Peter Lebbing peter at digitalbrains.com
Wed Mar 23 18:42:11 CET 2016

On 23/03/16 16:35, Andrew Gallagher wrote:
> [...] and since you can always enforce use of your A,S subkeys (unlike
> E, where it's out of your hands) this shouldn't cause you any issues if you
> change your mind.

I haven't tried it (it's more work than most "let's try this" things), but I
think if you have a smartcard with your primary key inserted, and your primary
key can do A, GnuPG would be quite happy to negotiate that key for SSH auth and
subsequently do that authentication.

Smartcard keys are automatically considered for SSH authentication, which is
where it differs from on-disk keys, which need to be added to sshcontrol explicitly.

> If you are aiming your tool at beginners then single-use subkeys are probably
> overkill, so the GPG defaults are fine.

Yes, an on-disk authentication subkey seems really uncommon to me. I would
completely omit an A subkey.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list