Cryptographic Erasure
What is Cryptographic Erasure?
Cryptographic ErasureRendering encrypted data unrecoverable by securely destroying the encryption keys instead of overwriting the storage media itself.
Cryptographic erasure, sometimes called crypto-shredding, sanitizes data by destroying the keys used to encrypt it, so the ciphertext remains physically present but is unreadable. NIST SP 800-88 lists it as an accepted media-sanitization method when the data was always stored encrypted with strong algorithms (AES-256 or equivalent) and well-managed keys. It is widely used in self-encrypting drives, mobile devices (iOS effaceable key), cloud KMS-backed storage, and tape backups, where physical wiping is slow, impossible, or impossible to verify. To be effective, every copy of every wrapping key must be destroyed, including HSM-resident master keys, backups, and escrow material. Auditable key-destruction logs are required for compliance.
● Examples
- 01
Tapping the Erase All Content button on an iPhone, which deletes the per-device effaceable AES key.
- 02
Destroying a customer-managed KMS key to render millions of encrypted S3 objects unreadable.
● Frequently asked questions
What is Cryptographic Erasure?
Rendering encrypted data unrecoverable by securely destroying the encryption keys instead of overwriting the storage media itself. It belongs to the Cryptography category of cybersecurity.
What does Cryptographic Erasure mean?
Rendering encrypted data unrecoverable by securely destroying the encryption keys instead of overwriting the storage media itself.
How does Cryptographic Erasure work?
Cryptographic erasure, sometimes called crypto-shredding, sanitizes data by destroying the keys used to encrypt it, so the ciphertext remains physically present but is unreadable. NIST SP 800-88 lists it as an accepted media-sanitization method when the data was always stored encrypted with strong algorithms (AES-256 or equivalent) and well-managed keys. It is widely used in self-encrypting drives, mobile devices (iOS effaceable key), cloud KMS-backed storage, and tape backups, where physical wiping is slow, impossible, or impossible to verify. To be effective, every copy of every wrapping key must be destroyed, including HSM-resident master keys, backups, and escrow material. Auditable key-destruction logs are required for compliance.
How do you defend against Cryptographic Erasure?
Defences for Cryptographic Erasure typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Cryptographic Erasure?
Common alternative names include: Crypto-shredding, Key destruction sanitization.
● Related terms
- cryptography№ 020
AES (Advanced Encryption Standard)
A NIST-standardized 128-bit block cipher with 128-, 192- or 256-bit keys, designed by Daemen and Rijmen and used as the dominant symmetric cipher worldwide.
- cryptography№ 589
Key Rotation
The periodic replacement of cryptographic keys with new ones to limit the volume of data protected by any single key and contain the impact of compromise.
- cryptography№ 244
Cryptographic Agility
The property of a system that lets it replace cryptographic algorithms, parameters, or keys quickly and safely when threats or standards change.
- cryptography№ 461
Hardware Security Module (HSM)
Tamper-resistant hardware appliance that generates, stores, and uses cryptographic keys without ever exposing the raw key material to the operating system.