getParametersForExport method

Future<GetParametersForExportOutput> getParametersForExport({
  1. required KeyMaterialType keyMaterialType,
  2. required KeyAlgorithm signingKeyAlgorithm,
  3. bool? reuseLastGeneratedToken,
})

Gets the export token and the signing key certificate to initiate a TR-34 key export from Amazon Web Services Payment Cryptography.

The signing key certificate signs the wrapped key under export within the TR-34 key payload. The export token and signing key certificate must be in place and operational before calling ExportKey. The export token expires in 30 days. You can use the same export token to export multiple keys from your service account.

To return a previously generated export token and signing key certificate instead of generating new ones, set ReuseLastGeneratedToken to true.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

May throw AccessDeniedException. May throw ConflictException. May throw InternalServerException. May throw ResourceNotFoundException. May throw ServiceQuotaExceededException. May throw ServiceUnavailableException. May throw ThrottlingException. May throw ValidationException.

Parameter keyMaterialType : The key block format type (for example, TR-34 or TR-31) to use during key material export. Export token is only required for a TR-34 key export, TR34_KEY_BLOCK. Export token is not required for TR-31 key export.

Parameter signingKeyAlgorithm : The signing key algorithm to generate a signing key certificate. This certificate signs the wrapped key under export within the TR-34 key block. RSA_2048 is the only signing key algorithm allowed.

Parameter reuseLastGeneratedToken : Specifies whether to reuse the existing export token and signing key certificate. If set to true and a valid export token exists for the same key material type and signing key algorithm with at least 7 days of remaining validity, the existing token and signing key certificate are returned. Otherwise, a new export token and signing key certificate are generated. The default value is false, which generates a new export token and signing key certificate on every call.

Implementation

Future<GetParametersForExportOutput> getParametersForExport({
  required KeyMaterialType keyMaterialType,
  required KeyAlgorithm signingKeyAlgorithm,
  bool? reuseLastGeneratedToken,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.0',
    'X-Amz-Target': 'PaymentCryptographyControlPlane.GetParametersForExport'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'KeyMaterialType': keyMaterialType.value,
      'SigningKeyAlgorithm': signingKeyAlgorithm.value,
      if (reuseLastGeneratedToken != null)
        'ReuseLastGeneratedToken': reuseLastGeneratedToken,
    },
  );

  return GetParametersForExportOutput.fromJson(jsonResponse.body);
}