RSA Authenticate sub key shows capability as AR

[Kyshman]

Am on Manjaro, specifically kernel version 6.6.16-2-MANJARO.

There is an issue #400 which is closed and I did not want to necropost so raised a new one here.

I have GPG version as follows;

gpg (GnuPG) 2.4.4
libgcrypt 1.10.3-unknown
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>

I was generating an Authenticate Key for a new GPG key (Not meant for the Yubikey) when I noticed the AR capabilty for the RSA Authenticate key and since I was also generating an ECC Authenticate key I noticed that the ECC one did not have the R (Restriction) and was just plain A.

RSA:
sub rsa4096/0xBAE9E81E0F7FDF03 2024-02-25 [AR] [expires: 2025-02-24]

ECC:
sub ed25519/0x8AAAB111134CAC58 2024-02-25 [A] [expires: 2025-02-24]

1. When it comes time to rotate my sub keys for the GPG key on the actual Yubikey will the AR capability issue bite me? The Authenticate sub keys on the Yubikey dont have the AR capability yet.
2. Since the closed Authentication SubKey shows AR #400 issue shows that we need to downgrade GPG to v2.2 will these not prove to be a security risk? Also should this be noted on the Guide?

[drduh]

Can you try using =A as the authentication key capability (https://github.com/gpg/gnupg/blob/master/g10/keygen.c#L2070)?

This looks like a new feature which may be on by default in recent GnuPG versions not yet in stable Debian - https://gnupg.org/blog/20230321-adsk.html

[chaorace]

I was having the same problem while preparing a new key and using =A for the selection resolved the issue in my case