Deleting a wrapping key

You can delete a selected wrapping key, which can be in any state, such as active. You cannot delete a wrapping key that is marked as either a default or partner key, or is scheduled for rollover. For example, you might delete an expired certificate.

Before you begin

Ensure that a backup exists of the keystore with the wrapping key that you intend to delete. Verify that the wrapping key is not marked as a default or partner key, or is scheduled for rollover. Determine the current state of the wrapping key, and ensure that deleting a wrapping key in this state conforms with your site policies.
Note: Delete wrapping keys only when the data protected by those wrapping keys is no longer needed. Deleting wrapping is like erasing the data. After the wrapping keys are deleted, data that is protected by those wrapping keys is not retrievable.

About this task

You can use the Delete menu item to delete a wrapping key. Alternatively, you can use the following REST services:

Your role must have permissions to the delete action and to the appropriate device group.

Deleting a wrapping key deletes the material from the database.

Procedure

  • Using graphical user interface
    1. Log in to the graphical user interface.
    2. In the Key and Device Management section on Welcome page, select 3592.
    3. Click Go to > Manage keys and devices. Alternatively, right-click 3592 and select Manage keys and devices.
    4. On the management page for 3592, select a wrapping key in the wrapping key table.
    5. Click Delete.
    6. Alternatively, right-click or double-click a wrapping key and then select Delete.
    7. On the Confirm dialog, read the confirmation message to verify that the correct wrapping key is selected before you delete the wrapping key. Then, click OK.
  • Using REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access the REST APIs. For more information, see Authentication process for REST services.
    3. Go to the Certificate management section.
    4. Depending on the type of wrapping key you want to delete, use the applicable REST service.
      Certificate

      Use the Certificate List REST Service to find a certificate.

      For example, you can send the following HTTP request:
      GET https://localhost:port/SKLM/rest/v1/certificates?attributes=
state active 
Content-Type: application/json 
Accept: application/json 
Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20 
Accept-Language : en
      Use the Delete Certificate REST Service to delete a certificate.
      For example, you can send the following HTTP request:
      DELETE https://localhost:port/SKLM/rest/v1/certificates/mycertalias
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en

      Use the Delete Key REST Service to delete a key entry from the keystore. For example, you can send the following HTTP request:

      DELETE https://localhost:port/SKLM/rest/v1/keys/{keyAlias}
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m

What to do next

Next, you might back up the keystore again to accurately reflect the change in wrapping keys.