this post was submitted on 09 Jan 2026
4 points (100.0% liked)

Privacy

4613 readers
854 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 1 year ago
MODERATORS
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
4
A little help with GnuPG (lemmy.world)
submitted 2 weeks ago by MITM0@lemmy.world to c/privacy@lemmy.dbzer0.com
2 comments fedilink hide all child comments
 

I want to some guidance.

So let's say you created a PGP key & then proceeded to create 2 subkeys. Is it possible to just export the particular subkeys only. (let's say one for encryption & the other for signing) for OTHERS to import into their keyring for authentication & encryption ?

you are viewing a single comment's thread
view the rest of the comments
[–] ken@discuss.tchncs.de 2 points 1 day ago* (last edited 1 day ago) (1 children)

So let’s say you created a PGP key & then proceeded to create 2 subkeys. Is it possible to just export the particular subkeys only. (let’s say one for encryption & the other for signing) for OTHERS to import into their keyring for authentication & encryption ?

For the private key, yes. First identify the subkey ID:

gpg --keyid=format=long -K
sec   ed25519/5810B9EFF21686DE 2026-01-23 [SC] [expires: 2029-01-22]
      C9E33D15E55A3834EE17A9755810B9EFF21686DE
uid                 [ultimate] alice <alice@localhost>
ssb   cv25519/F1806CEA56544D8D 2026-01-23 [E] [expires: 2029-01-22]

Then export it (note the !):

gpg --export-secret-subkeys -a 'F1806CEA56544D8D!'

If you want the pubkey subkey only: What's your use-case for sharing a certified key without the certificate chain? There are reasons why exporting just the public subkey isn't really a supported feature (outside of some ugly keyring surgery). If you want unsigned "naked" keys wouldn't it make sense to not use subkeys at all to begin with? Or more practically, generate separate root keys with matching user/expiry but each with different set of subkeys present (like the example above with only E) ?

[–] MITM0@lemmy.world 1 points 14 hours ago

Let's say I had a primary key that has a validity of 1 year & I didn't want to share that & instead sign messages with my sub-keys for let's say 4 months & use different sets of Subkeys with a validity of 4 months.