16
5
I need to automate a deployment process and the tool will sign the release artifacts automatically. My key ring has a primary key which I use only for creating subkeys, and two subkeys. One subkey for signing and one for encryption.
Currently there is single pass phrase for all the keys. I don't want to specify this pass phrase in a configuration file as that would risk the primary key as well.
So I thought I'd set a different pass phrase for the subkey by doing:
$ gpg --edit-key [subkey-id]
gpg> passwd
gpg> save
But this changed the pass phrase for other keys as well.
How can I set a separate pass phrase for individual keys?
1This does not work with GnuPG 2.2.4. It fails saying "Need the secret key to do this." Very sad :'( – steinybot – 2018-10-08T10:49:10.117
So I need to use passwordless gpg keys for automatic repo signing? – SuperSandro2000 – 2019-11-21T10:43:58.230
No, you can also pre-cache the passphrase using
– Jens Erat – 2019-11-25T22:17:03.993gpg-agent
. Have a look atgpg-preset-passphrase
.