DukptEncryptionAttributes

Parameters that are required to encrypt plaintext data using DUKPT.

Contents

KeySerialNumber

The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.

Type: String

Length Constraints: Minimum length of 10. Maximum length of 24.

Pattern: [0-9a-fA-F]+

Required: Yes

DukptKeyDerivationType

The key type encrypted using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use AES_128 as a derivation type for a BDK of AES_128 or TDES_2KEY

Type: String

Valid Values: TDES_2KEY | TDES_3KEY | AES_128 | AES_192 | AES_256

Required: No

DukptKeyVariant

The type of use of DUKPT, which can be incoming data decryption, outgoing data encryption, or both.

Type: String

Valid Values: BIDIRECTIONAL | REQUEST | RESPONSE

Required: No

InitializationVector

An input used to provide the intial state. If no value is provided, AWS Payment Cryptography defaults it to zero.

Type: String

Length Constraints: Minimum length of 16. Maximum length of 32.

Pattern: (?:[0-9a-fA-F]{16}|[0-9a-fA-F]{32})

Required: No

Mode

The block cipher method to use for encryption.

The default is CBC.

Type: String

Valid Values: ECB | CBC

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3