There are more AWS SDK examples available in the [AWS Doc SDK Examples](https://github.com/awsdocs/aws-doc-sdk-examples) GitHub repo. # Getting started with Payment Cryptography The following code example shows how to: + Create a key + Verify the CVV2 value + Clean up resources ------ #### [ Bash ] **AWS CLI with Bash script** There's more on GitHub. Find the complete example and learn how to set up and run in the [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/067-aws-payment-cryptography-gs) repository. ``` #!/bin/bash # AWS Payment Cryptography Getting Started Script # This script demonstrates how to use AWS Payment Cryptography to create a key, # generate and verify CVV2 values, and clean up resources. set -euo pipefail # Initialize log file with secure permissions LOG_FILE="payment-cryptography-tutorial.log" touch "$LOG_FILE" chmod 600 "$LOG_FILE" echo "AWS Payment Cryptography Tutorial - $(date)" > "$LOG_FILE" # Function to log messages log() { local message="$1" echo "$(date +"%Y-%m-%d %H:%M:%S") - $message" | tee -a "$LOG_FILE" } # Function to handle errors handle_error() { local error_message="$1" log "ERROR: $error_message" log "Script failed. Please check the log file: $LOG_FILE" echo "" echo "===========================================" echo "ERROR ENCOUNTERED" echo "===========================================" echo "The script encountered an error: $error_message" echo "Resources created will be listed below." echo "" if [ -n "${KEY_ARN:-}" ]; then echo "Key ARN: $KEY_ARN" fi exit 1 } # Function to check command output for errors check_error() { local output="$1" local command="$2" if echo "$output" | grep -iq "error\|exception\|fail"; then handle_error "Command failed: $command" fi } # Validate AWS CLI is available and credentials are configured if ! command -v aws &> /dev/null; then handle_error "AWS CLI is not installed or not in PATH" fi if ! aws sts get-caller-identity &> /dev/null; then handle_error "AWS credentials are not properly configured" fi log "Starting AWS Payment Cryptography tutorial" # Step 1: Create a key log "Step 1: Creating a card verification key (CVK)" if ! KEY_OUTPUT=$(aws payment-cryptography create-key \ --exportable \ --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' 2>&1); then handle_error "Failed to create key" fi echo "$KEY_OUTPUT" check_error "$KEY_OUTPUT" "create-key" # Extract the Key ARN from the output KEY_ARN=$(echo "$KEY_OUTPUT" | grep -o '"KeyArn": "[^"]*' | cut -d'"' -f4) if [ -z "$KEY_ARN" ]; then handle_error "Failed to extract Key ARN from output" fi log "Successfully created key with ARN: $KEY_ARN" # Step 2: Generate a CVV2 value log "Step 2: Generating a CVV2 value" if ! CVV2_OUTPUT=$(aws payment-cryptography-data generate-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --generation-attributes CardVerificationValue2={CardExpiryDate=0123} 2>&1); then handle_error "Failed to generate CVV2 value" fi echo "$CVV2_OUTPUT" check_error "$CVV2_OUTPUT" "generate-card-validation-data" # Extract the CVV2 value from the output - updated to use ValidationData instead of CardDataValue CVV2_VALUE=$(echo "$CVV2_OUTPUT" | grep -o '"ValidationData": "[^"]*' | cut -d'"' -f4) if [ -z "$CVV2_VALUE" ]; then handle_error "Failed to extract CVV2 value from output" fi log "Successfully generated CVV2 value" # Step 3: Verify the CVV2 value log "Step 3: Verifying the CVV2 value" if ! VERIFY_OUTPUT=$(aws payment-cryptography-data verify-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0123} \ --validation-data "$CVV2_VALUE" 2>&1); then handle_error "Failed to verify CVV2 value" fi echo "$VERIFY_OUTPUT" check_error "$VERIFY_OUTPUT" "verify-card-validation-data" log "Successfully verified CVV2 value" # Step 4: Perform a negative test log "Step 4: Performing a negative test with incorrect CVV2" if aws payment-cryptography-data verify-card-validation-data \ --key-identifier "$KEY_ARN" \ --primary-account-number=171234567890123 \ --verification-attributes CardVerificationValue2={CardExpiryDate=0123} \ --validation-data 999 2>&1; then handle_error "Negative test did not fail as expected" fi log "Negative test completed successfully (verification failed as expected)" # Display created resources echo "" echo "===========================================" echo "RESOURCES CREATED" echo "===========================================" echo "Key ARN: $KEY_ARN" echo "" # Auto-confirm cleanup echo "===========================================" echo "CLEANUP CONFIRMATION" echo "===========================================" echo "Proceeding with cleanup of all created resources..." log "Step 5: Cleaning up resources" # Delete the key log "Deleting key: $KEY_ARN" if ! DELETE_OUTPUT=$(aws payment-cryptography delete-key \ --key-identifier "$KEY_ARN" 2>&1); then handle_error "Failed to delete key" fi echo "$DELETE_OUTPUT" check_error "$DELETE_OUTPUT" "delete-key" log "Key scheduled for deletion. Default waiting period is 7 days." log "To cancel deletion before the waiting period ends, use:" log "aws payment-cryptography restore-key --key-identifier $KEY_ARN" echo "" echo "===========================================" echo "CLEANUP COMPLETE" echo "===========================================" echo "The key has been scheduled for deletion after the default waiting period (7 days)." echo "To cancel deletion before the waiting period ends, use:" echo "aws payment-cryptography restore-key --key-identifier $KEY_ARN" log "Tutorial completed successfully" echo "" echo "Tutorial completed successfully. See $LOG_FILE for details." ``` + For API details, see the following topics in *AWS CLI Command Reference*. + [CreateKey](https://docs.aws.amazon.com/goto/aws-cli/payment-cryptography-2021-09-14/CreateKey) + [DeleteKey](https://docs.aws.amazon.com/goto/aws-cli/payment-cryptography-2021-09-14/DeleteKey) + [RestoreKey](https://docs.aws.amazon.com/goto/aws-cli/payment-cryptography-2021-09-14/RestoreKey) ------