personal blog
git clone git://
Log | Files | Refs | README

commit 8df278dae1b5f65e6efb3321360e84715af722eb
parent 5c170158df2b265903e06dcf893e8d260f24cb2d
Author: pyratebeard <>
Date:   Tue, 22 Nov 2022 23:50:27 +0000


Mentry/ | 10+++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/entry/ b/entry/ @@ -12,7 +12,7 @@ Could one SSH key pair for _my identity_ be enough? If the private key was secu To get an idea of how others work I put out [a poll](TK){target="_blank" rel="noreferrer"} on Mastodon. -![results](/img/sshkey_poll.png#fitwidth) +![results](/img/sshkey_poll_results.png#fitwidth) It surprised me that an equal number of people use one key per device as those that use one key for all. @@ -22,8 +22,16 @@ When a GPG key is loaded into your keyring you don't have to keep the private ke As it turns out you can add an SSH key as a subkey to a GPG key, then `gpg-agent` will provide the authentication instead of `ssh-agent`, and more importantly you can delete you SSH private key. +To add your SSH key as a subkey edit your GPG key in expert mode ``` +gpg2 -a --export-secret-keys <key_id> > gpg_key.asc +mkdir tmp_gpg +chmod 700 tmp_gpg +gpg2 --homedir tmp_gpg --import gpg_key.asc ``` + + + Going one step further took [me back](TK){target="_blank" rel="noreferrer"} to hardware keys such as the [Yubikey](TK){target="_blank" rel="noreferrer"}.