Package software.amazon.awscdk.services.paymentcryptography

Interface CfnKeyProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnKeyProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.121.0 (build d7af9b9)",
           date="2025-12-18T18:20:14.315Z")
@Stability(Stable)
public interface CfnKeyProps
extends software.amazon.jsii.JsiiSerializable

Properties for defining a CfnKey.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.paymentcryptography.*;
 CfnKeyProps cfnKeyProps = CfnKeyProps.builder()
         .exportable(false)
         .keyAttributes(KeyAttributesProperty.builder()
                 .keyAlgorithm("keyAlgorithm")
                 .keyClass("keyClass")
                 .keyModesOfUse(KeyModesOfUseProperty.builder()
                         .decrypt(false)
                         .deriveKey(false)
                         .encrypt(false)
                         .generate(false)
                         .noRestrictions(false)
                         .sign(false)
                         .unwrap(false)
                         .verify(false)
                         .wrap(false)
                         .build())
                 .keyUsage("keyUsage")
                 .build())
         // the properties below are optional
         .deriveKeyUsage("deriveKeyUsage")
         .enabled(false)
         .keyCheckValueAlgorithm("keyCheckValueAlgorithm")
         .replicationRegions(List.of("replicationRegions"))
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnKeyProps.Builder	A builder for CfnKeyProps
static final class	CfnKeyProps.Jsii$Proxy	An implementation for CfnKeyProps

Method Summary

Modifier and Type	Method	Description
static CfnKeyProps.Builder	builder()
default String	getDeriveKeyUsage()	The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.
default Object	getEnabled()	Specifies whether the key is enabled.
Object	getExportable()	Specifies whether the key is exportable.
Object	getKeyAttributes()	The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
default String	getKeyCheckValueAlgorithm()	The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
default List<String>	getReplicationRegions()	The list of AWS Regions to remove from the key's replication configuration.
default List<CfnTag>	getTags()

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getExportable

@Stability(Stable)
@NotNull
Object getExportable()

Specifies whether the key is exportable.

This data is immutable after the key is created.

Returns union: either Boolean or IResolvable

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html#cfn-paymentcryptography-key-exportable

getKeyAttributes

@Stability(Stable)
@NotNull
Object getKeyAttributes()

The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

This data is immutable after the key is created.

Returns union: either IResolvable or CfnKey.KeyAttributesProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html#cfn-paymentcryptography-key-keyattributes

getDeriveKeyUsage

@Stability(Stable)
@Nullable
default String getDeriveKeyUsage()

The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html#cfn-paymentcryptography-key-derivekeyusage

getEnabled

@Stability(Stable)
@Nullable
default Object getEnabled()

Specifies whether the key is enabled.

Returns union: either Boolean or IResolvable

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html#cfn-paymentcryptography-key-enabled

getKeyCheckValueAlgorithm

@Stability(Stable)
@Nullable
default String getKeyCheckValueAlgorithm()

The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

It is used to validate the key integrity.

For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html#cfn-paymentcryptography-key-keycheckvaluealgorithm

getReplicationRegions

@Stability(Stable)
@Nullable
default List<String> getReplicationRegions()

The list of AWS Regions to remove from the key's replication configuration.

The key will no longer be available for cryptographic operations in these regions after removal. Ensure no active operations depend on the key in these regions before removal.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html#cfn-paymentcryptography-key-replicationregions

getTags

@Stability(Stable)
@Nullable
default List<CfnTag> getTags()

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-paymentcryptography-key.html#cfn-paymentcryptography-key-tags

builder

@Stability(Stable)
static CfnKeyProps.Builder builder()

Returns:

a CfnKeyProps.Builder of CfnKeyProps