PaymentCryptographyControlPlane / Client / get_parameters_for_export
get_parameters_for_export¶
- PaymentCryptographyControlPlane.Client.get_parameters_for_export(**kwargs)¶
Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.
The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 30 days. You can use the same export token to export multiple keys from your service account.
Cross-account use: This operation can’t be used across different Amazon Web Services accounts.
Related operations:
See also: AWS API Documentation
Request Syntax
response = client.get_parameters_for_export( KeyMaterialType='TR34_KEY_BLOCK'|'TR31_KEY_BLOCK'|'ROOT_PUBLIC_KEY_CERTIFICATE'|'TRUSTED_PUBLIC_KEY_CERTIFICATE'|'KEY_CRYPTOGRAM', SigningKeyAlgorithm='TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'HMAC_SHA256'|'HMAC_SHA384'|'HMAC_SHA512'|'HMAC_SHA224'|'RSA_2048'|'RSA_3072'|'RSA_4096'|'ECC_NIST_P256'|'ECC_NIST_P384'|'ECC_NIST_P521' )
- Parameters:
KeyMaterialType (string) –
[REQUIRED]
The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export,
TR34_KEY_BLOCK. Export token is not required for TR-31 key export.SigningKeyAlgorithm (string) –
[REQUIRED]
The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block.
RSA_2048is the only signing key algorithm allowed.
- Return type:
dict
- Returns:
Response Syntax
{ 'SigningKeyCertificate': 'string', 'SigningKeyCertificateChain': 'string', 'SigningKeyAlgorithm': 'TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'HMAC_SHA256'|'HMAC_SHA384'|'HMAC_SHA512'|'HMAC_SHA224'|'RSA_2048'|'RSA_3072'|'RSA_4096'|'ECC_NIST_P256'|'ECC_NIST_P384'|'ECC_NIST_P521', 'ExportToken': 'string', 'ParametersValidUntilTimestamp': datetime(2015, 1, 1) }
Response Structure
(dict) –
SigningKeyCertificate (string) –
The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 30 days.
SigningKeyCertificateChain (string) –
The root certificate authority (CA) that signed the signing key certificate in PEM format (base64 encoded).
SigningKeyAlgorithm (string) –
The algorithm of the signing key certificate for use in TR-34 key block generation.
RSA_2048is the only signing key algorithm allowed.ExportToken (string) –
The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 30 days. You can use the same export token to export multiple keys from the same service account.
ParametersValidUntilTimestamp (datetime) –
The validity period of the export token.
Exceptions
PaymentCryptographyControlPlane.Client.exceptions.ServiceQuotaExceededExceptionPaymentCryptographyControlPlane.Client.exceptions.ServiceUnavailableExceptionPaymentCryptographyControlPlane.Client.exceptions.ValidationExceptionPaymentCryptographyControlPlane.Client.exceptions.ConflictExceptionPaymentCryptographyControlPlane.Client.exceptions.AccessDeniedExceptionPaymentCryptographyControlPlane.Client.exceptions.ResourceNotFoundExceptionPaymentCryptographyControlPlane.Client.exceptions.ThrottlingExceptionPaymentCryptographyControlPlane.Client.exceptions.InternalServerException