Delete User Key
The Delete User Key command is used to remove a previously stored user key from a specific slot in the Cryptnox card. Since each slot (1-3) can only store one key at a time, this command is required before replacing an existing key with a new one.
This command is crucial for managing user authentication and ensuring that only authorized keys are stored in the Cryptnox card.
Command specifications
Check User Key Command
The Delete User Key command is used to remove a previously stored user key from a specific slot in the Cryptnox card.
The following code snippet outlines the Python object for this command:
def add_user_key(slot_index: SlotIndex, data_info: str, public_key: bytes, puk: str, cred_id: bytes):
card.user_key_add(slot_index, data_info, public_key, puk, cred_id)
For example, delete_user_key(SlotIndex.SLOT_1, “puk_code”).
Application Protocol Data Unit (APDU) Components
The following table outlines the components of the Application Protocol Data Unit (APDU).
Field | Description | Value |
CLA | This field specifies the class of the instruction. | 0x80 |
INS | This field specifies the particular command or operation that the smart card or secure element should execute. | 0xD7 |
P1 | First parameter of the instruction that specifies the details about the operation being requested. | 0x00 |
P2 | First parameter of the instruction that specifies additional details about the operation being requested. | 0x00 |
Data | Key data | slotIndex(1-3) | PUK (12 bytes) |
📘 Prerequisites
- The secure channel must be open.
- Delete the user public key in the corresponding slot index.
Response
The following table outlines the possible responses that you will receive:
Response Code | Description |
0x9000 | Success |
0x6A80 | Invalid slot index or the length is not 13 bytes. |
0x63CX | Incorrect PUK. |
0x6986 | Empty key slot. |
Additional Information
How It Works:
- The command specifies the slot index (1-3) from which the key should be deleted.
- Once executed, the stored key in that slot is permanently removed.
- After deletion, a new user key can be added to the empty slot using the Add User Key command.
Why Use the Delete User Key Command?
The Delete User Key command is essential for maintaining a secure and flexible authentication environment on your Cryptnox smart card. Whether you’re rotating credentials, revoking access, or simply freeing up space, this command ensures that outdated or compromised keys are securely removed from the card’s memory.
- Prevent unauthorized access using old credentials.
- Enable new users or devices to register securely.
- Maintain strict control over PIN-less authentication configurations.
- Avoid slot conflicts when storing new public keys.
This command empowers administrators to securely delete a stored user key from the Cryptnox card slot, helping free up slots for new keys and manage PIN-less authentication with full control.
Key Benefits of Using the Delete User Key Command
Regularly deleting stored user keys from your Cryptnox card helps maintain optimal security, system flexibility, and long-term device performance. This ensures unauthorized access is prevented while enabling smooth onboarding of new users or devices.
- Enhances smart card security by removing outdated keys
- Frees up space for new key storage
- Prevents slot conflicts and key duplication
- Supports secure, PIN-less authentication management
- Ensures only valid credentials remain active
📘 Important Notes
- Once a user key is written is a slot, it requires to be erased with this command before one can set a new key in this slot, using the Add User Key command again.
- Deleting a key erases all authentication privileges associated with that key.
- If the key was used for PIN-less authentication, the user will need to set up a new key to continue using key-based authentication.
- For security reasons, this command may require additional authentication before execution.