String aliasName
A friendly name that you can use to refer to a key. The value must begin with alias/.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
String keyArn
The KeyARN of the key associated with the alias.
String aliasName
A friendly name that you can use to refer a key. An alias must begin with alias/ followed by a name,
for example alias/ExampleAlias. It can contain only alphanumeric characters, forward slashes (/),
underscores (_), and dashes (-).
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
String keyArn
The KeyARN of the key to associate with the alias.
Alias alias
The alias for the key.
Boolean enabled
Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key not enabled, then it is created but not activated. The default value is enabled.
Boolean exportable
Specifies whether the key is exportable from the service.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
String keyCheckValueAlgorithm
The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV) for DES and AES keys.
For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
List<E> tags
The tags to attach to the key. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
To use this parameter, you must have TagResource permission.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Key key
The key material that contains all the key attributes.
String aliasName
A friendly name that you can use to refer Amazon Web Services Payment Cryptography key. This value must begin
with alias/ followed by a name, such as alias/ExampleAlias.
Key key
The KeyARN of the key that is scheduled for deletion.
ExportTr31KeyBlock tr31KeyBlock
Parameter information for key material export using TR-31 standard.
ExportTr34KeyBlock tr34KeyBlock
Parameter information for key material export using TR-34 standard.
String exportKeyIdentifier
The KeyARN of the key under export from Amazon Web Services Payment Cryptography.
ExportKeyMaterial keyMaterial
The key block format type, for example, TR-34 or TR-31, to use during key material export.
WrappedKey wrappedKey
The key material under export as a TR-34 or TR-31 wrapped key block.
String wrappingKeyIdentifier
The KeyARN of the the wrapping key. This key encrypts or wraps the key under export for TR-31 key
block generation.
String certificateAuthorityPublicKeyIdentifier
The KeyARN of the certificate chain that signs the wrapping key certificate during TR-34 key export.
String exportToken
The export token to initiate key export from Amazon Web Services Payment Cryptography. It also contains the signing key certificate that will sign the wrapped key during TR-34 key block generation. Call GetParametersForExport to receive an export token. It expires after 7 days. You can use the same export token to export multiple keys from the same service account.
String keyBlockFormat
The format of key block that Amazon Web Services Payment Cryptography will use during key export.
String randomNonce
A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
String wrappingKeyCertificate
The KeyARN of the wrapping key certificate. Amazon Web Services Payment Cryptography uses this
certificate to wrap the key under export.
String aliasName
The alias of the Amazon Web Services Payment Cryptography key.
Alias alias
The alias of the Amazon Web Services Payment Cryptography key.
String keyIdentifier
The KeyARN of the Amazon Web Services Payment Cryptography key.
Key key
The key material, including the immutable and mutable data for the key.
String keyMaterialType
The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only
required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.
String signingKeyAlgorithm
The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under
export within the TR-34 key block cryptogram. RSA_2048 is the only signing key algorithm allowed.
String exportToken
The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 7 days. You can use the same export token to export multiple keys from the same service account.
Date parametersValidUntilTimestamp
The validity period of the export token.
String signingKeyAlgorithm
The algorithm of the signing key certificate for use in TR-34 key block generation. RSA_2048 is the
only signing key algorithm allowed.
String signingKeyCertificate
The signing key certificate of the public key for signature within the TR-34 key block cryptogram. The certificate expires after 7 days.
String signingKeyCertificateChain
The certificate chain that signed the signing key certificate. This is the root certificate authority (CA) within your service account.
String keyMaterialType
The key block format type such as TR-34 or TR-31 to use during key material import. Import token is only required
for TR-34 key import TR34_KEY_BLOCK. Import token is not required for TR-31 key import.
String wrappingKeyAlgorithm
The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import
within the TR-34 key block cryptogram. RSA_2048 is the only wrapping key algorithm allowed.
String importToken
The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 7 days. You can use the same import token to import multiple keys to the same service account.
Date parametersValidUntilTimestamp
The validity period of the import token.
String wrappingKeyAlgorithm
The algorithm of the wrapping key for use within TR-34 key block. RSA_2048 is the only wrapping key
algorithm allowed.
String wrappingKeyCertificate
The wrapping key certificate of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.
String wrappingKeyCertificateChain
The Amazon Web Services Payment Cryptography certificate chain that signed the wrapping key certificate. This is the root certificate authority (CA) within your service account.
String keyIdentifier
The KeyARN of the asymmetric key pair.
String keyCertificate
The public key component of the asymmetric key pair in a certificate (PEM) format. It is signed by the root certificate authority (CA) within your service account. The certificate expires in 90 days.
String keyCertificateChain
The certificate chain that signed the public key certificate of the asymmetric key pair. This is the root certificate authority (CA) within your service account.
RootCertificatePublicKey rootCertificatePublicKey
Parameter information for root public key certificate import.
ImportTr31KeyBlock tr31KeyBlock
Parameter information for key material import using TR-31 standard.
ImportTr34KeyBlock tr34KeyBlock
Parameter information for key material import using TR-34 standard.
TrustedCertificatePublicKey trustedCertificatePublicKey
Parameter information for trusted public key certificate import.
Boolean enabled
Specifies whether import key is enabled.
String keyCheckValueAlgorithm
The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV) for DES and AES keys.
For DES key, the KCV is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES key, the KCV is computed by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
ImportKeyMaterial keyMaterial
The key or public key certificate type to use during key material import, for example TR-34 or RootCertificatePublicKey.
List<E> tags
The tags to attach to the key. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.
You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the specified one.
To use this parameter, you must have TagResource permission.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.
Key key
The KeyARN of the key material imported within Amazon Web Services Payment Cryptography.
String certificateAuthorityPublicKeyIdentifier
The KeyARN of the certificate chain that signs the signing key certificate during TR-34 key import.
String importToken
The import token that initiates key import into Amazon Web Services Payment Cryptography. It expires after 7 days. You can use the same import token to import multiple keys to the same service account.
String keyBlockFormat
The key block format to use during key import. The only value allowed is X9_TR34_2012.
String randomNonce
A random number value that is unique to the TR-34 key block generated using 2 pass. The operation will fail, if a random nonce value is not provided for a TR-34 key block generated using 2 pass.
String signingKeyCertificate
The public key component in PEM certificate format of the private key that signs the KDH TR-34 wrapped key block.
String wrappedKeyBlock
The TR-34 wrapped key block to import.
Date createTimestamp
The date and time when the key was created.
Date deletePendingTimestamp
The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present
only when KeyState is DELETE_PENDING and the key is scheduled for deletion.
Date deleteTimestamp
The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present
only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment
Cryptography key is deleted.
Boolean enabled
Specifies whether the key is enabled.
Boolean exportable
Specifies whether the key is exportable. This data is immutable after the key is created.
String keyArn
The Amazon Resource Name (ARN) of the key.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
String keyCheckValue
The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
String keyCheckValueAlgorithm
The algorithm used for calculating key check value (KCV) for DES and AES keys. For a DES key, Amazon Web Services Payment Cryptography computes the KCV by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For an AES key, Amazon Web Services Payment Cryptography computes the KCV by encrypting 8 bytes, each with value '01', with the key to be checked and retaining the 3 highest order bytes of the encrypted result.
String keyOrigin
The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value
is EXTERNAL.
String keyState
The state of key that is being created or deleted.
Date usageStartTimestamp
The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.
Date usageStopTimestamp
The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.
String keyAlgorithm
The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.
For symmetric keys, Amazon Web Services Payment Cryptography supports AES and TDES
algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports RSA and
ECC_NIST algorithms.
String keyClass
The type of Amazon Web Services Payment Cryptography key to create, which determines the classification of the cryptographic method and whether Amazon Web Services Payment Cryptography key contains a symmetric key or an asymmetric key pair.
KeyModesOfUse keyModesOfUse
The list of cryptographic operations that you can perform using the key.
String keyUsage
The cryptographic usage of an Amazon Web Services Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
Boolean decrypt
Specifies whether an Amazon Web Services Payment Cryptography key can be used to decrypt data.
Boolean deriveKey
Specifies whether an Amazon Web Services Payment Cryptography key can be used to derive new keys.
Boolean encrypt
Specifies whether an Amazon Web Services Payment Cryptography key can be used to encrypt data.
Boolean generate
Specifies whether an Amazon Web Services Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
Boolean noRestrictions
Specifies whether an Amazon Web Services Payment Cryptography key has no special restrictions other than the
restrictions implied by KeyUsage.
Boolean sign
Specifies whether an Amazon Web Services Payment Cryptography key can be used for signing.
Boolean unwrap
Specifies whether an Amazon Web Services Payment Cryptography key can be used to unwrap other keys.
Boolean verify
Specifies whether an Amazon Web Services Payment Cryptography key can be used to verify signatures.
Boolean wrap
Specifies whether an Amazon Web Services Payment Cryptography key can be used to wrap other keys.
Boolean enabled
Specifies whether the key is enabled.
Boolean exportable
Specifies whether the key is exportable. This data is immutable after the key is created.
String keyArn
The Amazon Resource Name (ARN) of the key.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
String keyCheckValue
The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
String keyState
The state of an Amazon Web Services Payment Cryptography that is being created or deleted.
Integer maxResults
Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
String nextToken
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the
value of NextToken from the truncated response you just received.
String keyState
The key state of the keys you want to list.
Integer maxResults
Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
String nextToken
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the
value of NextToken from the truncated response you just received.
Integer maxResults
Use this parameter to specify the maximum number of items to return. When this value is present, Amazon Web Services Payment Cryptography does not return more than the specified number of items, but it might return fewer.
String nextToken
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the
value of NextToken from the truncated response you just received.
String resourceArn
The KeyARN of the key whose tags you are getting.
String resourceId
The string for the exception.
String keyIdentifier
The KeyARN of the key to be restored within Amazon Web Services Payment Cryptography.
Key key
The key material of the restored key. The KeyState will change to CREATE_COMPLETE and
value for DeletePendingTimestamp gets removed.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the root public key is imported.
String publicKeyCertificate
Parameter information for root public key certificate import.
String keyIdentifier
The KeyArn of the key.
Key key
The KeyARN of the Amazon Web Services Payment Cryptography key activated for use.
String keyIdentifier
The KeyArn of the key.
Key key
The KeyARN of the key.
String resourceArn
The KeyARN of the key whose tags are being updated.
List<E> tags
One or more tags. Each tag consists of a tag key and a tag value. The tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key. If you specify an existing tag key with a different tag value, Amazon Web Services Payment Cryptography replaces the current tag value with the new one.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
To use this parameter, you must have TagResource permission in an IAM policy.
Don't include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
String certificateAuthorityPublicKeyIdentifier
The KeyARN of the root public key certificate or certificate chain that signs the trusted public key
certificate import.
KeyAttributes keyAttributes
The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after a trusted public key is imported.
String publicKeyCertificate
Parameter information for trusted public key certificate import.
String resourceArn
The KeyARN of the key whose tags are being removed.
List<E> tagKeys
One or more tag keys. Don't include the tag values.
If the Amazon Web Services Payment Cryptography key doesn't have the specified tag key, Amazon Web Services Payment Cryptography doesn't throw an exception or return a response. To confirm that the operation succeeded, use the ListTagsForResource operation.
Alias alias
The alias name.
Copyright © 2023. All rights reserved.