how to add a passphrase to a keypair
ostroffjh at users.sourceforge.net
Thu Oct 7 20:07:23 CEST 2021
OK, I have to declare defeat. I obviously have a far worse case of CRS
(Can't remember stuff) than I thought.
On 2021.10.06 16:03, anonymous via Gnupg-users wrote:
> On Sunday, October 3rd, 2021 at 7:54 AM, Jack via Gnupg-users
> <gnupg-users at gnupg.org> wrote:
> > I do not have secring.gpg or pubring.gpg, but gpg -k and gpg -K
> both show my main key.
> Secret keys are now stored in the /.gnupg/private-keys-v1.d folder
> with a filename that is the key's keygrip with a .key suffix.
Not sure why I mentioned that, other than that the lack of those files
prevented my trying to access they keys with gpg 1.4.
> To know which key each keygrip belongs to, use:
> $ gpg --with-keygrip -K.
> You can get some more information about the key's protection by
> viewing the keygrip file with the xxd command:
> $ xxd ~/.gnupg/private-keys-v1.d/KEYGRIP.key
> (obviously replace "KEYGRIP" with the actual keygrip).
> The rightmost column will display text, with the part at the end of
> the file being the time password protection was added to the key.
That was the key (no pun intended) to seeing that indeed, there is a
password on the key, and, in complete conflict with my (obviously
flaky) memory, it was added when the key was created, and that date
(April 2020) was much more recent than I thought. The only saving
grace here (unless I can actually remember the password) is that it
seems I never actually uploaded that key to any keyerver, although I do
have a revocation certificate.
> > because pinentry does not accept a blank passphrase, and it still
> prompts for one even if it doesn't actually need it.
> That prompt is a sure sign that the key is now protected with a
I may follow up on this later, but are you saying that if there is no
password on the key, then gpg/gpg-agent/pinentry will not even prompt
for it? So, if I did have a key without a password, then "gpg --passwd
that-key" would not prompt for the original (blank) password, and only
for the new password?
Thanks again for giving me the necessary clue.
More information about the Gnupg-users