Subkey Creation

Adding subkeys to a primary key is fairly similar to creating the primary key with the create_subkey method. Most of the arguments are the same, but not quite all. Instead of the userid argument there is now a key argument for selecting which primary key to add the subkey to.

In the following example an encryption subkey will be added to the primary key. Since Danger Mouse is a security conscious secret agent, this subkey will only be valid for about six months, half the length of the primary key.

import gpg

c = gpg.Context()
c.home_dir = "~/.gnupg-dm"

key = c.get_key(dmkey.fpr, secret=True)
dmsub = c.create_subkey(key, algorithm="rsa3072", expires_in=15768000,
			    encrypt=True)

As with the primary key, the results here can be checked with:

print("""
Fingerprint:  {0}
Primary Key:  {1}
 Public Key:  {2}
 Secret Key:  {3}
    Sub Key:  {4}
   User IDs:  {5}
""".format(dmsub.fpr, dmsub.primary, dmsub.pubkey, dmsub.seckey, dmsub.sub,
	    dmsub.uid))

As well as on the command line with:

bash-4.4$ gpg --homedir ~/.gnupg-dm -K
~/.gnupg-dm/pubring.kbx
----------------------
sec   rsa3072 2018-03-15 [SC] [expires: 2019-03-15]
      177B7C25DB99745EE2EE13ED026D2F19E99E63AA
uid           [ultimate] Danger Mouse <dm@secret.example.net>
ssb   rsa3072 2018-03-15 [E] [expires: 2018-09-13]

bash-4.4$