Destroying Smartcards & Hardware Tokens

TL;DR

Smartcards and hardware tokens *can* be destroyed, but it’s not as simple as smashing them. Proper destruction prevents certificate compromise. This guide covers physical and logical methods for different token types.

1. Understanding the Risks

Simply breaking a smartcard or token doesn’t guarantee data security. The chip still contains your private key, which could be recovered with specialist equipment. We need to focus on both physical damage *and* data wiping where possible.

2. Physical Destruction Methods (Most Secure)

1. Shredding: Industrial-grade shredders designed for media destruction are best. Standard paper shredders won’t cut it! Look for P4 or P5 rated shredders.
   • Ensure the entire token is shredded, including any plastic casing.
2. Crushing: A heavy-duty crusher can physically obliterate the token. Again, ensure complete destruction of the chip and housing.
3. Melting/Incineration: High temperatures will destroy the chip but requires specialist facilities due to environmental concerns and safety risks. This is usually handled by a professional data destruction company.
4. De-capping & Chip Removal (Advanced): Requires specialised tools and knowledge of electronics. Not recommended unless you have experience.

3. Logical Destruction Methods (For Tokens with Wipe Capabilities)

Some tokens allow for remote wiping or PIN reset that effectively disables the certificate. Check your token’s documentation.

1. Token Management Software: Most vendors provide software to manage their tokens. Use this software to revoke certificates and, if available, perform a factory reset.
   • Example (YubiKey Manager):

   yubikey-manager certificate --reset

2. PIN Reset: Changing the PIN to an unknown value and then attempting multiple incorrect PIN entries can lock the token, rendering it unusable. *However*, this isn’t foolproof.
3. Remote Revocation (PKI System): The most effective logical destruction is revoking the certificate within your Public Key Infrastructure (PKI) system. This prevents the certificate from being used even if the token itself isn’t physically destroyed.
   • This usually involves using a Certificate Authority (CA) administration interface.

4. Token-Specific Considerations

Different tokens have different vulnerabilities and destruction requirements.

• YubiKey: YubiKeys can be reset using YubiKey Manager, but physical destruction is still recommended for high security.
• Smartcards (e.g., PIV/CAC): Shredding is the most reliable method. Logical wiping may not always be possible.
• FIDO2 Tokens: Revoking the associated credentials in your identity provider is crucial, alongside physical destruction.

5. Documentation & Compliance

1. Record Keeping: Document the destruction process – date, method used, serial number of the token destroyed, and who performed the action.
2. Compliance Requirements: If you’re subject to regulations (e.g., GDPR, PCI DSS), ensure your destruction methods meet those requirements.

6. Professional Data Destruction Services

For sensitive data and large volumes of tokens, consider using a professional data destruction company. They have the equipment and expertise to ensure secure and compliant disposal.