I know PIV and OpenPGP are separate standards and independent applications in the YubiKey, but for newcomers like me they look very similar with their signing, encryption and authentication keys, use cases, etc.
After setting up my YubiKey with OpenPGP keys I’m wondering: is it advisable, useful and/or secure to load the PIV slots with certificates issued for the same keys used for OpenPGP?
I have successfully converted ssh keys to gpg primary keys and then converted them to authentication subkeys using pem2openpgp. Unfortunately there is only one primary key and only one authentication subkey allowed on my yubikey.
Are there hardware tokens that allow multiple openpgp identities on a single key or at least multiple authentication keys?
I am using gpg-agent instead of ssh-agent to allow my current yubikey authentication subkey to be used for login. As I cannot add additional authentication subkeys to yubikey I attempt to add the standard ssh key to gpg-agent with “ssh-add”. At this point I am prompted for the key password and on success “ssh-add -l” reports that the key has been cached.
When I try and ssh into a box with the standard ssh key I keep getting prompted for the password to the key even though it is in the cache. Entering the password results in it being rejected as invalid.
My 2nd question is how can I get gpg authentication keys and ssh keys to work together with gpg-agent?