Documentation ¶
Overview ¶
Package paymentcryptographydata provides the API client, operations, and parameter types for Payment Cryptography Data Plane.
You use the Amazon Web Services Payment Cryptography Data Plane to manage how encryption keys are used for payment-related transaction processing and associated cryptographic operations. You can encrypt, decrypt, generate, verify, and translate payment-related cryptographic operations in Amazon Web Services Payment Cryptography. For more information, see Data operationsin the Amazon Web Services Payment Cryptography User Guide.
To manage your encryption keys, you use the Amazon Web Services Payment Cryptography Control Plane. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys.
Index ¶
- Constants
- func NewDefaultEndpointResolver() *internalendpoints.Resolver
- func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)
- func WithEndpointResolver(v EndpointResolver) func(*Options)deprecated
- func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)
- func WithSigV4SigningName(name string) func(*Options)
- func WithSigV4SigningRegion(region string) func(*Options)
- type AuthResolverParameters
- type AuthSchemeResolver
- type Client
- func (c *Client) DecryptData(ctx context.Context, params *DecryptDataInput, optFns ...func(*Options)) (*DecryptDataOutput, error)
- func (c *Client) EncryptData(ctx context.Context, params *EncryptDataInput, optFns ...func(*Options)) (*EncryptDataOutput, error)
- func (c *Client) GenerateCardValidationData(ctx context.Context, params *GenerateCardValidationDataInput, ...) (*GenerateCardValidationDataOutput, error)
- func (c *Client) GenerateMac(ctx context.Context, params *GenerateMacInput, optFns ...func(*Options)) (*GenerateMacOutput, error)
- func (c *Client) GenerateMacEmvPinChange(ctx context.Context, params *GenerateMacEmvPinChangeInput, ...) (*GenerateMacEmvPinChangeOutput, error)
- func (c *Client) GeneratePinData(ctx context.Context, params *GeneratePinDataInput, optFns ...func(*Options)) (*GeneratePinDataOutput, error)
- func (c *Client) Options() Options
- func (c *Client) ReEncryptData(ctx context.Context, params *ReEncryptDataInput, optFns ...func(*Options)) (*ReEncryptDataOutput, error)
- func (c *Client) TranslatePinData(ctx context.Context, params *TranslatePinDataInput, optFns ...func(*Options)) (*TranslatePinDataOutput, error)
- func (c *Client) VerifyAuthRequestCryptogram(ctx context.Context, params *VerifyAuthRequestCryptogramInput, ...) (*VerifyAuthRequestCryptogramOutput, error)
- func (c *Client) VerifyCardValidationData(ctx context.Context, params *VerifyCardValidationDataInput, ...) (*VerifyCardValidationDataOutput, error)
- func (c *Client) VerifyMac(ctx context.Context, params *VerifyMacInput, optFns ...func(*Options)) (*VerifyMacOutput, error)
- func (c *Client) VerifyPinData(ctx context.Context, params *VerifyPinDataInput, optFns ...func(*Options)) (*VerifyPinDataOutput, error)
- type DecryptDataInput
- type DecryptDataOutput
- type EncryptDataInput
- type EncryptDataOutput
- type EndpointParameters
- type EndpointResolver
- type EndpointResolverFunc
- type EndpointResolverOptions
- type EndpointResolverV2
- type GenerateCardValidationDataInput
- type GenerateCardValidationDataOutput
- type GenerateMacEmvPinChangeInput
- type GenerateMacEmvPinChangeOutput
- type GenerateMacInput
- type GenerateMacOutput
- type GeneratePinDataInput
- type GeneratePinDataOutput
- type HTTPClient
- type HTTPSignerV4
- type Options
- type ReEncryptDataInput
- type ReEncryptDataOutput
- type ResolveEndpoint
- type TranslatePinDataInput
- type TranslatePinDataOutput
- type VerifyAuthRequestCryptogramInput
- type VerifyAuthRequestCryptogramOutput
- type VerifyCardValidationDataInput
- type VerifyCardValidationDataOutput
- type VerifyMacInput
- type VerifyMacOutput
- type VerifyPinDataInput
- type VerifyPinDataOutput
Constants ¶
const ServiceAPIVersion = "2022-02-03"
const ServiceID = "Payment Cryptography Data"
Variables ¶
This section is empty.
Functions ¶
func NewDefaultEndpointResolver ¶
func NewDefaultEndpointResolver() *internalendpoints.Resolver
NewDefaultEndpointResolver constructs a new service endpoint resolver
func WithAPIOptions ¶
func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)
WithAPIOptions returns a functional option for setting the Client's APIOptions option.
func WithEndpointResolver
deprecated
func WithEndpointResolver(v EndpointResolver) func(*Options)
Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for this field will likely prevent you from using any endpoint-related service features released after the introduction of EndpointResolverV2 and BaseEndpoint.
To migrate an EndpointResolver implementation that uses a custom endpoint, set the client option BaseEndpoint instead.
func WithEndpointResolverV2 ¶ added in v1.1.0
func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)
WithEndpointResolverV2 returns a functional option for setting the Client's EndpointResolverV2 option.
func WithSigV4SigningName ¶ added in v1.4.2
WithSigV4SigningName applies an override to the authentication workflow to use the given signing name for SigV4-authenticated operations.
This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing name from both auth scheme resolution and endpoint resolution.
func WithSigV4SigningRegion ¶ added in v1.4.2
WithSigV4SigningRegion applies an override to the authentication workflow to use the given signing region for SigV4-authenticated operations.
This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing region from both auth scheme resolution and endpoint resolution.
Types ¶
type AuthResolverParameters ¶ added in v1.4.2
type AuthResolverParameters struct { // The name of the operation being invoked. Operation string // The region in which the operation is being invoked. Region string }
AuthResolverParameters contains the set of inputs necessary for auth scheme resolution.
type AuthSchemeResolver ¶ added in v1.4.2
type AuthSchemeResolver interface {
ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}
AuthSchemeResolver returns a set of possible authentication options for an operation.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client provides the API client to make operations call for Payment Cryptography Data Plane.
func New ¶
New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.
func NewFromConfig ¶
NewFromConfig returns a new client from the provided config.
func (*Client) DecryptData ¶
func (c *Client) DecryptData(ctx context.Context, params *DecryptDataInput, optFns ...func(*Options)) (*DecryptDataOutput, error)
Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Decrypt datain the Amazon Web Services Payment Cryptography User Guide.
You can use an decryption key generated within Amazon Web Services Payment Cryptography, or you can import your own decryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Decrypt . In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate.
This operation also supports dynamic keys, allowing you to pass a dynamic decryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To decrypt using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped decryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see Using Dynamic Keysin the Amazon Web Services Payment Cryptography User Guide.
For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV decryption, Amazon Web Services Payment Cryptography supports TDES algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA .
When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
EncryptData ¶
func (*Client) EncryptData ¶
func (c *Client) EncryptData(ctx context.Context, params *EncryptDataInput, optFns ...func(*Options)) (*EncryptDataOutput, error)
Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt datain the Amazon Web Services Payment Cryptography User Guide.
You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey.
For this operation, the key must have KeyModesOfUse set to Encrypt . In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey.
This operation also supports dynamic keys, allowing you to pass a dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To encrypt using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped encryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see Using Dynamic Keysin the Amazon Web Services Payment Cryptography User Guide.
For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports TDES algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA .
When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.
To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with KeyModesOfUse set to DeriveKey , or you can generate a new DUKPT key by calling CreateKey. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with KeyModesOfUse set to DeriveKey .
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
DecryptData ¶
ReEncryptData ¶
func (*Client) GenerateCardValidationData ¶
func (c *Client) GenerateCardValidationData(ctx context.Context, params *GenerateCardValidationDataInput, optFns ...func(*Options)) (*GenerateCardValidationDataOutput, error)
Generates card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see Generate card datain the Amazon Web Services Payment Cryptography User Guide.
This operation generates a CVV or CSC value that is printed on a payment credit or debit card during card production. The CVV or CSC, PAN (Primary Account Number) and expiration date of the card are required to check its validity during transaction processing. To begin this operation, a CVK (Card Verification Key) encryption key is required. You can use CreateKeyor ImportKey to establish a CVK within Amazon Web Services Payment Cryptography. The KeyModesOfUse should be set to Generate and Verify for a CVK encryption key.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
VerifyCardValidationData ¶
func (*Client) GenerateMac ¶
func (c *Client) GenerateMac(ctx context.Context, params *GenerateMacInput, optFns ...func(*Options)) (*GenerateMacOutput, error)
Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.
You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.
You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they key must have KeyModesOfUse set to Generate and Verify .
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
VerifyMac ¶
func (*Client) GenerateMacEmvPinChange ¶ added in v1.15.0
func (c *Client) GenerateMacEmvPinChange(ctx context.Context, params *GenerateMacEmvPinChangeInput, optFns ...func(*Options)) (*GenerateMacEmvPinChangeOutput, error)
Generates an issuer script mac for EMV payment cards that use offline PINs as the cardholder verification method (CVM).
This operation generates an authenticated issuer script response by appending the incoming message data (APDU command) with the target encrypted PIN block in ISO2 format. The command structure and method to send the issuer script update to the card is not defined by this operation and is typically determined by the applicable payment card scheme.
The primary inputs to this operation include the incoming new encrypted pinblock, PIN encryption key (PEK), issuer master key (IMK), primary account number (PAN), and the payment card derivation method.
The operation uses two issuer master keys - secure messaging for confidentiality (IMK-SMC) and secure messaging for integrity (IMK-SMI). The SMC key is used to internally derive a key to secure the pin, while SMI key is used to internally derive a key to authenticate the script reponse as per the EMV 4.4 - Book 2 - Security and Key Management specification.
This operation supports Amex, EMV2000, EMVCommon, Mastercard and Visa derivation methods, each requiring specific input parameters. Users must follow the specific derivation method and input parameters defined by the respective payment card scheme.
Use GenerateMac operation when sending a script update to an EMV card that does not involve PIN change. When assigning IAM permissions, it is important to understand that EncryptDatausing EMV keys and GenerateMac perform similar functions to this command.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
EncryptData ¶
GenerateMac ¶
func (*Client) GeneratePinData ¶
func (c *Client) GeneratePinData(ctx context.Context, params *GeneratePinDataInput, optFns ...func(*Options)) (*GeneratePinDataOutput, error)
Generates pin-related data such as PIN, PIN Verification Value (PVV), PIN Block, and PIN Offset during new card issuance or reissuance. For more information, see Generate PIN datain the Amazon Web Services Payment Cryptography User Guide.
PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation generates PIN, PVV, or PIN Offset and then encrypts it using Pin Encryption Key (PEK) to create an EncryptedPinBlock for transmission from Amazon Web Services Payment Cryptography. This operation uses a separate Pin Verification Key (PVK) for VISA PVV generation.
Using ECDH key exchange, you can receive cardholder selectable PINs into Amazon Web Services Payment Cryptography. The ECDH derived key protects the incoming PIN block. You can also use it for reveal PIN, wherein the generated PIN block is protected by the ECDH derived key before transmission from Amazon Web Services Payment Cryptography. For more information on establishing ECDH derived keys, see the Generating keysin the Amazon Web Services Payment Cryptography User Guide.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
GenerateCardValidationData ¶
TranslatePinData ¶
VerifyPinData ¶
func (*Client) Options ¶ added in v1.5.0
Options returns a copy of the client configuration.
Callers SHOULD NOT perform mutations on any inner structures within client config. Config overrides should instead be made on a per-operation basis through functional options.
func (*Client) ReEncryptData ¶
func (c *Client) ReEncryptData(ctx context.Context, params *ReEncryptDataInput, optFns ...func(*Options)) (*ReEncryptDataOutput, error)
Re-encrypt ciphertext using DUKPT or Symmetric data encryption keys.
You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKeyor import your own encryption key by calling ImportKey. The KeyArn for use with this operation must be in a compatible key state with KeyModesOfUse set to Encrypt .
This operation also supports dynamic keys, allowing you to pass a dynamic encryption key as a TR-31 WrappedKeyBlock. This can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To re-encrypt using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped encryption key material. The incoming wrapped key shall have a key purpose of D0 with a mode of use of B or D. For more information, see Using Dynamic Keysin the Amazon Web Services Payment Cryptography User Guide.
For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. To encrypt using DUKPT, a DUKPT key must already exist within your account with KeyModesOfUse set to DeriveKey or a new DUKPT can be generated by calling CreateKey.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
DecryptData ¶
EncryptData ¶
func (*Client) TranslatePinData ¶
func (c *Client) TranslatePinData(ctx context.Context, params *TranslatePinDataInput, optFns ...func(*Options)) (*TranslatePinDataOutput, error)
Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN datain the Amazon Web Services Payment Cryptography User Guide.
PIN block translation involves changing a PIN block from one encryption key to another and optionally change its format. PIN block translation occurs entirely within the HSM boundary and PIN data never enters or leaves Amazon Web Services Payment Cryptography in clear text. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK.
Amazon Web Services Payment Cryptography also supports use of dynamic keys and ECDH (Elliptic Curve Diffie-Hellman) based key exchange for this operation.
Dynamic keys allow you to pass a PEK as a TR-31 WrappedKeyBlock. They can be used when key material is frequently rotated, such as during every card transaction, and there is need to avoid importing short-lived keys into Amazon Web Services Payment Cryptography. To translate PIN block using dynamic keys, the keyARN is the Key Encryption Key (KEK) of the TR-31 wrapped PEK. The incoming wrapped key shall have a key purpose of P0 with a mode of use of B or D. For more information, see Using Dynamic Keysin the Amazon Web Services Payment Cryptography User Guide.
Using ECDH key exchange, you can receive cardholder selectable PINs into Amazon Web Services Payment Cryptography. The ECDH derived key protects the incoming PIN block, which is translated to a PEK encrypted PIN block for use within the service. You can also use ECDH for reveal PIN, wherein the service translates the PIN block from PEK to a ECDH derived encryption key. For more information on establishing ECDH derived keys, see the Generating keysin the Amazon Web Services Payment Cryptography User Guide.
The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
GeneratePinData ¶
VerifyPinData ¶
func (*Client) VerifyAuthRequestCryptogram ¶
func (c *Client) VerifyAuthRequestCryptogram(ctx context.Context, params *VerifyAuthRequestCryptogramInput, optFns ...func(*Options)) (*VerifyAuthRequestCryptogramOutput, error)
Verifies Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization. For more information, see Verify auth request cryptogramin the Amazon Web Services Payment Cryptography User Guide.
ARQC generation is done outside of Amazon Web Services Payment Cryptography and is typically generated on a point of sale terminal for an EMV chip card to obtain payment authorization during transaction time. For ARQC verification, you must first import the ARQC generated outside of Amazon Web Services Payment Cryptography by calling ImportKey. This operation uses the imported ARQC and an major encryption key (DUKPT) created by calling CreateKeyto either provide a boolean ARQC verification result or provide an APRC (Authorization Response Cryptogram) response using Method 1 or Method 2. The ARPC_METHOD_1 uses AuthResponseCode to generate ARPC and ARPC_METHOD_2 uses CardStatusUpdate to generate ARPC.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
VerifyCardValidationData ¶
VerifyPinData ¶
func (*Client) VerifyCardValidationData ¶
func (c *Client) VerifyCardValidationData(ctx context.Context, params *VerifyCardValidationDataInput, optFns ...func(*Options)) (*VerifyCardValidationDataOutput, error)
Verifies card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC). For more information, see Verify card datain the Amazon Web Services Payment Cryptography User Guide.
This operation validates the CVV or CSC codes that is printed on a payment credit or debit card during card payment transaction. The input values are typically provided as part of an inbound transaction to an issuer or supporting platform partner. Amazon Web Services Payment Cryptography uses CVV or CSC, PAN (Primary Account Number) and expiration date of the card to check its validity during transaction processing. In this operation, the CVK (Card Verification Key) encryption key for use with card data verification is same as the one in used for GenerateCardValidationData.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
GenerateCardValidationData ¶
VerifyAuthRequestCryptogram ¶
VerifyPinData ¶
func (*Client) VerifyMac ¶
func (c *Client) VerifyMac(ctx context.Context, params *VerifyMacInput, optFns ...func(*Options)) (*VerifyMacOutput, error)
Verifies a Message Authentication Code (MAC).
You can use this operation to verify MAC for message data authentication such as . In this operation, you must use the same message data, secret encryption key and MAC algorithm that was used to generate MAC. You can use this operation to verify a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
GenerateMac ¶
func (*Client) VerifyPinData ¶
func (c *Client) VerifyPinData(ctx context.Context, params *VerifyPinDataInput, optFns ...func(*Options)) (*VerifyPinDataOutput, error)
Verifies pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624. For more information, see Verify PIN datain the Amazon Web Services Payment Cryptography User Guide.
This operation verifies PIN data for user payment card. A card holder PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation uses PIN Verification Key (PVK) for PIN or PIN Offset generation and then encrypts it using PIN Encryption Key (PEK) to create an EncryptedPinBlock for transmission from Amazon Web Services Payment Cryptography.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
GeneratePinData ¶
TranslatePinData ¶
type DecryptDataInput ¶
type DecryptDataInput struct { // The ciphertext to decrypt. // // This member is required. CipherText *string // The encryption key type and attributes for ciphertext decryption. // // This member is required. DecryptionAttributes types.EncryptionDecryptionAttributes // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses for ciphertext decryption. // // When a WrappedKeyBlock is provided, this value will be the identifier to the // key wrapping key. Otherwise, it is the key identifier used to perform the // operation. // // This member is required. KeyIdentifier *string // The WrappedKeyBlock containing the encryption key for ciphertext decryption. WrappedKey *types.WrappedKey // contains filtered or unexported fields }
type DecryptDataOutput ¶
type DecryptDataOutput struct { // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses for ciphertext decryption. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // The decrypted plaintext data in hexBinary format. // // This member is required. PlainText *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type EncryptDataInput ¶
type EncryptDataInput struct { // The encryption key type and attributes for plaintext encryption. // // This member is required. EncryptionAttributes types.EncryptionDecryptionAttributes // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses for plaintext encryption. // // When a WrappedKeyBlock is provided, this value will be the identifier to the // key wrapping key. Otherwise, it is the key identifier used to perform the // operation. // // This member is required. KeyIdentifier *string // The plaintext to be encrypted. // // For encryption using asymmetric keys, plaintext data length is constrained by // encryption key strength that you define in KeyAlgorithm and padding type that // you define in AsymmetricEncryptionAttributes . For more information, see [Encrypt data] in // the Amazon Web Services Payment Cryptography User Guide. // // [Encrypt data]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html // // This member is required. PlainText *string // The WrappedKeyBlock containing the encryption key for plaintext encryption. WrappedKey *types.WrappedKey // contains filtered or unexported fields }
type EncryptDataOutput ¶
type EncryptDataOutput struct { // The encrypted ciphertext. // // This member is required. CipherText *string // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses for plaintext encryption. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. KeyCheckValue *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type EndpointParameters ¶ added in v1.1.0
type EndpointParameters struct { // The AWS region used to dispatch the request. // // Parameter is // required. // // AWS::Region Region *string // When true, use the dual-stack endpoint. If the configured endpoint does not // support dual-stack, dispatching the request MAY return an error. // // Defaults to // false if no value is provided. // // AWS::UseDualStack UseDualStack *bool // When true, send this request to the FIPS-compliant regional endpoint. If the // configured endpoint does not have a FIPS compliant endpoint, dispatching the // request will return an error. // // Defaults to false if no value is // provided. // // AWS::UseFIPS UseFIPS *bool // Override the endpoint used to send this request // // Parameter is // required. // // SDK::Endpoint Endpoint *string }
EndpointParameters provides the parameters that influence how endpoints are resolved.
func (EndpointParameters) ValidateRequired ¶ added in v1.1.0
func (p EndpointParameters) ValidateRequired() error
ValidateRequired validates required parameters are set.
func (EndpointParameters) WithDefaults ¶ added in v1.1.0
func (p EndpointParameters) WithDefaults() EndpointParameters
WithDefaults returns a shallow copy of EndpointParameterswith default values applied to members where applicable.
type EndpointResolver ¶
type EndpointResolver interface {
ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}
EndpointResolver interface for resolving service endpoints.
func EndpointResolverFromURL ¶
func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver
EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.
type EndpointResolverFunc ¶
type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)
EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.
func (EndpointResolverFunc) ResolveEndpoint ¶
func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)
type EndpointResolverOptions ¶
type EndpointResolverOptions = internalendpoints.Options
EndpointResolverOptions is the service endpoint resolver options
type EndpointResolverV2 ¶ added in v1.1.0
type EndpointResolverV2 interface { // ResolveEndpoint attempts to resolve the endpoint with the provided options, // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) }
EndpointResolverV2 provides the interface for resolving service endpoints.
func NewDefaultEndpointResolverV2 ¶ added in v1.1.0
func NewDefaultEndpointResolverV2() EndpointResolverV2
type GenerateCardValidationDataInput ¶
type GenerateCardValidationDataInput struct { // The algorithm for generating CVV or CSC values for the card within Amazon Web // Services Payment Cryptography. // // This member is required. GenerationAttributes types.CardGenerationAttributes // The keyARN of the CVK encryption key that Amazon Web Services Payment // Cryptography uses to generate card data. // // This member is required. KeyIdentifier *string // The Primary Account Number (PAN), a unique identifier for a payment credit or // debit card that associates the card with a specific account holder. // // This member is required. PrimaryAccountNumber *string // The length of the CVV or CSC to be generated. The default value is 3. ValidationDataLength *int32 // contains filtered or unexported fields }
type GenerateCardValidationDataOutput ¶
type GenerateCardValidationDataOutput struct { // The keyARN of the CVK encryption key that Amazon Web Services Payment // Cryptography uses to generate CVV or CSC. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // The CVV or CSC value that Amazon Web Services Payment Cryptography generates // for the card. // // This member is required. ValidationData *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type GenerateMacEmvPinChangeInput ¶ added in v1.15.0
type GenerateMacEmvPinChangeInput struct { // The attributes and data values to derive payment card specific confidentiality // and integrity keys. // // This member is required. DerivationMethodAttributes types.DerivationMethodAttributes // The message data is the APDU command from the card reader or terminal. The // target encrypted PIN block, after translation to ISO2 format, is appended to // this message data to generate an issuer script response. // // This member is required. MessageData *string // The incoming new encrypted PIN block data for offline pin change on an EMV card. // // This member is required. NewEncryptedPinBlock *string // The keyARN of the PEK protecting the incoming new encrypted PIN block. // // This member is required. NewPinPekIdentifier *string // The PIN encoding format of the incoming new encrypted PIN block as specified in // ISO 9564. // // This member is required. PinBlockFormat types.PinBlockFormatForEmvPinChange // The keyARN of the issuer master key (IMK-SMC) used to protect the PIN block // data in the issuer script response. // // This member is required. SecureMessagingConfidentialityKeyIdentifier *string // The keyARN of the issuer master key (IMK-SMI) used to authenticate the issuer // script response. // // This member is required. SecureMessagingIntegrityKeyIdentifier *string // contains filtered or unexported fields }
type GenerateMacEmvPinChangeOutput ¶ added in v1.15.0
type GenerateMacEmvPinChangeOutput struct { // Returns the incoming new encrpted PIN block. // // This member is required. EncryptedPinBlock *string // Returns the mac of the issuer script containing message data and appended // target encrypted pin block in ISO2 format. // // This member is required. Mac *string // Returns the keyArn of the PEK protecting the incoming new encrypted PIN block. // // This member is required. NewPinPekArn *string // The key check value (KCV) of the PEK uprotecting the incoming new encrypted PIN // block. // // This member is required. NewPinPekKeyCheckValue *string // Returns the keyArn of the IMK-SMC used by the operation. // // This member is required. SecureMessagingConfidentialityKeyArn *string // The key check value (KCV) of the SMC issuer master key used by the operation. // // This member is required. SecureMessagingConfidentialityKeyCheckValue *string // Returns the keyArn of the IMK-SMI used by the operation. // // This member is required. SecureMessagingIntegrityKeyArn *string // The key check value (KCV) of the SMI issuer master key used by the operation. // // This member is required. SecureMessagingIntegrityKeyCheckValue *string // The attribute values used for Amex and Visa derivation methods. VisaAmexDerivationOutputs *types.VisaAmexDerivationOutputs // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type GenerateMacInput ¶
type GenerateMacInput struct { // The attributes and data values to use for MAC generation within Amazon Web // Services Payment Cryptography. // // This member is required. GenerationAttributes types.MacAttributes // The keyARN of the MAC generation encryption key. // // This member is required. KeyIdentifier *string // The data for which a MAC is under generation. This value must be hexBinary. // // This member is required. MessageData *string // The length of a MAC under generation. MacLength *int32 // contains filtered or unexported fields }
type GenerateMacOutput ¶
type GenerateMacOutput struct { // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses for MAC generation. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // The MAC cryptogram generated within Amazon Web Services Payment Cryptography. // // This member is required. Mac *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type GeneratePinDataInput ¶
type GeneratePinDataInput struct { // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses to // encrypt the PIN Block. For ECDH, it is the keyARN of the asymmetric ECC key. // // This member is required. EncryptionKeyIdentifier *string // The attributes and values to use for PIN, PVV, or PIN Offset generation. // // This member is required. GenerationAttributes types.PinGenerationAttributes // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses for // pin data generation. // // This member is required. GenerationKeyIdentifier *string // The PIN encoding format for pin data generation as specified in ISO 9564. // Amazon Web Services Payment Cryptography supports ISO_Format_0 and ISO_Format_3 . // // The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and // ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports // a PIN from 4 to 12 digits in length. // // The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the // fill digits are random values from 10 to 15. // // This member is required. PinBlockFormat types.PinBlockFormatForPinData // The Primary Account Number (PAN), a unique identifier for a payment credit or // debit card that associates the card with a specific account holder. // // This member is required. PrimaryAccountNumber *string // Parameter information of a WrappedKeyBlock for encryption key exchange. EncryptionWrappedKey *types.WrappedKey // The length of PIN under generation. PinDataLength *int32 // contains filtered or unexported fields }
type GeneratePinDataOutput ¶
type GeneratePinDataOutput struct { // The PIN block encrypted under PEK from Amazon Web Services Payment // Cryptography. The encrypted PIN block is a composite of PAN (Primary Account // Number) and PIN (Personal Identification Number), generated in accordance with // ISO 9564 standard. // // This member is required. EncryptedPinBlock *string // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses for // encrypted pin block generation. For ECDH, it is the keyARN of the asymmetric // ECC key. // // This member is required. EncryptionKeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. EncryptionKeyCheckValue *string // The keyARN of the pin data generation key that Amazon Web Services Payment // Cryptography uses for PIN, PVV or PIN Offset generation. // // This member is required. GenerationKeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. GenerationKeyCheckValue *string // The attributes and values Amazon Web Services Payment Cryptography uses for pin // data generation. // // This member is required. PinData types.PinData // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type HTTPSignerV4 ¶
type Options ¶
type Options struct { // Set of options to modify how an operation is invoked. These apply to all // operations invoked for this client. Use functional options on operation call to // modify this list for per operation behavior. APIOptions []func(*middleware.Stack) error // The optional application specific identifier appended to the User-Agent header. AppID string // This endpoint will be given as input to an EndpointResolverV2. It is used for // providing a custom base endpoint that is subject to modifications by the // processing EndpointResolverV2. BaseEndpoint *string // Configures the events that will be sent to the configured logger. ClientLogMode aws.ClientLogMode // The credentials object to use when signing requests. Credentials aws.CredentialsProvider // The configuration DefaultsMode that the SDK should use when constructing the // clients initial default settings. DefaultsMode aws.DefaultsMode // The endpoint options to be used when attempting to resolve an endpoint. EndpointOptions EndpointResolverOptions // The service endpoint resolver. // // Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a // value for this field will likely prevent you from using any endpoint-related // service features released after the introduction of EndpointResolverV2 and // BaseEndpoint. // // To migrate an EndpointResolver implementation that uses a custom endpoint, set // the client option BaseEndpoint instead. EndpointResolver EndpointResolver // Resolves the endpoint used for a particular service operation. This should be // used over the deprecated EndpointResolver. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer HTTPSignerV4 HTTPSignerV4 // The logger writer interface to write logging messages to. Logger logging.Logger // The client meter provider. MeterProvider metrics.MeterProvider // The region to send requests to. (Required) Region string // RetryMaxAttempts specifies the maximum number attempts an API client will call // an operation that fails with a retryable error. A value of 0 is ignored, and // will not be used to configure the API client created default retryer, or modify // per operation call's retry max attempts. // // If specified in an operation call's functional options with a value that is // different than the constructed client's Options, the Client's Retryer will be // wrapped to use the operation's specific RetryMaxAttempts value. RetryMaxAttempts int // RetryMode specifies the retry mode the API client will be created with, if // Retryer option is not also specified. // // When creating a new API Clients this member will only be used if the Retryer // Options member is nil. This value will be ignored if Retryer is not nil. // // Currently does not support per operation call overrides, may in the future. RetryMode aws.RetryMode // Retryer guides how HTTP requests should be retried in case of recoverable // failures. When nil the API client will use a default retryer. The kind of // default retry created by the API client can be changed with the RetryMode // option. Retryer aws.Retryer // The RuntimeEnvironment configuration, only populated if the DefaultsMode is set // to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You // should not populate this structure programmatically, or rely on the values here // within your applications. RuntimeEnvironment aws.RuntimeEnvironment // The client tracer provider. TracerProvider tracing.TracerProvider // The HTTP client to invoke API calls with. Defaults to client's default HTTP // implementation if nil. HTTPClient HTTPClient // The auth scheme resolver which determines how to authenticate for each // operation. AuthSchemeResolver AuthSchemeResolver // The list of auth schemes supported by the client. AuthSchemes []smithyhttp.AuthScheme // contains filtered or unexported fields }
func (Options) GetIdentityResolver ¶ added in v1.4.2
func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver
type ReEncryptDataInput ¶
type ReEncryptDataInput struct { // Ciphertext to be encrypted. The minimum allowed length is 16 bytes and maximum // allowed length is 4096 bytes. // // This member is required. CipherText *string // The attributes and values for incoming ciphertext. // // This member is required. IncomingEncryptionAttributes types.ReEncryptionAttributes // The keyARN of the encryption key of incoming ciphertext data. // // When a WrappedKeyBlock is provided, this value will be the identifier to the // key wrapping key. Otherwise, it is the key identifier used to perform the // operation. // // This member is required. IncomingKeyIdentifier *string // The attributes and values for outgoing ciphertext data after encryption by // Amazon Web Services Payment Cryptography. // // This member is required. OutgoingEncryptionAttributes types.ReEncryptionAttributes // The keyARN of the encryption key of outgoing ciphertext data after encryption // by Amazon Web Services Payment Cryptography. // // This member is required. OutgoingKeyIdentifier *string // The WrappedKeyBlock containing the encryption key of incoming ciphertext data. IncomingWrappedKey *types.WrappedKey // The WrappedKeyBlock containing the encryption key of outgoing ciphertext data // after encryption by Amazon Web Services Payment Cryptography. OutgoingWrappedKey *types.WrappedKey // contains filtered or unexported fields }
type ReEncryptDataOutput ¶
type ReEncryptDataOutput struct { // The encrypted ciphertext. // // This member is required. CipherText *string // The keyARN (Amazon Resource Name) of the encryption key that Amazon Web // Services Payment Cryptography uses for plaintext encryption. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type ResolveEndpoint ¶
type ResolveEndpoint struct { Resolver EndpointResolver Options EndpointResolverOptions }
func (*ResolveEndpoint) HandleSerialize ¶
func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( out middleware.SerializeOutput, metadata middleware.Metadata, err error, )
func (*ResolveEndpoint) ID ¶
func (*ResolveEndpoint) ID() string
type TranslatePinDataInput ¶
type TranslatePinDataInput struct { // The encrypted PIN block data that Amazon Web Services Payment Cryptography // translates. // // This member is required. EncryptedPinBlock *string // The keyARN of the encryption key under which incoming PIN block data is // encrypted. This key type can be PEK or BDK. // // For dynamic keys, it is the keyARN of KEK of the TR-31 wrapped PEK. For ECDH, // it is the keyARN of the asymmetric ECC key. // // This member is required. IncomingKeyIdentifier *string // The format of the incoming PIN block data for translation within Amazon Web // Services Payment Cryptography. // // This member is required. IncomingTranslationAttributes types.TranslationIsoFormats // The keyARN of the encryption key for encrypting outgoing PIN block data. This // key type can be PEK or BDK. // // For ECDH, it is the keyARN of the asymmetric ECC key. // // This member is required. OutgoingKeyIdentifier *string // The format of the outgoing PIN block data after translation by Amazon Web // Services Payment Cryptography. // // This member is required. OutgoingTranslationAttributes types.TranslationIsoFormats // The attributes and values to use for incoming DUKPT encryption key for PIN // block translation. IncomingDukptAttributes *types.DukptDerivationAttributes // The WrappedKeyBlock containing the encryption key under which incoming PIN // block data is encrypted. IncomingWrappedKey *types.WrappedKey // The attributes and values to use for outgoing DUKPT encryption key after PIN // block translation. OutgoingDukptAttributes *types.DukptDerivationAttributes // The WrappedKeyBlock containing the encryption key for encrypting outgoing PIN // block data. OutgoingWrappedKey *types.WrappedKey // contains filtered or unexported fields }
type TranslatePinDataOutput ¶
type TranslatePinDataOutput struct { // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses to encrypt outgoing PIN block data after translation. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // The outgoing encrypted PIN block data after translation. // // This member is required. PinBlock *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type VerifyAuthRequestCryptogramInput ¶
type VerifyAuthRequestCryptogramInput struct { // The auth request cryptogram imported into Amazon Web Services Payment // Cryptography for ARQC verification using a major encryption key and transaction // data. // // This member is required. AuthRequestCryptogram *string // The keyARN of the major encryption key that Amazon Web Services Payment // Cryptography uses for ARQC verification. // // This member is required. KeyIdentifier *string // The method to use when deriving the major encryption key for ARQC verification // within Amazon Web Services Payment Cryptography. The same key derivation mode // was used for ARQC generation outside of Amazon Web Services Payment // Cryptography. // // This member is required. MajorKeyDerivationMode types.MajorKeyDerivationMode // The attributes and values to use for deriving a session key for ARQC // verification within Amazon Web Services Payment Cryptography. The same // attributes were used for ARQC generation outside of Amazon Web Services Payment // Cryptography. // // This member is required. SessionKeyDerivationAttributes types.SessionKeyDerivation // The transaction data that Amazon Web Services Payment Cryptography uses for // ARQC verification. The same transaction is used for ARQC generation outside of // Amazon Web Services Payment Cryptography. // // This member is required. TransactionData *string // The attributes and values for auth request cryptogram verification. These // parameters are required in case using ARPC Method 1 or Method 2 for ARQC // verification. AuthResponseAttributes types.CryptogramAuthResponse // contains filtered or unexported fields }
type VerifyAuthRequestCryptogramOutput ¶
type VerifyAuthRequestCryptogramOutput struct { // The keyARN of the major encryption key that Amazon Web Services Payment // Cryptography uses for ARQC verification. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // The result for ARQC verification or ARPC generation within Amazon Web Services // Payment Cryptography. AuthResponseValue *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type VerifyCardValidationDataInput ¶
type VerifyCardValidationDataInput struct { // The keyARN of the CVK encryption key that Amazon Web Services Payment // Cryptography uses to verify card data. // // This member is required. KeyIdentifier *string // The Primary Account Number (PAN), a unique identifier for a payment credit or // debit card that associates the card with a specific account holder. // // This member is required. PrimaryAccountNumber *string // The CVV or CSC value for use for card data verification within Amazon Web // Services Payment Cryptography. // // This member is required. ValidationData *string // The algorithm to use for verification of card data within Amazon Web Services // Payment Cryptography. // // This member is required. VerificationAttributes types.CardVerificationAttributes // contains filtered or unexported fields }
type VerifyCardValidationDataOutput ¶
type VerifyCardValidationDataOutput struct { // The keyARN of the CVK encryption key that Amazon Web Services Payment // Cryptography uses to verify CVV or CSC. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type VerifyMacInput ¶
type VerifyMacInput struct { // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses to verify MAC data. // // This member is required. KeyIdentifier *string // The MAC being verified. // // This member is required. Mac *string // The data on for which MAC is under verification. This value must be hexBinary. // // This member is required. MessageData *string // The attributes and data values to use for MAC verification within Amazon Web // Services Payment Cryptography. // // This member is required. VerificationAttributes types.MacAttributes // The length of the MAC. MacLength *int32 // contains filtered or unexported fields }
type VerifyMacOutput ¶
type VerifyMacOutput struct { // The keyARN of the encryption key that Amazon Web Services Payment Cryptography // uses for MAC verification. // // This member is required. KeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. KeyCheckValue *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type VerifyPinDataInput ¶
type VerifyPinDataInput struct { // The encrypted PIN block data that Amazon Web Services Payment Cryptography // verifies. // // This member is required. EncryptedPinBlock *string // The keyARN of the encryption key under which the PIN block data is encrypted. // This key type can be PEK or BDK. // // This member is required. EncryptionKeyIdentifier *string // The PIN encoding format for pin data generation as specified in ISO 9564. // Amazon Web Services Payment Cryptography supports ISO_Format_0 and ISO_Format_3 . // // The ISO_Format_0 PIN block format is equivalent to the ANSI X9.8, VISA-1, and // ECI-1 PIN block formats. It is similar to a VISA-4 PIN block format. It supports // a PIN from 4 to 12 digits in length. // // The ISO_Format_3 PIN block format is the same as ISO_Format_0 except that the // fill digits are random values from 10 to 15. // // This member is required. PinBlockFormat types.PinBlockFormatForPinData // The Primary Account Number (PAN), a unique identifier for a payment credit or // debit card that associates the card with a specific account holder. // // This member is required. PrimaryAccountNumber *string // The attributes and values for PIN data verification. // // This member is required. VerificationAttributes types.PinVerificationAttributes // The keyARN of the PIN verification key. // // This member is required. VerificationKeyIdentifier *string // The attributes and values for the DUKPT encrypted PIN block data. DukptAttributes *types.DukptAttributes // Parameter information of a WrappedKeyBlock for encryption key exchange. EncryptionWrappedKey *types.WrappedKey // The length of PIN being verified. PinDataLength *int32 // contains filtered or unexported fields }
type VerifyPinDataOutput ¶
type VerifyPinDataOutput struct { // The keyARN of the PEK that Amazon Web Services Payment Cryptography uses for // encrypted pin block generation. // // This member is required. EncryptionKeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. EncryptionKeyCheckValue *string // The keyARN of the PIN encryption key that Amazon Web Services Payment // Cryptography uses for PIN or PIN Offset verification. // // This member is required. VerificationKeyArn *string // The key check value (KCV) of the encryption key. The KCV is used to check if // all parties holding a given key have the same key or to detect that a key has // changed. // // Amazon Web Services Payment Cryptography computes the KCV according to the CMAC // specification. // // This member is required. VerificationKeyCheckValue *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
Source Files ¶
- api_client.go
- api_op_DecryptData.go
- api_op_EncryptData.go
- api_op_GenerateCardValidationData.go
- api_op_GenerateMac.go
- api_op_GenerateMacEmvPinChange.go
- api_op_GeneratePinData.go
- api_op_ReEncryptData.go
- api_op_TranslatePinData.go
- api_op_VerifyAuthRequestCryptogram.go
- api_op_VerifyCardValidationData.go
- api_op_VerifyMac.go
- api_op_VerifyPinData.go
- auth.go
- deserializers.go
- doc.go
- endpoints.go
- go_module_metadata.go
- options.go
- serializers.go
- validators.go