Note the showing that one of our subkeys has the authenticate capability. Once you have your GPG key, the output from gpg -K should look something like the following. Note however that since GnuPG 2.1, you can delete the private part of your master key by deleting the appropriate file (named by keygrip, which you can obtain using gpg -K -with-keygrip) in ~/.gnupg/private-keys-v1.d so you shouldn’t need to -export-secret-subkeys and re-import them.
GNUPG MAC MAC PINID OFFLINE
I won’t describe this process as there are plenty of blog posts out there that do, but in brief I would recommend creating a non-expiring master key with only the (certify) capability – perhaps keeping this offline – and expiring subkeys for each other capability, as described in this post.
If you don’t already have a GPG key/subkey with the (authenticate) capability, you’ll need to generate one first. I mainly used bootc’s wiki page and the notes on, changing a few things in search of a cross-platform solution for macOS 10.12 and Debian 9 so that I have a unified set of config files that can be synced using git. The basic idea is that instead of using ssh-agent for SSH authentication, we’ll use gpg-agent. Copy the text after the rsa4096/ and before the date generated and use the copied id in step 13: gpg -K -keyid-format SHORT sec rsa4096/ YYYY-MM-DD SC expires: YYYY-MM-DD You need to copy the output from your terminal similar to the. Since GnuPG 2.1 this has become much easier, and whilst there are some good tutorials out there, some are out of date. Use the next command to generate a short form of the key fingerprint. If you have a GPG key, it makes sense to also use it for SSH authentication rather than generating a separate key.