Deletes an object (key, certificate, etc) identified by the label from a keystore. If the label is ALL, all objects are deleted.
keydelete [ -S ServiceName ] -l Label [ -p PrivateKeystore ] [ UserName ]
The keydelete command deletes an object (key, certificate, etc) identified by the Label. If the Label is ALL, all objects are deleted. The -S flag specifies which end-entity services and libraries to use while deleting the objects from the keystore. Available services are defined in /usr/lib/security/pki/ca.cfg. When invoked without -S, keydelete uses the default service, which is local. An error is returned if a ServiceName is specified which does not have an entry in the /usr/ lib/security/pki/ca.cfg file.
The -l flag must be specified. The Label is a variable length text string that is used to map a key in the keystore to the certificate which contains the matching public key. If the Label is ALL, all the objects in the keystore are deleted.
If the -p flag is not given, the username's default keystore file is used. The user's default keystore location is /var/pki/security/keys/<UserName>.
If no UserName is given, the current user's user name is used. The user is prompted for the password of the keystore.
Item | Description |
---|---|
-S ServiceName | Specifies which service module to use. |
-l Label | Specifies the label associated with the key to be added. |
-p PrivateKeystore | Species the location of the source destination keystore. |
username - Specifies the user whose key is going to be deleted.
This is a privileged (set-UID root) command.
In order to list the contents of a keystore, the user must know the password of the private keystore.
root and invokers belonging to group security are allowed to list anybody's keystore. However, they can only successfully complete this operation if they know the password to the keystore. A non-privileged user is only allowed to list the keystore that he owns.
Audit
This command records the following event information:
KEY_Delete <UserName>
keydelete -l signcert
keydelete -l ALL
keydelete -p /home/bob/bob.keystore -l signcert
/usr/lib/security/pki/ca.cfg