An option to generate revocation cert for subkey(s)?

Jerry jerry at seibercom.net
Sun Feb 17 13:34:29 CET 2019


On Sat, 16 Feb 2019 19:25:38 +0100, Michał Górny stated:

>Hello,
>
>I'd like to ask whether it'd be feasible to have an option to generate
>revocation certificate that revokes one (or more?) subkeys rather than
>the whole key.
>
>Our use case involves signing key kept on a server for the purpose of
>automated signatures.  We'd like to keep the secret portion
>of the primary key offline and use a dedicated signing subkey
>on the server.  At the same time, we'd like to be able to quickly
>revoke the subkey if need arises without having to reach for the
>primary key.
>
>I know that currently with a bit of hacking we can store an export
>of the key with subkey revoked, and use that for the purpose.  However,
>I think it would be much more convenient if had an option to generate
>the revocation signature separately.

+1

-- 
Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190217/d62f9346/attachment-0001.sig>


More information about the Gnupg-users mailing list