PaymentCryptographyControlPlane / Client / get_parameters_for_import

get_parameters_for_import#

PaymentCryptographyControlPlane.Client.get_parameters_for_import(**kwargs)#

Gets the import token and the wrapping key certificate in PEM format (base64 encoded) to initiate a TR-34 WrappedKeyBlock or a RSA WrappedKeyCryptogram import into Amazon Web Services Payment Cryptography.

The wrapping key certificate wraps the key under import. The import token and wrapping key certificate must be in place and operational before calling ImportKey. The import token expires in 7 days. You can use the same import token to import multiple keys into your service account.

Cross-account use: This operation can’t be used across different Amazon Web Services accounts.

Related operations:

  • GetParametersForExport

  • ImportKey

See also: AWS API Documentation

Request Syntax

response = client.get_parameters_for_import(
    KeyMaterialType='TR34_KEY_BLOCK'|'TR31_KEY_BLOCK'|'ROOT_PUBLIC_KEY_CERTIFICATE'|'TRUSTED_PUBLIC_KEY_CERTIFICATE'|'KEY_CRYPTOGRAM',
    WrappingKeyAlgorithm='TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'RSA_2048'|'RSA_3072'|'RSA_4096'
)
Parameters:
  • KeyMaterialType (string) –

    [REQUIRED]

    The method to use for key material import. Import token is only required for TR-34 WrappedKeyBlock ( TR34_KEY_BLOCK) and RSA WrappedKeyCryptogram ( KEY_CRYPTOGRAM).

    Import token is not required for TR-31, root public key cerificate or trusted public key certificate.

  • WrappingKeyAlgorithm (string) –

    [REQUIRED]

    The wrapping key algorithm to generate a wrapping key certificate. This certificate wraps the key under import.

    At this time, RSA_2048 is the allowed algorithm for TR-34 WrappedKeyBlock import. Additionally, RSA_2048, RSA_3072, RSA_4096 are the allowed algorithms for RSA WrappedKeyCryptogram import.

Return type:

dict

Returns:

Response Syntax

{
    'ImportToken': 'string',
    'ParametersValidUntilTimestamp': datetime(2015, 1, 1),
    'WrappingKeyAlgorithm': 'TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'RSA_2048'|'RSA_3072'|'RSA_4096',
    'WrappingKeyCertificate': 'string',
    'WrappingKeyCertificateChain': 'string'
}

Response Structure

  • (dict) –

    • ImportToken (string) –

      The import token to initiate key import into Amazon Web Services Payment Cryptography. The import token expires after 7 days. You can use the same import token to import multiple keys to the same service account.

    • ParametersValidUntilTimestamp (datetime) –

      The validity period of the import token.

    • WrappingKeyAlgorithm (string) –

      The algorithm of the wrapping key for use within TR-34 WrappedKeyBlock or RSA WrappedKeyCryptogram.

    • WrappingKeyCertificate (string) –

      The wrapping key certificate in PEM format (base64 encoded) of the wrapping key for use within the TR-34 key block. The certificate expires in 7 days.

    • WrappingKeyCertificateChain (string) –

      The Amazon Web Services Payment Cryptography root certificate authority (CA) that signed the wrapping key certificate in PEM format (base64 encoded).

Exceptions

  • PaymentCryptographyControlPlane.Client.exceptions.ServiceQuotaExceededException

  • PaymentCryptographyControlPlane.Client.exceptions.ServiceUnavailableException

  • PaymentCryptographyControlPlane.Client.exceptions.ValidationException

  • PaymentCryptographyControlPlane.Client.exceptions.ConflictException

  • PaymentCryptographyControlPlane.Client.exceptions.AccessDeniedException

  • PaymentCryptographyControlPlane.Client.exceptions.ResourceNotFoundException

  • PaymentCryptographyControlPlane.Client.exceptions.ThrottlingException

  • PaymentCryptographyControlPlane.Client.exceptions.InternalServerException