how to add a passphrase to a keypair

anonymous anon85786376 at protonmail.com
Wed Oct 6 22:03:38 CEST 2021


On Sunday, October 3rd, 2021 at 7:54 AM, Jack via Gnupg-users <gnupg-users at gnupg.org> wrote:

> The key was created many years ago with gpg
> version 1 and was definitely created without a passphrase.

One of many problems with having no password protection for a key is there is nothing to stop someone who has access to your PC from creating a password for it.

> I do not have secring.gpg or pubring.gpg, but
> gpg -k and gpg -K both show my main key.

Secret keys are now stored in the /.gnupg/private-keys-v1.d folder with a filename that is the key's keygrip with a .key suffix.

To know which key each keygrip belongs to, use:
$ gpg --with-keygrip -K.

You can get some more information about the key's protection by viewing the keygrip file with the xxd command:
$ xxd ~/.gnupg/private-keys-v1.d/KEYGRIP.key
(obviously replace "KEYGRIP" with the actual keygrip).
The rightmost column will display text, with the part at the end of the file being the time password protection was added to the key.

> because pinentry does not accept a blank passphrase, and it still
> prompts for one even if it doesn't actually need it.

That prompt is a sure sign that the key is now protected with a password.



More information about the Gnupg-users mailing list