how to add a passphrase to a keypair

Jack ostroffjh at
Sun Oct 3 20:44:27 CEST 2021

On 10/3/21 12:53, Robert J. Hansen via Gnupg-users wrote:
>> gpg -k and gpg -K both show my main key. I compiled a copy of gpg1 
>> (not installed to the system) to try to use locally, since it doesn't 
>> enforce the use of a passphrase for the secret key.  Unfortunately, 
>> without secring.gpg, it doesn't see the secret key at all.
> I haven't tried this, but it might be exactly what you want to do:
> /path/to/gpg2 --export-secret-keys 0xMY_KEY_ID > secret.gpg
It is what I want, but it doesn't work.  gpg2 uses pinentry to request 
the passphrase, and so fails with a blank one.  I would expect that 
using --passphrase-fd would work, but it also fails, as stated in my 
original post with "error receiving key from agent: No passphrase given 
- skipped".  I do find this odd, as I know using --passphrase-fd works: 
gpg --passwd fails with no passphrase given using pinentry, and fails 
with the same error using --passphrase-fd and a blank passphrase, but 
fails with bad passphrase using --passphrase-fd and any non blank 
passphrase.  I have just reconfirmed this behavior.
> /path/to/gpg1 --import secret.gpg
> When you import the secret key, secring.gpg will be recreated, and the 
> corresponding public key will be automatically imported into 
> pubring.gpg.  (A copy of the public key is embedded into each secret 
> key.)
> At that point you'll have the necessary pubring.gpg/secring.gpg files, 
> and should be able to change the passphrase at a GPG1 command line.

I do expect this would work if I could successfully do the export with gpg2.


More information about the Gnupg-users mailing list