PaymentCryptographyControlPlane / Client / get_parameters_for_export

get_parameters_for_export

PaymentCryptographyControlPlane.Client.get_parameters_for_export(**kwargs)

Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.

The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 30 days. You can use the same export token to export multiple keys from your service account.

To return a previously generated export token and signing key certificate instead of generating new ones, set ReuseLastGeneratedToken to true.

Cross-account use: This operation can’t be used across different Amazon Web Services accounts.

Related operations:

See also: AWS API Documentation

Request Syntax

response = client.get_parameters_for_export(
    KeyMaterialType='TR34_KEY_BLOCK'|'TR31_KEY_BLOCK'|'ROOT_PUBLIC_KEY_CERTIFICATE'|'TRUSTED_PUBLIC_KEY_CERTIFICATE'|'KEY_CRYPTOGRAM',
    SigningKeyAlgorithm='TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'HMAC_SHA256'|'HMAC_SHA384'|'HMAC_SHA512'|'HMAC_SHA224'|'RSA_2048'|'RSA_3072'|'RSA_4096'|'ECC_NIST_P256'|'ECC_NIST_P384'|'ECC_NIST_P521',
    ReuseLastGeneratedToken=True|False
)
Parameters:

  • KeyMaterialType (string) –

    [REQUIRED]

    The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.

  • SigningKeyAlgorithm (string) –

    [REQUIRED]

    The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block. RSA_2048 is the only signing key algorithm allowed.

  • ReuseLastGeneratedToken (boolean) – Specifies whether to reuse the existing export token and signing key certificate. If set to true and a valid export token exists for the same key material type and signing key algorithm with at least 7 days of remaining validity, the existing token and signing key certificate are returned. Otherwise, a new export token and signing key certificate are generated. The default value is false, which generates a new export token and signing key certificate on every call.

Return type:

dict

Returns:

Response Syntax

{
    'SigningKeyCertificate': 'string',
    'SigningKeyCertificateChain': 'string',
    'SigningKeyAlgorithm': 'TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'HMAC_SHA256'|'HMAC_SHA384'|'HMAC_SHA512'|'HMAC_SHA224'|'RSA_2048'|'RSA_3072'|'RSA_4096'|'ECC_NIST_P256'|'ECC_NIST_P384'|'ECC_NIST_P521',
    'ExportToken': 'string',
    'ParametersValidUntilTimestamp': datetime(2015, 1, 1)
}

Response Structure

  • (dict) –

    • SigningKeyCertificate (string) –

      The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 30 days.

    • SigningKeyCertificateChain (string) –

      The root certificate authority (CA) that signed the signing key certificate in PEM format (base64 encoded).

    • SigningKeyAlgorithm (string) –

      The algorithm of the signing key certificate for use in TR-34 key block generation. RSA_2048 is the only signing key algorithm allowed.

    • ExportToken (string) –

      The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 30 days. You can use the same export token to export multiple keys from the same service account.

    • ParametersValidUntilTimestamp (datetime) –

      The validity period of the export token.

Exceptions

  • PaymentCryptographyControlPlane.Client.exceptions.ServiceQuotaExceededException

  • PaymentCryptographyControlPlane.Client.exceptions.ServiceUnavailableException

  • PaymentCryptographyControlPlane.Client.exceptions.ValidationException

  • PaymentCryptographyControlPlane.Client.exceptions.ConflictException

  • PaymentCryptographyControlPlane.Client.exceptions.AccessDeniedException

  • PaymentCryptographyControlPlane.Client.exceptions.ResourceNotFoundException

  • PaymentCryptographyControlPlane.Client.exceptions.ThrottlingException

  • PaymentCryptographyControlPlane.Client.exceptions.InternalServerException