Skip to content

Re Encrypt Data

paymentcryptographydataplane_re_encrypt_data R Documentation

Re-encrypt ciphertext using DUKPT or Symmetric data encryption keys

Description

Re-encrypt ciphertext using DUKPT or Symmetric data encryption keys.

You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey or import your own encryption key by calling ImportKey. The KeyArn for use with this operation must be in a compatible key state with KeyModesOfUse set to Encrypt.

For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. To encrypt using DUKPT, a DUKPT key must already exist within your account with KeyModesOfUse set to DeriveKey or a new DUKPT can be generated by calling CreateKey.

For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

Usage

paymentcryptographydataplane_re_encrypt_data(IncomingKeyIdentifier,
  OutgoingKeyIdentifier, CipherText, IncomingEncryptionAttributes,
  OutgoingEncryptionAttributes, IncomingWrappedKey, OutgoingWrappedKey)

Arguments

IncomingKeyIdentifier

[required] The keyARN of the encryption key of incoming ciphertext data.

When a WrappedKeyBlock is provided, this value will be the identifier to the key wrapping key. Otherwise, it is the key identifier used to perform the operation.

OutgoingKeyIdentifier

[required] The keyARN of the encryption key of outgoing ciphertext data after encryption by Amazon Web Services Payment Cryptography.

CipherText

[required] Ciphertext to be encrypted. The minimum allowed length is 16 bytes and maximum allowed length is 4096 bytes.

IncomingEncryptionAttributes

[required] The attributes and values for incoming ciphertext.

OutgoingEncryptionAttributes

[required] The attributes and values for outgoing ciphertext data after encryption by Amazon Web Services Payment Cryptography.

IncomingWrappedKey

The WrappedKeyBlock containing the encryption key of incoming ciphertext data.

OutgoingWrappedKey

The WrappedKeyBlock containing the encryption key of outgoing ciphertext data after encryption by Amazon Web Services Payment Cryptography.

Value

A list with the following syntax: 

list(
  KeyArn = "string",
  KeyCheckValue = "string",
  CipherText = "string"
)

Request syntax

svc$re_encrypt_data(
  IncomingKeyIdentifier = "string",
  OutgoingKeyIdentifier = "string",
  CipherText = "string",
  IncomingEncryptionAttributes = list(
    Symmetric = list(
      Mode = "ECB"|"CBC"|"CFB"|"CFB1"|"CFB8"|"CFB64"|"CFB128"|"OFB",
      InitializationVector = "string",
      PaddingType = "PKCS1"|"OAEP_SHA1"|"OAEP_SHA256"|"OAEP_SHA512"
    ),
    Dukpt = list(
      KeySerialNumber = "string",
      Mode = "ECB"|"CBC",
      DukptKeyDerivationType = "TDES_2KEY"|"TDES_3KEY"|"AES_128"|"AES_192"|"AES_256",
      DukptKeyVariant = "BIDIRECTIONAL"|"REQUEST"|"RESPONSE",
      InitializationVector = "string"
    )
  ),
  OutgoingEncryptionAttributes = list(
    Symmetric = list(
      Mode = "ECB"|"CBC"|"CFB"|"CFB1"|"CFB8"|"CFB64"|"CFB128"|"OFB",
      InitializationVector = "string",
      PaddingType = "PKCS1"|"OAEP_SHA1"|"OAEP_SHA256"|"OAEP_SHA512"
    ),
    Dukpt = list(
      KeySerialNumber = "string",
      Mode = "ECB"|"CBC",
      DukptKeyDerivationType = "TDES_2KEY"|"TDES_3KEY"|"AES_128"|"AES_192"|"AES_256",
      DukptKeyVariant = "BIDIRECTIONAL"|"REQUEST"|"RESPONSE",
      InitializationVector = "string"
    )
  ),
  IncomingWrappedKey = list(
    WrappedKeyMaterial = list(
      Tr31KeyBlock = "string"
    ),
    KeyCheckValueAlgorithm = "CMAC"|"ANSI_X9_24"
  ),
  OutgoingWrappedKey = list(
    WrappedKeyMaterial = list(
      Tr31KeyBlock = "string"
    ),
    KeyCheckValueAlgorithm = "CMAC"|"ANSI_X9_24"
  )
)