# Get keys
<a name="getkeys"></a>

An AWS Payment Cryptography key represents a single unit of cryptographic material and can only be used for cryptographic operations for this service. The GetKeys API takes a KeyIdentifier as input and returns key metadata including attributes, state, and timestamps, but does not return actual cryptographic key material. 

**Example**  

```
$ aws payment-cryptography get-key --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/kwapwa6qaifllw2h
```

```
{
  "Key": {
      "KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/kwapwa6qaifllw2h",
      "KeyAttributes": {
          "KeyUsage": "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY",
          "KeyClass": "SYMMETRIC_KEY",
          "KeyAlgorithm": "AES_128",
          "KeyModesOfUse": {
              "Encrypt": true,
              "Decrypt": true,
              "Wrap": true,
              "Unwrap": true,
              "Generate": false,
              "Sign": false,
              "Verify": false,
              "DeriveKey": false,
              "NoRestrictions": false
          }
      },
      "KeyCheckValue": "0A3674",
      "KeyCheckValueAlgorithm": "CMAC",
      "Enabled": true,
      "Exportable": true,
      "KeyState": "CREATE_COMPLETE",
      "KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
      "CreateTimestamp": "2023-06-02T07:38:14.913000-07:00",
      "UsageStartTimestamp": "2023-06-02T07:38:14.857000-07:00"
  }
}
```

# Get the public key/certificate associated with a key pair
<a name="keys.getpubliccertificate-example"></a>

Get Public Key/Certificate returns the public key indicated by the `KeyArn`. This can be the public key portion of a key pair generated on AWS Payment Cryptography or a previously imported public key. The most common use case is to provide the public key to an outside service that will encrypt data. That data can then be passed to an application leveraging AWS Payment Cryptography and the data can be decrypted using the private key secured within AWS Payment Cryptography. 

The service returns public keys as a public certificate. The API result contains the CA and the public key certificate. Both data elements are base64 encoded. 

**Note**  
 The public certificate returned is intended to be short lived and is not intended to be idempotent. You may receive a different certificate on each API call even the public key itself is unchanged. 

**Example**  

```
$ aws payment-cryptography get-public-key-certificate  --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/nsq2i3mbg6sn775f
```

```
{
  "KeyCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUV2VENDQXFXZ0F3SUJBZ0lSQUo1OWd2VkpDd3dlYldMNldYZEpYYkl3RFFZSktvWklodmNOQVFFTkJRQXcKZ1lreEN6QUpCZ05WQkFZVEFsVlRNUmt3RndZRFZRUUtEQkJCVjFNZ1EzSjVjSFJ2WjNKaGNHaDVNU0V3SHdZRApWUVFMREJoQlYxTWdVR0Y1YldWdWRDQkRjbmx3ZEc5bmNtRndhSGt4RVRBUEJnTlZCQWdNQ0ZacGNtZHBibWxoCk1SVXdFd1lEVlFRRERBdzFNamt3TWpjME5UVTBPVFV4RWpBUUJnTlZCQWNNQ1VGeWJHbHVaM1J2YmpBZUZ3MHkKTXpBMk1EWXdNalEzTlRWYUZ3MHlNekE1TURRd016UTNOVFZhTUN3eEZUQVRCZ05WQkFNTUREVXlPVEF5TnpRMQpOVFE1TlRFVE1CRUdBMVVFQlJNS05EUTBPREV4TnpZMU1UQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQCkFEQ0NBUW9DZ2dFQkFOZ0loOS9lckd2azJTbHJ6K1ZaVkl0WXpEMDh3QkoxWVZKaDY1Z1J3NkFzbWJ4RUpYc1cKMjI5b3B1ZjhlOFU5TlBQbXU4TSs1YlRkcUxlbmI0cUowMm5abEtKWmVsdjdpVmQ5YjBmRnV6azlWb1RMMVN4dwpqeTBRd0ZDcTZUUlZveGE2d21PMGRwMHVMV2NBSm9UcENBc2U4ckk4czUxczlFMERaanZqald2cHhwOVRwMUhQClhBNmlzQ2lyUTR2b2FwWlpQNENLTjR6Wm13TE5oaUtuSDVhVnRyWkgyeXBzSll4aGIrTWcwUHZUUnRrRE9VTDcKKzdjb2diUWVlNWx1NDZJWDlyN1ZyRWVTYjEraENrQW5vb1JOL3k1aCtremYySzU4WWxpSWJEdE5aemlYRldIWgpXUnhYK1BWMnhwMFhGMmJUZTVEd2gyVWZ6U1JlNzhqZXlya0NBd0VBQWFOOE1Ib3dDUVlEVlIwVEJBSXdBREFmCkJnTlZIU01FR0RBV2dCUXVpSzJoYkc3VTlOUmYyM0FodTRMVkJtV3QwekFkQmdOVkhRNEVGZ1FVZTFLbWJqby8KOVMwVDZKOUVzT2R2bHRuKzNGb3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRgpCd01CQmdnckJnRUZCUWNEQWpBTkJna3Foa2lHOXcwQkFRMEZBQU9DQWdFQXNndUZpOVNsZmxCMHVTc2pySXFDCmQ2S3ZSZUdwSmlEZjVjVW4xZmJCeXlzL3NHVzI0dWRkeEc4SDdzQXp0MnlTZnM5L3hTZ1NIOFlqM25sU2l3clkKcS80R2x3Zk5FajBnanY2K1crNk1BazNWK2tjUVhMaUtwZlFrN3Z5OGMvcWRwK2tYd2N2K1pxUG1IUk5yNGl6eQpDSU5zVm04cDl5M0pZWlkwZWZrZU52bDR6enI4RGtNa3hva0liMVcyZVA0cm1BR2w2UHhLYVZmNnNLT1NoYlFXCm1heDBPalg2azdWNWdvbXdSMGVaVEtNQXhTUWpQRU5OSDllMi9kZTRJNG5WVXRFbWU2RjM5SWdiZmZicEhjMEkKNXdsN3FidUMvYnprcnNsNGRzOXB6Q3lQcFVUZjVQOWg5MkVqMzNURzJ1VEZURzRVQm0wMUVMYzFaTjhXbW12WgpWUk92M1VUSWlmQnd2em16OUpjUUZ5R3Nsa2prOTBJdkV0U3lld2psYW52cy9kanRJL2JzRFFPKzI1M2ltOFFRClJkSWVaUTRleWI5YTJxeDVtWDZHOWJ6RDBVRkVxN2JoTlppZlhzNE1YWEFjS051TnpYS1Zja1hKM0trYWt1TUcKVE5BTzc4T01qUUlTWk5NeXE2WmM2MVJVcFBVZ1R1K2Vhd1FGRzBBU0Yxb2w4Wjc4cEFSeE9Oc1lGdkQ5Y3BnUQpzSnlzeDB0Zjl6aTR5Zi80aWNOSkVlWVVNY0lGSXlFKzE0eDBpcFVSRTRGenRad2orYlZFeHdiM0h4aVJQMncyCkJLSnVKeXd4ZGx2L1hTZU1XaDl3UkNCb3lLeXFxWVdWcDcweW15N01oSFlVSERUWEFPL1NJN3B5VnVLaDBReUYKR1pEOHRibi9TR2RqQ0pETEM4bWlmNk09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=",
  "KeyCertificateChain": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY0VENDQThtZ0F3SUJBZ0lSQUtlN2piaHFKZjJPd3FGUWI5c3VuOEV3RFFZSktvWklodmNOQVFFTkJRQXcKZ1lreEN6QUpCZ05WQkFZVEFsVlRNUmt3RndZRFZRUUtEQkJCVjFNZ1EzSjVjSFJ2WjNKaGNHaDVNU0V3SHdZRApWUVFMREJoQlYxTWdVR0Y1YldWdWRDQkRjbmx3ZEc5bmNtRndhSGt4RVRBUEJnTlZCQWdNQ0ZacGNtZHBibWxoCk1SVXdFd1lEVlFRRERBdzFNamt3TWpjME5UVTBPVFV4RWpBUUJnTlZCQWNNQ1VGeWJHbHVaM1J2YmpBZUZ3MHkKTXpBMk1EWXdNalEzTlRKYUZ3MHlPREEyTURZd016UTNOVEphTUlHSk1Rc3dDUVlEVlFRR0V3SlZVekVaTUJjRwpBMVVFQ2d3UVFWZFRJRU55ZVhCMGIyZHlZWEJvZVRFaE1COEdBMVVFQ3d3WVFWZFRJRkJoZVcxbGJuUWdRM0o1CmNIUnZaM0poY0doNU1SRXdEd1lEVlFRSURBaFdhWEpuYVc1cFlURVZNQk1HQTFVRUF3d01OVEk1TURJM05EVTEKTkRrMU1SSXdFQVlEVlFRSERBbEJjbXhwYm1kMGIyNHdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBdwpnZ0lLQW9JQ0FRQzJyMld2eGJxZjJSUHhOem1JUk5ZeWZRQ2labGxYUVBQSDQycnAyQ1VtTk1VMkc2ZzdFRUZBCm5TWnNvRlN6Z1NJaEhUSWU4UDdUd1l3ckpPL3VNcEtka3lac1ppTEhUNGo4M1l1VkNlT1dSVERjdnRWMFV0M1IKaCs5UWVyaHhRQnVrK2dnZkRkT0FFUkR3S1pWckZqM3diT1FFMXY2WnRYSmpVZytWTXZKcEphUTg0WkFvYnpyUgpuY2JaL0hnbFhDM09xampSSk1laGJFaE93ZFJCTU4yQ2dTNHlhWTB3YlBvazhMSlRORVp5ZnkxUEtkaTd1UmxxCm9qeEdjc3pCRHFvdCsvTURBNVdZUjd5NVhiOGdOdSt0alkrMWdQSGRkWHFhRTR2bXV2cEtsQUttcml2SDRYWXQKZk9sa1kzYnRJckVuWDEwQkp1UXVGN0dRNyt3ZjN6TDZ4NFNIcGpiQWxpMDQyUmdXTVpibmlscW15YnhuUkRrUwpjZXZ3aEx2L0tnT09WM05KZlplWlVzT1N6NWNzTmRLME4rM2FCUlZQcVc5b2k3dDJ2dTc5eCtvb1pIS2FibFdiCmJDMDJxR1VDaTE3cHhDQ0JJdUVDZWJiWDhSS3dLa3RwbTRSOUZWYjBXZGFqNUc1ekdudTBsUlRMUVNaZ0QyU1EKSjRmQjh2em9Bb3BYenpSSStMSjNBaC9NcThXSTNHTHFIakhzcm5vdVJzMmNzcjVBYnNMbXUyUTlvMFJmNTd1RApwK1R1cXpKTysrNFpUWDlsb0N3UXdzKzNEZWUyL1pUSmJCNkFCdy9xdnovQjhsL2duY29Wc3lHTFhkaXdleTV1CjJHNnl2NGgrN0FBQldvdjhwWVBPUlRMY1FkanhVdWNDdllRYjJiRXY4ZGh1anN6TWo2ZDBDUUlEQVFBQm8wSXcKUURBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRdWlLMmhiRzdVOU5SZjIzQWh1NExWQm1XdAowekFPQmdOVkhROEJBZjhFQkFNQ0FZWXdEUVlKS29aSWh2Y05BUUVOQlFBRGdnSUJBSS9Ta1NaS0pyMm1JakJ6ClJxQXQ3dmJ4eWNhQXhCU3VqbDlqVSttYkh1RDg4Qyt3TDh4TzNYRHJ1Vm9IZTdYanhrNXpaN0RWMjMza3haQlEKR3BET1hWaGNZdE5UNzk2YXd1K0VNU2kzK3RzTVJBMmMxODJ2ZVNDSE9HQmVseTlRS3FHWkJBZGU2ZGNzTkpMTwpiRE10NlB3NXpiRHNqalJnMGY5SGQrRFZheXV6QzBtdXVGWEZkT0txU0VWZVNmZWVNOUl5KzFMWDMzOFlVd05zCjdhS2ppaFVFSkg4ZkVFU1NEUGE5OGNOSEsyZ0t5UENrRUorMGlNZkJiTi9yUE1CYlhqTUtHYWpXSFFhWWtieDUKalVRUmdvd25ZbStycDRwRnNhalpSTFB0NE9mbkswNWYvRHdCUXVGWUUzUFJ2d2NQSWxJNHpkcWh0NE9ZSVY4RAo2MktleVEzb3R6eTdsVXIxamNrZldkSHpHc3NKVjYxc0xRTTBudVFNUnRTZjlHeEpYTEkyNjFaRWFMYVY5WFduCnY3YnByb090UTNiYk9RbjI0elJDVm5kZ0Z3aCtUVHMzVmFOQjhURmY2QjFoV1R5aTYzOCtoa1FTRnJTbXI1WTcKTXNGUXZXSVZVbjQ2cWNjVGNuNlc2Y2JIUlhyQkRiR0tlWUJiVjVXSkJwRUtSN0JuQ25HNnJCbmxGNjZ5eTUyLwpSbWZLRWZwWG1qbkh0WW94UnlQVlJZWDhPcnkzUFQrYSt0REtlMDBXY1MyM0U3MWl2QTBNdnVrODlwTzJIUVorCjNHUU9xdWJpQ3RMbVppdVFCZC9aN1NGWGlzcUxyTE5aOW52Q2VRSkxTckVDajRpZjV2dmJkWVhLdkozamhtSjkKeVZvc0xZVzA3SklzSFE0aDAwVWphSnhrVjdoWgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
}
```