changing the passphrase of the secret key stored in the GnuPG card

Peter Lebbing peter at
Sun Jun 11 21:37:51 CEST 2017

On 11/06/17 21:05, Matthias Apitz wrote:
> I know, but I want to change the passphrase, not the PIN.

They are the same thing, it's just a choice of terminology. Since user
authentication to a smartcard is traditionally done using numerics only
and card readers with PINpads also usually only use numerics, the term
PIN has become commonly used (Personal Identification Number[1]). But
under GnuPG, you can use alphanumerics and symbols, and it is more
correct to call it a passphrase.

Put differently: the secret key stub on disk is a mere unencrypted
reference to a specific smart card. And what then unlocks the smartcard
is the PIN or passphrase passed to the card, which is set as Werner
indicates. There is only one authentication involved, not two. (It's
still two-factor authentication, so that last sentence needs to be taken
in the proper context).



[1] I'd say "Identification" is a misnomer, it's authentication instead.
Identification is the mere act of naming something, authentication is
providing a means to prove something is authentic, is true, is not fake.
You could identify yourself as Peter Lebbing, but it almost surely would
not be authentic.

(I've always fancied bringing up this point when the police asks me to
"identify myself", but it would be a very bad idea in practice probably :-)

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170611/9a42b461/attachment.sig>

More information about the Gnupg-users mailing list