From d446832705be6b8ea6665396be19858398a6dce6 Mon Sep 17 00:00:00 2001
From: drduh <github@duh.to>
Date: Sun, 15 Jun 2025 13:29:08 -0700
Subject: [PATCH] explicit note on ed25519 auth subkeys to fix #507

---
 README.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 638b4f9..83ab8d9 100644
--- a/README.md
+++ b/README.md
@@ -438,7 +438,7 @@ export KEYID=$(gpg -k --with-colons "$IDENTITY" | \
 export KEYFP=$(gpg -k --with-colons "$IDENTITY" | \
     awk -F: '/^fpr:/ { print $10; exit }')
 
-printf "\nKey ID: %40s\nKey FP: %40s\n\n" "$KEYID" "$KEYFP"
+printf "\nKey ID/Fingerprint: %20s\n%s\n\n" "$KEYID" "$KEYFP"
 ```
 
 <details>
@@ -487,7 +487,7 @@ EOF
 
 # Create Subkeys
 
-Generate Signature, Encryption and Authentication Subkeys using the previously configured key type, passphrase and expiration:
+Generate Signature and Encryption Subkeys using the previously configured key type, passphrase and expiration:
 
 ```console
 echo "$CERTIFY_PASS" | \
@@ -497,15 +497,19 @@ echo "$CERTIFY_PASS" | \
 echo "$CERTIFY_PASS" | \
     gpg --batch --pinentry-mode=loopback --passphrase-fd 0 \
         --quick-add-key "$KEYFP" "$KEY_TYPE" encrypt "$EXPIRATION"
+```
 
+Followed by the Authentication Subkey:
+
+> [!NOTE]
+> Some systems no longer accept RSA for SSH authentication; set the `KEY_TYPE` variable to `ed25519` before generating Authentication Subkey.
+
+```
 echo "$CERTIFY_PASS" | \
     gpg --batch --pinentry-mode=loopback --passphrase-fd 0 \
         --quick-add-key "$KEYFP" "$KEY_TYPE" auth "$EXPIRATION"
 ```
 
-> [!NOTE]
-> Some systems no longer accept RSA keys for SSH authentication; set the `KEY_TYPE` variable to `ed25519` before generating the last `auth` subkey.
-
 # Verify keys
 
 List available secret keys: