<html aria-label="message body"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">In the interest of learning and understanding, is there a use case where one might actually want to export a sub-key without exporting the primary key? My immediate thought would be if I want to generate sub-keys for each specific device, (e.g.) one for my laptop, one for my iPad, etc. In that case, wouldn’t I want to just export the relevant sub-key to import on a specific device? This is where the learning and understanding part comes in: If I were to do this, am I correct that I might I only be able to sign things on the devices with the sub-keys, but would not be able to decrypt anything or verify signatures? For example, I could write an Email on my iPad and sign it with the iPad’s sub-key, but if someone encrypted a reply using that sub-key, I would not be able to decrypt it, say, on my iPhone. I’m just trying to better understand what can and can’t be done with sub-keys in order to figure out how I should best be using them — and, if my understanding is flawed, whether there really might be a use case for exporting just a sub-key without the primary.<div><br></div><div>Steve</div><div><div><div><br><blockquote type="cite"><div>On Jun 1, 2026, at 5:04 AM, Robert J. Hansen via Gnupg-users <gnupg-users@gnupg.org> wrote:</div><br class="Apple-interchange-newline"><div><meta charset="UTF-8"><div style="position: relative;"><div class="protected-part-DE0D2E4C-424F-43DB-811B-A3EAD8517F2E" style="padding-top: 0px; position: relative; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-line: none; text-decoration-thickness: auto; text-decoration-style: solid;"><div class="protected-title-DE0D2E4C-424F-43DB-811B-A3EAD8517F2E" style="position: absolute; margin-top: -5px; background-color: rgb(255, 255, 255); margin-left: 20px; font-weight: bold;">Signed PGP part</div><div class="protected-content-DE0D2E4C-424F-43DB-811B-A3EAD8517F2E" style="border: 3px solid rgb(204, 204, 204); padding: 16px 16px 16px 20px;"><blockquote type="cite">Another bug the community can confirm. This is a separate issue 'can't export subkeys or private keys' There are various options to export secret and public keys and subkeys. Steps to repro: export any subkey and the primary is always included. Export any private key and the public key is always included. What would you say at this rate that is about 20% of your frontend GnuPG malfunctioning.<br></blockquote><br>I would say this behavior goes back to PGP 5.0, so for you to be correct I'd need to believe this bug had been hiding in plain sight for thirty years. Or I could simply realize, "this is the standard behavior ever since PGP 5.0," and move on.<br><br>I elect for option two. I recommend everyone else do the same.<br><br></div></div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-line: none; text-decoration-thickness: auto; text-decoration-style: solid;"><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">Gnupg-users mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-line: none; text-decoration-thickness: auto; text-decoration-style: solid;"><a href="mailto:Gnupg-users@gnupg.org" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">Gnupg-users@gnupg.org</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-line: none; text-decoration-thickness: auto; text-decoration-style: solid;"><a href="https://lists.gnupg.org/mailman/listinfo/gnupg-users" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">https://lists.gnupg.org/mailman/listinfo/gnupg-users</a></div></div></blockquote></div><br></div></div></body></html>