WrappedKey
Parameter information for generating a WrappedKeyBlock for key exchange.
Contents
- KeyMaterial
-
Parameter information for generating a wrapped key using TR-31 or TR-34 skey exchange method.
Type: String
Length Constraints: Minimum length of 48. Maximum length of 16384.
Required: Yes
- WrappedKeyMaterialFormat
-
The key block format of a wrapped key.
Type: String
Valid Values:
KEY_CRYPTOGRAM | TR31_KEY_BLOCK | TR34_KEY_BLOCKRequired: Yes
- WrappingKeyArn
-
The
KeyARNof the wrapped key.Type: String
Length Constraints: Minimum length of 70. Maximum length of 150.
Pattern:
arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}Required: Yes
- KeyCheckValue
-
The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Type: String
Length Constraints: Minimum length of 4. Maximum length of 16.
Pattern:
[0-9a-fA-F]+Required: No
- KeyCheckValueAlgorithm
-
The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
Type: String
Valid Values:
CMAC | ANSI_X9_24Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
