AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-06-07 · Documentation low

File: cli/latest/reference/payment-cryptography/stop-key-usage.md

Summary

Updated AWS CLI version references from 2.34.61 to 2.34.63 and added documentation for HMAC key KCV computation method

Security assessment

Routine version update. HMAC KCV documentation addition describes a security feature for key verification, but lacks evidence of patching a security issue.

Diff

diff --git a/cli/latest/reference/payment-cryptography/stop-key-usage.md b/cli/latest/reference/payment-cryptography/stop-key-usage.md
index ff9b4036d..2c4b44ebf 100644
--- a//cli/latest/reference/payment-cryptography/stop-key-usage.md
+++ b//cli/latest/reference/payment-cryptography/stop-key-usage.md
@@ -15 +15 @@
-  * [AWS CLI 2.34.61 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.63 Command Reference](../../index.html) »
@@ -431 +431 @@ Key -> (structure)
->> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
+>> For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. For HMAC keys, the KCV is computed using the hash selected at key creation on a zero-length message, taking the leftmost 3 bytes.
@@ -652 +652 @@ Key -> (structure)
-  * [AWS CLI 2.34.61 Command Reference](../../index.html) »
+  * [AWS CLI 2.34.63 Command Reference](../../index.html) »