Is it possible to export a GPG subkey's public component?

RFC 4880, OpenPGP, 11.1. Transferable Public Keys defines subkey packets are always preceded by a public (primary) key, thus GnuPG does not allow to export it separately.

To do so anyway, export the key (it is recommended to use --export-options export-minimal to reduce the number of packets you have to deal with), and use gpgsplit on it, which will decompose the OpenPGP file into the individual packets. Those ending in public_subkey are the ones you're looking for. To find out which one is the right, have a look into them using pgpdump [file] (gpg --list-packets fails for single packets, as the input is no valid OpenPGP file). pgpdump should be available for most distributions in a package of the same name.


use ! to keep gpg from speculating/grabbing primary+secondary keys associated with your keyid [email protected]

When using gpg an exclamation mark (!) may be appended to force using the specified primary or secondary key and not to try and calculate which primary or secondary key to use. https://linux.die.net/man/1/gpg

so get the keyid, then export only the specified subkey (and later test via --import on your test .gnupg):

gpg --keyid-format long --with-fingerprint --list-key [email protected]
gpg --export --armor --output public-key.asc 633DBBC0! # for ssb1

Tags:

Gnupg