Package: gnupg Version: 2.1.15-2 Severity: important gnupg2 seems to think best that empty passphrases should be abolished.
During the migration from gpg1 to 2, a key previously stored with an empty passphrase cannot be used anymore: - attempting to use the key prompts for a passphrase, even though entering an empty one is being refused. - editing the key and using 'passwd' results in the same (the empty passphrase is refused when entering the existing passphrase). I don't understand why this check is put into place. There are plenty of situations where an empty passphrase is acceptable. Storing a key encrypted and then having to provide the unencrypted key in unattended matter (which needs to be stored along with the key anyway) does NOT provide any added security. I actually have keyrings of retired keys which I store on encrypted media where the passphrase has been *intentionally* reset to empty. I cannot access those keyrings anymore with gpg2. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages gnupg depends on: ii gnupg-agent 2.1.15-2 ii libassuan0 2.4.3-1 ii libbz2-1.0 1.0.6-8 ii libc6 2.23-5 ii libgcrypt20 1.7.3-1 ii libgpg-error0 1.24-1 ii libksba8 1.3.4-4 ii libreadline6 6.3-8+b4 ii libsqlite3-0 3.14.1-1 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages gnupg recommends: ii dirmngr 2.1.15-2 pn gnupg-l10n <none> Versions of packages gnupg suggests: pn parcimonie <none> pn xloadimage <none>
