From d8ad5c469b11275a1c6dfba6740803a994c2f4da Mon Sep 17 00:00:00 2001
From: drduh <github@duh.to>
Date: Sun, 15 Jun 2025 13:22:45 -0700
Subject: [PATCH] split subkey gen command, note ed25519 auth

---
 README.md | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 51f9009..638b4f9 100644
--- a/README.md
+++ b/README.md
@@ -490,13 +490,22 @@ EOF
 Generate Signature, Encryption and Authentication Subkeys using the previously configured key type, passphrase and expiration:
 
 ```console
-for SUBKEY in sign encrypt auth ; do \
-    echo "$CERTIFY_PASS" | \
+echo "$CERTIFY_PASS" | \
     gpg --batch --pinentry-mode=loopback --passphrase-fd 0 \
-        --quick-add-key "$KEYFP" "$KEY_TYPE" "$SUBKEY" "$EXPIRATION"
-done
+        --quick-add-key "$KEYFP" "$KEY_TYPE" sign "$EXPIRATION"
+
+echo "$CERTIFY_PASS" | \
+    gpg --batch --pinentry-mode=loopback --passphrase-fd 0 \
+        --quick-add-key "$KEYFP" "$KEY_TYPE" encrypt "$EXPIRATION"
+
+echo "$CERTIFY_PASS" | \
+    gpg --batch --pinentry-mode=loopback --passphrase-fd 0 \
+        --quick-add-key "$KEYFP" "$KEY_TYPE" auth "$EXPIRATION"
 ```
 
+> [!NOTE]
+> Some systems no longer accept RSA keys for SSH authentication; set the `KEY_TYPE` variable to `ed25519` before generating the last `auth` subkey.
+
 # Verify keys
 
 List available secret keys: