Mailing List Archive

On Thu, 26 Dec 2019 23:04, Dirk-Willem van Gulik said:

> But this does not seem to happen when doing a --quick-add-key
> subkey. Is this intentional ? Or is there a flag one can set ?

Right. If you want to revoke a subkey we can assume that you still have
access to the primary key and thus it is possible to create a specific
revocation. If you don't have access to the primary key anymore, a
subkey revocation does not make sense because you can't create a new one
- in that case revoke the entire keyblock using the prefabricated
revocation.



Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

> On 27 Dec 2019, at 20:52, Werner Koch <wk@gnupg.org> wrote:
>
> On Thu, 26 Dec 2019 23:04, Dirk-Willem van Gulik said:
>
>> But this does not seem to happen when doing a --quick-add-key
>> subkey. Is this intentional ? Or is there a flag one can set ?
>
> Right. If you want to revoke a subkey we can assume that you still have
> access to the primary key and thus it is possible to create a specific
> revocation. If you don't have access to the primary key anymore, a
> subkey revocation does not make sense because you can't create a new one
> - in that case revoke the entire keyblock using the prefabricated
> revocation.

Thanks - had not though of it in that fashion (in our use case - the governance is a bit less personal - and we want to be able to revoke a sub-key without much (additional) interaction -- so pre-generating them & leaving them domestic makes sense).


Dw
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users