DukptDerivationAttributes

Parameters required for encryption or decryption of data using DUKPT.

Contents

KeySerialNumber

The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.

Type: String

Length Constraints: Minimum length of 10. Maximum length of 24.

Pattern: [0-9a-fA-F]+

Required: Yes

DukptKeyDerivationType

The key type derived using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use AES_128 as a derivation type for a BDK of AES_128 or TDES_2KEY

Type: String

Valid Values: TDES_2KEY | TDES_3KEY | AES_128 | AES_192 | AES_256

Required: No

DukptKeyVariant

The type of use of DUKPT, which can be for incoming data decryption, outgoing data encryption, or both.

Type: String

Valid Values: BIDIRECTIONAL | REQUEST | RESPONSE

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3