AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-06-07 · Documentation low

File: cli/latest/reference/payment-cryptography/add-key-replication-regions.md

Summary

Added HMAC KCV computation details and updated CLI version reference

Security assessment

Added documentation for HMAC Key Check Value (KCV) computation method. This enhances cryptographic key management documentation but doesn't address a specific vulnerability. Improves clarity on security feature implementation.

Diff

diff --git a/cli/latest/reference/payment-cryptography/add-key-replication-regions.md b/cli/latest/reference/payment-cryptography/add-key-replication-regions.md
index e150f3d22..a61273d7e 100644
--- a//cli/latest/reference/payment-cryptography/add-key-replication-regions.md
+++ b//cli/latest/reference/payment-cryptography/add-key-replication-regions.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.61 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.63 Command Reference](../../index.html) »
@@ -409 +409 @@ Key -> (structure)
->> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
+>> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. For HMAC keys, the KCV is computed using the hash selected at key creation on a zero-length message, taking the leftmost 3 bytes.
@@ -630 +630 @@ Key -> (structure)
-  * [AWS CLI 2.34.61 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.63 Command Reference](../../index.html) »