# Valid keys for cryptographic operations
Certain keys can only be used for certain operations. Additionally, some operations may limit the key modes of use for keys. Please see the following table for allowed combinations.
**Note**
Certain combinations, although permitted, may create unusable situations such as generating CVV codes `(generate)` but then unable to verify them `(verify)`.
**Topics**
+ [GenerateCardData](#w2aac15c31b9)
+ [VerifyCardData](#w2aac15c31c11)
+ [GeneratePinData (for VISA/ABA schemes)](#w2aac15c31c15)
+ [GeneratePinData (for `IBM3624`)](#w2aac15c31c17)
+ [VerifyPinData (for VISA/ABA schemes)](#w2aac15c31c21)
+ [VerifyPinData (for `IBM3624`)](#w2aac15c31c23)
+ [Decrypt Data](#w2aac15c31c27)
+ [Encrypt Data](#w2aac15c31c33)
+ [Translate Pin Data](#w2aac15c31c39)
+ [Generate/Verify MAC](#crypto-ops-validkeys.generatemac)
+ [GenerateMacEmvPinChange](#crypto-ops-validkeys.generatemacemvpinchange)
+ [VerifyAuthRequestCryptogram](#w2aac15c31c51)
+ [Import/Export Key](#crypto-ops-validkeys.importexport)
+ [Unused key types](#w2aac15c31c57)
## GenerateCardData
| API Endpoint | Cryptographic Operation or Algorithm | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- | --- |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = true \$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E4\$1EMV\$1MKEY\$1DYNAMIC\$1NUMBERS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = true \$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = true \$1 |
## VerifyCardData
| Cryptographic Operation or Algorithm | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = true \$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E4\$1EMV\$1MKEY\$1DYNAMIC\$1NUMBERS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = true \$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = true \$1 |
## GeneratePinData (for VISA/ABA schemes)
`VISA_PIN or VISA_PIN_VERIFICATION_VALUE`
| Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| PIN Encryption Key | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN Generation Key | TR31\$1V2\$1VISA\$1PIN\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## GeneratePinData (for `IBM3624`)
`IBM3624_PIN_OFFSET,IBM3624_NATURAL_PIN,IBM3624_RANDOM_PIN, IBM3624_PIN_FROM_OFFSET)`
| Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| PIN Encryption Key | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | For IBM3624\$1NATURAL\$1PIN, IBM3624\$1RANDOM\$1PIN, IBM3624\$1PIN\$1FROM\$1OFFSET [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) For IBM3624\$1PIN\$1OFFSET [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN Generation Key | TR31\$1V1\$1IBM3624\$1PIN\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## VerifyPinData (for VISA/ABA schemes)
`VISA_PIN`
| Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| PIN Encryption Key | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN Generation Key | TR31\$1V2\$1VISA\$1PIN\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## VerifyPinData (for `IBM3624`)
`IBM3624_PIN_OFFSET,IBM3624_NATURAL_PIN,IBM3624_RANDOM_PIN, IBM3624_PIN_FROM_OFFSET)`
| Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| PIN Encryption Key | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | For IBM3624\$1NATURAL\$1PIN, IBM3624\$1RANDOM\$1PIN, IBM3624\$1PIN\$1FROM\$1OFFSET [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN Verification Key | TR31\$1V1\$1IBM3624\$1PIN\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## Decrypt Data
| Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| DUKPT | TR31\$1B0\$1BASE\$1DERIVATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| EMV | TR31\$1E1\$1EMV\$1MKEY\$1CONFIDENTIALITY TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| RSA | TR31\$1D1\$1ASYMMETRIC\$1KEY\$1FOR\$1DATA\$1ENCRYPTION | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Symmetric keys | TR31\$1D0\$1SYMMETRIC\$1DATA\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## Encrypt Data
| Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| DUKPT | TR31\$1B0\$1BASE\$1DERIVATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| EMV | TR31\$1E1\$1EMV\$1MKEY\$1CONFIDENTIALITY TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| RSA | TR31\$1D1\$1ASYMMETRIC\$1KEY\$1FOR\$1DATA\$1ENCRYPTION | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Symmetric keys | TR31\$1D0\$1SYMMETRIC\$1DATA\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## Translate Pin Data
| Direction | Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- | --- |
| Inbound Data Source | DUKPT | TR31\$1B0\$1BASE\$1DERIVATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Inbound Data Source | non-DUKPT (PEK, AWK, IWK, etc) | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Outbound Data Target | DUKPT | TR31\$1B0\$1BASE\$1DERIVATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Outbound Data Target | non-DUKPT (PEK, IWK, AWK, etc) | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## Generate/Verify MAC
MAC keys are used for creating cryptographic hashes of a message/body of data. It is not recommended to create a key with limited key modes of use as you will be unable to perform the matching operation. However, you may import/export a key with only one operation if the other system is intended to perform the other half of the operation pair.
| Allowed Key Usage | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| MAC Key | TR31\$1M1\$1ISO\$19797\$11\$1MAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC Key (Retail MAC) | TR31\$1M1\$1ISO\$19797\$13\$1MAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC Key (CMAC) | TR31\$1M6\$1ISO\$19797\$15\$1CMAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC Key (HMAC) | TR31\$1M7\$1HMAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC Key (AS2805) | TR31\$1M0\$1ISO\$116609\$1MAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## GenerateMacEmvPinChange
GenerateMacEmvPinChange combines MAC generation and PIN encryption for EMV offline PIN change operations. This operation requires two different key types: an integrity key for MAC generation and a confidentiality key for PIN encryption.
| Key Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| Secure Messaging Integrity Key | TR31\$1E2\$1EMV\$1MKEY\$1INTEGRITY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Secure Messaging Confidentiality Key | TR31\$1E1\$1EMV\$1MKEY\$1CONFIDENTIALITY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Current PIN PEK (PIN Encryption Key) | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| New PIN PEK (PIN Encryption Key) | TR31\$1P0\$1PIN\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| ARQC Key Only applies for Visa and Amex derivation schemes. | TR31\$1E0\$1EMV\$1MKEY\$1APP\$1CRYPTOGRAMS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## VerifyAuthRequestCryptogram
| Allowed Key Usage | EMV Option | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E0\$1EMV\$1MKEY\$1APP\$1CRYPTOGRAMS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## Import/Export Key
| Operation Type | Allowed Key Usage | Allowed Key Algorithm | Allowed combination of key modes of use |
| --- | --- | --- | --- |
| TR-31 Wrapping Key | TR31\$1K1\$1KEY\$1BLOCK\$1PROTECTION\$1KEY TR31\$1K0\$1KEY\$1ENCRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Import of trusted CA | TR31\$1S0\$1ASYMMETRIC\$1KEY\$1FOR\$1DIGITAL\$1SIGNATURE | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Import of public key certificate for asymmetric encryption | TR31\$1D1\$1ASYMMETRIC\$1KEY\$1FOR\$1DATA\$1ENCRYPTION | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| Key used to key agreement algorithms such as ECDH | TR31\$1K3\$1ASYMMETRIC\$1KEY\$1FOR\$1KEY\$1AGREEMENT | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## Unused key types
The following key types are not currently used by AWS Payment Cryptography
+ TR31\$1P1\$1PIN\$1GENERATION\$1KEY