Hello, I'd like to ask whether it'd be feasible to have an option to generate revocation certificate that revokes one (or more?) subkeys rather than the whole key.
Our use case involves signing key kept on a server for the purpose of automated signatures. We'd like to keep the secret portion of the primary key offline and use a dedicated signing subkey on the server. At the same time, we'd like to be able to quickly revoke the subkey if need arises without having to reach for the primary key. I know that currently with a bit of hacking we can store an export of the key with subkey revoked, and use that for the purpose. However, I think it would be much more convenient if had an option to generate the revocation signature separately. -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users