MacAlgorithmDukpt
Parameters required for DUKPT MAC generation and verification.
Contents
- DukptKeyVariant
-
The type of use of DUKPT, which can be MAC generation, MAC verification, or both.
Type: String
Valid Values:
BIDIRECTIONAL | REQUEST | RESPONSERequired: Yes
- KeySerialNumber
-
The unique identifier known as Key Serial Number (KSN) that comes from an encrypting device using DUKPT encryption method. The KSN is derived from the encrypting device unique identifier and an internal transaction counter.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 24.
Pattern:
[0-9a-fA-F]+Required: Yes
- DukptDerivationType
-
The key type derived using DUKPT from a Base Derivation Key (BDK) and Key Serial Number (KSN). This must be less than or equal to the strength of the BDK. For example, you can't use
AES_128as a derivation type for a BDK ofAES_128orTDES_2KEY.Type: String
Valid Values:
TDES_2KEY | TDES_3KEY | AES_128 | AES_192 | AES_256Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
