Delete User Key
Introduction
The Delete User Key command is used to remove a previously stored user key from a specific slot in the Cryptnox card. Since each slot (1-3) can only store one key at a time, this command is required before replacing an existing key with a new one.
This command is crucial for managing user authentication and ensuring that only authorized keys are stored in the Cryptnox card.
Command Specifications
Delete User Key Command
The Delete User Key command is used to remove a previously stored user key from a specific slot in the Cryptnox card.
The following code snippet outlines the Python object for this command:
def add_user_key(slot_index: SlotIndex, data_info: str, public_key: bytes, puk: str, cred_id: bytes):
card.user_key_add(slot_index, data_info, public_key, puk, cred_id)For example, delete_user_key(SlotIndex.SLOT_1, "puk_code").
Application Protocol Data Unit (APDU) Components
The following table outlines the components of the Application Protocol Data Unit (APDU).
Prerequisites:
- The secure channel must be open.
- Delete the user public key in the corresponding slot index.
| Field | Description | Value |
|---|---|---|
| CLA | This field specifies the class of the instruction. | 0x80 |
| INS | This field specifies the particular command or operation that the smart card or secure element should execute. | 0xD7 |
| P1 | First parameter of the instruction that specifies the details about the operation being requested. | 0x00 |
| P2 | First parameter of the instruction that specifies additional details about the operation being requested. | 0x00 |
| Data | Key data | slotIndex(1-3) | PUK (12 bytes) |
Response
The following table outlines the possible responses that you will receive:
| Response Code | Description |
|---|---|
| 0x9000 | Success |
| 0x6A80 | Invalid slot index or the length is not 13 bytes. |
| 0x63CX | Incorrect PUK. |
| 0x6986 | Empty key slot. |
Additional Information
How It Works:
- The command specifies the slot index (1-3) from which the key should be deleted.
- Once executed, the stored key in that slot is permanently removed.
- After deletion, a new user key can be added to the empty slot using the Add User Key command.
Important Notes
- Once a user key is written is a slot, it requires to be erased with this command before one can set a new key in this slot, using the Add User Key command again.
- Deleting a key erases all authentication privileges associated with that key.
- If the key was used for PIN-less authentication, the user will need to set up a new key to continue using key-based authentication.
- For security reasons, this command may require additional authentication before execution.
Updated 4 months ago