diff --git a/attest/pcp_windows.go b/attest/pcp_windows.go
index 280f839..7c83487 100644
--- a/attest/pcp_windows.go
+++ b/attest/pcp_windows.go
@@ -52,6 +52,7 @@ var (
 	nCryptOpenKey             = nCrypt.MustFindProc("NCryptOpenKey")
 	nCryptCreatePersistedKey  = nCrypt.MustFindProc("NCryptCreatePersistedKey")
 	nCryptFinalizeKey         = nCrypt.MustFindProc("NCryptFinalizeKey")
+	nCryptDeleteKey           = nCrypt.MustFindProc("NCryptDeleteKey")
 
 	crypt32                            = windows.MustLoadDLL("crypt32.dll")
 	crypt32CertEnumCertificatesInStore = crypt32.MustFindProc("CertEnumCertificatesInStore")
@@ -241,6 +242,16 @@ func (h *winPCP) Close() error {
 	return closeNCryptObject(h.hProv)
 }
 
+// DeleteKey permenantly removes the key with the given handle
+//  from the system, and frees its handle.
+func (h *winPCP) DeleteKey(kh uintptr) error {
+	r, _, msg := nCryptDeleteKey.Call(kh, 0)
+	if r != 0 {
+		return fmt.Errorf("nCryptDeleteKey returned %X: %v", r, msg)
+	}
+	return nil
+}
+
 // EKCerts returns the Endorsement Certificates.
 // Failure to fetch an ECC certificate is not considered
 // an error as they do not exist on all platforms.
diff --git a/attest/tpm_linux.go b/attest/tpm_linux.go
index 2a896eb..74f38ab 100644
--- a/attest/tpm_linux.go
+++ b/attest/tpm_linux.go
@@ -294,6 +294,11 @@ func (k *Key) Close(tpm *TPM) error {
 	}
 }
 
+// Delete is not yet supported on linux systems.
+func (k *Key) Delete(tpm *TPM) error {
+	return errors.New("key deletion is not yet supported on linux systems")
+}
+
 // ActivateCredential decrypts the specified credential using key.
 // This operation is synonymous with TPM2_ActivateCredential.
 func (k *Key) ActivateCredential(t *TPM, in EncryptedCredential) ([]byte, error) {
diff --git a/attest/tpm_windows.go b/attest/tpm_windows.go
index 6427d48..370ab14 100644
--- a/attest/tpm_windows.go
+++ b/attest/tpm_windows.go
@@ -248,6 +248,12 @@ func (k *Key) Close(tpm *TPM) error {
 	return closeNCryptObject(k.hnd)
 }
 
+// Delete permenantly removes the key from the system. This method
+// invalidates Key and any further method invocations are invalid.
+func (k *Key) Delete(tpm *TPM) error {
+	return tpm.pcp.DeleteKey(k.hnd)
+}
+
 // MintAIK creates a persistent attestation key. The returned key must be
 // closed with a call to key.Close() when the caller has finished using it.
 func (t *TPM) MintAIK(opts *MintOptions) (*Key, error) {