Renewal of revocation certificate required after adding a new identity?

Peter Lebbing peter at
Mon Oct 13 18:33:10 CEST 2014

On 13/10/14 18:17, Dr. Peter Voigt wrote:
> I suppose the revocation certificate being a kind of replacement of my
> public key. As it is bound to the fingerprint of a key pair it can mark
> the key pair revoked as a whole. I suppose such a key can never be
> activated again. This is somewhat opposed to a key pair with all of its
> identities being revoked. Some or all identities could later be
> activated again and - moreover - this key pair could later even get
> new identities not being revoked.
> I would greatly appreciate anybody to confirm or correct my rough
> understanding of the revocation certificate and process.

I think that's a good way of summing it up.



PS: You could nitpick about "bound to the fingerprint", I think it
should be "bound to the public key itself". But it makes no real
difference, I'm just being fussy.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list