Assuming a master+subkey setup, where the goal is to make the subkeys available on a network connected machine (laptop), additional security can be gained by changing the passphrase of the subkeys. This will give additional security to the master key - if the passphrase was keylogged on the laptop, and somehow the attacker managed to get to the offline-securily stored master key, they will still not be able to access it.
In the secure environment:
# create master+subkeys as usual. $ mkdir /tmp/laptop $ chmod 700 !$ $ gpg --export-secret-subkeys <keyid> >/tmp/subkeys.gpg $ gpg --homedir /tmp/laptop --import </tmp/subkeys.gpg $ gpg --no-greet --homedir /tmp/laptop --edit-key <keyid> Secret key is available. ... gpg> password Secret parts of primary key are not available. You need a passphrase to unlock the secret key for ... Enter passphrase: Enter the new passphrase for this secret key. Enter passphrase: Repeat passphrase: gpg> save $
/tmp/laptop/ is now ready to be transfered across.
Note that these steps have to be repeated for every modification/addition of subkeys.