On Sat, 16 Feb 2019 19:25:38 +0100, Michał Górny stated: >Hello, > >I'd like to ask whether it'd be feasible to have an option to generate >revocation certificate that revokes one (or more?) subkeys rather than >the whole key. > >Our use case involves signing key kept on a server for the purpose of >automated signatures. We'd like to keep the secret portion >of the primary key offline and use a dedicated signing subkey >on the server. At the same time, we'd like to be able to quickly >revoke the subkey if need arises without having to reach for the >primary key. > >I know that currently with a bit of hacking we can store an export >of the key with subkey revoked, and use that for the purpose. However, >I think it would be much more convenient if had an option to generate >the revocation signature separately.
+1 -- Jerry
pgpquFWg3Xzx8.pgp
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
