On 10/2/21 22:51, raf via Gnupg-users wrote:
On Sun, Oct 03, 2021 at 01:40:03PM +1100, raf <gn...@raf.org> wrote:
On Sat, Oct 02, 2021 at 07:12:45PM -0400, Jack via Gnupg-users
<gnupg-users@gnupg.org> wrote:
Is it possible to add a passphrase to a secret key originally created
without one? If so, please tell me how. I'll be happy with either
instructions or pointer to the fine manual I either missed or misread.
I have tried lots of variations. Attempts using gpg-agent fail because
pinentry (I've tried text and gui versions) refuses to accept a blank
passphrase. Variants using --passphrase or --passphrase-fd don't work
because they only allow passing one passphrase, and I need to provide the
old one and the new one. I've also tried --export-secret-key, which also
fails with "error receiving key from agent: No passphrase given - skipped"
when using --passphrase-fd.
I do have a copy of gpg-1.4.23 available, but simply copying .gnupg to a new
user and using the old gpg doesn't help because gpg1 doesn't see the secret
keys from gpg2, and I haven't been able to export them.
Is there a way to do this, or is revoking the old key and creating new keys
from scratch the only solution?
Thanks for any information.
Jack
Try these instructions for changing the passphrase:
https://www.cyberciti.biz/faq/linux-unix-gpg-change-passphrase-command/
https://help.ubuntu.com/community/GnuPrivacyGuardHowto#Changing_your_Passphrase
gpg --edit-key Your-Key-ID-Here
gpg> passwd
gpg> save
Also, don't use gpg1. I'm guessing that either the key
was created with gpg2, or was created with gpg1 but
then ~/.gnupg was subsequently converted for use with
gpg2 (since you say "gpg1 doesn't see the secret keys
from gpg2"). If either is the case, keep using gpg2.
Also, if you are getting the error "No passphrase
given", I could be wrong, but that might suggest that
the secret key is already encrypted. Are you sure that
there is no existing passphrase? If so, ignore this.
cheers,
raf
Thanks for the suggestions, but they do not help. On my main PC I only
have version 2 installed, so gpg and gpg2 are the same command (one is a
symlink to the other.) The key was created many years ago with gpg
version 1 and was definitely created without a passphrase. I have gone
through many PCs since then (all LInux) and always copied my ~/.gnupg
folder to the new box. Somewhere along the line some files do seem to
have gotten lost, because I do not have secring.gpg or pubring.gpg, but
gpg -k and gpg -K both show my main key. I compiled a copy of gpg1 (not
installed to the system) to try to use locally, since it doesn't enforce
the use of a passphrase for the secret key. Unfortunately, without
secring.gpg, it doesn't see the secret key at all.
Your first suggestion does not work (as I said in my original post)
because pinentry does not accept a blank passphrase, and it still
prompts for one even if it doesn't actually need it.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
