Revocation certificate for sub key?

Hauke Laging mailinglisten at hauke-laging.de
Sun Dec 15 02:54:43 CET 2013


Am Sa 14.12.2013, 17:01:23 schrieb adrelanos:
> > Am Fr 13.12.2013, 22:56:07 schrieb adrelanos:
> >> Hi,
> >> 
> >> Is it possible to create a revocation certificate just for sub keys and
> >> not the master key?
> > 
> > --edit-key 0x12345678
> > key 1
> > revkey
> 
> That's doesn't create a revocation certificate, that revokes the key.

It does create a revocation certificate. But it imports it automatically. 
There is a simple solution, maybe (matter of taste) easier than dkg's 
proposal:

Make a backup of the key (i.e. export both secret and public key), do the 
above, export the certificate (public key), delete both secret and public key 
and import your backup. The exported certificate contains the revocation 
certificate.

You may reduce the file by deleting all but one UIDs and all other subkeys 
after the backup and before the revkey.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131215/82bacced/attachment.sig>


More information about the Gnupg-users mailing list