String aliasName
A friendly name that you can use to refer to a key. The value must begin with alias/.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
String keyArn
The KeyARN of the key associated with the alias.
String aliasName
A friendly name that you can use to refer to a key. An alias must begin with alias/ followed by a
name, for example alias/ExampleAlias. It can contain only alphanumeric characters, forward slashes
(/), underscores (_), and dashes (-).
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
String keyArn
The KeyARN of the key to associate with the alias.
Alias alias
The alias for the key.
Boolean enabled
Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key is not enabled, then it is created but not activated. The default value is enabled.
Boolean exportable
Specifies whether the key is exportable from the service.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
String keyCheckValueAlgorithm
The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
List<E> tags
Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Key key
The key material that contains all the key attributes.
String aliasName
A friendly name that you can use to refer Amazon Web Services Payment Cryptography key. This value must begin
with alias/ followed by a name, such as alias/ExampleAlias.
Key key
The KeyARN of the key that is scheduled for deletion.
ExportDukptInitialKey exportDukptInitialKey
Parameter information for IPEK export.
String keyCheckValueAlgorithm
The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. Specify KCV for IPEK export only.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
String keySerialNumber
The KSN for IPEK generation using DUKPT.
KSN must be padded before sending to Amazon Web Services Payment Cryptography. KSN hex length should be 20 for a TDES_2KEY key or 24 for an AES key.
String certificateAuthorityPublicKeyIdentifier
The KeyARN of the certificate chain that signs the wrapping key certificate during RSA wrap and
unwrap key export.
String wrappingKeyCertificate
The wrapping key certificate in PEM format (base64 encoded). Amazon Web Services Payment Cryptography uses this certificate to wrap the key under export.
String wrappingSpec
The wrapping spec for the key under export.
ExportKeyCryptogram keyCryptogram
Parameter information for key material export using asymmetric RSA wrap and unwrap key exchange method
ExportTr31KeyBlock tr31KeyBlock
Parameter information for key material export using symmetric TR-31 key exchange method.
ExportTr34KeyBlock tr34KeyBlock
Parameter information for key material export using the asymmetric TR-34 key exchange method.
ExportAttributes exportAttributes
The attributes for IPEK generation during export.
String exportKeyIdentifier
The KeyARN of the key under export from Amazon Web Services Payment Cryptography.
ExportKeyMaterial keyMaterial
The key block format type, for example, TR-34 or TR-31, to use during key material export.
WrappedKey wrappedKey
The key material under export as a TR-34 WrappedKeyBlock or a TR-31 WrappedKeyBlock. or a RSA WrappedKeyCryptogram.
String wrappingKeyIdentifier
The KeyARN of the the wrapping key. This key encrypts or wraps the key under export for TR-31 key
block generation.
String certificateAuthorityPublicKeyIdentifier
The KeyARN of the certificate chain that signs the wrapping key certificate during TR-34 key export.
String exportToken
The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call GetParametersForExport to receive an export token. It expires after 7 days. You can use the same export token to export multiple keys from the same service account.
String keyBlockFormat
The format of key block that Amazon Web Services Payment Cryptography will use during key export.
String randomNonce
A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
String wrappingKeyCertificate
The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography uses this
certificate to wrap the key under export.
String aliasName
The alias of the Amazon Web Services Payment Cryptography key.
Alias alias
The alias of the Amazon Web Services Payment Cryptography key.
String keyIdentifier
The KeyARN of the Amazon Web Services Payment Cryptography key.
Key key
The key material, including the immutable and mutable data for the key.
String keyMaterialType
The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only
required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.
String signingKeyAlgorithm
The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under
export within the TR-34 key block. RSA_2048 is the only signing key algorithm allowed.
String exportToken
The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 7 days. You can use the same export token to export multiple keys from the same service account.
Date parametersValidUntilTimestamp
The validity period of the export token.
String signingKeyAlgorithm
The algorithm of the signing key certificate for use in TR-34 key block generation. RSA_2048 is the
only signing key algorithm allowed.
String signingKeyCertificate
The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 7 days.
String signingKeyCertificateChain
The root certificate authority (CA) that signed the signing key certificate in PEM format (base64 encoded).
String keyMaterialType
The method to use for key material import. Import token is only required for TR-34 WrappedKeyBlock (
TR34_KEY_BLOCK) and RSA WrappedKeyCryptogram (KEY_CRYPTOGRAM).
Import token is not required for TR-31, root public key cerificate or trusted public key certificate.
String wrappingKeyAlgorithm
The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import.
At this time, RSA_2048 is the allowed algorithm for TR-34 WrappedKeyBlock import. Additionally,
RSA_2048, RSA_3072, RSA_4096 are the allowed algorithms for RSA
WrappedKeyCryptogram import.
String importToken
The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 7 days. You can use the same import token to import multiple keys to the same service account.
Date parametersValidUntilTimestamp
The validity period of the import token.
String wrappingKeyAlgorithm
The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock or RSA WrappedKeyCryptogram.
String wrappingKeyCertificate
The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.
String wrappingKeyCertificateChain
The Amazon Web Services Payment Cryptography root certificate authority (CA) that signed the wrapping key certificate in PEM format (base64 encoded).
String keyIdentifier
The KeyARN of the asymmetric key pair.
String keyCertificate
The public key component of the asymmetric key pair in a certificate PEM format (base64 encoded). It is signed by the root certificate authority (CA). The certificate expires in 90 days.
String keyCertificateChain
The root certificate authority (CA) that signed the public key certificate in PEM format (base64 encoded) of the asymmetric key pair.
Boolean exportable
Specifies whether the key is exportable from the service.
String importToken
The import token that initiates key import using the asymmetric RSA wrap and unwrap key exchange method into AWS Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.
KeyAttributes keyAttributes
String wrappedKeyCryptogram
The RSA wrapped key cryptogram under import.
String wrappingSpec
The wrapping spec for the wrapped key cryptogram.
ImportKeyCryptogram keyCryptogram
Parameter information for key material import using asymmetric RSA wrap and unwrap key exchange method.
RootCertificatePublicKey rootCertificatePublicKey
Parameter information for root public key certificate import.
ImportTr31KeyBlock tr31KeyBlock
Parameter information for key material import using symmetric TR-31 key exchange method.
ImportTr34KeyBlock tr34KeyBlock
Parameter information for key material import using the asymmetric TR-34 key exchange method.
TrustedCertificatePublicKey trustedCertificatePublicKey
Parameter information for trusted public key certificate import.
Boolean enabled
Specifies whether import key is enabled.
String keyCheckValueAlgorithm
The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
ImportKeyMaterial keyMaterial
The key or public key certificate type to use during key material import, for example TR-34 or RootCertificatePublicKey.
List<E> tags
Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is imported. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Key key
The KeyARN of the key material imported within Amazon Web Services Payment Cryptography.
String certificateAuthorityPublicKeyIdentifier
The KeyARN of the certificate chain that signs the signing key certificate during TR-34 key import.
String importToken
The import token that initiates key import using the asymmetric TR-34 key exchange method into Amazon Web Services Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.
String keyBlockFormat
The key block format to use during key import. The only value allowed is X9_TR34_2012.
String randomNonce
A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
String signingKeyCertificate
The public key component in PEM certificate format of the private key that signs the KDH TR-34 WrappedKeyBlock.
String wrappedKeyBlock
The TR-34 wrapped key block to import.
Date createTimestamp
The date and time when the key was created.
Date deletePendingTimestamp
The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present
only when KeyState is DELETE_PENDING and the key is scheduled for deletion.
Date deleteTimestamp
The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present
only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment
Cryptography key is deleted.
Boolean enabled
Specifies whether the key is enabled.
Boolean exportable
Specifies whether the key is exportable. This data is immutable after the key is created.
String keyArn
The Amazon Resource Name (ARN) of the key.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
String keyCheckValue
The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
String keyCheckValueAlgorithm
The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
String keyOrigin
The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value
is EXTERNAL.
String keyState
The state of key that is being created or deleted.
Date usageStartTimestamp
The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.
Date usageStopTimestamp
The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.
String keyAlgorithm
The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.
For symmetric keys, Amazon Web Services Payment Cryptography supports AES and TDES
algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports RSA and
ECC_NIST algorithms.
String keyClass
The type of Amazon Web Services Payment Cryptography key to create, which determines the classification of the cryptographic method and whether Amazon Web Services Payment Cryptography key contains a symmetric key or an asymmetric key pair.
KeyModesOfUse keyModesOfUse
The list of cryptographic operations that you can perform using the key.
String keyUsage
The cryptographic usage of an Amazon Web Services Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
Boolean decrypt
Specifies whether an Amazon Web Services Payment Cryptography key can be used to decrypt data.
Boolean deriveKey
Specifies whether an Amazon Web Services Payment Cryptography key can be used to derive new keys.
Boolean encrypt
Specifies whether an Amazon Web Services Payment Cryptography key can be used to encrypt data.
Boolean generate
Specifies whether an Amazon Web Services Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
Boolean noRestrictions
Specifies whether an Amazon Web Services Payment Cryptography key has no special restrictions other than the
restrictions implied by KeyUsage.
Boolean sign
Specifies whether an Amazon Web Services Payment Cryptography key can be used for signing.
Boolean unwrap
Specifies whether an Amazon Web Services Payment Cryptography key can be used to unwrap other keys.
Boolean verify
Specifies whether an Amazon Web Services Payment Cryptography key can be used to verify signatures.
Boolean wrap
Specifies whether an Amazon Web Services Payment Cryptography key can be used to wrap other keys.
Boolean enabled
Specifies whether the key is enabled.
Boolean exportable
Specifies whether the key is exportable. This data is immutable after the key is created.
String keyArn
The Amazon Resource Name (ARN) of the key.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
String keyCheckValue
The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
String keyState
The state of an Amazon Web Services Payment Cryptography that is being created or deleted.
Integer maxResults
Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
String nextToken
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the
value of NextToken from the truncated response you just received.
String keyState
The key state of the keys you want to list.
Integer maxResults
Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
String nextToken
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the
value of NextToken from the truncated response you just received.
Integer maxResults
Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
String nextToken
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the
value of NextToken from the truncated response you just received.
String resourceArn
The KeyARN of the key whose tags you are getting.
String resourceId
The string for the exception.
String keyIdentifier
The KeyARN of the key to be restored within Amazon Web Services Payment Cryptography.
Key key
The key material of the restored key. The KeyState will change to CREATE_COMPLETE and
value for DeletePendingTimestamp gets removed.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the root public key is imported.
String publicKeyCertificate
Parameter information for root public key certificate import.
String keyIdentifier
The KeyArn of the key.
Key key
The KeyARN of the Amazon Web Services Payment Cryptography key activated for use.
String keyIdentifier
The KeyArn of the key.
Key key
The KeyARN of the key.
String resourceArn
The KeyARN of the key whose tags are being updated.
List<E> tags
One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
To use this parameter, you must have TagResource permission in an IAM policy.
Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
String certificateAuthorityPublicKeyIdentifier
The KeyARN of the root public key certificate or certificate chain that signs the trusted public key
certificate import.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after a trusted public key is imported.
String publicKeyCertificate
Parameter information for trusted public key certificate import.
String resourceArn
The KeyARN of the key whose tags are being removed.
List<E> tagKeys
One or more tag keys. Don't include the tag values.
If the Amazon Web Services Payment Cryptography key doesn't have the specified tag key, Amazon Web Services Payment Cryptography doesn't throw an exception or return a response. To confirm that the operation succeeded, use the ListTagsForResource operation.
Alias alias
The alias name.
String keyCheckValue
The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
String keyCheckValueAlgorithm
The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
String keyMaterial
Parameter information for generating a wrapped key using TR-31 or TR-34 skey exchange method.
String wrappedKeyMaterialFormat
The key block format of a wrapped key.
String wrappingKeyArn
The KeyARN of the wrapped key.
Copyright © 2024. All rights reserved.