Embedded Files
In time where you want to share your identity while you only want some specific keys, you will need to export the primary secret key alongside with the specific its subkeys. This section guides you on how to export the said keys.
Verify Your Primary "Certify" Key Is Available
Verify Your Primary "Certify" Key Is Available
For advanced users who deleted their "certify" capability secret key, you need to restore it back for key creations. You can verify it by using the following command:
$ gpg --list-secret-keysExample:
$ gpg --list-secret-keys...---------------------------sec rsa4096 2020-01-10 [C] AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EFuid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>You want to observe the key with [C] capability and the sec label does not have a hash ("sec#"). If it does, you need to restore the key by loading the backup copy and use the following command to restore it:
$ gpg --import /path/to/you/key.ascExport Primary Public Key With Specific Sub-Keys
Export Primary Public Key With Specific Sub-Keys
Once done, it's time to do the key export.
Identify Your Primary Key ID and the targeted Sub-Key
Identify Your Primary Key ID and the targeted Sub-Key
We start off by obtaining your primary key ID and the targeted sub-key. This is by using the following command and find your key:
gpg --list-secret-keys --keyid-format LONGExample:
$ gpg --list-secret-keys --keyid-format LONG...---------------------------sec rsa4096/F5EF57A0FB4EF0EF 2020-01-10 [C] AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EFuid [ultimate] "Shotgun" John, Smith <john.smith@company.com>uid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>ssb rsa4096/66F2E45747AB2C90 2020-01-10 [S] [expires: 2022-01-09]ssb rsa4096/9D485C5208D0859F 2020-01-10 [E] [expires: 2022-01-09]ssb rsa4096/90939A7DBBFC226D 2020-01-10 [A] [expires: 2022-01-09]ssb ed25519/16972F736B59F874 2020-01-10 [S] [expires: 2022-01-09]ssb ed25519/D22D6E1FD575E506 2020-01-10 [A] [expires: 2022-01-09]ssb cv25519/25252612A403B41C 2020-01-10 [E] [expires: 2022-01-09]In the example above,
- The primary key ID is:
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF. Make sure this is the primary key you wanted to export. - the sub-keys are:
66F2E45747AB2C90,9D485C5208D0859F,90939A7DBBFC226D,16972F736B59F874,D22D6E1FD575E506and25252612A403B41C.
Export Key
Export Key
Now use --export <subkey-ID>! argument to create the public key file. Ensure you redirect the output into a file.
GPG Binary Format
The common file extension would be .gpg. Here's the command:
$ gpg --export <Subkey-ID>! [<Subkey-ID>!] > /path/to/public-key-sub.gpgYou should get a binary file named public-key.asc in /path/to. Please note that the exclamation mark is important to be included. Hence, based on the example above, the command should like this:
$ gpg --export 90939A7DBBFC226D! 66F2E45747AB2C90! > /path/to/public-key-sub.gpgTEXT Based Format
The common file extension would be .asc. If you want to export in a text-only format, append --armor argument in it. Here's the command:
$ gpg --armor --export <Subkey-ID>! [<Subkey-ID>!] > /path/to/public-key.ascPlease note that the exclamation mark is important to be included. Hence, based on the example above, the command should like this:
$ gpg --armor --export 90939A7DBBFC226D! 66F2E45747AB2C90! > /path/to/public-key-sub.ascYou should get a text readable format like:
-----BEGIN PGP PRIVATE KEY BLOCK-----... key data ...-----END PGP PRIVATE KEY BLOCK-----Text-only format is suitable for text-only storage, something like database.
Consume The Key File
Consume The Key File
Public key safe for consumption and local storage. In fact, you should distribute your public key to the public especially your trustees to sign and return it back to you. Keep in mind that anything you do with the primary key (e.g. update, delete, etc.) will alter the public data so you will need to update it consistently.
That's all about exporting primary public key with specific sub-key in GnuPG.
Page updated
Google Sites
Report abuse