Hello,

I'd like to ask whether it'd be feasible to have an option to generate
revocation certificate that revokes one (or more?) subkeys rather than
the whole key.

Our use case involves signing key kept on a server for the purpose of
automated signatures.  We'd like to keep the secret portion
of the primary key offline and use a dedicated signing subkey
on the server.  At the same time, we'd like to be able to quickly revoke
the subkey if need arises without having to reach for the primary key.

I know that currently with a bit of hacking we can store an export
of the key with subkey revoked, and use that for the purpose.  However,
I think it would be much more convenient if had an option to generate
the revocation signature separately.

-- 
Best regards,
Michał Górny

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to