Deleting a wrapping key

You can delete a selected wrapping key, which can be in any state, such as active. You cannot delete a wrapping key that is marked as either a default or partner key, or is scheduled for rollover. For example, you might delete an expired certificate.

Before you begin

Ensure that a backup exists of the keystore with the wrapping key that you intend to delete. Verify that the wrapping key is not marked as a default or partner key, or is scheduled for rollover. Determine the current state of the wrapping key, and ensure that deleting a wrapping key in this state conforms with your site policies.
Note: Delete wrapping keys only when the data that is protected by those wrapping keys is no longer needed. Deleting wrapping is like erasing the data. After the wrapping keys are deleted, data that is protected by those wrapping keys is not retrievable.

About this task

You can use the Delete option to delete a wrapping key. Alternatively, you can use the following REST services:

Your role must have permissions to the delete action and to the appropriate endpoint.

Deleting a wrapping key deletes the material from the database.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Endpoint management > Configured endpoints.
    4. On the Configured endpoints page, select your 3592 endpoint and click the overflow menu icon (Options).
    5. From the overflow menu options, click View.
    6. Alternatively, on the home page, click your 3592 endpoint link in the Configured endpoints section.
    7. On the 3592 endpoint management page, select a wrapping key in the wrapping key table and click the overflow menu icon.
    8. From the overflow menu options, click Delete.
    9. On the Confirm delete dialog, read the confirmation message to verify that the correct wrapping key is selected before you delete the wrapping key. Then, click OK.
  • Using a REST interface
    1. Open the Swagger UI. For more information, see Using Swagger UI.
    2. Authenticate and authorize to access the REST APIs. For more information, see Authentication process for REST services.
    3. Go to the Certificate management section.
    4. Depending on the type of wrapping key you want to delete, use the applicable REST service.
      Certificate

      Use the Certificate List REST Service to find a certificate.

      For example, you can send the following HTTP request:
      GET https://localhost:port/GKLM/rest/v1/certificates?attributes=
state active 
Content-Type: application/json 
Accept: application/json 
Authorization : SKLMAuth userAuthId=37ea1939-1374-4db7-84cd-14e399be2d20 
Accept-Language : en
      Use the Delete Certificate REST Service to delete a certificate.
      For example, you can send the following HTTP request:
      DELETE https://localhost:port/GKLM/rest/v1/certificates/mycertalias
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en

      Use the Delete Key REST Service to delete a key entry from the keystore. For example, you can send the following HTTP request:

      DELETE https://localhost:port/GKLM/rest/v1/keys/{keyAlias}
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m

What to do next

Next, you might back up the keystore again to accurately reflect the change in wrapping keys.