AWS cli documentation change
Summary
Updated AWS CLI version references from 2.34.61 to 2.34.63 and added documentation for HMAC key KCV computation method.
Security assessment
Extends documentation to include HMAC key validation (KCV computation), enhancing security documentation. No indication this addresses a specific security vulnerability.
Diff
diff --git a/cli/latest/reference/payment-cryptography/export-key.md b/cli/latest/reference/payment-cryptography/export-key.md index 0f87c711d..e936680fd 100644 --- a//cli/latest/reference/payment-cryptography/export-key.md +++ b//cli/latest/reference/payment-cryptography/export-key.md @@ -15 +15 @@ - * [AWS CLI 2.34.61 Command Reference](../../index.html) » + * [AWS CLI 2.34.63 Command Reference](../../index.html) » @@ -886 +886 @@ JSON Syntax: ->> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. +>> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. For HMAC keys, the KCV is computed using the hash selected at key creation on a zero-length message, taking the leftmost 3 bytes. @@ -1123 +1123 @@ WrappedKey -> (structure) ->> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. +>> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. For HMAC keys, the KCV is computed using the hash selected at key creation on a zero-length message, taking the leftmost 3 bytes. @@ -1144 +1144 @@ WrappedKey -> (structure) - * [AWS CLI 2.34.61 Command Reference](../../index.html) » + * [AWS CLI 2.34.63 Command Reference](../../index.html) »