:doc:`PaymentCryptographyControlPlane <../../payment-cryptography>` / Paginator / ListKeys

********
ListKeys
********



.. py:class:: PaymentCryptographyControlPlane.Paginator.ListKeys

  ::

    
    paginator = client.get_paginator('list_keys')

  
  

  .. py:method:: paginate(**kwargs)

    Creates an iterator that will paginate through responses from :py:meth:`PaymentCryptographyControlPlane.Client.list_keys`.

    See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-2021-09-14/ListKeys>`_    


    **Request Syntax**
    ::

      response_iterator = paginator.paginate(
          KeyState='CREATE_IN_PROGRESS'|'CREATE_COMPLETE'|'DELETE_PENDING'|'DELETE_COMPLETE',
          PaginationConfig={
              'MaxItems': 123,
              'PageSize': 123,
              'StartingToken': 'string'
          }
      )
      
    :type KeyState: string
    :param KeyState: 

      The key state of the keys you want to list.

      

    
    :type PaginationConfig: dict
    :param PaginationConfig: 

      A dictionary that provides parameters to control pagination.

      

    
      - **MaxItems** *(integer) --* 

        The total number of items to return. If the total number of items available is more than the value specified in max-items then a ``NextToken`` will be provided in the output that you can use to resume pagination.

        

      
      - **PageSize** *(integer) --* 

        The size of each page.

        

      
      - **StartingToken** *(string) --* 

        A token to specify where to start paginating. This is the ``NextToken`` from a previous response.

        

      
    
    
    :rtype: dict
    :returns: 
      
      **Response Syntax**

      
      ::

        {
            'Keys': [
                {
                    'KeyArn': 'string',
                    'KeyState': 'CREATE_IN_PROGRESS'|'CREATE_COMPLETE'|'DELETE_PENDING'|'DELETE_COMPLETE',
                    'KeyAttributes': {
                        'KeyUsage': 'TR31_B0_BASE_DERIVATION_KEY'|'TR31_C0_CARD_VERIFICATION_KEY'|'TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY'|'TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION'|'TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS'|'TR31_E1_EMV_MKEY_CONFIDENTIALITY'|'TR31_E2_EMV_MKEY_INTEGRITY'|'TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS'|'TR31_E5_EMV_MKEY_CARD_PERSONALIZATION'|'TR31_E6_EMV_MKEY_OTHER'|'TR31_K0_KEY_ENCRYPTION_KEY'|'TR31_K1_KEY_BLOCK_PROTECTION_KEY'|'TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT'|'TR31_M0_ISO_16609_MAC_KEY'|'TR31_M3_ISO_9797_3_MAC_KEY'|'TR31_M1_ISO_9797_1_MAC_KEY'|'TR31_M6_ISO_9797_5_CMAC_KEY'|'TR31_M7_HMAC_KEY'|'TR31_P0_PIN_ENCRYPTION_KEY'|'TR31_P1_PIN_GENERATION_KEY'|'TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE'|'TR31_V1_IBM3624_PIN_VERIFICATION_KEY'|'TR31_V2_VISA_PIN_VERIFICATION_KEY'|'TR31_K2_TR34_ASYMMETRIC_KEY',
                        'KeyClass': 'SYMMETRIC_KEY'|'ASYMMETRIC_KEY_PAIR'|'PRIVATE_KEY'|'PUBLIC_KEY',
                        'KeyAlgorithm': 'TDES_2KEY'|'TDES_3KEY'|'AES_128'|'AES_192'|'AES_256'|'HMAC_SHA256'|'HMAC_SHA384'|'HMAC_SHA512'|'HMAC_SHA224'|'RSA_2048'|'RSA_3072'|'RSA_4096'|'ECC_NIST_P256'|'ECC_NIST_P384'|'ECC_NIST_P521',
                        'KeyModesOfUse': {
                            'Encrypt': True|False,
                            'Decrypt': True|False,
                            'Wrap': True|False,
                            'Unwrap': True|False,
                            'Generate': True|False,
                            'Sign': True|False,
                            'Verify': True|False,
                            'DeriveKey': True|False,
                            'NoRestrictions': True|False
                        }
                    },
                    'KeyCheckValue': 'string',
                    'Exportable': True|False,
                    'Enabled': True|False,
                    'MultiRegionKeyType': 'PRIMARY'|'REPLICA',
                    'PrimaryRegion': 'string'
                },
            ],
            
        }
        
      **Response Structure**

      

      - *(dict) --* 
        

        - **Keys** *(list) --* 

          The list of keys created within the caller's Amazon Web Services account and Amazon Web Services Region.

          
          

          - *(dict) --* 

            Metadata about an Amazon Web Services Payment Cryptography key.

            
            

            - **KeyArn** *(string) --* 

              The Amazon Resource Name (ARN) of the key.

              
            

            - **KeyState** *(string) --* 

              The state of an Amazon Web Services Payment Cryptography that is being created or deleted.

              
            

            - **KeyAttributes** *(dict) --* 

              The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.

              
              

              - **KeyUsage** *(string) --* 

                The cryptographic usage of an Amazon Web Services Payment Cryptography key as deﬁned in section A.5.2 of the TR-31 spec.

                
              

              - **KeyClass** *(string) --* 

                The type of Amazon Web Services Payment Cryptography key to create, which determines the classiﬁcation of the cryptographic method and whether Amazon Web Services Payment Cryptography key contains a symmetric key or an asymmetric key pair.

                
              

              - **KeyAlgorithm** *(string) --* 

                The key algorithm to be use during creation of an Amazon Web Services Payment Cryptography key.

                 

                For symmetric keys, Amazon Web Services Payment Cryptography supports ``AES`` and ``TDES`` algorithms. For asymmetric keys, Amazon Web Services Payment Cryptography supports ``RSA`` and ``ECC_NIST`` algorithms.

                
              

              - **KeyModesOfUse** *(dict) --* 

                The list of cryptographic operations that you can perform using the key.

                
                

                - **Encrypt** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to encrypt data.

                  
                

                - **Decrypt** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to decrypt data.

                  
                

                - **Wrap** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to wrap other keys.

                  
                

                - **Unwrap** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to unwrap other keys.

                  
                

                - **Generate** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to generate and verify other card and PIN verification keys.

                  
                

                - **Sign** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used for signing.

                  
                

                - **Verify** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to verify signatures.

                  
                

                - **DeriveKey** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key can be used to derive new keys.

                  
                

                - **NoRestrictions** *(boolean) --* 

                  Speciﬁes whether an Amazon Web Services Payment Cryptography key has no special restrictions other than the restrictions implied by ``KeyUsage``.

                  
            
          
            

            - **KeyCheckValue** *(string) --* 

              The key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

              
            

            - **Exportable** *(boolean) --* 

              Specifies whether the key is exportable. This data is immutable after the key is created.

              
            

            - **Enabled** *(boolean) --* 

              Specifies whether the key is enabled.

              
            

            - **MultiRegionKeyType** *(string) --* 

              Indicates whether this key is a Multi-Region key and its role in the Multi-Region key hierarchy.

               

              Multi-Region replication keys allow the same key material to be used across multiple Amazon Web Services Regions. This field specifies whether the key is a Primary Region key (PRK) (which can be replicated to other Amazon Web Services Regions) or a Replica Region key (RRK) (which is a copy of a PRK in another Region). For more information, see `Multi-Region key replication <https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-multi-region-replication.html>`__.

              
            

            - **PrimaryRegion** *(string) --* 

              An Amazon Web Services Region identifier in the standard format (e.g., ``us-east-1``, ``eu-west-1``).

               

              Used to specify regions for key replication operations. The region must be a valid Amazon Web Services Region where Amazon Web Services Payment Cryptography is available.

              
        
      
    