An option to generate revocation cert for subkey(s)?
mgorny at gentoo.org
Sat Feb 16 19:25:38 CET 2019
I'd like to ask whether it'd be feasible to have an option to generate
revocation certificate that revokes one (or more?) subkeys rather than
the whole key.
Our use case involves signing key kept on a server for the purpose of
automated signatures. We'd like to keep the secret portion
of the primary key offline and use a dedicated signing subkey
on the server. At the same time, we'd like to be able to quickly revoke
the subkey if need arises without having to reach for the primary key.
I know that currently with a bit of hacking we can store an export
of the key with subkey revoked, and use that for the purpose. However,
I think it would be much more convenient if had an option to generate
the revocation signature separately.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 963 bytes
Desc: This is a digitally signed message part
More information about the Gnupg-users