AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-06-07 · Documentation low

File: cli/latest/reference/payment-cryptography/delete-key.md

Summary

Updated AWS CLI version references from 2.34.61 to 2.34.63 and added documentation for HMAC key KCV computation method.

Security assessment

Adds documentation for HMAC key validation (KCV computation), a security feature. No evidence suggests this fixes a specific security vulnerability.

Diff

diff --git a/cli/latest/reference/payment-cryptography/delete-key.md b/cli/latest/reference/payment-cryptography/delete-key.md
index 829c233ca..935191e8d 100644
--- a//cli/latest/reference/payment-cryptography/delete-key.md
+++ b//cli/latest/reference/payment-cryptography/delete-key.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.61 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.63 Command Reference](../../index.html) »
@@ -447 +447 @@ Key -> (structure)
->> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
+>> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. For HMAC keys, the KCV is computed using the hash selected at key creation on a zero-length message, taking the leftmost 3 bytes.
@@ -668 +668 @@ Key -> (structure)
-  * [AWS CLI 2.34.61 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.63 Command Reference](../../index.html) »