Revocation certificate for sub key?

NdK ndk.clanbo at
Sat Dec 14 10:24:02 CET 2013

Il 13/12/2013 23:56, adrelanos ha scritto:

> Is it possible to create a revocation certificate just for sub keys and
> not the master key?
I can't see how it can be useful...

> This would be useful for offline master keys. Trusted persons could be
> given the revocation certificate for sub keys and send it to key servers
> when they suspect compromise. But should the sub key revocation
> certificate get into the wrong hands due to compromise, the damage would
> be limited.
Since you still have your secure offline main key, you can revoke
subkeys yourself... Or am I missing something?


More information about the Gnupg-users mailing list