What is a GPG with "authenticate" capability used for?
OpenPGP keys can be used for authentication in various protocols:
-
SSH, as bare ssh-rsa keys (
monkeysphere subkey-to-ssh-agent, or smartcards) -
SSH, as pgp-sign-rsa certificates (no implementations known to me)
-
TLS according to RFC 5081 (supported by GnuTLS)
-
of course, less well-known protocols and software such as gpgauth.org, Enigform, and such; they do find the "authentication" flag suitable.
Claudio Floreani
Born in Milan the 4th of february 1979, I lived all the informatic evolution in Italy, subscribing to the first ISP (Agorà) before the born of the WWW, and working for first FTTH broadband access provider (Fastweb) and then for the first UMTS mobile broadband provider (H3G). I believe in the disruptive power of the bits, and realizing that there's still much to do in the Internet I decided to take my part, founding Crevel, a platform to gives back to the people the personal dimension of the travel.
Updated on September 18, 2022Comments
-
Claudio Floreani over 1 year
GnuPG subkeys can be flagged with three kind of capabilities: Sign, Encrypt and Authenticate.
While the first two actions are widely used and documented, the authenticate action is somehow mysterious. You can make such key only using editing a primary key with the
--expertoption:$ gpg --expert --edit-key 889C36B7 gpg (GnuPG/MacGPG2) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc. gpg> addkey ... Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Encrypt (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished ...There are rumors about GPG keys being used to do SSH authentication, but I haven't read or found a way to make it work. There are also a couple of unanswered question concerning [gpg] and [ssh] interaction:
Are GPG and SSH keys interchangable?
How to use gpg and SSH together?
Apart from this, I cannot find other uses for the "authentication" subkeys.