Automatically generating subkey revocation certificates

Werner Koch wk at
Fri Dec 27 20:52:43 CET 2019

On Thu, 26 Dec 2019 23:04, Dirk-Willem van Gulik said:

> But this does not seem to happen when doing a --quick-add-key
> subkey. Is this intentional ? Or is there a flag one can set ?

Right.  If you want to revoke a subkey we can assume that you still have
access to the primary key and thus it is possible to create a specific
revocation.  If you don't have access to the primary key anymore, a
subkey revocation does not make sense because you can't create a new one
- in that case revoke the entire keyblock using the prefabricated



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list