feat(client-payment-cryptography): The service adds support for transferring AES-256 and other keys between the service and other service providers and HSMs. This feature uses ECDH to derive a one-time key transport key to enable these secure key exchanges.

Author: awstools

clients/client-payment-cryptography/src/commands/CreateKeyCommand.ts

@@ -90,6 +90,7 @@ export interface CreateKeyCommandOutput extends CreateKeyOutput, __MetadataBeare
  *       Value: "STRING_VALUE", // required
  *     },
  *   ],
+ *   DeriveKeyUsage: "STRING_VALUE",
  * };
  * const command = new CreateKeyCommand(input);
  * const response = await client.send(command);
@@ -123,6 +124,7 @@ export interface CreateKeyCommandOutput extends CreateKeyOutput, __MetadataBeare
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-payment-cryptography/src/commands/DeleteKeyCommand.ts

@@ -99,6 +99,7 @@ export interface DeleteKeyCommandOutput extends DeleteKeyOutput, __MetadataBeare
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-payment-cryptography/src/commands/ExportKeyCommand.ts

@@ -197,6 +197,35 @@ export interface ExportKeyCommandOutput extends ExportKeyOutput, __MetadataBeare
  *       WrappingKeyCertificate: "STRING_VALUE", // required
  *       WrappingSpec: "STRING_VALUE",
  *     },
+ *     DiffieHellmanTr31KeyBlock: { // ExportDiffieHellmanTr31KeyBlock
+ *       PrivateKeyIdentifier: "STRING_VALUE", // required
+ *       CertificateAuthorityPublicKeyIdentifier: "STRING_VALUE", // required
+ *       PublicKeyCertificate: "STRING_VALUE", // required
+ *       DeriveKeyAlgorithm: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256", // required
+ *       KeyDerivationFunction: "NIST_SP800" || "ANSI_X963", // required
+ *       KeyDerivationHashAlgorithm: "SHA_256" || "SHA_384" || "SHA_512", // required
+ *       DerivationData: { // DiffieHellmanDerivationData Union: only one key present
+ *         SharedInformation: "STRING_VALUE",
+ *       },
+ *       KeyBlockHeaders: {
+ *         KeyModesOfUse: {
+ *           Encrypt: true || false,
+ *           Decrypt: true || false,
+ *           Wrap: true || false,
+ *           Unwrap: true || false,
+ *           Generate: true || false,
+ *           Sign: true || false,
+ *           Verify: true || false,
+ *           DeriveKey: true || false,
+ *           NoRestrictions: true || false,
+ *         },
+ *         KeyExportability: "STRING_VALUE",
+ *         KeyVersion: "STRING_VALUE",
+ *         OptionalBlocks: {
+ *           "<keys>": "STRING_VALUE",
+ *         },
+ *       },
+ *     },
  *   },
  *   ExportKeyIdentifier: "STRING_VALUE", // required
  *   ExportAttributes: { // ExportAttributes

clients/client-payment-cryptography/src/commands/GetKeyCommand.ts

@@ -96,6 +96,7 @@ export interface GetKeyCommandOutput extends GetKeyOutput, __MetadataBearer {}
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-payment-cryptography/src/commands/ImportKeyCommand.ts

@@ -40,10 +40,6 @@ export interface ImportKeyCommandOutput extends ImportKeyOutput, __MetadataBeare
  *          <p>
  *             <b>To import a public root key certificate</b>
  *          </p>
- *          <p>You can also import a <i>root public key certificate</i>, used to sign other public key certificates, or a <i>trusted public key certificate</i> under an already established root public key certificate.</p>
- *          <p>
- *             <b>To import a public root key certificate</b>
- *          </p>
  *          <p>Using this operation, you can import the public component (in PEM cerificate format) of your private root key. You can use the imported public root key certificate for digital signatures, for example signing wrapping key or signing key in TR-34, within your Amazon Web Services Payment Cryptography account.</p>
  *          <p>Set the following parameters:</p>
  *          <ul>
@@ -245,6 +241,18 @@ export interface ImportKeyCommandOutput extends ImportKeyOutput, __MetadataBeare
  *       ImportToken: "STRING_VALUE", // required
  *       WrappingSpec: "STRING_VALUE",
  *     },
+ *     DiffieHellmanTr31KeyBlock: { // ImportDiffieHellmanTr31KeyBlock
+ *       PrivateKeyIdentifier: "STRING_VALUE", // required
+ *       CertificateAuthorityPublicKeyIdentifier: "STRING_VALUE", // required
+ *       PublicKeyCertificate: "STRING_VALUE", // required
+ *       DeriveKeyAlgorithm: "TDES_2KEY" || "TDES_3KEY" || "AES_128" || "AES_192" || "AES_256", // required
+ *       KeyDerivationFunction: "NIST_SP800" || "ANSI_X963", // required
+ *       KeyDerivationHashAlgorithm: "SHA_256" || "SHA_384" || "SHA_512", // required
+ *       DerivationData: { // DiffieHellmanDerivationData Union: only one key present
+ *         SharedInformation: "STRING_VALUE",
+ *       },
+ *       WrappedKeyBlock: "STRING_VALUE", // required
+ *     },
  *   },
  *   KeyCheckValueAlgorithm: "STRING_VALUE",
  *   Enabled: true || false,
@@ -287,6 +295,7 @@ export interface ImportKeyCommandOutput extends ImportKeyOutput, __MetadataBeare
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-payment-cryptography/src/commands/RestoreKeyCommand.ts

@@ -98,6 +98,7 @@ export interface RestoreKeyCommandOutput extends RestoreKeyOutput, __MetadataBea
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-payment-cryptography/src/commands/StartKeyUsageCommand.ts

@@ -86,6 +86,7 @@ export interface StartKeyUsageCommandOutput extends StartKeyUsageOutput, __Metad
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *

clients/client-payment-cryptography/src/commands/StopKeyUsageCommand.ts

@@ -92,6 +92,7 @@ export interface StopKeyUsageCommandOutput extends StopKeyUsageOutput, __Metadat
  * //     UsageStopTimestamp: new Date("TIMESTAMP"),
  * //     DeletePendingTimestamp: new Date("TIMESTAMP"),
  * //     DeleteTimestamp: new Date("TIMESTAMP"),
+ * //     DeriveKeyUsage: "STRING_VALUE",
  * //   },
  * // };
  *