WrappedKey

Parameter information for generating a WrappedKeyBlock for key exchange.

Contents

KeyMaterial

Parameter information for generating a wrapped key using TR-31 or TR-34 skey exchange method.

Type: String

Length Constraints: Minimum length of 48. Maximum length of 16384.

Required: Yes

WrappedKeyMaterialFormat

The key block format of a wrapped key.

Type: String

Valid Values: KEY_CRYPTOGRAM | TR31_KEY_BLOCK | TR34_KEY_BLOCK

Required: Yes

WrappingKeyArn

The KeyARN of the wrapped key.

Type: String

Length Constraints: Minimum length of 70. Maximum length of 150.

Pattern: arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:key/[0-9a-zA-Z]{16,64}

Required: Yes

KeyCheckValue

The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

Type: String

Length Constraints: Minimum length of 4. Maximum length of 16.

Pattern: [0-9a-fA-F]+

Required: No

KeyCheckValueAlgorithm

The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

Type: String

Valid Values: CMAC | ANSI_X9_24

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3