Blog
AWS Payment Cryptography Extra — Implement TR-31 Key Export and Import
Export a CVV key wrapped with KEK via TR-31, import it, and verify the same CVV2 is generated. Key material transfer and KCV-based identity verification with Python (boto3).
← All Tags
Tag: #payment-cryptography
Content tagged with "payment-cryptography"
Blog Posts
Blog
AWS Payment Cryptography Extra — Gotchas and Workarounds for Payment Cryptographic Operations
A collection of Java SDK v2 gotchas discovered across the 3-part series. HMAC gaps, enum naming mismatches, class name confusion, and other undocumented pitfalls with workarounds.
Blog
AWS Payment Cryptography Acquirer Edition — Implement PIN Translation and MAC Verification
Implement TranslatePinData for PIN re-encryption without exposing plaintext, and CMAC for data integrity verification. The core of acquirer processing: key relay without touching the PIN.
Blog
AWS Payment Cryptography Issuer Edition — Implement CVV Generation, PIN Verification, and ARQC Verification
Implement 3 core issuer cryptographic operations with Java SDK. Discover how GeneratePinData requires PEK and PVK simultaneously — multiple purpose-built keys cooperating in a single API call.
Blog
Getting Started with AWS Payment Cryptography — Create Payment Keys and Understand the KMS Design Difference
Create 4 types of payment cryptographic keys with Java SDK, test wrong-key-usage errors, and experience how TR-31 KeyUsage enforcement differs from KMS.