Cannot export SSH public key

[Felix E. Klee]

On Thu, Nov 23, 2023 at 10:17 AM Felix E. Klee <felix.klee at inka.de>
wrote:
> Can you explain why the output of `ssh-add -L` did not change? Also
> why is it not the same as the output from `gpg --export-ssh-key
> yubikey at f76.eu`?

OK, I may have found the issue:

    $ grep -rl Use-for-ssh ~/.gnupg/private-keys-v1.d/*
    .gnupg/private-keys-v1.d/0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key

That’s the key grip of the master key:

    $ gpg -k --with-keygrip yubikey at f76.eu
    pub   rsa4096 2023-06-29 [SC]
          7A0FE73DDB744F0F97341DA71BE349D11B6ED589
          Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786
    uid           [ultimate] Felix E. Klee (YubiKey) <yubikey at f76.eu>
    sub   rsa4096 2023-06-29 [E]
          Keygrip = 07D6164F019D2EDF59C650992CF93776B2DD17F2
    sub   rsa4096 2023-11-22 [A]
          Keygrip = 9C67E5BBB72EF0BF2625792F8F134CE4FD961FF5

I don’t remember adding this, but I guess I did, maybe some months ago.
Anyhow, now I removed `Use-for-ssh` from that key.

I then added the keygrip of the authentication key to
`~/.gnupg/sshcontrol`. However, that doesn’t work:

    $ ssh-add -l
    The agent has no identities.

Only if I add the key grip of the master key to `~/.gnupg/sshcontrol`,
then `ssh-add -l` is happy. But this seems wrong.

I notice that the private key stub of the authentication sub key isn’t
present in `~/.gnupg/private-keys-v1.d`:

    $ ls -1 ~/.gnupg/private-keys-v1.d/
    07D6164F019D2EDF59C650992CF93776B2DD17F2.key
    0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key
    250CD54A263D092C462509D83D034E4BAAF73311.key
    BB1D7402E4603D0C12512AB235B12FE1F4BD9667.key

*How do I generate the private key stub for the authentication sub key?*

`gpg --card-status` doesn’t do it.