# GPG Subkeys

List keys to get your key:

```shell
gpg --list-keys
```

Edit key:

```shell
gpg --edit-key <KEY ID>
```

At prompt, add a new subkey, select signing or encrypting, keysize, and expiry:

```shell
gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection? 4
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Wed 04 Sep 2019 10:51:34 PM PDT
Is this correct? (y/N) y
Really create? (y/N) y
```

Repeat for encrypting key if you need one.

### Exporting the Subkey(s)

Get your new subkey's ID you want to export.

```shell
gpg --list-keys --with-subkey-fingerprint <KEY ID>
```

Export the subkey, keeping the `!`, can list multiple keys:

```shell
gpg -a --export-secret-subkeys <subkey id>! [ <subkey id2>!] > temp_directory/subkey.gpg
```

To change the passphrase, import the key into a temporary folder.

```shell
mkdir temp_directory/gpg
gpg --homedir temp_directory/gpg --import temp_directory/subkey.gpg
```

Edit the key, and change the passphrase.

```shell
gpg --homedir temp_directory/gpg --edit-key <user-id>
```

```shell
> passwd
> save
```

Note: You will get a warning "error changing passphrase", but it can be ignored.

Now export again as the new, altered subkey.

```shell
gpg --homedir temp_directory/gpg -a --export-secret-subkeys [subkey id]! > temp_directory/subkey.altpass.gpg
```

### Importing The Subkey(s)

Now, on a new system, the subkeys can be imported:

```shell
gpg --import subkey.altpass.gpg
```

Checking `gpg --list-secret-keys` will show a `#` after sec, meaning the master key isn't present:

On new, subkey only system:

```shell
/home/john/.gnupg/pubring.kbx
-----------------------------

sec#  rsa4096 2017-05-17 [SC]
      <KEY ID>
uid           [ unknown] John Ramsden (<comment>) <email>
uid           [ unknown] John Ramsden (<comment>) <email>
ssb   rsa4096 2017-09-05 [S] [expires: 2019-09-05]
ssb   rsa4096 2017-09-05 [E] [expires: 2019-09-05]
```

References:

* [Arch Wiki - GnuPG](https://wiki.archlinux.org/index.php/GnuPG#Edit_your_key)
* [Debian - Subkeys](https://wiki.debian.org/Subkeys)
* [void.gr](https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ramsdenj.com/introduction-2/introduction/gpg_subkeys.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.