Gnuk implements "INTERNAL AUTHENTICATE" command of OpenPGP card protocol 2.0.
You can now import your authentication subkey to USB Token by Gnuk.
If you have authentication subkey, do the following:
$ gpg --edit-key <YOUR-KEY-ID> [...] Command> toggle [...] Command> key 2 [...] Command> keytocard
The problem is adding authentication subkey to your key.
To generate&add authentication subkey with GnuPG, we need to supply --expert option like following:
$ gpg --expert --edit-key <YOUR-KEY-ID> [...] Command> addkey [...] Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) Your selection? 8 Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Encrypt (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? A [...] Your selection? S [...] Your selection? E [...] Your selection? Q RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) [...]
Alternatively, you can use Monkeysphere to generate authentication subkey.
$ monkeysphere g <YOUR-KEY-ID>