Hi,

Is it possible to create a revocation certificate just for sub keys and
not the master key?

This would be useful for offline master keys. Trusted persons could be
given the revocation certificate for sub keys and send it to key servers
when they suspect compromise. But should the sub key revocation
certificate get into the wrong hands due to compromise, the damage would
be limited.

Cheers,
adrelanos

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to