protect-secretkey - protect the secret decryption value with a new passphrase


protect-secretkey signingkey | encryptionkey outfile


The program prompts the user for a new passphrase which is used to protect the secret decryption value with PCP's protection mechanism. A separate output file will be created to hold the new protected signingkey or encryptionkey. The input files will be either signingkey or encryptionkey located in PCP's home directory depending on the command line arguments. No other file can be processed with this program for security reasons.

If you use the program to protect an unprotected key make sure that the unprotected data is wiped from the filesystem reliably. Finally the secret key used by PCP has to be replaced with "outfile" for the new key to become effective.

You may invoke the program as follows

protect-secretkey signingkey $HOME/.pcp/signingkey to replace the signingkey with the new one in one step, provided you have a backup of the signingkey being overwritten.


$HOME/.pcp/pcp-mode PURE mode is enabled with "pure" in the first line. The default is CONSERVATIVE. c:\pcp\pcp-mode Is the location under WINDOWS.


Written by Ralf Senderek.


All rights reserved. © 2003
This is free software. Use this software on your own risk or not at all. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


pcp - the Pure Crypto Program (
read-pgpkey, read-sshkey, read-opensslkey, sechash, check-keys