how to add a passphrase to a keypair
ostroffjh at users.sourceforge.net
Sun Oct 3 16:54:29 CEST 2021
On 10/2/21 22:51, raf via Gnupg-users wrote:
> On Sun, Oct 03, 2021 at 01:40:03PM +1100, raf <gnupg at raf.org> wrote:
>> On Sat, Oct 02, 2021 at 07:12:45PM -0400, Jack via Gnupg-users <gnupg-users at gnupg.org> wrote:
>>> Is it possible to add a passphrase to a secret key originally created
>>> without one? If so, please tell me how. I'll be happy with either
>>> instructions or pointer to the fine manual I either missed or misread.
>>> I have tried lots of variations. Attempts using gpg-agent fail because
>>> pinentry (I've tried text and gui versions) refuses to accept a blank
>>> passphrase. Variants using --passphrase or --passphrase-fd don't work
>>> because they only allow passing one passphrase, and I need to provide the
>>> old one and the new one. I've also tried --export-secret-key, which also
>>> fails with "error receiving key from agent: No passphrase given - skipped"
>>> when using --passphrase-fd.
>>> I do have a copy of gpg-1.4.23 available, but simply copying .gnupg to a new
>>> user and using the old gpg doesn't help because gpg1 doesn't see the secret
>>> keys from gpg2, and I haven't been able to export them.
>>> Is there a way to do this, or is revoking the old key and creating new keys
>>> from scratch the only solution?
>>> Thanks for any information.
>> Try these instructions for changing the passphrase:
>> gpg --edit-key Your-Key-ID-Here
>> gpg> passwd
>> gpg> save
> Also, don't use gpg1. I'm guessing that either the key
> was created with gpg2, or was created with gpg1 but
> then ~/.gnupg was subsequently converted for use with
> gpg2 (since you say "gpg1 doesn't see the secret keys
> from gpg2"). If either is the case, keep using gpg2.
> Also, if you are getting the error "No passphrase
> given", I could be wrong, but that might suggest that
> the secret key is already encrypted. Are you sure that
> there is no existing passphrase? If so, ignore this.
Thanks for the suggestions, but they do not help. On my main PC I only
have version 2 installed, so gpg and gpg2 are the same command (one is a
symlink to the other.) The key was created many years ago with gpg
version 1 and was definitely created without a passphrase. I have gone
through many PCs since then (all LInux) and always copied my ~/.gnupg
folder to the new box. Somewhere along the line some files do seem to
have gotten lost, because I do not have secring.gpg or pubring.gpg, but
gpg -k and gpg -K both show my main key. I compiled a copy of gpg1 (not
installed to the system) to try to use locally, since it doesn't enforce
the use of a passphrase for the secret key. Unfortunately, without
secring.gpg, it doesn't see the secret key at all.
Your first suggestion does not work (as I said in my original post)
because pinentry does not accept a blank passphrase, and it still
prompts for one even if it doesn't actually need it.
More information about the Gnupg-users