2

My PGP-key follows the long-lived-mainkey-short-time-subkeys pattern. Thus I already have 12 expired subkeys attached to my mainkey. When handing out my key today, there seems to be not much reason to include the expired encryption subkeys - nobody's going to need them anymore.

Is there a way to only export a few of the public subkeys along with the (public) mainkey?

I tried to explicitly export the two current subkeys, which should provoke the mainkey to be exported alongside:

gpg -a --export <subkey13-id> <subkey14-id> >output.file

But this command exported the complete key: mainkey with all subkeys.

Improve this question
1
  • To identify a specific subkey use the keyid followed by an exclamation mark ! (see 3rd para here Commented Feb 2 at 1:39

2 Answers 2

Reset to default
0

Not the most elegant solution, but it should be possible to achieve this by deleting the unwanted subkeys using the --edit-key menu before exporting the public key.

To be able to do this while keeping all subkeys on the keychain:

  1. export the private key and subkeys using --export-secret-keys
  2. delete the unwanted keys using --edit-key
  3. export the public key with subkeys using --export
  4. import the saved private key with the subkeys back into the keychain

Be sure to name the exported keys appropriately so that the secret key isn't shared or deleted by mistake.

Improve this answer
0

To export only specific (public) sub-keys, append an exclamation mark after the subkey ID, like so:

gpg --armor --export SUBKEY1! SUBKEY2!

Note that the primary public key will always be exported. Without the exclamation mark, all "sibling" subkeys will be exported.

I have no idea why GPG operates this way, would love to hear an explanation.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.