4

I just created my first OpenPGP key with GnuPG + Thunderbird + Enigmail. The key is used for two email addresses. Now I created a revocation certificate. There is only on of the email addresses included in the filename of the revocation certificate.

Do I need a separate revocation certificate for each email address?

or

Can I use the created revocation certificate to revoke the key for all email address associated with the key?

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
user573215
  • 443
  • 1
  • 4
  • 5

1 Answers1

3

A dedicated revocation certificate generated with --gen-revoke is created for the primary key and does not include any information on a given user ID, but when distributed will also indirectly revoke all user IDs and subkeys (as they're only valid together with the primary key).

Jens Erat
  • 23,446
  • 12
  • 72
  • 96