Changing key's passphrase in an automated way

Thomas Pelletier pelletier.thomas at gmail.com
Fri Dec 5 14:47:13 CET 2014


Hello everybody,

I have seen this topic has been discussed a few times here and online, but
I have not managed to reach a working solution.

My goal is to be able to change a key's passphrase from a caller program,
given its ID, the old passphrase and the new passphrase.

My best shot is:

    echo -e "old_passpkey\nnew_passkey" | gpg --verbose --status-fd 2
--no-tty --homedir gpg_test --passphrase-fd 0 --batch --command-file cmds
--edit-key 9C6BD0AC

The cmds file contains the following:

    passwd
    save

Here is what I have on my stderr:

    [GNUPG:] GET_LINE keyedit.prompt
    [GNUPG:] GOT_IT
    [GNUPG:] USERID_HINT F47798F49C6BD0AC My Key (My Key) <
pelletier.thomas at gmail.com>
    [GNUPG:] NEED_PASSPHRASE F47798F49C6BD0AC F47798F49C6BD0AC 1 0
    [GNUPG:] GOOD_PASSPHRASE
    [GNUPG:] NEED_PASSPHRASE_SYM 3 3 2
    [GNUPG:] GET_LINE keyedit.prompt
    [GNUPG:] GOT_IT

The key's passphrase does not change in the end. It seems to me that the
second passphrase is never read. According to [1], "[--passphrase-fd] can
only be used if only one passphrase is supplied". So how can I give it the
two different passphrases?

Thanks,
Thomas

[1]
https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html

-- 
Thomas Pelletier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141205/547bffa8/attachment.html>


More information about the Gnupg-users mailing list