Identifying one of multiple authentication subkeys

john doe johndoe65534 at mail.com
Sat Mar 16 09:22:52 CET 2019


On 3/15/2019 11:28 PM, Brian Exelbierd wrote:
> Hi,
>
> I would like to eliminate my SSH keys and consolidate my existing keys into my gpg key.  I can do this by either importing my existing keys (easier) or creating new authentication subkeys.
>
> Either way, I am unsure how to identify which subkey is which SSH key.  I created a test key, below, with two authentication subkeys.  I can't tell which subkey matches each key.  How do you know?  Without this knowledge it is hard to know which key goes with which server and which key is safe to delete later.
>
> Any advice?  Thank you.
>
> regards,
>
> bex
>
> ---
>
> # gpg2 -K --with-keygrip
> /root/.gnupg/pubring.kbx
> ------------------------
> sec   rsa2048 2019-03-15 [SC] [expires: 2021-03-14]
>       84B9177ECD98386DACDA102DF80B5DDF8D55076A
>       Keygrip = 13C8D80A6B3A5A7CC4095A254A07AFC9F287CF16
> uid           [ultimate] keyname
> ssb   rsa2048 2019-03-15 [E] [expires: 2021-03-14]
>       Keygrip = 26FD3D7D54BEE12111354B9E968C23EEDC445A4E
> ssb   rsa2048 2019-03-15 [A]
>       Keygrip = A04EA628443B5C1C60411C15E1EC35C21186D405
> ssb   rsa2048 2019-03-15 [A]
>       Keygrip = 45F02D545B6B6ADC32FCB7BC64B943F23B35D3FF
>
> # ssh-add -l
> 2048 SHA256:T/SZUtqVEzoo4c4rmh5e4jrnCd5ewGNj1Nrsg3VYbCE (none) (RSA)
> 2048 SHA256:+Qbn7T5rQms4+bBfzc7D68H2TynS/8gyT0pjrMOaiQA (none) (RSA)
>
> # ssh-add -L
> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8vnk7hPdP9tWdw8DUV8rOYDTAlhbvSWPuEUwr0FdaveJoJtgYhceKVoyFnOYZnZ8QP0nAytHGeSAHkL/9Vw0Whyouu94awwoEERdkIzvl/KVRU3n0dBabbjbqlY6Dz+4zjIUo/KbyZ9PZHohCVQs/DzFUqnLsPoHzVVDBPvMHFkf0t2qSe0Pv2I7vLmI1UVBFMspjy80kmoijheFAmXebCGC3uzr23BKqzqfj2/HYv/DJAQufGiHsH+/I855U8Dckd4TQmHS4aRsIY0px1HA4of9nIiWWifvqxwshax2VSdJucJi1RB6YbSxbTIbjnl0YJbbIajV8xJjyloaOofph (none)
> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnrIe/fe6i6AMA+evGzz3Gc56rSH5D3cJ9R/cMta2jHjtNlZZD/uJNdbuALsI4elB5m0Yxsbiz0j3UG2L/2nHfjD73oPQkwFIacvtkZT/hpp/BWPFDWQnGaWeWdFfsxlzu6gOMsfYJQDxNIPRjLbYkcIOL3Xw5EIFlS2xEr+/ZGsD2uNnReXj5XZnXh6FrxcX7vhnKpHHsVzDZG+xRs+xhErhiini8J1REZaQzZnVftD/WZGbAU8f3LSDfSCFQVxRTibXW5JMd6JfFe1zZXST+JfAEqg5LhucpzsQAbYWtNiqZ5McerI1HYPjYNUqoYhGzXsWvEuvPp3qugVjH3ZI5 (none)
>

My understanding is that one subkey is to be used for authentication .

--
John Doe



More information about the Gnupg-users mailing list