gpg changing passphrase - does not resecure your private key

This post is written in responce to an old post, which gives the false impression that changing your passphrase resecures your gpg key. The real answer should be either revoke the old key and generate a new one, or make use of subkeys with different passphrases for the master and the subkeys.

Move aside existing gpg data so that we can create demo:

~$ mv ~/.gnupg real.gnupg

Create new key:

~$ gpg --no-greeting --gen-key
gpg: directory `/home/test/.gnupg' created
gpg: new configuration file `/home/test/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/test/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/test/.gnupg/secring.gpg' created
gpg: keyring `/home/test/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 3
Key expires at Tue 13 May 2014 17:49:00 CEST
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: First Last
Email address: first.last@example.com
Comment: 
You selected this USER-ID:
    "First Last <first.last@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

Enter passphrase: test123
Repeat passphrase: test123
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 282 more bytes)
..+++++
+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
...+++++
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
gpg: key 63A6C622 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2014-05-13
pub   1024R/63A6C622 2014-05-10 [expires: 2014-05-13]
      Key fingerprint = E1E3 C664 4ADB 8AE5 E974  FBEC 2112 4315 63A6 C622
uid                  First Last <first.last@example.com>
sub   1024R/5FF2CA36 2014-05-10 [expires: 2014-05-13]
~$

Encrypt a secret message to ourselves, (bank info, other passwords, etc):

~$ echo "hello world" | gpg -ae -r  first.last@example.com > /tmp/msg.gpg
~$ file /tmp/msg.gpg
/tmp/msg.gpg: PGP message
~$

Decrypt the file to show it contains the content we entered:

~$ gpg -d /tmp/msg.gpg
You need a passphrase to unlock the secret key for
user: "First Last <first.last@example.com>"
1024-bit RSA key, ID 5FF2CA36, created 2014-05-10 (main key ID 63A6C622)
Enter passphrase: test123
gpg: encrypted with 1024-bit RSA key, ID 5FF2CA36, created 2014-05-10
      "First Last <first.last@example.com>"
hello world
~$

Mallory makes a copy of our secret keyring:

~$ cp ~/.gnupg/secring.gpg ~/.gnupg/secring.gpg.compromized

We realize our passphrase has been compromized, so we change it:

~$ gpg --edit-key first.last@example.com
Secret key is available.
pub  1024R/63A6C622  created: 2014-05-10  expires: 2014-05-13  usage: SC  
                     trust: ultimate      validity: ultimate
sub  1024R/5FF2CA36  created: 2014-05-10  expires: 2014-05-13  usage: E   
[ultimate] (1). First Last <first.last@example.com>

gpg> password
Key is protected.

You need a passphrase to unlock the secret key for
user: "First Last <first.last@example.com>"
1024-bit RSA key, ID 63A6C622, created 2014-05-10

Enter passphrase: test123
Enter the new passphrase for this secret key.
Enter passphrase: foo123
Repeat passphrase: foo123
gpg> save
~$

Our updated key with the new passphrase can still read the message we encrypted earlier:

~$ gpg -d /tmp/msg.gpg

You need a passphrase to unlock the secret key for
user: "First Last <first.last@example.com>"
1024-bit RSA key, ID 5FF2CA36, created 2014-05-10 (main key ID 63A6C622)

Enter passphrase: foo123
gpg: encrypted with 1024-bit RSA key, ID 5FF2CA36, created 2014-05-10
      "First Last <first.last@example.com>"
hello world
~$

Move our updated secret keyring aside:

~$ mv ~/.gnupg/secring.gpg ~/.gnupg/secring.gpg.new

Pretend that we are Mallory, who knows our original passphrase and has managed to get hold of a copy of our secret keyring:

~$ mv ~/.gnupg/secring.gpg.compromized ~/.gnupg/secring.gpg

Mallory can now decode any messages using the old passphrase:

~$ gpg -d /tmp/msg.gpg

You need a passphrase to unlock the secret key for
user: "First Last <first.last@example.com>"
1024-bit RSA key, ID 5FF2CA36, created 2014-05-10 (main key ID 63A6C622)

Enter passphrase: test123
gpg: encrypted with 1024-bit RSA key, ID 5FF2CA36, created 2014-05-10
      "First Last <first.last@example.com>"
hello world
~$

Demo completed, cleanup and revert our non demo gpg data:

~$ rm -rf ~/.gnupg/
~$ mv real.gnupg .gnupg

Menu