AWS payment-cryptography documentation change
Summary
Expanded supported MAC algorithms to include ISO 9797-1 Algorithm 1 and 3 in the Generate MAC API documentation.
Security assessment
The update enhances documentation for cryptographic features but does not indicate a security fix.
Diff
diff --git a/payment-cryptography/latest/userguide/generate-mac.md b/payment-cryptography/latest/userguide/generate-mac.md index db07bc9ec..aa64ccba5 100644 --- a//payment-cryptography/latest/userguide/generate-mac.md +++ b//payment-cryptography/latest/userguide/generate-mac.md @@ -7 +7 @@ -Generate MAC API is used to authenticate card-related data, such as track data from a card magnetic stripe, by using known data values to generate a MAC (Message Authentication Code) for data validation between sending and receiving parties. The data used to generate MAC includes message data, secret MAC encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC will use the same MAC message data, MAC encryption key, and algorithm to reproduce another MAC value for comparison and data authentication. Even if one character of the message changes or the MAC key used for verification is not identical, the resulting MAC value is different. The API supports DUPKT MAC, HMAC and EMV MAC encryption keys for this operation. +Generate MAC API is used to authenticate card-related data, such as track data from a card magnetic stripe, by using known data values to generate a MAC (Message Authentication Code) for data validation between sending and receiving parties. The data used to generate MAC includes message data, secret MAC encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC will use the same MAC message data, MAC encryption key, and algorithm to reproduce another MAC value for comparison and data authentication. Even if one character of the message changes or the MAC key used for verification is not identical, the resulting MAC value is different. The API supports ISO 9797-1 Algorithm 1 and ISO 9797-1 Algorithm 3 MAC (using a static MAC key and a derived DUKPT key), HMAC and EMV MAC encryption keys for this operation. @@ -16,2 +16 @@ In this example, we will generate a HMAC (Hash-Based Message Authentication Code - --message-data "3b313038383439303031303733393431353d32343038323236303030373030303f33" \ - --generation-attributes Algorithm=HMAC_SHA256 + --message-data "3b313038383439303031303733393431353d32343038323236303030373030303f33"