Skip to content

/AWS1/CL_PCYKEY

Metadata about an Amazon Web Services Payment Cryptography key.

CONSTRUCTOR

IMPORTING

Required arguments:

iv_keyarn TYPE /AWS1/PCYKEYARN /AWS1/PCYKEYARN

The Amazon Resource Name (ARN) of the key.

io_keyattributes TYPE REF TO /AWS1/CL_PCYKEYATTRIBUTES /AWS1/CL_PCYKEYATTRIBUTES

The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

iv_keycheckvalue TYPE /AWS1/PCYKEYCHECKVALUE /AWS1/PCYKEYCHECKVALUE

The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

iv_keycheckvaluealgorithm TYPE /AWS1/PCYKEYCHECKVALUEALG /AWS1/PCYKEYCHECKVALUEALG

The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

iv_enabled TYPE /AWS1/PCYBOOLEAN /AWS1/PCYBOOLEAN

Specifies whether the key is enabled.

iv_exportable TYPE /AWS1/PCYBOOLEAN /AWS1/PCYBOOLEAN

Specifies whether the key is exportable. This data is immutable after the key is created.

iv_keystate TYPE /AWS1/PCYKEYSTATE /AWS1/PCYKEYSTATE

The state of key that is being created or deleted.

iv_keyorigin TYPE /AWS1/PCYKEYORIGIN /AWS1/PCYKEYORIGIN

The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.

iv_createtimestamp TYPE /AWS1/PCYTIMESTAMP /AWS1/PCYTIMESTAMP

The date and time when the key was created.

Optional arguments:

iv_usagestarttimestamp TYPE /AWS1/PCYTIMESTAMP /AWS1/PCYTIMESTAMP

The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.

iv_usagestoptimestamp TYPE /AWS1/PCYTIMESTAMP /AWS1/PCYTIMESTAMP

The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.

iv_deletependingtimestamp TYPE /AWS1/PCYTIMESTAMP /AWS1/PCYTIMESTAMP

The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when KeyState is DELETE_PENDING and the key is scheduled for deletion.

iv_deletetimestamp TYPE /AWS1/PCYTIMESTAMP /AWS1/PCYTIMESTAMP

The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment Cryptography key is deleted.

iv_derivekeyusage TYPE /AWS1/PCYDERIVEKEYUSAGE /AWS1/PCYDERIVEKEYUSAGE

The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.

iv_multiregionkeytype TYPE /AWS1/PCYMULTIREGIONKEYTYPE /AWS1/PCYMULTIREGIONKEYTYPE

Indicates whether this key is a multi-region key and its role in the multi-region key hierarchy.

Multi-region keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a primary key (which can be replicated to other regions) or a replica key (which is a copy of a primary key in another region).

iv_primaryregion TYPE /AWS1/PCYREGION /AWS1/PCYREGION

PrimaryRegion

it_replicationstatus TYPE /AWS1/CL_PCYREPLSTATUSTYPE=>TT_REPLICATIONSTATUS TT_REPLICATIONSTATUS

Information about the replication status of the key across different regions.

This field provides details about the current state of key replication, including any status messages or operational information. It helps track the progress and health of key replication operations.

iv_usingdefaultreplregions TYPE /AWS1/PCYBOOLEAN /AWS1/PCYBOOLEAN

Indicates whether this key is using the account's default replication regions configuration.

When set to true, the key automatically replicates to the regions specified in the account's default replication settings. When set to false, the key has a custom replication configuration that overrides the account defaults.

Queryable Attributes

KeyArn

The Amazon Resource Name (ARN) of the key.

Accessible with the following methods

Method Description
GET_KEYARN() Getter for KEYARN, with configurable default
ASK_KEYARN() Getter for KEYARN w/ exceptions if field has no value
HAS_KEYARN() Determine if KEYARN has a value

KeyAttributes

The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

Accessible with the following methods

Method Description
GET_KEYATTRIBUTES() Getter for KEYATTRIBUTES

KeyCheckValue

The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

Accessible with the following methods

Method Description
GET_KEYCHECKVALUE() Getter for KEYCHECKVALUE, with configurable default
ASK_KEYCHECKVALUE() Getter for KEYCHECKVALUE w/ exceptions if field has no value
HAS_KEYCHECKVALUE() Determine if KEYCHECKVALUE has a value

KeyCheckValueAlgorithm

The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

Accessible with the following methods

Method Description
GET_KEYCHECKVALUEALGORITHM() Getter for KEYCHECKVALUEALGORITHM, with configurable default
ASK_KEYCHECKVALUEALGORITHM() Getter for KEYCHECKVALUEALGORITHM w/ exceptions if field has
HAS_KEYCHECKVALUEALGORITHM() Determine if KEYCHECKVALUEALGORITHM has a value

Enabled

Specifies whether the key is enabled.

Accessible with the following methods

Method Description
GET_ENABLED() Getter for ENABLED, with configurable default
ASK_ENABLED() Getter for ENABLED w/ exceptions if field has no value
HAS_ENABLED() Determine if ENABLED has a value

Exportable

Specifies whether the key is exportable. This data is immutable after the key is created.

Accessible with the following methods

Method Description
GET_EXPORTABLE() Getter for EXPORTABLE, with configurable default
ASK_EXPORTABLE() Getter for EXPORTABLE w/ exceptions if field has no value
HAS_EXPORTABLE() Determine if EXPORTABLE has a value

KeyState

The state of key that is being created or deleted.

Accessible with the following methods

Method Description
GET_KEYSTATE() Getter for KEYSTATE, with configurable default
ASK_KEYSTATE() Getter for KEYSTATE w/ exceptions if field has no value
HAS_KEYSTATE() Determine if KEYSTATE has a value

KeyOrigin

The source of the key material. For keys created within Amazon Web Services Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into Amazon Web Services Payment Cryptography, the value is EXTERNAL.

Accessible with the following methods

Method Description
GET_KEYORIGIN() Getter for KEYORIGIN, with configurable default
ASK_KEYORIGIN() Getter for KEYORIGIN w/ exceptions if field has no value
HAS_KEYORIGIN() Determine if KEYORIGIN has a value

CreateTimestamp

The date and time when the key was created.

Accessible with the following methods

Method Description
GET_CREATETIMESTAMP() Getter for CREATETIMESTAMP, with configurable default
ASK_CREATETIMESTAMP() Getter for CREATETIMESTAMP w/ exceptions if field has no val
HAS_CREATETIMESTAMP() Determine if CREATETIMESTAMP has a value

UsageStartTimestamp

The date and time after which Amazon Web Services Payment Cryptography will start using the key material for cryptographic operations.

Accessible with the following methods

Method Description
GET_USAGESTARTTIMESTAMP() Getter for USAGESTARTTIMESTAMP, with configurable default
ASK_USAGESTARTTIMESTAMP() Getter for USAGESTARTTIMESTAMP w/ exceptions if field has no
HAS_USAGESTARTTIMESTAMP() Determine if USAGESTARTTIMESTAMP has a value

UsageStopTimestamp

The date and time after which Amazon Web Services Payment Cryptography will stop using the key material for cryptographic operations.

Accessible with the following methods

Method Description
GET_USAGESTOPTIMESTAMP() Getter for USAGESTOPTIMESTAMP, with configurable default
ASK_USAGESTOPTIMESTAMP() Getter for USAGESTOPTIMESTAMP w/ exceptions if field has no
HAS_USAGESTOPTIMESTAMP() Determine if USAGESTOPTIMESTAMP has a value

DeletePendingTimestamp

The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when KeyState is DELETE_PENDING and the key is scheduled for deletion.

Accessible with the following methods

Method Description
GET_DELETEPENDINGTIMESTAMP() Getter for DELETEPENDINGTIMESTAMP, with configurable default
ASK_DELETEPENDINGTIMESTAMP() Getter for DELETEPENDINGTIMESTAMP w/ exceptions if field has
HAS_DELETEPENDINGTIMESTAMP() Determine if DELETEPENDINGTIMESTAMP has a value

DeleteTimestamp

The date and time after which Amazon Web Services Payment Cryptography will delete the key. This value is present only when when the KeyState is DELETE_COMPLETE and the Amazon Web Services Payment Cryptography key is deleted.

Accessible with the following methods

Method Description
GET_DELETETIMESTAMP() Getter for DELETETIMESTAMP, with configurable default
ASK_DELETETIMESTAMP() Getter for DELETETIMESTAMP w/ exceptions if field has no val
HAS_DELETETIMESTAMP() Determine if DELETETIMESTAMP has a value

DeriveKeyUsage

The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.

Accessible with the following methods

Method Description
GET_DERIVEKEYUSAGE() Getter for DERIVEKEYUSAGE, with configurable default
ASK_DERIVEKEYUSAGE() Getter for DERIVEKEYUSAGE w/ exceptions if field has no valu
HAS_DERIVEKEYUSAGE() Determine if DERIVEKEYUSAGE has a value

MultiRegionKeyType

Indicates whether this key is a multi-region key and its role in the multi-region key hierarchy.

Multi-region keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a primary key (which can be replicated to other regions) or a replica key (which is a copy of a primary key in another region).

Accessible with the following methods

Method Description
GET_MULTIREGIONKEYTYPE() Getter for MULTIREGIONKEYTYPE, with configurable default
ASK_MULTIREGIONKEYTYPE() Getter for MULTIREGIONKEYTYPE w/ exceptions if field has no
HAS_MULTIREGIONKEYTYPE() Determine if MULTIREGIONKEYTYPE has a value

PrimaryRegion

PrimaryRegion

Accessible with the following methods

Method Description
GET_PRIMARYREGION() Getter for PRIMARYREGION, with configurable default
ASK_PRIMARYREGION() Getter for PRIMARYREGION w/ exceptions if field has no value
HAS_PRIMARYREGION() Determine if PRIMARYREGION has a value

ReplicationStatus

Information about the replication status of the key across different regions.

This field provides details about the current state of key replication, including any status messages or operational information. It helps track the progress and health of key replication operations.

Accessible with the following methods

Method Description
GET_REPLICATIONSTATUS() Getter for REPLICATIONSTATUS, with configurable default
ASK_REPLICATIONSTATUS() Getter for REPLICATIONSTATUS w/ exceptions if field has no v
HAS_REPLICATIONSTATUS() Determine if REPLICATIONSTATUS has a value

UsingDefaultReplicationRegions

Indicates whether this key is using the account's default replication regions configuration.

When set to true, the key automatically replicates to the regions specified in the account's default replication settings. When set to false, the key has a custom replication configuration that overrides the account defaults.

Accessible with the following methods

Method Description
GET_USINGDEFAULTREPLREGIONS() Getter for USINGDEFAULTREPLREGIONS, with configurable defaul
ASK_USINGDEFAULTREPLREGIONS() Getter for USINGDEFAULTREPLREGIONS w/ exceptions if field ha
HAS_USINGDEFAULTREPLREGIONS() Determine if USINGDEFAULTREPLREGIONS has a value