PaymentCryptographyControlPlane / Client / get_parameters_for_export
get_parameters_for_export#
- PaymentCryptographyControlPlane.Client.get_parameters_for_export(**kwargs)#
Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.
The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 7 days. You can use the same export token to export multiple keys from your service account.
Cross-account use: This operation can’t be used across different Amazon Web Services accounts.
Related operations:
See also: AWS API Documentation
Request Syntax
response = client.get_parameters_for_export( KeyMaterialType='TR34_KEY_BLOCK'|'TR31_KEY_BLOCK'|'ROOT_PUBLIC_KEY_CERTIFICATE'|'TRUSTED_PUBLIC_KEY_CERTIFICATE'|'KEY_CRYPTOGRAM', SigningKeyAlgorithm='TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'RSA_2048'|'RSA_3072'|'RSA_4096' )
- Parameters:
KeyMaterialType (string) –
[REQUIRED]
The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export,
TR34_KEY_BLOCK. Export token is not required for TR-31 key export.SigningKeyAlgorithm (string) –
[REQUIRED]
The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block.
RSA_2048is the only signing key algorithm allowed.
- Return type:
dict
- Returns:
Response Syntax
{ 'SigningKeyCertificate': 'string', 'SigningKeyCertificateChain': 'string', 'SigningKeyAlgorithm': 'TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'RSA_2048'|'RSA_3072'|'RSA_4096', 'ExportToken': 'string', 'ParametersValidUntilTimestamp': datetime(2015, 1, 1) }
Response Structure
(dict) –
SigningKeyCertificate (string) –
The signing key certificate in PEM format (base64 encoded) of the public key for signature within the TR-34 key block. The certificate expires after 7 days.
SigningKeyCertificateChain (string) –
The root certificate authority (CA) that signed the signing key certificate in PEM format (base64 encoded).
SigningKeyAlgorithm (string) –
The algorithm of the signing key certificate for use in TR-34 key block generation.
RSA_2048is the only signing key algorithm allowed.ExportToken (string) –
The export token to initiate key export from Amazon Web Services Payment Cryptography. The export token expires after 7 days. You can use the same export token to export multiple keys from the same service account.
ParametersValidUntilTimestamp (datetime) –
The validity period of the export token.
Exceptions
PaymentCryptographyControlPlane.Client.exceptions.ServiceQuotaExceededExceptionPaymentCryptographyControlPlane.Client.exceptions.ServiceUnavailableExceptionPaymentCryptographyControlPlane.Client.exceptions.ValidationExceptionPaymentCryptographyControlPlane.Client.exceptions.ConflictExceptionPaymentCryptographyControlPlane.Client.exceptions.AccessDeniedExceptionPaymentCryptographyControlPlane.Client.exceptions.ResourceNotFoundExceptionPaymentCryptographyControlPlane.Client.exceptions.ThrottlingExceptionPaymentCryptographyControlPlane.Client.exceptions.InternalServerException