strange behavior for --edit-key passwd

Joe Vender jvender at
Tue May 3 14:25:53 CEST 2005

I've found some strange, buggy behavior in gpg's --edit-key passwd
code of GnuPG 1.4.2-cvs. I haven't tried this with GnuPG 1.4.1, but
it's probably there too. I found it while removing password
protection from a key in order to export it so that an older PGP
version could use it.

Try this using a *TEST* key which already has a passphrase set:

1) Remove the passphrase protection by doing:
 gpg --edit-key 0xXXXXXXXX

2) at the "Command>" prompt, type "passwd".

The first thing that I notice is that it gives me an "invalid
passphrase; please try again...", even though I haven't entered one

3) Now, enter the current passphrase. When gpg prompts you with
"Enter the new passphrase for this secret key", hit ENTER and then
ENTER again when it prompts you to repeat the passphrase.

4) Type "y" and hit ENTER when it warns you that this is a bad idea
and asks you if you really want to do this.

5) Type "quit", and then "y" and hit ENTER when it asks if you want
to save changes.

6) Now, again type gpg --edit-key 0xXXXXXXXX

7) Type "passwd" and hit ENTER. gpg returns the message, "This key is
not protected. Enter the new passphrase for this secret key."

 But, then the prompt asks you to "Repeat passphrase:" Since you
don't have a passphrase protecting the key at this point and haven't
entered one yet, why is it asking you to "repeat" passphrase and
what's it going to compare it to anyway?

At this point, there are two things you could do.

  a) First, you could enter whatever passphrase you want to give the
key, at which point gpg then tells you "passphrase not correctly
repeated; please try again. Enter passphrase:" If you then again type
your new passphrase and repeat it when prompted and then quit and
save changes, your secret key is protected with the new passphrase.

 b) Or, instead of doing a) above, you could just hit ENTER at which
point you're again at the "You don't want a passphrase - this is
probably a *bad* idea! Do you really want to do this?", but at this
point you don't have a passphrase protecting your key anyway so
you're back to where you started.


The strange behaviors are:

 In step 2) above where gpg gives the "invalid passphrase; please try
again..." message before I even enter on yet.

 In step 7) above at which point, when starting with an unprotected
secret key and trying to password protect it, it prompts you to
"Repeat passphrase:" before you've entered one yet instead of
starting at the "Enter passphrase:" point.

More information about the Gnupg-devel mailing list