Revoking Keys

Authorized users can revoke cryptographic keys in the Encryption Key Entry form.

Only inactive keys can be revoked.

For keygen master keys, each individual usage key triplet can be revoked by using the respective button on the Encryption key entry form.

If a usage key triplet is revoked, IBM® Safer Payments securely deletes it from disk, and removes the two passphrases from main memory in all cluster instances.

However, you must manually delete the revoked keys from all other storage locations by using a secure wipe tool. For example, the media used for key distribution. For more information, see Running a secure wipe tool.

For KMIP master keys, the master key itself can be revoked by using the respective button on the KMIP master key form. When a KMIP master key is revoked, it is deactivated on the KMIP server and configuration is removed from IBM Safer Payments including the key material that is stored in secure memory.