Is it possible to have passphrase different from generation seed?

[WhiteBlackGoose]

Hello. I absolutely love the deterministic generated private keys, but I'd like to use a very super secret passphrase to generate them, and use another regular passphrase to access passwords (so that it's not enough to hve the "regular" passphrase to access my passwords, but it's enough to have the super-secret one for it)

[skeeto]

You're looking for the --protect (-e) option, which additionally encrypts the key with a passphrase. By default it uses your generation passphrase, but if you pass a non-zero optional argument to --protect, it prompts that many times (i.e. 2 for "repeat" prompt) for this protection passphrase.

$ passphrase2pgp ... --protect=1 | gpg --import passphrase: passphrase (repeat): passphrase [protection]:

When GnuPG prompts for a passphrase in order to decrypt the imported key, give it the second passphrase. Note: GnuPG uses a stronger, non-standard S2K algorithm internally, so it will decrypt the key then re-encrypt it with the same passphrase. Used in this way, it's really just a convenience to get GnuPG to encrypt on import since it provides no such option to do so on its own.

[WhiteBlackGoose]

Ahh. I see, thank you so much, I'll try!