Automatically changing/removing key passphrase

Bjarni Runar Einarsson bre at pagekite.net
Wed Oct 23 10:27:21 CEST 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello GnuPG users!

Background: I'm working a bit on Mailpile's Autocrypt support
these days. Mailpile creates OpenPGP keys for its users, which
are protected by a strong passphrase, but generally manages those
passphrases on the user's behalf to guarantee a seamless user
experience. I don't want my users to be locked in to Mailpile,
and I wanted to implement the Autocrypt Setup Message (ASM) spec
so users had a standardized, semi-automated way to migrate their
keys from Mailpile to another mail agent. For better or worse,
the ASM defines a password protection scheme for the key material
which is different from a passphrase on the key itself.

So when syncing the keys, I need to remove the passphrase. I
cannot figure out an elegant way to do this using GnuPG or GPGME.

The GPGME manual's "Changing Passphrases" section 7.5.10 states:
"The backend engine will usually popup a window to ask for the
old and the new passphrase. Thus this function is not useful in a
server application (where passphrases are not required anyway)."

I guess from the point of view of GnuPG and GPGME, Mailpile is
behaving like a server application. But I would still rather not
store the secret keys unprotected, so I need an automated way to
manage the key's passphrase. How do I square this circle?

Any hints on how to automatically remove the passphrase using
gnupg without direct user interaction?

A Google search showed that this is a question that comes up
every now and then, but I have only seen manual procedures for
resolving it. Is this perhaps a feature which should be added?

Thanks in advance,
 - Bjarni

- -- 
PageKite.net lets your personal computer be part of the web

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEETBSz4pzXkOHlSFMhjgA3FgDPlJEFAl2wDukACgkQjgA3FgDP
lJFCYAf/R+mKR92lZN5kaE5d81cP2oGqJ8AGuWzTulI42LubyRezoAg939OVijwo
2+sVcqL2Xk8uPBtu+gq+/ZvN31NuG1PfEE35s4+G4n4YqkLx+NC18HCffuMJ+515
unjHmrQ+ID08kbp/xQNE/jqXqFDTGUo25pGlSI4ecqZumtkK9SBEI9JSsW0jR11L
N/SC9JXh2ksD2j9azYKsbj9fgDO+8Lg2vXpaWTjv+BFe1vKaDfQzGw7DSUVtzsD4
PT8HlFvWucUmhGv5A7SKUWEMG4VC7J33YjPK5KMe8TCBA+agmRw93JMiVPVUEzaw
8iFw9haK8zQawgYmC9Ja/qI9CuohyA==
=Cpmt
-----END PGP SIGNATURE-----


More information about the Gnupg-users mailing list