how to add a passphrase to a keypair

Jack ostroffjh at users.sourceforge.net
Thu Oct 7 20:07:23 CEST 2021 

OK, I have to declare defeat.  I obviously have a far worse case of CRS  
(Can't remember stuff) than I thought.

On 2021.10.06 16:03, anonymous via Gnupg-users wrote:
> On Sunday, October 3rd, 2021 at 7:54 AM, Jack via Gnupg-users  
> <gnupg-users at gnupg.org> wrote:

> > I do not have secring.gpg or pubring.gpg, but gpg -k and gpg -K  
> both show my main key.
> Secret keys are now stored in the /.gnupg/private-keys-v1.d folder  
> with a filename that is the key's keygrip with a .key suffix.
Not sure why I mentioned that, other than that the lack of those files  
prevented my trying to access they keys with gpg 1.4.
> 
> To know which key each keygrip belongs to, use:
> $ gpg --with-keygrip -K.
> 
> You can get some more information about the key's protection by  
> viewing the keygrip file with the xxd command:
> $ xxd ~/.gnupg/private-keys-v1.d/KEYGRIP.key
> (obviously replace "KEYGRIP" with the actual keygrip).
> The rightmost column will display text, with the part at the end of  
> the file being the time password protection was added to the key.
That was the key (no pun intended) to seeing that indeed, there is a  
password on the key, and, in complete conflict with my (obviously  
flaky) memory, it was added when the key was created, and that date  
(April 2020) was much more recent than I thought.  The only saving  
grace here (unless I can actually remember the password) is that it  
seems I never actually uploaded that key to any keyerver, although I do  
have a revocation certificate.
> 
> > because pinentry does not accept a blank passphrase, and it still  
> prompts for one even if it doesn't actually need it.
> That prompt is a sure sign that the key is now protected with a  
> password.
I may follow up on this later, but are you saying that if there is no  
password on the key, then gpg/gpg-agent/pinentry will not even prompt  
for it?  So, if I did have a key without a password, then "gpg --passwd  
that-key" would not prompt for the original (blank) password, and only  
for the new password?

Thanks again for giving me the necessary clue.

More information about the Gnupg-users mailing list