New Revocation Certificate...
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Jun 28 22:55:11 CEST 2009
On 06/28/2009 04:44 PM, Jean-David Beyer wrote:
> If I add a subkey to my key (e.g., because the previous one expired), do I
> have to generate a new revocation certificate, or is the old one still
> good?
I'm assuming you're asking about the revocation certificate for your
your entire GnuPG-generated OpenPGP key.
That revocation certificate is designed to revoke the primary key.
Without a valid primary key, all associated subkeys are considered
invalid. So you should not need to re-generate your revocation
certificate based on a new subkey.
This is because the action triggered by the publication of the
revocation certificate is the invalidation of the primary key. Make sense?
Hope this helps,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090628/889ae98b/attachment.pgp>
More information about the Gnupg-users
mailing list