unable to change empty passwords for private keys
Open, NormalPublic


I have generated 2 key pairs in another app without passwords, and while I am able to import them into gpg using --batch

after they are imported I would like to set a password on them, or create revocation keys for both of the key pairs

but unfortunately, gpg-agent? asks for passwords for both private keys, even if there was no password assigned, and fails on empty strings

Please advise: how can I set passwords on these existing keys, or generate revocation keys for them?


cipy created this task.Sat, Feb 23, 10:12 AM
werner added a subscriber: werner.Mon, Feb 25, 8:34 AM

Please describe in more detail what you did so that we can replicate this. We also need to know your OS and the GnuPG version.

werner triaged this task as Normal priority.Tue, Mar 5, 8:24 AM
werner added a project: Info Needed.
cipy added a comment.EditedWed, Mar 13, 9:45 PM

Hi there,

Sorry for the delay. I have created one rsa4096 and one ed25519 PGP keys in an iOS mobile app called iPGMail

Unfortunately at that time, the version of the app allowed creation of (private) keys, without a password, hence my keys having this issue/property to this day.
Unfortunately the developer has not fixed, nor provided a way to set password on these (private) keys, so I exported them from his app into 2.2.1x (maybe .13)

Now, the basic import was unhappy, as it required a password prompt when importing my problematic keys, but using an empty string/enter in that (gpg-agent?) prompt field didn't work either. It's very unhappy when you don't provide anything in thet field.

Now, after a bit of googling, I found the --batch parameter to gpg import, which happily imports my (passwordless) (private) keys without prompting, but now I have this problem with your (supported) software: I cannot set a password on those (private) keys, nor generate a revocation key for them, because gpg-agent prompts again for "old" password. Which is none/empty, but then again, pressing simple enter at that prompt doesn't make (gpg-agent) any happier.

Hence this ticket.