Package software.amazon.awssdk.services.paymentcryptography.model

Class CreateKeyRequest

    • Method Detail

      • keyAttributes

        public final KeyAttributes keyAttributes()

        The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

        Returns:
        The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

      • keyCheckValueAlgorithm

        public final KeyCheckValueAlgorithm keyCheckValueAlgorithm()

        The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

        For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

        If the service returns an enum value that is not available in the current SDK version, keyCheckValueAlgorithm will return KeyCheckValueAlgorithm.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyCheckValueAlgorithmAsString().

        Returns:
        The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

        For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

        See Also:
        KeyCheckValueAlgorithm

      • keyCheckValueAlgorithmAsString

        public final String keyCheckValueAlgorithmAsString()

        The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

        For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

        If the service returns an enum value that is not available in the current SDK version, keyCheckValueAlgorithm will return KeyCheckValueAlgorithm.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyCheckValueAlgorithmAsString().

        Returns:
        The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

        For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

        See Also:
        KeyCheckValueAlgorithm

      • exportable

        public final Boolean exportable()

        Specifies whether the key is exportable from the service.

        Returns:
        Specifies whether the key is exportable from the service.

      • enabled

        public final Boolean enabled()

        Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key is not enabled, then it is created but not activated. The default value is enabled.

        Returns:
        Specifies whether to enable the key. If the key is enabled, it is activated for use within the service. If the key is not enabled, then it is created but not activated. The default value is enabled.

      • hasTags

        public final boolean hasTags()
        For responses, this returns true if the service returned a value for the Tags property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • tags

        public final List<Tag> tags()

        Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.

        Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.

        Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

        Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasTags() method.

        Returns:
        Assigns one or more tags to the Amazon Web Services Payment Cryptography key. Use this parameter to tag a key when it is created. To tag an existing Amazon Web Services Payment Cryptography key, use the TagResource operation.

        Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You can't have more than one tag on an Amazon Web Services Payment Cryptography key with the same tag key.

        Don't include personal, confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

        Tagging or untagging an Amazon Web Services Payment Cryptography key can allow or deny permission to the key.

      • deriveKeyUsage

        public final DeriveKeyUsage deriveKeyUsage()

        The intended cryptographic usage of keys derived from the ECC key pair to be created.

        After creating an ECC key pair, you cannot change the intended cryptographic usage of keys derived from it using ECDH.

        If the service returns an enum value that is not available in the current SDK version, deriveKeyUsage will return DeriveKeyUsage.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from deriveKeyUsageAsString().

        Returns:
        The intended cryptographic usage of keys derived from the ECC key pair to be created.

        After creating an ECC key pair, you cannot change the intended cryptographic usage of keys derived from it using ECDH.

        See Also:
        DeriveKeyUsage

      • deriveKeyUsageAsString

        public final String deriveKeyUsageAsString()

        The intended cryptographic usage of keys derived from the ECC key pair to be created.

        After creating an ECC key pair, you cannot change the intended cryptographic usage of keys derived from it using ECDH.

        If the service returns an enum value that is not available in the current SDK version, deriveKeyUsage will return DeriveKeyUsage.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from deriveKeyUsageAsString().

        Returns:
        The intended cryptographic usage of keys derived from the ECC key pair to be created.

        After creating an ECC key pair, you cannot change the intended cryptographic usage of keys derived from it using ECDH.

        See Also:
        DeriveKeyUsage

      • hasReplicationRegions

        public final boolean hasReplicationRegions()
        For responses, this returns true if the service returned a value for the ReplicationRegions property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

      • replicationRegions

        public final List<String> replicationRegions()
        Returns the value of the ReplicationRegions property for this object.

        Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

        This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasReplicationRegions() method.

        Returns:
        The value of the ReplicationRegions property for this object.

      • toString

        public final String toString()
        Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
        Overrides:
        toString in class Object