@shinyaz

AWS Payment Cryptography HMAC keys can't be created from Java SDK v2.31.9

1 min read
#aws#payment-cryptography#java

Tried creating an HMAC_SHA256 MAC key via Java SDK v2 for AWS Payment Cryptography. The KeyAlgorithm enum doesn't have HMAC_SHA256. fromValue("HMAC_SHA256") returns UNKNOWN_TO_SDK_VERSION and sends null to the API.

It gets worse on the Data Plane side. MacAlgorithm enum has HMAC_SHA256, but using it with an HMAC_SHA256 key returns an error telling you to use HMAC MacAlgorithm — which doesn't exist as an enum value.

Output
Invalid MacAlgorithm HMAC_SHA256 used with KeyAlgorithm HMAC_SHA256.
Please use HMAC Key with 'HMAC' MacAlgorithm.

Two workarounds: use CMAC instead (TR31_M6_ISO_9797_5_CMAC_KEY + AES_256 + MacAlgorithm.CMAC), or create the key via CLI and use the ARN in Java. See AWS Payment Cryptography Extra for details.

Share this post

Shinya Tahara

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this site.The views and opinions expressed on this site are my own and do not represent the official positions of my employer.

Read more