how to add a passphrase to a keypair
ostroffjh at users.sourceforge.net
Sun Oct 3 20:44:27 CEST 2021
On 10/3/21 12:53, Robert J. Hansen via Gnupg-users wrote:
>> gpg -k and gpg -K both show my main key. I compiled a copy of gpg1
>> (not installed to the system) to try to use locally, since it doesn't
>> enforce the use of a passphrase for the secret key. Unfortunately,
>> without secring.gpg, it doesn't see the secret key at all.
> I haven't tried this, but it might be exactly what you want to do:
> /path/to/gpg2 --export-secret-keys 0xMY_KEY_ID > secret.gpg
It is what I want, but it doesn't work. gpg2 uses pinentry to request
the passphrase, and so fails with a blank one. I would expect that
using --passphrase-fd would work, but it also fails, as stated in my
original post with "error receiving key from agent: No passphrase given
- skipped". I do find this odd, as I know using --passphrase-fd works:
gpg --passwd fails with no passphrase given using pinentry, and fails
with the same error using --passphrase-fd and a blank passphrase, but
fails with bad passphrase using --passphrase-fd and any non blank
passphrase. I have just reconfirmed this behavior.
> /path/to/gpg1 --import secret.gpg
> When you import the secret key, secring.gpg will be recreated, and the
> corresponding public key will be automatically imported into
> pubring.gpg. (A copy of the public key is embedded into each secret
> At that point you'll have the necessary pubring.gpg/secring.gpg files,
> and should be able to change the passphrase at a GPG1 command line.
I do expect this would work if I could successfully do the export with gpg2.
More information about the Gnupg-users