One thing I periodically need to do is to check that what I remember as my GPG passphrase is the actual passphrase that my key uses. Since I use a GPG Agent (otherwise known as the reason why I can’t remember my passphrase), checking this can be hard (because the agent wants to supply it for me). Here are two simple ways to check a GPG passphrase without the agent getting involved.
First, I need to know my key ID. I can get this by running:
gpg --list-keys email@example.com
Once I have the key ID, I can run the following (leaving a space at the front so it doesn’t get recorded in my shell’s history):
echo [PASSPHRASE] | gpg --passphrase-fd 0 --pinentry-mode loopback -o /dev/null \ --local-user [KEYID] -as - && echo OK
That works great and is the one I’ve been using. There is a simpler way, though, that I just learned about. For that, just type:
gpg --export-secret-keys -a [KEYID] > /dev/null && echo OK
With the second method, a password prompt will appear (so there is no need to worry about the passphrase being stored in the shell’s history).
Both seem to work well so I’m recording them here for myself to save myself my standard Web search, which often turns up other methods that don’t work with the latest version of GPG (for instance, anything with `–no-use-agent` no longer works).
That’s it. You’re welcome, future self.