Authors note: The passphrase is an additional layer of encryption on top of your private key. If your private key has already been compromised, changing your passphrase will not help. You need to generate and distribute a revocation certificate for your compromised key(s) immediately.
$ gpg --edit-key email@example.com gpg> passwd gpg> save
I spent a little bit of time this weekend coming up with a more secure passphrase for my GPG keys. GPG makes the process very simple, and took maybe a total of 5 minutes (a good 20% of that was just my typing in my new passphrase!).
First, let’s open up our private key:
$ gpg --edit-key firstname.lastname@example.org
This will run the GPG console and open your private key:
gpg (GnuPG/MacGPG2) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. <Key stuff>
Now, run GPG’s
passwd to set a new passphrase. You’ll be prompted to enter a new passphrase and verification (output omitted below). Lastly, save your key.
gpg> passwd gpg> save