Export Primary Public Key With All Subkeys
In time where you want to share your identity, you will need to export the primary public key alongside with all its subkeys. This section guides you on how to export the said keys.
Verify Your Primary "Certify" Key Is Available
For advanced users who deleted their "certify" capability secret key, you need to restore it back for key creations. You can verify it by using the following command:
$ gpg --list-secret-keys
Example:
$ gpg --list-secret-keys
...
---------------------------
sec rsa4096 2020-01-10 [C]
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
uid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>
You want to observe the key with [C
] capability and the sec
label does not have a hash ("sec#
"). If it does, you need to restore the key by loading the backup copy and use the following command to restore it:
$ gpg --import /path/to/you/key.asc
Export Primary Secret Key With All Sub-Keys
Once done, it's time to do the key export.
Obtain Your Primary Key ID
We start off by obtaining your primary key ID. This is by using the following command and find your key:
$ gpg --list-secret-keys
Example:
$ gpg --list-secret-keys
...
---------------------------
sec rsa4096 2020-01-10 [C]
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
uid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>
ssb rsa4096 2020-01-10 [S] [expires: 2022-01-09]
ssb rsa4096 2020-01-10 [E] [expires: 2022-01-09]
ssb rsa4096 2020-01-10 [A] [expires: 2022-01-09]
ssb ed25519 2020-01-10 [S] [expires: 2022-01-09]
ssb ed25519 2020-01-10 [A] [expires: 2022-01-09]
ssb cv25519 2020-01-10 [E] [expires: 2022-01-09]
You want the long string under the [C
] key. In the example above, it is: AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
.
Export Key
Now use --export <ID>
argument to create the public key file. Ensure you redirect the output into a file.
GPG Binary Format
The common file extension would be .gpg
. Here's the command:
$ gpg --export <ID> > /path/to/public-key.gpg
You should get a binary file named secret-key.asc
in /path/to
.
TEXT Based Format
The common file extension would be .asc
. If you want to export in a text-only format, append --armor
argument in it. Here's the command:
$ gpg --armor --export <ID> > /path/to/secret-key.asc
You should get a text readable format like:
-----BEGIN PGP PRIVATE KEY BLOCK-----
... key data ...
-----END PGP PRIVATE KEY BLOCK-----
Text-only format is suitable for text-only storage, something like database.
Consume The Key File
Public key safe for consumption and local storage. In fact, you should distribute your public key to the public especially your trustees to sign and return it back to you. Keep in mind that anything you do with the primary key (e.g. update, delete, etc.) will alter the public data so you will need to update it consistently.
That's all about exporting primary public key with all sub-keys in GnuPG.