilterSensitiveLog: (obj: KeyBlockHeaders) => any;
+export declare const ExportDiffieHellmanTr31KeyBlockFilterSensitiveLog: (obj: ExportDiffieHellmanTr31KeyBlock) => any;
+/**
+ * @internal
+ */
+export declare const ExportKeyCryptogramFilterSensitiveLog: (obj: ExportKeyCryptogram) => any;
 /**
  * @internal
  */
@@ -1557,6 +1800,10 @@ export declare const GetParametersForImportOutputFilterSensitiveLog: (obj: GetPa
  * @internal
  */
 export declare const GetPublicKeyCertificateOutputFilterSensitiveLog: (obj: GetPublicKeyCertificateOutput) => any;
+/**
+ * @internal
+ */
+export declare const ImportDiffieHellmanTr31KeyBlockFilterSensitiveLog: (obj: ImportDiffieHellmanTr31KeyBlock) => any;
 /**
  * @internal
  */