kachick
commented
1 week ago --export-secret-subkeys
https://superuser.com/questions/1577858/what-is-export-secret-subkeys-used-for
The second form of the command has the special property to render the secret part of the primary key useless; this is a GNU extension to OpenPGP and other implementations can not be expected to successfully import such a key. Its intended use is in generating a full key with an additional signing subkey on a dedicated machine. This command then exports the key without the primary key to the main machine.
https://sequoia-pgp.org/ https://wiki.archlinux.jp/index.php/OpenPGP https://wiki.archlinux.jp/index.php/GnuPG#OpenPGP_.E3.81.AE.E4.BA.92.E6.8F.9B.E6.80.A7 https://www.rfc-editor.org/rfc/rfc9580.html
https://gitlab.com/sequoia-pgp/sequoia https://gitlab.com/sequoia-pgp/sequoia-gpg-agent https://github.com/sequoia-pgp/authenticate-commits https://github.com/NixOS/nixpkgs/blob/6c843e113714e5e47a446ef949a6c12e028cf669/pkgs/by-name/se/sequoia-sq/package.nix
Looks like https://github.com/cortex/ripasso is also using Sequoia-PGP https://github.com/NixOS/nixpkgs/blob/6c843e113714e5e47a446ef949a6c12e028cf669/pkgs/tools/security/ripasso/cursive.nix#L20