Conversation
Jarkko Sakkinen
jarkko
Edited 1 year ago
I wonder what is the best practice to remove #passphrase from #OpenPGP subkey. I’m using #gnupg2. I’ve spend hours on this and still not able to do it :-(
I.e. I have this:
$ gpg -K
/home/jarkko/.gnupg/pubring.kbx
-------------------------------
sec rsa4096 2019-06-24 [C] [expires: 2024-07-04]
5107E66D34788A93E3227C903AB05486C7752FE1
uid [ unknown] Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
uid [ unknown] Jarkko Sakkinen <jarkko@kernel.org>
uid [ unknown] Jarkko Sakkinen <jarkko.sakkinen@tuni.fi>
ssb ed25519 2019-06-25 [S] [expires: 2025-07-27]
ssb rsa4096 2020-08-11 [A]
ssb rsa4096 2022-03-21 [E] [expires: 2024-03-20]
ssb ed25519 2022-12-29 [A]
And I want to remove passphrase from #ed25519 #authentication #key.
3
0
0
2
0
0
I used to have Nitrokey Pro in the past with paper printed backup of my master key as a set QR codes. I'm now in the middle of migration. I actually set the passphrase accidentally to a subkey and now I'm clueless how get rid of it. I just want to understand before progressing forward.
1
0
0
@krzk @vbabka yup, since I don't have ideas how to proceed with the subkey password, I'll seal my master key for now to Yubikey :-) I don't even know exactly how to verify if it was removed or see if a particular subkey has a passphrase (I tried tools such as Seahorse also to see if they give this visibility but no luck).
2
0
0
thanks for the feedback anyway, i migrated to yubikey! and once again printed my master key also as a set of QR stickers (encrypted with passphrase) :-) I bought a label writer few years ago specifically for this purpose. if you have ideas just for the sake learning and understanding how passphrases were supposed to work please don't hesitate to share to this post, thank you.
0
0
0
@coelacanthus I think I give a shot for writing a small python script that gives me more elaborated status report of a keyring state than gnupg -K does. I.e. shows both keys, and also their sealing state (or whatever it is called).
1
0
0
@coelacanthus actually I think i just write a simple viewer, which so the stuff I need to see from each subkey. The bigger issue for me with gnupg than how to do something is to how to see what changed. I actually might use this opportunity to learn a bit more rust :-) Since I know pretty much what properties I want to see from each key most of the time I use OpenPGP it is easier just to take the time and write a non-generic read-only program to view that picture. The user experience of gnupg is convoluted to say the least.
0
0
0
@jarkko @krzk I just follow the great guide from @monsieuricon here https://www.kernel.org/doc/html/next/process/maintainer-pgp-guide.html
master key goes to an encrypted USB key, subkeys to a yubikey/nitrokey/whatnot. I've only deviated by uploading the same set of subkeys to multiple yubikeys/nitrokey for interchangeability.
master key goes to an encrypted USB key, subkeys to a yubikey/nitrokey/whatnot. I've only deviated by uploading the same set of subkeys to multiple yubikeys/nitrokey for interchangeability.
1
0
1
