13
6
GnuPG subkeys can be flagged with three kind of capabilities: Sign, Encrypt and Authenticate.
While the first two actions are widely used and documented, the authenticate action is somehow mysterious.
You can make such key only using editing a primary key with the --expert
option:
$ gpg --expert --edit-key 889C36B7
gpg (GnuPG/MacGPG2) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc.
gpg> addkey
...
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
...
There are rumors about GPG keys being used to do SSH authentication, but I haven't read or found a way to make it work. There are also a couple of unanswered question concerning [gpg] and [ssh] interaction:
Are GPG and SSH keys interchangable?
How to use gpg and SSH together?
Apart from this, I cannot find other uses for the "authentication" subkeys.
Yes "Using OpenPGP Keys for Transport Layer Security (TLS) Authentication" is an interesting draft. But a part from that it seems that the authentication facility was added as a "bonus", but relies completely to third parties implementations. I will wait for some time to collect other answers before accepting your good one. Thanks – Claudio Floreani – 2012-02-17T17:01:53.967