Skip to content

Delete Key

paymentcryptographycontrolplane_delete_key R Documentation

Deletes the key material and metadata associated with Amazon Web Services Payment Cryptography key

Description

Deletes the key material and metadata associated with Amazon Web Services Payment Cryptography key.

Key deletion is irreversible. After a key is deleted, you can't perform cryptographic operations using the key. For example, you can't decrypt data that was encrypted by a deleted Amazon Web Services Payment Cryptography key, and the data may become unrecoverable. Because key deletion is destructive, Amazon Web Services Payment Cryptography has a safety mechanism to prevent accidental deletion of a key. When you call this operation, Amazon Web Services Payment Cryptography disables the specified key but doesn't delete it until after a waiting period set using DeleteKeyInDays. The default waiting period is 7 days. During the waiting period, the KeyState is DELETE_PENDING. After the key is deleted, the KeyState is DELETE_COMPLETE.

You should delete a key only when you are sure that you don't need to use it anymore and no other parties are utilizing this key. If you aren't sure, consider deactivating it instead by calling stop_key_usage.

Cross-account use: This operation can't be used across different Amazon Web Services accounts.

Related operations:

  • restore_key

  • start_key_usage

  • stop_key_usage

Usage

paymentcryptographycontrolplane_delete_key(KeyIdentifier,
  DeleteKeyInDays)

Arguments

KeyIdentifier

[required] The KeyARN of the key that is scheduled for deletion.

DeleteKeyInDays

The waiting period for key deletion. The default value is seven days.

Value

A list with the following syntax:

list(
  Key = list(
    KeyArn = "string",
    KeyAttributes = list(
      KeyUsage = "TR31_B0_BASE_DERIVATION_KEY"|"TR31_C0_CARD_VERIFICATION_KEY"|"TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"|"TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION"|"TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"|"TR31_E1_EMV_MKEY_CONFIDENTIALITY"|"TR31_E2_EMV_MKEY_INTEGRITY"|"TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"|"TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"|"TR31_E6_EMV_MKEY_OTHER"|"TR31_K0_KEY_ENCRYPTION_KEY"|"TR31_K1_KEY_BLOCK_PROTECTION_KEY"|"TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT"|"TR31_M3_ISO_9797_3_MAC_KEY"|"TR31_M1_ISO_9797_1_MAC_KEY"|"TR31_M6_ISO_9797_5_CMAC_KEY"|"TR31_M7_HMAC_KEY"|"TR31_P0_PIN_ENCRYPTION_KEY"|"TR31_P1_PIN_GENERATION_KEY"|"TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE"|"TR31_V1_IBM3624_PIN_VERIFICATION_KEY"|"TR31_V2_VISA_PIN_VERIFICATION_KEY"|"TR31_K2_TR34_ASYMMETRIC_KEY",
      KeyClass = "SYMMETRIC_KEY"|"ASYMMETRIC_KEY_PAIR"|"PRIVATE_KEY"|"PUBLIC_KEY",
      KeyAlgorithm = "TDES_2KEY"|"TDES_3KEY"|"AES_128"|"AES_192"|"AES_256"|"RSA_2048"|"RSA_3072"|"RSA_4096",
      KeyModesOfUse = list(
        Encrypt = TRUE|FALSE,
        Decrypt = TRUE|FALSE,
        Wrap = TRUE|FALSE,
        Unwrap = TRUE|FALSE,
        Generate = TRUE|FALSE,
        Sign = TRUE|FALSE,
        Verify = TRUE|FALSE,
        DeriveKey = TRUE|FALSE,
        NoRestrictions = TRUE|FALSE
      )
    ),
    KeyCheckValue = "string",
    KeyCheckValueAlgorithm = "CMAC"|"ANSI_X9_24",
    Enabled = TRUE|FALSE,
    Exportable = TRUE|FALSE,
    KeyState = "CREATE_IN_PROGRESS"|"CREATE_COMPLETE"|"DELETE_PENDING"|"DELETE_COMPLETE",
    KeyOrigin = "EXTERNAL"|"AWS_PAYMENT_CRYPTOGRAPHY",
    CreateTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    UsageStartTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    UsageStopTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeletePendingTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeleteTimestamp = as.POSIXct(
      "2015-01-01"
    )
  )
)

Request syntax

svc$delete_key(
  KeyIdentifier = "string",
  DeleteKeyInDays = 123
)