Encrypt Data
| paymentcryptographydataplane_encrypt_data | R Documentation |
Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme¶
Description¶
Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.
You can generate an encryption key within Amazon Web Services Payment
Cryptography by calling
CreateKey.
You can import your own encryption key by calling
ImportKey.
For this operation, the key must have KeyModesOfUse set to Encrypt.
In asymmetric encryption, plaintext is encrypted using public component.
You can import the public component of an asymmetric key pair created
outside Amazon Web Services Payment Cryptography by calling
ImportKey.
For symmetric and DUKPT encryption, Amazon Web Services Payment
Cryptography supports TDES and AES algorithms. For EMV encryption,
Amazon Web Services Payment Cryptography supports TDES algorithms.For
asymmetric encryption, Amazon Web Services Payment Cryptography supports
RSA.
When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.
To encrypt using DUKPT, you must already have a BDK (Base Derivation
Key) key in your account with KeyModesOfUse set to DeriveKey, or you
can generate a new DUKPT key by calling
CreateKey.
To encrypt using EMV, you must already have an IMK (Issuer Master Key)
key in your account with KeyModesOfUse set to DeriveKey.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
-
decrypt_data -
re_encrypt_data
Usage¶
paymentcryptographydataplane_encrypt_data(KeyIdentifier, PlainText,
EncryptionAttributes, WrappedKey)
Arguments¶
KeyIdentifier[required] The
keyARNof the encryption key that Amazon Web Services Payment Cryptography uses for plaintext encryption.When a WrappedKeyBlock is provided, this value will be the identifier to the key wrapping key. Otherwise, it is the key identifier used to perform the operation.
PlainText[required] The plaintext to be encrypted.
For encryption using asymmetric keys, plaintext data length is constrained by encryption key strength that you define in
KeyAlgorithmand padding type that you define inAsymmetricEncryptionAttributes. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.EncryptionAttributes[required] The encryption key type and attributes for plaintext encryption.
WrappedKeyThe WrappedKeyBlock containing the encryption key for plaintext encryption.
Value¶
A list with the following syntax:
Request syntax¶
svc$encrypt_data(
KeyIdentifier = "string",
PlainText = "string",
EncryptionAttributes = list(
Symmetric = list(
Mode = "ECB"|"CBC"|"CFB"|"CFB1"|"CFB8"|"CFB64"|"CFB128"|"OFB",
InitializationVector = "string",
PaddingType = "PKCS1"|"OAEP_SHA1"|"OAEP_SHA256"|"OAEP_SHA512"
),
Asymmetric = list(
PaddingType = "PKCS1"|"OAEP_SHA1"|"OAEP_SHA256"|"OAEP_SHA512"
),
Dukpt = list(
KeySerialNumber = "string",
Mode = "ECB"|"CBC",
DukptKeyDerivationType = "TDES_2KEY"|"TDES_3KEY"|"AES_128"|"AES_192"|"AES_256",
DukptKeyVariant = "BIDIRECTIONAL"|"REQUEST"|"RESPONSE",
InitializationVector = "string"
),
Emv = list(
MajorKeyDerivationMode = "EMV_OPTION_A"|"EMV_OPTION_B",
PrimaryAccountNumber = "string",
PanSequenceNumber = "string",
SessionDerivationData = "string",
Mode = "ECB"|"CBC",
InitializationVector = "string"
)
),
WrappedKey = list(
WrappedKeyMaterial = list(
Tr31KeyBlock = "string"
),
KeyCheckValueAlgorithm = "CMAC"|"ANSI_X9_24"
)
)