Passphrase has no effect on exported private key?

[yousefamar]

When I try to export a private key with a passphrase, the output is identical to one without. It seems like the passphrase argument has 0 effect on the output? I'm not sure if I'm misunderstanding something (does a passphrase need to be set in a KeyManager beforehand or something?).

The following is a simple test showing that the outputs are the same:

kbpgp.KeyManager.generate_rsa({ userid : "Bo Jackson <user@example.com>" }, function(err, charlie) {
  charlie.sign({}, function(err) {
    charlie.export_pgp_private ({
      passphrase: 'booyeah!'
    }, function(err, withPass) {
      charlie.export_pgp_private ({}, function(err, withoutPass) {
        console.log(withPass === withoutPass ? "They're the same!" : "They're different");
      });
    });
  });
});

Any advice much appreciated!

[j3g]

I'm seeing this same issue. Did you resolve it?

In my testing I've found that it retains the first, original passphrase. Any other passphrase after is ignored. This makes it impossible to export the private more than once with different passphrases. This might be related to their keychain implementation.

[yousefamar]

Nope, sorry, ended up abandoning the project and even abandoning Keybase entirely post-Zoom-acquisition. In the meantime WebCrypto has gotten pretty solid actually, and even the latest version of node (15.x.x) has access to the same APIs and a large subset of algos via the crypto library now, so I would recommend using those instead.

[j3g]

aah, thanks for a response. Good to hear from someone. Kind of a ghost town here these days. My client wants PGP for messaging protections. WebCrypto is providing the raw algorithms. This library has been good enough. I'm not sure what to do about this export issue. I might dive into their code, hunting for a solution. Otherwise i'll devise a work around.