@aws-sdk/client-payment-cryptography 3.830.0 → 3.833.0

package/dist-types/models/models_0.d.ts

@@ -19,10 +19,7 @@ export declare class AccessDeniedException extends __BaseException {
  */
 export interface Alias {
     /**
-     * <p>A friendly name that you can use to refer to a key. The value must begin with <code>alias/</code>.</p>
-     *          <important>
-     *             <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
-     *          </important>
+     * <p>A friendly name that you can use to refer to a key. The value must begin with <code>alias/</code>.</p> <important> <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important>
      * @public
      */
     AliasName: string | undefined;
@@ -50,10 +47,7 @@ export declare class ConflictException extends __BaseException {
  */
 export interface CreateAliasInput {
     /**
-     * <p>A friendly name that you can use to refer to a key. An alias must begin with <code>alias/</code> followed by a name, for example <code>alias/ExampleAlias</code>. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).</p>
-     *          <important>
-     *             <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
-     *          </important>
+     * <p>A friendly name that you can use to refer to a key. An alias must begin with <code>alias/</code> followed by a name, for example <code>alias/ExampleAlias</code>. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).</p> <important> <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important>
      * @public
      */
     AliasName: string | undefined;
@@ -205,8 +199,7 @@ export interface ListAliasesInput {
      */
     NextToken?: string | undefined;
     /**
-     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p>
-     *          <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
+     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p> <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
      * @public
      */
     MaxResults?: number | undefined;
@@ -291,6 +284,10 @@ export declare const KeyAlgorithm: {
     readonly ECC_NIST_P256: "ECC_NIST_P256";
     readonly ECC_NIST_P384: "ECC_NIST_P384";
     readonly ECC_NIST_P521: "ECC_NIST_P521";
+    readonly HMAC_SHA224: "HMAC_SHA224";
+    readonly HMAC_SHA256: "HMAC_SHA256";
+    readonly HMAC_SHA384: "HMAC_SHA384";
+    readonly HMAC_SHA512: "HMAC_SHA512";
     readonly RSA_2048: "RSA_2048";
     readonly RSA_3072: "RSA_3072";
     readonly RSA_4096: "RSA_4096";
@@ -415,8 +412,7 @@ export interface KeyAttributes {
      */
     KeyClass: KeyClass | undefined;
     /**
-     * <p>The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.</p>
-     *          <p>For symmetric keys, Amazon Web Services Payment Cryptography supports <code>AES</code> and <code>TDES</code> algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports <code>RSA</code> and <code>ECC_NIST</code> algorithms.</p>
+     * <p>The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.</p> <p>For symmetric keys, Amazon Web Services Payment Cryptography supports <code>AES</code> and <code>TDES</code> algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports <code>RSA</code> and <code>ECC_NIST</code> algorithms.</p>
      * @public
      */
     KeyAlgorithm: KeyAlgorithm | undefined;
@@ -433,6 +429,7 @@ export interface KeyAttributes {
 export declare const KeyCheckValueAlgorithm: {
     readonly ANSI_X9_24: "ANSI_X9_24";
     readonly CMAC: "CMAC";
+    readonly HMAC: "HMAC";
 };
 /**
  * @public
@@ -464,8 +461,7 @@ export interface CreateKeyInput {
      */
     KeyAttributes: KeyAttributes | undefined;
     /**
-     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p>
-     *          <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
+     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p> <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
      * @public
      */
     KeyCheckValueAlgorithm?: KeyCheckValueAlgorithm | undefined;
@@ -480,19 +476,12 @@ export interface CreateKeyInput {
      */
     Enabled?: boolean | undefined;
     /**
-     * <p>Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html">TagResource</a> operation.</p>
-     *          <p>Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. </p>
-     *          <important>
-     *             <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
-     *          </important>
-     *          <note>
-     *             <p>Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.</p>
-     *          </note>
+     * <p>Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html">TagResource</a> operation.</p> <p>Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. </p> <important> <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important> <note> <p>Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.</p> </note>
      * @public
      */
     Tags?: Tag[] | undefined;
     /**
-     * <p>The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.</p>
+     * <p>The intended cryptographic usage of keys derived from the ECC key pair to be created.</p> <p>After creating an ECC key pair, you cannot change the intended cryptographic usage of keys derived from it using ECDH.</p>
      * @public
      */
     DeriveKeyUsage?: DeriveKeyUsage | undefined;
@@ -544,8 +533,7 @@ export interface Key {
      */
     KeyCheckValue: string | undefined;
     /**
-     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p>
-     *          <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
+     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p> <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
      * @public
      */
     KeyCheckValueAlgorithm: KeyCheckValueAlgorithm | undefined;
@@ -636,7 +624,7 @@ export interface DeleteKeyOutput {
     Key: Key | undefined;
 }
 /**
- * <p>Derivation data used to derive an ECDH key.</p>
+ * <p>The shared information used when deriving a key using ECDH.</p>
  * @public
  */
 export type DiffieHellmanDerivationData = DiffieHellmanDerivationData.SharedInformationMember | DiffieHellmanDerivationData.$UnknownMember;
@@ -645,8 +633,7 @@ export type DiffieHellmanDerivationData = DiffieHellmanDerivationData.SharedInfo
  */
 export declare namespace DiffieHellmanDerivationData {
     /**
-     * <p>A byte string containing information that binds the ECDH derived key to the two parties involved or to the context of the key.</p>
-     *          <p>It may include details like identities of the two parties deriving the key, context of the operation, session IDs, and optionally a nonce. It must not contain zero bytes, and re-using shared information for multiple ECDH key derivations is not recommended.</p>
+     * <p>A string containing information that binds the ECDH derived key to the two parties involved or to the context of the key.</p> <p>It may include details like identities of the two parties deriving the key, context of the operation, session IDs, and optionally a nonce. It must not contain zero bytes. It is not recommended to reuse shared information for multiple ECDH key derivations, as it could result in derived key material being the same across different derivations.</p>
      * @public
      */
     interface SharedInformationMember {
@@ -672,8 +659,7 @@ export declare namespace DiffieHellmanDerivationData {
  */
 export interface ExportDukptInitialKey {
     /**
-     * <p>The KSN for IPEK generation using DUKPT. </p>
-     *          <p>KSN must be padded before sending to Amazon Web Services Payment Cryptography. KSN hex length should be 20 for a TDES_2KEY key or 24 for an AES key.</p>
+     * <p>The KSN for IPEK generation using DUKPT. </p> <p>KSN must be padded before sending to Amazon Web Services Payment Cryptography. KSN hex length should be 20 for a TDES_2KEY key or 24 for an AES key.</p>
      * @public
      */
     KeySerialNumber: string | undefined;
@@ -689,8 +675,7 @@ export interface ExportAttributes {
      */
     ExportDukptInitialKey?: ExportDukptInitialKey | undefined;
     /**
-     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. Specify KCV for IPEK export only.</p>
-     *          <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
+     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. Specify KCV for IPEK export only.</p> <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
      * @public
      */
     KeyCheckValueAlgorithm?: KeyCheckValueAlgorithm | undefined;
@@ -703,6 +688,10 @@ export declare const SymmetricKeyAlgorithm: {
     readonly AES_128: "AES_128";
     readonly AES_192: "AES_192";
     readonly AES_256: "AES_256";
+    readonly HMAC_SHA224: "HMAC_SHA224";
+    readonly HMAC_SHA256: "HMAC_SHA256";
+    readonly HMAC_SHA384: "HMAC_SHA384";
+    readonly HMAC_SHA512: "HMAC_SHA512";
     readonly TDES_2KEY: "TDES_2KEY";
     readonly TDES_3KEY: "TDES_3KEY";
 };
@@ -734,8 +723,7 @@ export interface KeyBlockHeaders {
      */
     KeyModesOfUse?: KeyModesOfUse | undefined;
     /**
-     * <p>Specifies subsequent exportability of the key within the key block after it is received by the receiving party. It can be used to further restrict exportability of the key after export from Amazon Web Services Payment Cryptography.</p>
-     *          <p>When set to <code>EXPORTABLE</code>, the key can be subsequently exported by the receiver under a KEK using TR-31 or TR-34 key block export only. When set to <code>NON_EXPORTABLE</code>, the key cannot be subsequently exported by the receiver. When set to <code>SENSITIVE</code>, the key can be exported by the receiver under a KEK using TR-31, TR-34, RSA wrap and unwrap cryptogram or using a symmetric cryptogram key export method. For further information refer to <a href="https://webstore.ansi.org/standards/ascx9/ansix91432022">ANSI X9.143-2022</a>.</p>
+     * <p>Specifies subsequent exportability of the key within the key block after it is received by the receiving party. It can be used to further restrict exportability of the key after export from Amazon Web Services Payment Cryptography.</p> <p>When set to <code>EXPORTABLE</code>, the key can be subsequently exported by the receiver under a KEK using TR-31 or TR-34 key block export only. When set to <code>NON_EXPORTABLE</code>, the key cannot be subsequently exported by the receiver. When set to <code>SENSITIVE</code>, the key can be exported by the receiver under a KEK using TR-31, TR-34, RSA wrap and unwrap cryptogram or using a symmetric cryptogram key export method. For further information refer to <a href="https://webstore.ansi.org/standards/ascx9/ansix91432022">ANSI X9.143-2022</a>.</p>
      * @public
      */
     KeyExportability?: KeyExportability | undefined;
@@ -745,8 +733,7 @@ export interface KeyBlockHeaders {
      */
     KeyVersion?: string | undefined;
     /**
-     * <p>Parameter used to indicate the type of optional data in key block headers. Refer to <a href="https://webstore.ansi.org/standards/ascx9/ansix91432022">ANSI X9.143-2022</a> for information on allowed data type for optional blocks.</p>
-     *          <p>Optional block character limit is 112 characters. For each optional block, 2 characters are reserved for optional block ID and 2 characters reserved for optional block length. More than one optional blocks can be included as long as the combined length does not increase 112 characters.</p>
+     * <p>Parameter used to indicate the type of optional data in key block headers. Refer to <a href="https://webstore.ansi.org/standards/ascx9/ansix91432022">ANSI X9.143-2022</a> for information on allowed data type for optional blocks.</p> <p>Optional block character limit is 112 characters. For each optional block, 2 characters are reserved for optional block ID and 2 characters reserved for optional block length. More than one optional blocks can be included as long as the combined length does not increase 112 characters.</p>
      * @public
      */
     OptionalBlocks?: Record<string, string> | undefined;
@@ -777,42 +764,42 @@ export declare const KeyDerivationHashAlgorithm: {
  */
 export type KeyDerivationHashAlgorithm = (typeof KeyDerivationHashAlgorithm)[keyof typeof KeyDerivationHashAlgorithm];
 /**
- * <p>Parameter information for key material export using the asymmetric ECDH key exchange method.</p>
+ * <p>Key derivation parameter information for key material export using asymmetric ECDH key exchange method.</p>
  * @public
  */
 export interface ExportDiffieHellmanTr31KeyBlock {
     /**
-     * <p>The <code>keyARN</code> of the asymmetric ECC key.</p>
+     * <p>The <code>keyARN</code> of the asymmetric ECC key created within Amazon Web Services Payment Cryptography.</p>
      * @public
      */
     PrivateKeyIdentifier: string | undefined;
     /**
-     * <p>The <code>keyARN</code> of the certificate that signed the client's <code>PublicKeyCertificate</code>.</p>
+     * <p>The <code>keyARN</code> of the CA that signed the <code>PublicKeyCertificate</code> for the client's receiving ECC key pair.</p>
      * @public
      */
     CertificateAuthorityPublicKeyIdentifier: string | undefined;
     /**
-     * <p>The client's public key certificate in PEM format (base64 encoded) to use for ECDH key derivation.</p>
+     * <p>The public key certificate of the client's receiving ECC key pair, in PEM format (base64 encoded), to use for ECDH key derivation.</p>
      * @public
      */
     PublicKeyCertificate: string | undefined;
     /**
-     * <p>The key algorithm of the derived ECDH key.</p>
+     * <p>The key algorithm of the shared derived ECDH key.</p>
      * @public
      */
     DeriveKeyAlgorithm: SymmetricKeyAlgorithm | undefined;
     /**
-     * <p>The key derivation function to use for deriving a key using ECDH.</p>
+     * <p>The key derivation function to use when deriving a key using ECDH.</p>
      * @public
      */
     KeyDerivationFunction: KeyDerivationFunction | undefined;
     /**
-     * <p>The hash type to use for deriving a key using ECDH.</p>
+     * <p>The hash type to use when deriving a key using ECDH.</p>
      * @public
      */
     KeyDerivationHashAlgorithm: KeyDerivationHashAlgorithm | undefined;
     /**
-     * <p>Derivation data used to derive an ECDH key.</p>
+     * <p>The shared information used when deriving a key using ECDH.</p>
      * @public
      */
     DerivationData: DiffieHellmanDerivationData | undefined;
@@ -898,7 +885,7 @@ export interface ExportTr34KeyBlock {
      */
     WrappingKeyCertificate: string | undefined;
     /**
-     * <p>The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForExport.html">GetParametersForExport</a> to receive an export token. It expires after 7 days. You can use the same export token to export multiple keys from the same service account.</p>
+     * <p>The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetParametersForExport.html">GetParametersForExport</a> to receive an export token. It expires after 30 days. You can use the same export token to export multiple keys from the same service account.</p>
      * @public
      */
     ExportToken: string | undefined;
@@ -961,7 +948,7 @@ export declare namespace ExportKeyMaterial {
         $unknown?: never;
     }
     /**
-     * <p>Parameter information for key material export using the asymmetric ECDH key exchange method.</p>
+     * <p>Key derivation parameter information for key material export using asymmetric ECDH key exchange method.</p>
      * @public
      */
     interface DiffieHellmanTr31KeyBlockMember {
@@ -1049,8 +1036,7 @@ export interface WrappedKey {
      */
     KeyCheckValue?: string | undefined;
     /**
-     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p>
-     *          <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
+     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p> <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
      * @public
      */
     KeyCheckValueAlgorithm?: KeyCheckValueAlgorithm | undefined;
@@ -1120,7 +1106,7 @@ export interface GetParametersForExportInput {
  */
 export interface GetParametersForExportOutput {
     /**
-     * <p>The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 7 days.</p>
+     * <p>The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 30 days.</p>
      * @public
      */
     SigningKeyCertificate: string | undefined;
@@ -1135,7 +1121,7 @@ export interface GetParametersForExportOutput {
      */
     SigningKeyAlgorithm: KeyAlgorithm | undefined;
     /**
-     * <p>The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 7 days. You can use the same export token to export multiple keys from the same service account.</p>
+     * <p>The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 30 days. You can use the same export token to export multiple keys from the same service account.</p>
      * @public
      */
     ExportToken: string | undefined;
@@ -1150,14 +1136,12 @@ export interface GetParametersForExportOutput {
  */
 export interface GetParametersForImportInput {
     /**
-     * <p>The method to use for key material import. Import token is only required for TR-34 WrappedKeyBlock (<code>TR34_KEY_BLOCK</code>) and RSA WrappedKeyCryptogram (<code>KEY_CRYPTOGRAM</code>).</p>
-     *          <p>Import token is not required for TR-31, root public key cerificate or trusted public key certificate.</p>
+     * <p>The method to use for key material import. Import token is only required for TR-34 WrappedKeyBlock (<code>TR34_KEY_BLOCK</code>) and RSA WrappedKeyCryptogram (<code>KEY_CRYPTOGRAM</code>).</p> <p>Import token is not required for TR-31, root public key cerificate or trusted public key certificate.</p>
      * @public
      */
     KeyMaterialType: KeyMaterialType | undefined;
     /**
-     * <p>The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import.</p>
-     *          <p>At this time, <code>RSA_2048</code> is the allowed algorithm for TR-34 WrappedKeyBlock import. Additionally, <code>RSA_2048</code>, <code>RSA_3072</code>, <code>RSA_4096</code> are the allowed algorithms for RSA WrappedKeyCryptogram import.</p>
+     * <p>The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import.</p> <p>At this time, <code>RSA_2048</code> is the allowed algorithm for TR-34 WrappedKeyBlock import. Additionally, <code>RSA_2048</code>, <code>RSA_3072</code>, <code>RSA_4096</code> are the allowed algorithms for RSA WrappedKeyCryptogram import.</p>
      * @public
      */
     WrappingKeyAlgorithm: KeyAlgorithm | undefined;
@@ -1167,7 +1151,7 @@ export interface GetParametersForImportInput {
  */
 export interface GetParametersForImportOutput {
     /**
-     * <p>The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.</p>
+     * <p>The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 30 days.</p>
      * @public
      */
     WrappingKeyCertificate: string | undefined;
@@ -1182,7 +1166,7 @@ export interface GetParametersForImportOutput {
      */
     WrappingKeyAlgorithm: KeyAlgorithm | undefined;
     /**
-     * <p>The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 7 days. You can use the same import token to import multiple keys to the same service account.</p>
+     * <p>The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 30 days. You can use the same import token to import multiple keys to the same service account.</p>
      * @public
      */
     ImportToken: string | undefined;
@@ -1218,42 +1202,42 @@ export interface GetPublicKeyCertificateOutput {
     KeyCertificateChain: string | undefined;
 }
 /**
- * <p>Parameter information for key material import using the asymmetric ECDH key exchange method.</p>
+ * <p>Key derivation parameter information for key material import using asymmetric ECDH key exchange method.</p>
  * @public
  */
 export interface ImportDiffieHellmanTr31KeyBlock {
     /**
-     * <p>The <code>keyARN</code> of the asymmetric ECC key.</p>
+     * <p>The <code>keyARN</code> of the asymmetric ECC key created within Amazon Web Services Payment Cryptography.</p>
      * @public
      */
     PrivateKeyIdentifier: string | undefined;
     /**
-     * <p>The <code>keyARN</code> of the certificate that signed the client's <code>PublicKeyCertificate</code>.</p>
+     * <p>The <code>keyARN</code> of the CA that signed the <code>PublicKeyCertificate</code> for the client's receiving ECC key pair.</p>
      * @public
      */
     CertificateAuthorityPublicKeyIdentifier: string | undefined;
     /**
-     * <p>The client's public key certificate in PEM format (base64 encoded) to use for ECDH key derivation.</p>
+     * <p>The public key certificate of the client's receiving ECC key pair, in PEM format (base64 encoded), to use for ECDH key derivation.</p>
      * @public
      */
     PublicKeyCertificate: string | undefined;
     /**
-     * <p>The key algorithm of the derived ECDH key.</p>
+     * <p>The key algorithm of the shared derived ECDH key.</p>
      * @public
      */
     DeriveKeyAlgorithm: SymmetricKeyAlgorithm | undefined;
     /**
-     * <p>The key derivation function to use for deriving a key using ECDH.</p>
+     * <p>The key derivation function to use when deriving a key using ECDH.</p>
      * @public
      */
     KeyDerivationFunction: KeyDerivationFunction | undefined;
     /**
-     * <p>The hash type to use for deriving a key using ECDH.</p>
+     * <p>The hash type to use when deriving a key using ECDH.</p>
      * @public
      */
     KeyDerivationHashAlgorithm: KeyDerivationHashAlgorithm | undefined;
     /**
-     * <p>Derivation data used to derive an ECDH key.</p>
+     * <p>The shared information used when deriving a key using ECDH.</p>
      * @public
      */
     DerivationData: DiffieHellmanDerivationData | undefined;
@@ -1284,7 +1268,7 @@ export interface ImportKeyCryptogram {
      */
     WrappedKeyCryptogram: string | undefined;
     /**
-     * <p>The import token that initiates key import using the asymmetric RSA wrap and unwrap key exchange method into AWS Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.</p>
+     * <p>The import token that initiates key import using the asymmetric RSA wrap and unwrap key exchange method into AWS Payment Cryptography. It expires after 30 days. You can use the same import token to import multiple keys to the same service account.</p>
      * @public
      */
     ImportToken: string | undefined;
@@ -1342,7 +1326,7 @@ export interface ImportTr34KeyBlock {
      */
     SigningKeyCertificate: string | undefined;
     /**
-     * <p>The import token that initiates key import using the asymmetric TR-34 key exchange method into Amazon Web Services Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.</p>
+     * <p>The import token that initiates key import using the asymmetric TR-34 key exchange method into Amazon Web Services Payment Cryptography. It expires after 30 days. You can use the same import token to import multiple keys to the same service account.</p>
      * @public
      */
     ImportToken: string | undefined;
@@ -1458,7 +1442,7 @@ export declare namespace ImportKeyMaterial {
         $unknown?: never;
     }
     /**
-     * <p>Parameter information for key material import using the asymmetric ECDH key exchange method.</p>
+     * <p>Key derivation parameter information for key material import using asymmetric ECDH key exchange method.</p>
      * @public
      */
     interface DiffieHellmanTr31KeyBlockMember {
@@ -1503,8 +1487,7 @@ export interface ImportKeyInput {
      */
     KeyMaterial: ImportKeyMaterial | undefined;
     /**
-     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p>
-     *          <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
+     * <p>The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.</p> <p>For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.</p>
      * @public
      */
     KeyCheckValueAlgorithm?: KeyCheckValueAlgorithm | undefined;
@@ -1514,14 +1497,7 @@ export interface ImportKeyInput {
      */
     Enabled?: boolean | undefined;
     /**
-     * <p>Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is imported. To tag an existing Amazon Web Services Payment Cryptography key, use the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html">TagResource</a> operation.</p>
-     *          <p>Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.</p>
-     *          <important>
-     *             <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
-     *          </important>
-     *          <note>
-     *             <p>Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.</p>
-     *          </note>
+     * <p>Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is imported. To tag an existing Amazon Web Services Payment Cryptography key, use the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html">TagResource</a> operation.</p> <p>Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.</p> <important> <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important> <note> <p>Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.</p> </note>
      * @public
      */
     Tags?: Tag[] | undefined;
@@ -1551,8 +1527,7 @@ export interface ListKeysInput {
      */
     NextToken?: string | undefined;
     /**
-     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p>
-     *          <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
+     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p> <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
      * @public
      */
     MaxResults?: number | undefined;
@@ -1683,8 +1658,7 @@ export interface ListTagsForResourceInput {
      */
     NextToken?: string | undefined;
     /**
-     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p>
-     *          <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
+     * <p>Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.</p> <p>This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.</p>
      * @public
      */
     MaxResults?: number | undefined;
@@ -1714,14 +1688,7 @@ export interface TagResourceInput {
      */
     ResourceArn: string | undefined;
     /**
-     * <p>One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.</p>
-     *          <important>
-     *             <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
-     *          </important>
-     *          <p>To use this parameter, you must have <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html">TagResource</a> permission in an IAM policy.</p>
-     *          <important>
-     *             <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
-     *          </important>
+     * <p>One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.</p> <important> <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important> <p>To use this parameter, you must have <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_TagResource.html">TagResource</a> permission in an IAM policy.</p> <important> <p>Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p> </important>
      * @public
      */
     Tags: Tag[] | undefined;
@@ -1741,8 +1708,7 @@ export interface UntagResourceInput {
      */
     ResourceArn: string | undefined;
     /**
-     * <p>One or more tag keys. Don't include the tag values.</p>
-     *          <p>If the Amazon Web Services Payment Cryptography key doesn't have the specified tag key, Amazon Web Services Payment Cryptography doesn't throw an exception or return a response. To confirm that the operation succeeded, use the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListTagsForResource.html">ListTagsForResource</a> operation.</p>
+     * <p>One or more tag keys. Don't include the tag values.</p> <p>If the Amazon Web Services Payment Cryptography key doesn't have the specified tag key, Amazon Web Services Payment Cryptography doesn't throw an exception or return a response. To confirm that the operation succeeded, use the <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ListTagsForResource.html">ListTagsForResource</a> operation.</p>
      * @public
      */
     TagKeys: string[] | undefined;

package/dist-types/ts3.4/models/models_0.d.ts

@@ -129,6 +129,10 @@ export declare const KeyAlgorithm: {
   readonly ECC_NIST_P256: "ECC_NIST_P256";
   readonly ECC_NIST_P384: "ECC_NIST_P384";
   readonly ECC_NIST_P521: "ECC_NIST_P521";
+  readonly HMAC_SHA224: "HMAC_SHA224";
+  readonly HMAC_SHA256: "HMAC_SHA256";
+  readonly HMAC_SHA384: "HMAC_SHA384";
+  readonly HMAC_SHA512: "HMAC_SHA512";
   readonly RSA_2048: "RSA_2048";
   readonly RSA_3072: "RSA_3072";
   readonly RSA_4096: "RSA_4096";
@@ -189,6 +193,7 @@ export interface KeyAttributes {
 export declare const KeyCheckValueAlgorithm: {
   readonly ANSI_X9_24: "ANSI_X9_24";
   readonly CMAC: "CMAC";
+  readonly HMAC: "HMAC";
 };
 export type KeyCheckValueAlgorithm =
   (typeof KeyCheckValueAlgorithm)[keyof typeof KeyCheckValueAlgorithm];
@@ -274,6 +279,10 @@ export declare const SymmetricKeyAlgorithm: {
   readonly AES_128: "AES_128";
   readonly AES_192: "AES_192";
   readonly AES_256: "AES_256";
+  readonly HMAC_SHA224: "HMAC_SHA224";
+  readonly HMAC_SHA256: "HMAC_SHA256";
+  readonly HMAC_SHA384: "HMAC_SHA384";
+  readonly HMAC_SHA512: "HMAC_SHA512";
   readonly TDES_2KEY: "TDES_2KEY";
   readonly TDES_3KEY: "TDES_3KEY";
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-payment-cryptography",
   "description": "AWS SDK for JavaScript Payment Cryptography Client for Node.js, Browser and React Native",
-  "version": "3.830.0",
+  "version": "3.833.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-payment-cryptography",