Page MenuHome GnuPG

Cannot remove passphrase
Closed, ResolvedPublic

Description

I was able to set a passphrase to previously passphrase-less private key with
"passwd" command in --edit-key shell.

Now it is impossible to remove a passphrase the same way. I know it worked in
earlier releases.

$ gpg --edit-key andrey.utkin@decent.im
gpg (GnuPG) 2.1.16; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec rsa4096/98C4BB0899DBBA85

created: 2015-11-16  expires: never       usage: SC  
trust: ultimate      validity: ultimate

ssb rsa4096/8C77911D55D27C24

created: 2015-11-16  expires: never       usage: E

[ultimate] (1). Andrey Utkin (Jabber) <andrey.utkin@decent.im>

gpg> passwd
Please enter the passphrase to unlock the OpenPGP secret key:
"Andrey Utkin (Jabber) <andrey.utkin@decent.im>"
4096-bit RSA key, ID 98C4BB0899DBBA85,
created 2015-11-16.

Passphrase:
gpg: key 98C4BB0899DBBA85/98C4BB0899DBBA85: error changing passphrase: No
passphrase given
Please enter the passphrase to unlock the OpenPGP secret key:
"Andrey Utkin (Jabber) <andrey.utkin@decent.im>"
4096-bit RSA key, ID 8C77911D55D27C24,
created 2015-11-16 (main key ID 98C4BB0899DBBA85).

Passphrase:
gpg: key 98C4BB0899DBBA85/8C77911D55D27C24: error changing passphrase: No
passphrase given

gpg> save
Key not changed so no update needed.

$ gpg --passwd andrey.utkin@decent.im
gpg (GnuPG) 2.1.16; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please enter the passphrase to unlock the OpenPGP secret key:
"Andrey Utkin (Jabber) <andrey.utkin@decent.im>"
4096-bit RSA key, ID 98C4BB0899DBBA85,
created 2015-11-16.

Passphrase:
gpg: key 98C4BB0899DBBA85/98C4BB0899DBBA85: error changing passphrase: No
passphrase given
Please enter the passphrase to unlock the OpenPGP secret key:
"Andrey Utkin (Jabber) <andrey.utkin@decent.im>"
4096-bit RSA key, ID 8C77911D55D27C24,
created 2015-11-16 (main key ID 98C4BB0899DBBA85).

Passphrase:
gpg: key 98C4BB0899DBBA85/8C77911D55D27C24: error changing passphrase: No
passphrase given
gpg: error changing the passphrase for 'andrey.utkin@decent.im': No passphrase given

This is quite embarrassing issue. I'd love to contribute a bunch of functional
tests for this and similar topics, but don't see a framework for such tests in
git repo, would appreciate some help with that.

Details

Version
2.1.16

Event Timeline

I just tried it with the current version from git and I see no real problems.
The only annoyance is that you need to enter the passpharse (or no passphrase)
for each subkey.

andrey_utkin claimed this task.
andrey_utkin added a project: Unreleased.

I'm glad that git has this fixed. Well, then the actual problem is that it is
broken in release.

Even being gentoo user, I cannot install gnupg from git easily (there's no live
ebuild for gnupg yet). So users will suffer from this until you make next
release and distros maintainers update packages.

So regarding functional tests for shell utils... Any suggestion how to arrange
that? Or would you review whatever I come up with?

drrossum reopened this task as Open.EditedNov 22 2017, 1:08 PM
drrossum added a subscriber: drrossum.

I tried to remove the passphrase on my authentication subkey but the same issue seems to still be present in version 2.2.2.

Nevermind, I did not realize that passwd does not only operate on the selected key but on all keys (subkeys) in sequence.