AWS payment-cryptography documentation change
Summary
Updated key exchange guidance to reference Physical Key Exchange and added documentation links.
Security assessment
Clarifies secure key import methods by referencing Physical Key Exchange feature. No security vulnerability is fixed; enhances documentation of existing security controls.
Diff
diff --git a/payment-cryptography/latest/userguide/keys-import.md b/payment-cryptography/latest/userguide/keys-import.md index 3a4c87327..e3ee5e740 100644 --- a//payment-cryptography/latest/userguide/keys-import.md +++ b//payment-cryptography/latest/userguide/keys-import.md @@ -406 +406 @@ If the imported `KeyUsage` was `TR31_K0_KEY_ENCRYPTION_KEY` or `TR31_K1_KEY_BLOC -When exchanging multiple keys or supporting key rotation, partners typically first exchange an initial key encryption key (KEK). You can do this using techniques such as paper key components or, for AWS Payment Cryptography, using TR-34. +When exchanging multiple keys or supporting key rotation, partners typically first exchange an initial key encryption key (KEK). You can exchange KEK with AWS Payment Cryptography, using techniques such as TR-34 or [Physical Key Exchange](./keys-physicalkeyexchange.html).