AWS Security ChangesHomeSearch

AWS payment-cryptography documentation change

Service: payment-cryptography · 2026-05-01 · Documentation low

File: payment-cryptography/latest/userguide/keys-import.md

Summary

Updated key exchange guidance to reference Physical Key Exchange and added documentation links.

Security assessment

Clarifies secure key import methods by referencing Physical Key Exchange feature. No security vulnerability is fixed; enhances documentation of existing security controls.

Diff

diff --git a/payment-cryptography/latest/userguide/keys-import.md b/payment-cryptography/latest/userguide/keys-import.md
index 3a4c87327..e3ee5e740 100644
--- a//payment-cryptography/latest/userguide/keys-import.md
+++ b//payment-cryptography/latest/userguide/keys-import.md
@@ -406 +406 @@ If the imported `KeyUsage` was `TR31_K0_KEY_ENCRYPTION_KEY` or `TR31_K1_KEY_BLOC
-When exchanging multiple keys or supporting key rotation, partners typically first exchange an initial key encryption key (KEK). You can do this using techniques such as paper key components or, for AWS Payment Cryptography, using TR-34.
+When exchanging multiple keys or supporting key rotation, partners typically first exchange an initial key encryption key (KEK). You can exchange KEK with AWS Payment Cryptography, using techniques such as TR-34 or [Physical Key Exchange](./keys-physicalkeyexchange.html).