gpg remove passphrase

Question

I want to remove the passphrase from gpg key after creating it. Why? . Because the tigase-kontalk documentation says so and I want to compile and setup my own version of this server . But am stuck at this point

Create GPG key Create a GPG key for both signing and encrypting, and remove its passphrase after creating it

I want a linux gpg command to remove the passphrase or to export unprotected keys.

score 59 · Answer 1 · edited Dec 15 '23 at 07:45

Here is a more complete answer based on Justin's:

(Using gpg 1.4.16 on Ubuntu 14)

Get the ID of your key like this:

gpg --list-secret-keys --keyid-format=long

This will output a few lines similar to below. The key ID is the value XXXX

/home/username/.gnupg/secring.gpg
----------------------------------
sec   4096R/XXXX <creation date>
uid                  name <email.address>
ssb   4096R/YYYY <creation date>

Open the gpg key edit submenu like this:

gpg --edit-key XXXX

You will see information about the key.
Type passwd at the prompt to change the password:

gpg> passwd
Enter your existing passphrase.
Enter the new passphrase for this secret key. (Leave this blank and press Enter)
Press Enter twice and consider the warnings from the tool and its implications before proceeding.

    You don't want a passphrase - this is probably a *bad* idea!
Do you really want to do this? (y/N) y

Similarly On Debian 11:

score 25 · Answer 2 · answered Sep 22 '18 at 22:14

Let me share what I found. I thought I might share in case there is another lost soul In the bash shell,

gpg2 --batch --gen-key <<EOF
%no-protection
Key-Type:1
Key-Length:2048
Subkey-Type:1
Subkey-Length:2048
Name-Real: My super name
Name-Email: admin@superuser.com
Expire-Date:0
EOF

The key can now be exported

gpg2 --export-secret-key fingerprinthere > private-key.key
gpg2 --export fingerprintshuld_be_put_here > public-key.key

score 9 · Answer 3 · answered Sep 21 '18 at 19:05

9

It's simple. Just run:

gpg --edit-key <yourkeyhere>
passwd

When GnuPG prompts for the new passphrase, just leave it blank and hit enter.

Source: https://lists.gnupg.org/pipermail/gnupg-users/2003-April/017623.html

answered Sep 21 '18 at 19:05

Justin Pearce

3,150

score 4 · Answer 4 · answered Aug 02 '22 at 22:40

4

See https://unix.stackexchange.com/a/597949/20960. It seems that some varieties of pinentry refuse to accept an empty passphrase, while others are fine with it.

gpg --pinentry-mode loopback --passwd KEY

answered Aug 02 '22 at 22:40

Chris Jones

141

score 1 · Answer 5 · answered Nov 02 '24 at 15:56

I wrote up a simple script for this:

#!/usr/bin/env bash
email="joe@foo.bar"
current_passphrase='abc#6'
target_passphrase=''
Create a temporary file to store the commands
temp_file=$(mktemp)
echo "temp_dir: $temp_file"
Write the commands to the temporary file
cat <<EOF > "$temp_file"
passwd
$(printf '%s\n' "$current_passphrase")
$(printf '%s\n' "$target_passphrase")
save
EOF
Remove the passphrase
gpg --batch --yes --pinentry-mode loopback --status-fd 1 --command-fd 0 --edit-key "$email" < "$temp_file"

score 0 · Answer 6 · answered Jul 08 '24 at 10:11

0

Very simple: When generating the GPG key pairs it will ask for password, do not enter any password. Just press okay.

Command to generate the key pairs:

gpg --full-generate-key

answered Jul 08 '24 at 10:11

Mukesh

1

gpg remove passphrase

6 Answers6

Create a temporary file to store the commands

Write the commands to the temporary file

Remove the passphrase