@shinyaz

AWS Payment Cryptography PVK algorithm has a documentation inconsistency

1 min read
#aws#payment-cryptography

While implementing the VISA PIN scheme with GeneratePinData, I noticed a contradiction between two AWS docs about the PVK (PIN Verification Key, TR31_V2) algorithm.

The PVV tutorial explicitly states "The PGK must be a key of algorithm TDES_2KEY." But the Valid keys page GeneratePinData (VISA) table lists only TDES_3KEY for the PIN Generation Key.

I created a PVK with TDES_2KEY and ran GeneratePinData — it worked fine. The PVV tutorial matches the actual API behavior; the Valid keys table appears to be missing TDES_2KEY. See AWS Payment Cryptography Issuer Edition for the full verification.

Share this post

Shinya Tahara

Shinya Tahara

Solutions Architect @ AWS

I'm a Solutions Architect at AWS, providing technical guidance primarily to financial industry customers. I share learnings about cloud architecture and AI/ML on this site.The views and opinions expressed on this site are my own and do not represent the official positions of my employer.

Read more