Renewal of revocation certificate required after adding a new identity?
Hauke Laging
mailinglisten at hauke-laging.de
Mon Oct 13 00:35:20 CEST 2014
Am So 12.10.2014, 23:35:16 schrieb Dr. Peter Voigt:
> Can I still use my existing revocation certificate with my key pair
Yes.
> I am supposing the revocation certificate just refers to my main
> key ID regardless of the identities belonging to the key pair.
To the fingerprint (or: the key data itself).
http://tools.ietf.org/html/rfc4880#section-5.2.1
0x1F: Signature directly on a key
This signature is calculated directly on a key. It binds the
information in the Signature subpackets to the key, and is
appropriate to be used for subpackets that provide information
about the key, such as the Revocation Key subpacket. [...]
BTW: You can test this. You don't kill the key / certificate as long as
you do not upload the revocation certificate to the keyservers. Just
make a backup of the public and the private keys (maybe not even
necessary but may be easier).
As long as you import the rev cert just locally you can delete it. Or
delete (and restore from backup) the whole key if the rev sig cannot be
deleted alone.
Something else, doesn't have anything to do with your question but may
be of interest as you work at a university:
http://www.openpgp-schulungen.de/fuer/hochschulen/
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141013/c56d29f4/attachment.sig>
More information about the Gnupg-users
mailing list