David Shaw dshaw at
Wed Apr 27 20:03:22 CEST 2011

On Apr 26, 2011, at 6:38 PM, Stephen H. Dawson wrote:

> Hi,
> Dire need, hoping for help.
> I have my private and public keys, but you have neither the passphrase nor a revocation certificate.  I need to revoke my published key.  Can they recommend a bash script to discover the passphrase using brute force on the private key?

It depends.  If you have a strong passphrase, you're pretty much out of luck.  After all, if it was easy to brute force a strong passphrase, it would defeat a lot of the point of the crypto here.

That said, frequently when someone forgets their passphrase, they half remember it.  They know it starts with such-and-such characters, or that it ends with a number, or has a hyphen in there... that sort of recollection.  For those cases, there are tools that might be useful to you, since your half memory of the passphrase reduces the search space that will need to be brute-force.  If you can manage to remember enough of the passphrase, you might be able to use a tool like to brute force the missing parts.

There is also a commercial product from Elcomsoft that claims very fast distributed brute forcing.  I haven't tried it myself.


More information about the Gnupg-users mailing list