import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
import * as enums from "../types/enums";
/**
 * Definition of AWS::PaymentCryptography::Key Resource Type
 */
export declare class Key extends pulumi.CustomResource {
    /**
     * Get an existing Key resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): Key;
    /**
     * Returns true if the given object is an instance of Key.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is Key;
    /**
     * The cryptographic usage of an ECDH derived key as deﬁned in section A.5.2 of the TR-31 spec.
     */
    readonly deriveKeyUsage: pulumi.Output<enums.paymentcryptography.KeyDeriveKeyUsage | undefined>;
    /**
     * Specifies whether the key is enabled.
     */
    readonly enabled: pulumi.Output<boolean | undefined>;
    /**
     * Specifies whether the key is exportable. This data is immutable after the key is created.
     */
    readonly exportable: pulumi.Output<boolean>;
    /**
     * The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
     */
    readonly keyAttributes: pulumi.Output<outputs.paymentcryptography.KeyAttributes>;
    /**
     * The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
     *
     * For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
     */
    readonly keyCheckValueAlgorithm: pulumi.Output<enums.paymentcryptography.KeyCheckValueAlgorithm | undefined>;
    readonly keyIdentifier: pulumi.Output<string>;
    /**
     * The source of the key material. For keys created within AWS Payment Cryptography, the value is `AWS_PAYMENT_CRYPTOGRAPHY` . For keys imported into AWS Payment Cryptography, the value is `EXTERNAL` .
     */
    readonly keyOrigin: pulumi.Output<enums.paymentcryptography.KeyOrigin>;
    /**
     * The state of key that is being created or deleted.
     */
    readonly keyState: pulumi.Output<enums.paymentcryptography.KeyState>;
    readonly tags: pulumi.Output<outputs.Tag[] | undefined>;
    /**
     * Create a Key resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: KeyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * The set of arguments for constructing a Key resource.
 */
export interface KeyArgs {
    /**
     * The cryptographic usage of an ECDH derived key as deﬁned in section A.5.2 of the TR-31 spec.
     */
    deriveKeyUsage?: pulumi.Input<enums.paymentcryptography.KeyDeriveKeyUsage>;
    /**
     * Specifies whether the key is enabled.
     */
    enabled?: pulumi.Input<boolean>;
    /**
     * Specifies whether the key is exportable. This data is immutable after the key is created.
     */
    exportable: pulumi.Input<boolean>;
    /**
     * The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
     */
    keyAttributes: pulumi.Input<inputs.paymentcryptography.KeyAttributesArgs>;
    /**
     * The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
     *
     * For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
     */
    keyCheckValueAlgorithm?: pulumi.Input<enums.paymentcryptography.KeyCheckValueAlgorithm>;
    tags?: pulumi.Input<pulumi.Input<inputs.TagArgs>[]>;
}
