本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 加密操作的有效密钥
某些密钥只能用于某些操作。此外,某些操作可能会限制密钥的密钥使用模式。请查看下表中允许的组合。
**注意**
某些组合虽然允许,但可能会造成无法使用的情况,例如生成 CVV 代码`(generate)`但随后无法验证`(verify)`。
**Topics**
+ [GenerateCardData](#w2aac15c31b9)
+ [VerifyCardData](#w2aac15c31c11)
+ [GeneratePinData (适用于 VISA/ABA 计划)](#w2aac15c31c15)
+ [GeneratePinData (对于`IBM3624`)](#w2aac15c31c17)
+ [VerifyPinData (适用于 VISA/ABA 计划)](#w2aac15c31c21)
+ [VerifyPinData (对于`IBM3624`)](#w2aac15c31c23)
+ [解密数据](#w2aac15c31c27)
+ [加密数据](#w2aac15c31c33)
+ [转换 PIN 数据](#w2aac15c31c39)
+ [生成/验证 MAC](#crypto-ops-validkeys.generatemac)
+ [GenerateMacEmvPinChange](#crypto-ops-validkeys.generatemacemvpinchange)
+ [VerifyAuthRequestCryptogram](#w2aac15c31c51)
+ [Import/Export 密钥](#crypto-ops-validkeys.importexport)
+ [未使用的密钥类型](#w2aac15c31c57)
## GenerateCardData
| API 端点 | 加密操作或算法 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- | --- |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = 真\$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E4\$1EMV\$1MKEY\$1DYNAMIC\$1NUMBERS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = 真\$1 |
| GenerateCardData | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = 真\$1 |
## VerifyCardData
| 加密操作或算法 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1C0\$1CARD\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 Generate = true \$1,\$1 Generate = true, Verify = true \$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = 真\$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E4\$1EMV\$1MKEY\$1DYNAMIC\$1NUMBERS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = 真\$1 |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | \$1 DeriveKey = 真\$1 |
## GeneratePinData (适用于 VISA/ABA 计划)
`VISA_PIN or VISA_PIN_VERIFICATION_VALUE`
| 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| KMS 加密密钥 | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN 生成密钥 | TR31\$1V2\$1VISA\$1PIN\$1PIN\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## GeneratePinData (对于`IBM3624`)
`IBM3624_PIN_OFFSET,IBM3624_NATURAL_PIN,IBM3624_RANDOM_PIN, IBM3624_PIN_FROM_OFFSET)`
| 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| KMS 加密密钥 | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | 对于 IBM3624 \$1NATURAL\$1PIN、\$1RANDOM\$1PIN、\$1PIN\$1FROM\$1OFFSET IBM3624 IBM3624 [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) 适用于 IBM3624 \$1PIN\$1OFFSET [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN 生成密钥 | TR31\$1V1\$1 \$1PIN\$1VERIFICATION\$1KEY IBM3624 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## VerifyPinData (适用于 VISA/ABA 计划)
`VISA_PIN`
| 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| KMS 加密密钥 | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN 生成密钥 | TR31\$1V2\$1VISA\$1PIN\$1PIN\$1VERIFICATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## VerifyPinData (对于`IBM3624`)
`IBM3624_PIN_OFFSET,IBM3624_NATURAL_PIN,IBM3624_RANDOM_PIN, IBM3624_PIN_FROM_OFFSET)`
| 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| KMS 加密密钥 | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | 对于 IBM3624 \$1NATURAL\$1PIN、\$1RANDOM\$1PIN、\$1PIN\$1FROM\$1OFFSET IBM3624 IBM3624 [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| PIN 验证密钥 | TR31\$1V1\$1 \$1PIN\$1VERIFICATION\$1KEY IBM3624 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## 解密数据
| 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| DUKPT | TR31\$1B0\$1BASE\$1DERIATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| EMV | TR31\$1E1\$1EMV\$1mkey\$1机密 TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| RSA | TR31\$1D1\$1用于数据加密的非对称密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 对称密钥 | TR31\$1D0\$1SYMMETRIC\$1DATA\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## 加密数据
| 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| DUKPT | TR31\$1B0\$1BASE\$1DERIATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| EMV | TR31\$1E1\$1EMV\$1mkey\$1机密 TR31\$1E6\$1EMV\$1MKEY\$1OTHER | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| RSA | TR31\$1D1\$1用于数据加密的非对称密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 对称密钥 | TR31\$1D0\$1SYMMETRIC\$1DATA\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## 转换 PIN 数据
| 方向 | 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- | --- |
| 入站数据来源 | DUKPT | TR31\$1B0\$1BASE\$1DERIATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 入站数据来源 | 非 DUKPT(PEK、AWK、IWK 等) | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 出站数据目标 | DUKPT | TR31\$1B0\$1BASE\$1DERIATION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 出站数据目标 | 非 DUKPT(PEK、IWK、AWK 等) | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## 生成/验证 MAC
MAC 密钥用于创建数据的加密哈希值 message/body 。不建议创建密钥使用模式有限的密钥,因为您将无法执行匹配操作。但是,如果另一个系统打算执行另一半的操作对,则可以 import/export 只使用一个操作来按键。
| 允许的密钥用法 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| MAC 密钥 | TR31\$1M1\$1ISO\$19797\$11\$1MAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC 密钥(零售 MAC) | TR31\$1M1\$1ISO\$19797\$13\$1MAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC 密钥 (CMAC) | TR31\$1M6\$1ISO\$19797\$15\$1CMAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC 密钥 (HMAC) | TR31\$1m7\$1HMAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| MAC 密钥 (AS2805) | TR31\$1M0\$1ISO\$116609\$1MAC\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## GenerateMacEmvPinChange
GenerateMacEmvPinChange 结合了 MAC 生成和 PIN 加密,用于 EMV 离线 PIN 更改操作。此操作需要两种不同的密钥类型:用于生成 MAC 的完整性密钥和用于 PIN 加密的机密密钥。
| 密钥类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| 安全消息完整性密钥 | TR31\$1E2\$1EMV\$1mkey\$1INTEGRITY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 安全消息保密密钥 | TR31\$1E1\$1EMV\$1mkey\$1机密 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 当前 PIN PEK(PIN 加密密钥) | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 新的 PIN PEK(PIN 加密密钥) | TR31\$1P0\$1PIN\$1加密密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| ARQC 密钥 仅适用于Visa和美国运通的衍生方案。 | TR31\$1E0\$1EMV\$1MKEY\$1APP\$1CRYPTOGRAMS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## VerifyAuthRequestCryptogram
| 允许的密钥用法 | EMV 选项 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | TR31\$1E0\$1EMV\$1MKEY\$1APP\$1CRYPTOGRAMS | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## Import/Export 密钥
| 操作类型 | 允许的密钥用法 | 允许的密钥算法 | 允许的密钥使用模式组合 |
| --- | --- | --- | --- |
| TR-31 包装钥匙 | TR31\$1K1\$1KEY\$1BLOCK\$1PROTECTION\$1K TR31\$1K0\$1KEY\$1NECRYPTION\$1KEY | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 导入可信 CA | TR31\$1S0\$1ASYMETRIC\$1KEY\$1FOR \$1DIGITAL\$1SIGNATURE | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 导入用于非对称加密的公钥证书 | TR31\$1D1\$1用于数据加密的非对称密钥 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
| 用于密钥协议算法(例如 ECDH)的密钥 | TR31\$1K3\$1ASYMETRIC\$1KEY\$1FOR \$1KEY\$1AGEMENT | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html) |
## 未使用的密钥类型
AWS 支付密码学目前未使用以下密钥类型
+ TR31\$1P1\$1PIN\$1GENERATION\$1KEY