Generate revocation certificates for subkey(s)
Open, NormalPublic

Description

As suggested on gnupg-users (https://lists.gnupg.org/pipermail/gnupg-users/2019-February/061620.html), I'd like to request having an option to generate revocation certificate for subkeys (rather than the primary key).

Rationale:

Our use case involves signing key kept on a server for the purpose of
automated signatures. We'd like to keep the secret portion
of the primary key offline and use a dedicated signing subkey
on the server. At the same time, we'd like to be able to quickly revoke
the subkey if need arises without having to reach for the primary key.

mgorny created this task.Feb 20 2019, 4:37 PM
georg added a subscriber: georg.Feb 20 2019, 5:56 PM
werner triaged this task as Normal priority.