-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel Kahn Gillmor wrote: | On 06/28/2009 04:44 PM, Jean-David Beyer wrote: |> If I add a subkey to my key (e.g., because the previous one expired), do I |> have to generate a new revocation certificate, or is the old one still |> good? | | I'm assuming you're asking about the revocation certificate for your | your entire GnuPG-generated OpenPGP key. | | That revocation certificate is designed to revoke the primary key. | Without a valid primary key, all associated subkeys are considered | invalid. So you should not need to re-generate your revocation | certificate based on a new subkey. | | This is because the action triggered by the publication of the | revocation certificate is the invalidation of the primary key. Make sense? | | Hope this helps, | Fine; it is a nuisance to generate it each time, but I would have hated to find I could not use it. Yes, that is what I meant. If the primary key is compromised, I would wish to revoke it and everything on it.
Too bad I would lose all the signatures on it, but since it would be no good, there would be no sense in transferring the signatures to my new key, even if that were possible (and I hope it is not). - -- ~ .~. Jean-David Beyer Registered Linux User 85642. ~ /V\ PGP-Key: 9A2FC99A Registered Machine 241939. ~ /( )\ Shrewsbury, New Jersey http://counter.li.org ~ ^^-^^ 17:10:01 up 10 days, 3:59, 3 users, load average: 4.84, 4.48, 4.31 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFKR92pPtu2XpovyZoRAt3dAKCVERCpnUAcC6gzC22OpP97NgS7DACfel5X 0AoDxHPi87BlpF3P1VHGv9Q= =UzS0 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
