Skip to content

/AWS1/CL_PCYEXPORTATTRIBUTES

The attributes for IPEK generation during export.

CONSTRUCTOR

IMPORTING

Optional arguments:

io_exportdukptinitialkey TYPE REF TO /AWS1/CL_PCYEXPDUKPTINITIALKEY /AWS1/CL_PCYEXPDUKPTINITIALKEY

Parameter information for IPEK export.

iv_keycheckvaluealgorithm TYPE /AWS1/PCYKEYCHECKVALUEALG /AWS1/PCYKEYCHECKVALUEALG

The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. Specify KCV for IPEK export only.

For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. For HMAC keys, the KCV is computed using the hash selected at key creation on a zero-length message, taking the leftmost 3 bytes.

Queryable Attributes

ExportDukptInitialKey

Parameter information for IPEK export.

Accessible with the following methods

Method Description
GET_EXPORTDUKPTINITIALKEY() Getter for EXPORTDUKPTINITIALKEY

KeyCheckValueAlgorithm

The algorithm that Amazon Web Services Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. Specify KCV for IPEK export only.

For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. For HMAC keys, the KCV is computed using the hash selected at key creation on a zero-length message, taking the leftmost 3 bytes.

Accessible with the following methods

Method Description
GET_KEYCHECKVALUEALGORITHM() Getter for KEYCHECKVALUEALGORITHM, with configurable default
ASK_KEYCHECKVALUEALGORITHM() Getter for KEYCHECKVALUEALGORITHM w/ exceptions if field has
HAS_KEYCHECKVALUEALGORITHM() Determine if KEYCHECKVALUEALGORITHM has a value