Revocation certificate for sub key?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 14 19:28:25 CET 2013
On 12/14/2013 12:01 PM, adrelanos wrote:
> [hauke wrote:]
>> Am Fr 13.12.2013, 22:56:07 schrieb adrelanos:
>>> Hi,
>>>
>>> Is it possible to create a revocation certificate just for sub keys and
>>> not the master key?
>>
>> --edit-key 0x12345678
>> key 1
>> revkey
>
> That's doesn't create a revocation certificate, that revokes the key.
If you are comfortable with either the GNUPGHOME environment variable or
gpg's --homedir option, you should be able to make what you're looking for:
Make a new temporary gnupg homedir. import your primary secret key and
your subkey into that homedir. from that homedir, take Hauke's advice
and then export the key to a text file someplace safe. this text file
will contain the revocation for the subkey. delete/purge/get rid of the
temporary homedir.
if/when you need to revoke your subkey, you can just gpg --import the
stored text file, and then --send-key to push it to the public keyservers.
does this make sense?
--dkg
PS your e-mail client appears to be breaking message threading (no
In-Reply-To: or References: headers), and fails to provide attribution
for your quoted text (i had to re-insert that hauke was the source of
the good advice above). This makes it more difficult for people to
carry on a conversation with you over e-mail. Please consider fixing
your client or choosing a different one that supports proper message
threading and attribution. thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20131214/ac3470ba/attachment.sig>
More information about the Gnupg-users
mailing list