AWS payment-cryptography medium security documentation change
Summary
Clarified key mode of use requirement for HMAC verification (Verify must be set to true)
Security assessment
The correction ensures users properly configure keys for verification. Incorrect documentation could have led to keys being created without the Verify mode enabled, potentially causing MAC verification failures and undermining data integrity checks. This addresses a potential misconfiguration risk.
Diff
diff --git a/payment-cryptography/latest/userguide/verify-mac.md b/payment-cryptography/latest/userguide/verify-mac.md index 7d8e74a7f..f645a9db6 100644 --- a//payment-cryptography/latest/userguide/verify-mac.md +++ b//payment-cryptography/latest/userguide/verify-mac.md @@ -11 +11 @@ If the value is verified, then response parameter `MacDataVerificationSuccessful -In this example, we will verify a HMAC (Hash-Based Message Authentication Code) for card data authentication using HMAC algorithm `HMAC_SHA256` and HMAC encryption key. The key must have KeyUsage set to `TR31_M7_HMAC_KEY` and KeyModesOfUse to `Verify`. +In this example, we will verify a HMAC (Hash-Based Message Authentication Code) for card data authentication using HMAC algorithm `HMAC_SHA256` and HMAC encryption key. The key must have KeyUsage set to `TR31_M7_HMAC_KEY` and KeyModesOfUse `Verify` set to true. @@ -17 +16,0 @@ In this example, we will verify a HMAC (Hash-Based Message Authentication Code) - --verification-attributes='Algorithm=HMAC_SHA256' \