Adding subkeys to a primary key is fairly similar to creating the primary key with the create_subkey method. Most of the arguments are the same, but not quite all. Instead of the userid argument there is now a key argument for selecting which primary key to add the subkey to.

In the following example an encryption subkey will be added to the primary key. Since Danger Mouse is a security conscious secret agent, this subkey will only be valid for about six months, half the length of the primary key.

import gpg c = gpg.Context() c.home_dir = "~/.gnupg-dm" key = c.get_key(dmkey.fpr, secret=True) dmsub = c.create_subkey(key, algorithm="rsa3072", expires_in=15768000, encrypt=True)

As with the primary key, the results here can be checked with:

print(""" Fingerprint: {0} Primary Key: {1} Public Key: {2} Secret Key: {3} Sub Key: {4} User IDs: {5} """.format(dmsub.fpr, dmsub.primary, dmsub.pubkey, dmsub.seckey, dmsub.sub, dmsub.uid))

As well as on the command line with:

bash-4.4$ gpg --homedir ~/.gnupg-dm -K ~/.gnupg-dm/pubring.kbx ---------------------- sec rsa3072 2018-03-15 [SC] [expires: 2019-03-15] 177B7C25DB99745EE2EE13ED026D2F19E99E63AA uid [ultimate] Danger Mouse <dm@secret.example.net> ssb rsa3072 2018-03-15 [E] [expires: 2018-09-13] bash-4.4$