Cryptographic Erase Service | SED & SSD Purge
Cryptographic erase wipes a self-encrypting drive by destroying its encryption key, so the data left on the drive can never be decrypted, without physically destroying the drive itself. It is a NIST SP 800-88 r2 Purge method for drives you plan to reuse, redeploy, or return on lease, and every job is documented with a serialized Certificate of Destruction.
TOP 10 WAYS TO PROTECT YOUR PRIVACY NOW!
DOWNLOAD YOUR FREE GUIDE
Cryptographic Erase Related services
Cryptographic Erase for SSDs
Key-destruction sanitization tuned to NAND flash and self-encrypting SSDs, where a verified erase command invalidates the encryption key and makes the data unrecoverable. A NIST 800-88 r2 Purge method that keeps solid-state drives in service, documented per drive.
Hard Drive Shredding
Industrial shredding that reduces hard drives to a 6 mm particle size, the most thorough NIST 800-88 r2 Destroy method for retired media. Available on-site or at a secured facility, with a serialized Certificate of Destruction for every lot.
Hard Drive Degaussing
High-energy magnetic erasure that scrambles the magnetic domains on HDDs and tape, meeting the NIST 800-88 r2 Purge standard. It permanently disables magnetic drives and has no effect on SSDs.
SSD Destruction
Physical destruction engineered for flash media, shredding SSDs, NVMe, and memory cards to a 2 mm particle size so no NAND chip survives intact. Satisfies the NIST 800-88 r2 Destroy standard with serialized documentation.
How Cryptographic Erase Works
Bottom line: destroy the key and the ciphertext becomes useless, which is how you sanitize a drive in minutes while keeping it fit for reuse.
Self-encrypting drives encrypt every block as it is written, using a media encryption key stored on the drive. Cryptographic erase destroys that key, so the remaining ciphertext can never be decrypted. The process runs in five steps:
Eligibility check. We confirm each drive is a genuine self-encrypting drive (SED) with a verifiable key-destruction command. Drives without hardware encryption are routed to a physical method instead.
Reconciliation. Each drive is logged by serial number.
Key destruction. The drive’s media encryption key is sanitized using the manufacturer’s verified command, satisfying the NIST SP 800-88 r2 Purge category. Rev. 2 aligns purge expectations with IEEE 2883-2022 for modern storage.
Verification. The sanitization result is confirmed and recorded.
Certificate. A serialized Certificate of Destruction documents the Purge for each drive.
For when Purge is acceptable versus when physical Destroy is required, see sanitization vs destruction.
Compliance and Standards
Cryptographic erase is a recognized Purge method, appropriate when a drive will be reused and the encryption implementation is verified.
Standard / regulation | Requirement | How cryptographic erase satisfies it |
|---|---|---|
Data infeasible to recover | Purge via verified key destruction | |
PHI rendered unreadable | Ciphertext made unrecoverable | |
Secure disposal of financial data | Documented Purge with CoD | |
Cardholder data unrecoverable | Key destruction plus audit record |
HHS guidance on PHI disposal requires that electronic PHI be rendered unreadable and unrecoverable, a bar a verified key-destruction Purge meets for an encrypted drive. When a drive cannot be verified as self-encrypting, or when policy requires physical destruction regardless of reuse, choose a Destroy method such as hard drive shredding.
Method, Alternatives, and Service Modes
Data centers returning leased self-encrypting drives.
Financial services redeploying SEDs under GLBA and PCI.
Healthcare reusing encrypted storage under HIPAA.
Defense contractors where policy permits Purge for reusable CUI media.
Verifying a Drive Is Genuinely Self-Encrypting
A serialized Certificate of Destruction documenting the Purge for each drive by serial number, method, NIST 800-88 r2 category, and date.
A chain-of-custody record.
A verification record confirming successful key destruction.
See what a Certificate of Destruction includes.
Pricing and Quote Process
Cryptographic erase is quoted per drive and is often less expensive than physical destruction because drives are preserved for reuse, offsetting cost through asset recovery. Pricing depends on drive quantity, SED verification, delivery mode, and witnessing. We sign an NDA before any drives are processed, and because the drives survive for redeployment or lease return, the recovered asset value often offsets the service cost. Request a free quote with your drive models and count.
Frequently Asked Questions
Is cryptographic erase as secure as shredding?
For a verified self-encrypting drive, NIST 800-88 r2 treats key-destruction Purge as sufficient to make data infeasible to recover. If the drive cannot be verified as encrypted, or policy requires physical destruction, choose hard drive shredding.
Which drives are eligible?
Only genuine self-encrypting drives (SEDs) with a verifiable key-destruction command. We confirm eligibility per drive before processing.
Can the drive be reused afterward?
Yes. That is the main advantage: the drive stays physically intact and can be redeployed, resold, or returned on lease.
Does it work on SSDs?
Yes, for self-encrypting SSDs. See the SSD-specific path at cryptographic erase for SSDs. Non-encrypting SSDs should be physically destroyed via SSD destruction.
Can the Purge be witnessed?
Yes. Cryptographic erase can be witnessed and documented for audited programs.
How is cryptographic erase different from a software overwrite?
An overwrite writes new data across the drive’s addressable blocks and must be verified block by block, which is unreliable on flash. Cryptographic erase instead destroys the single key that decrypts the drive, rendering all ciphertext unreadable at once. On a verified self-encrypting drive it is faster and more complete than an overwrite, which is why NIST treats verified key destruction as Purge.
Get a Quote
Send us your drive models and count and we will confirm SED eligibility and quote a verified key-destruction Purge that keeps your hardware in service. Get your cryptographic erase quote or call (866) 850-7977.
LET US CONTACT YOU
DATA DESTRUCTION LOCATIONS
SHREDDING SERVICES DALLAS
1717 Mckinney Ave. Suite 700
Dallas, TX 75202-1236
(469) 949-2840
SHREDDING SERVICES NEW YORK CITY
100 Church Street. 8Th Floor
New York City, NY 10007-2630
(516)-990-4096
SHREDDING SERVICES SAN JOSE
2033 Gateway Place. 5Th Floor
San Jose, CA 95110
(408) 459-4418
SHREDDING SERVICES SAN DIEGO
350 10Th Avenue. Suite 1000
San Diego, CA 92101-7496
(619) 916-4696
SHREDDING SERVICES LOS ANGELES
633 West Fifth Street. 26Th And 28Th Floors
Los Angeles, CA 90071
(213) 205-3688
SHREDDING SERVICES IRVINE
7545 Irvine Center Drive. Irvine Business Center, Suite 200
Irvine, CA 92618
(949) 793-7178
SHREDDING SERVICES WASHINGTON
601 Pennsylvania Ave. Nw, South Building, Suite 900
Washington, DC 20004
(240) 266-3056
