sm2 pki local-key-pair destroy

Function

The sm2 pki local-key-pair destroy command deletes an SM2 key pair.

Format

sm2 pki local-key-pair key-name destroy

Parameters

Parameter Description Value
key-name

Indicate the name of SM2.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
pki execute

Usage Guidelines

Usage Scenario

Before applying for a certificate, run the sm2 pki local-key-pair create command to create a public and private key pair. During certificate application, the private key is kept by users; the public key and other information are sent to a CA for signature, and then a certificate is obtained.

If the key of a user is disclosed, the sm2 pki local-key-pair destroy command can be used to delete the original key pair.

If a local certificate exists, deleting the local certificate triggers the generation of a new key pair. This ensures that the key pair matches the local certificate. If a key pair exists, the newly created key pair replaces the original key pair.

Updating the key every 90 days is recommended.

Example

# Delete an SM2 key pair named key1.
<HUAWEI> system-view
[~HUAWEI] sm2 pki local-key-pair key1 destroy
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >