Add an Authentication Subkey

This key will be used as

Get Key ID

If you don't already have it, get the primary Key ID of the new key.

gpg -k email@domain

long number immediately below pub line

Get the full Key ID, you will need it. It may help to save the Key ID to a shell variable.

KEYID="2A9E767BA8BDE849331B40645A6C4588132E97A6"

Add subkey

gpg --quick-add-key $KEYID rsa4096 auth 2024-01-01

Algorithm

rsa4096 - Use this in most cases.
ed25519 (newer) - Use this if you know that every device you'll need to SSH into, supports ed25519 SSH keys.
rsa2048 (older) - Use this if you'll need to SSH into devices which can't handle 4096-bit keys

Usage

auth

Expiration date

Use the same expiration date that you used when creating the primary key.

amnesia@amnesia:$ gpg --quick-add-key $KEYID rsa4096 auth 2024-01-01
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
amnesia@amnesia:$

List key

Now when you list the key, you should see the [A] subkey.

amnesia@amnesia:~$ gpg -k $KEYID
pub   ed25519 2023-05-23 [C] [expires: 2024-01-01]
      2A9E767BA8BDE849331B40645A6C4588132E97A6
uid           [ultimate] Sample <please@dont-spam.us>
sub   ed25519 2023-05-23 [S] [expires: 2024-01-01]
      76581737ABBD19552BFC7D8D91EF268465FA9390
sub   rsa4096 2023-05-23 [E] [expires: 2024-01-01]
      57DAE100A563EDF02E3C71EAB17819416F1A3202
sub   rsa4096 2023-05-28 [A] [expires: 2024-01-01]
      4D645B49D8F7B625BFE2D98C5CC7D6A411BED246

amnesia@amnesia:~$

Using a Yubikey for PGP and SSH

Add an Authentication Subkey

Get Key ID

Add subkey

List key