On 23/03/16 16:35, Andrew Gallagher wrote: > [...] and since you can always enforce use of your A,S subkeys (unlike > E, where it's out of your hands) this shouldn't cause you any issues if you > change your mind.
I haven't tried it (it's more work than most "let's try this" things), but I think if you have a smartcard with your primary key inserted, and your primary key can do A, GnuPG would be quite happy to negotiate that key for SSH auth and subsequently do that authentication. Smartcard keys are automatically considered for SSH authentication, which is where it differs from on-disk keys, which need to be added to sshcontrol explicitly. > If you are aiming your tool at beginners then single-use subkeys are probably > overkill, so the GPG defaults are fine. Yes, an on-disk authentication subkey seems really uncommon to me. I would completely omit an A subkey. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
