PaymentCryptographyControlPlane / Client / get_parameters_for_export

get_parameters_for_export#

PaymentCryptographyControlPlane.Client.get_parameters_for_export(**kwargs)#

Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.

The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 7 days. You can use the same export token to export multiple keys from your service account.

Cross-account use: This operation can’t be used across different Amazon Web Services accounts.

Related operations:

See also: AWS API Documentation

Request Syntax

response = client.get_parameters_for_export(
    KeyMaterialType='TR34_KEY_BLOCK'|'TR31_KEY_BLOCK'|'ROOT_PUBLIC_KEY_CERTIFICATE'|'TRUSTED_PUBLIC_KEY_CERTIFICATE'|'KEY_CRYPTOGRAM',
    SigningKeyAlgorithm='TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'RSA_2048'|'RSA_3072'|'RSA_4096'|'ECC_NIST_P256'|'ECC_NIST_P384'
)
Parameters:
  • KeyMaterialType (string) –

    [REQUIRED]

    The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.

  • SigningKeyAlgorithm (string) –

    [REQUIRED]

    The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block. RSA_2048 is the only signing key algorithm allowed.

Return type:

dict

Returns:

Response Syntax

{
    'SigningKeyCertificate': 'string',
    'SigningKeyCertificateChain': 'string',
    'SigningKeyAlgorithm': 'TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'RSA_2048'|'RSA_3072'|'RSA_4096'|'ECC_NIST_P256'|'ECC_NIST_P384',
    'ExportToken': 'string',
    'ParametersValidUntilTimestamp': datetime(2015, 1, 1)
}

Response Structure

  • (dict) –

    • SigningKeyCertificate (string) –

      The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 7 days.

    • SigningKeyCertificateChain (string) –

      The root certificate authority (CA) that signed the signing key certificate in PEM format (base64 encoded).

    • SigningKeyAlgorithm (string) –

      The algorithm of the signing key certificate for use in TR-34 key block generation. RSA_2048 is the only signing key algorithm allowed.

    • ExportToken (string) –

      The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 7 days. You can use the same export token to export multiple keys from the same service account.

    • ParametersValidUntilTimestamp (datetime) –

      The validity period of the export token.

Exceptions