An option to generate revocation cert for subkey(s)?
jerry at seibercom.net
Sun Feb 17 13:34:29 CET 2019
On Sat, 16 Feb 2019 19:25:38 +0100, Michał Górny stated:
>I'd like to ask whether it'd be feasible to have an option to generate
>revocation certificate that revokes one (or more?) subkeys rather than
>the whole key.
>Our use case involves signing key kept on a server for the purpose of
>automated signatures. We'd like to keep the secret portion
>of the primary key offline and use a dedicated signing subkey
>on the server. At the same time, we'd like to be able to quickly
>revoke the subkey if need arises without having to reach for the
>I know that currently with a bit of hacking we can store an export
>of the key with subkey revoked, and use that for the purpose. However,
>I think it would be much more convenient if had an option to generate
>the revocation signature separately.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users