Is it possible to export an expired GPG subkey’s public key without signatures?


Based on Is it possible to export a GPG subkey's public component? I got familiar with:

gpg --keyid-format long --with-fingerprint --list-key {e-mail} gpg --export --armor --output public-key.asc 633DBBC0! # for ssb1 

and

gpg --export-options export-minimal {key-id} 

I also found the following which I added to my gpg.conf.

list-options show-unusable-subkeys 

In the context of a Yubikey, I sometimes need to transfer public key components to a new key ring on a new system in order to decrypt an old file. For some reason gpg --card-status is not enough to get the ball rolling. Gpg will keep reporting that no key exist to decrypt the file. After importing the public key component, it works. I read somewhere on Stack that "the yubikey has not enough data on it to recontruct the public key component." (Might add source later).

However, I don’t want to export all old subkeys (hence keyid!), only a select few and I don’t want to export any signatures (hence export-minimal).

So this is what I tried, but did not result in a desired result:

gpg --armor --export --export-options export-minimal {subkeyid1}! {subkeyid2!} or gpg --armor --export --export-options export-minimal {subkeyid1}! gpg --armor --export --export-options export-minimal {subkeyid2}! 

If I pick one {subkeyx}!, the output is the same. The combination of export-minimal and pointing to a subkey is not working as far as I can tell. I don’t know of any switch I can put in front of keyid, do you?

Then I tried the following and merged them later:

gpg --armor --export --output file1.asc {subkeyid1}! gpg --armor --export --output file2.asc {subkeyid2}! 

But these public key components contain unwanted signatures (and their primary key public part and uid which is acceptable).

I used gpg --armor --export {subkeyid2}! | gpg for reading the output. If I do this with unexpired subkeys, I get an expected result of keys, but if I do this with expired subkeys, the subkey is not listed.

The question: So, how do I export two expired subkeys’s public key components without any signatures?


(Sidenote; meta question; alternative route):

gpg --card-status delivers:

[...] General key info..: sub {rsaX/eccX}/{keyid} {date} {name} {address} sec# {rsaX/eccX}/{keyid} {created date} {expires date} [...] ssb> {rsaX/eccX}/{subkeyid1} {created date} {expires date} card-no: {nr} ssb> {rsaX/eccX}/{subkeyid2} {created date} {expires date} card-no: {nr} 

And as we now from gpg -k and gpg -K. ‘sub’ means public subkey; ‘ssb’ means private subkey and the ‘>’ indicator means material is on smartcard. So this all seems to confirm the public material is not on the card.