On 12/14/2013 12:01 PM, adrelanos wrote: > [hauke wrote:] >> Am Fr 13.12.2013, 22:56:07 schrieb adrelanos: >>> Hi, >>> >>> Is it possible to create a revocation certificate just for sub keys and >>> not the master key? >> >> --edit-key 0x12345678 >> key 1 >> revkey > > That's doesn't create a revocation certificate, that revokes the key.
If you are comfortable with either the GNUPGHOME environment variable or
gpg's --homedir option, you should be able to make what you're looking for:
Make a new temporary gnupg homedir. import your primary secret key and
your subkey into that homedir. from that homedir, take Hauke's advice
and then export the key to a text file someplace safe. this text file
will contain the revocation for the subkey. delete/purge/get rid of the
temporary homedir.
if/when you need to revoke your subkey, you can just gpg --import the
stored text file, and then --send-key to push it to the public keyservers.
does this make sense?
--dkg
PS your e-mail client appears to be breaking message threading (no
In-Reply-To: or References: headers), and fails to provide attribution
for your quoted text (i had to re-insert that hauke was the source of
the good advice above). This makes it more difficult for people to
carry on a conversation with you over e-mail. Please consider fixing
your client or choosing a different one that supports proper message
threading and attribution. thanks!
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
