Configure GPG Passphrase
In situation where you need to change your primary key's passphrase, you can do it with GnuPG program. This section guides you on how to update/change passphrase.
Verify Your Primary "Certify" Key Is Available
For advanced users who deleted their "certify" capability secret key, you need to restore it back for key creations. You can verify it by using the following command:
$ gpg --list-secret-keys
Example:
$ gpg --list-secret-keys
...
---------------------------
sec rsa4096 2020-01-10 [C]
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
uid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>
You want to observe the key with [C
] capability and the sec
label does not have a hash ("sec#
"). If it does, you need to restore the key by loading the backup copy and use the following command to restore it:
$ gpg --import /path/to/you/key.asc
Update/Change Passphrase
Now that you're done, it's time to update/change the passphrase.
Obtain Your Primary Key ID
We start off by obtaining your primary key ID. This is by using the following command and find your key:
$ gpg --list-secret-keys
Example:
$ gpg --list-secret-keys
...
---------------------------
sec rsa4096 2020-01-10 [C]
AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
uid [ultimate] "Shotgun" John, Smith (Main ID) <john.smith@email.com>
You want the long string under the [C
] key. In the example above, it is: AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
.
Edit Primary Key
With the key ID identified, it's time to edit the key. Use the following command pattern to edit the key:
$ gpg --expert --edit-key <key-id>
From the example above, it is:
$ gpg --expert --edit-key AC51A10307C10B2A4BB1C89AF5EF57A0FB4EF0EF
You will be presented with the gpg key editor's main menu. It looks something like:
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa4096/F5EF57A0FB4EF0EF
created: 2020-01-10 expires: never usage: C
trust: ultimate validity: ultimate
[ultimate] (1). "Shotgun" John, Smith (Main ID) <john.smith@email.com>
gpg>
Change Password
Now that everything is done, you may proceed to change the passphrase using passwd
command. Here's an example:
gpg> passwd
You'll be asked for passphrases for numerous cases, such as:
- Your original passphrase for verification
- Entering new passphrase twice
- Re-confirm with new passphrase
Save and Quit
Once everything is done, you may quit and save. Type quit and remember to confirm the save.
gpg> quit
Save changes? (y/N) y
That's all about configuring passphrase for GnuPG.