On Thu, Nov 23, 2023 at 10:17 AM Felix E. Klee <felix.k...@inka.de> wrote: > Can you explain why the output of `ssh-add -L` did not change? Also > why is it not the same as the output from `gpg --export-ssh-key > yubi...@f76.eu`?
OK, I may have found the issue: $ grep -rl Use-for-ssh ~/.gnupg/private-keys-v1.d/* .gnupg/private-keys-v1.d/0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key That’s the key grip of the master key: $ gpg -k --with-keygrip yubi...@f76.eu pub rsa4096 2023-06-29 [SC] 7A0FE73DDB744F0F97341DA71BE349D11B6ED589 Keygrip = 0E67508AC6866D82ABB95E0B53CF5D18DC48A786 uid [ultimate] Felix E. Klee (YubiKey) <yubi...@f76.eu> sub rsa4096 2023-06-29 [E] Keygrip = 07D6164F019D2EDF59C650992CF93776B2DD17F2 sub rsa4096 2023-11-22 [A] Keygrip = 9C67E5BBB72EF0BF2625792F8F134CE4FD961FF5 I don’t remember adding this, but I guess I did, maybe some months ago. Anyhow, now I removed `Use-for-ssh` from that key. I then added the keygrip of the authentication key to `~/.gnupg/sshcontrol`. However, that doesn’t work: $ ssh-add -l The agent has no identities. Only if I add the key grip of the master key to `~/.gnupg/sshcontrol`, then `ssh-add -l` is happy. But this seems wrong. I notice that the private key stub of the authentication sub key isn’t present in `~/.gnupg/private-keys-v1.d`: $ ls -1 ~/.gnupg/private-keys-v1.d/ 07D6164F019D2EDF59C650992CF93776B2DD17F2.key 0E67508AC6866D82ABB95E0B53CF5D18DC48A786.key 250CD54A263D092C462509D83D034E4BAAF73311.key BB1D7402E4603D0C12512AB235B12FE1F4BD9667.key *How do I generate the private key stub for the authentication sub key?* `gpg --card-status` doesn’t do it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users