[pkg-gnupg-maint] Bug#836458: Cannot edit key stored with an empty passphrase

[Yuri D'Elia]

Package: gnupg
Version: 2.1.15-2
Severity: important

gnupg2 seems to think best that empty passphrases should be abolished.

During the migration from gpg1 to 2, a key previously stored with an empty
passphrase cannot be used anymore:

- attempting to use the key prompts for a passphrase, even though entering an
  empty one is being refused.

- editing the key and using 'passwd' results in the same (the empty passphrase
  is refused when entering the existing passphrase).

I don't understand why this check is put into place.

There are plenty of situations where an empty passphrase is acceptable. Storing
a key encrypted and then having to provide the unencrypted key in unattended
matter (which needs to be stored along with the key anyway) does NOT provide
any added security.

I actually have keyrings of retired keys which I store on encrypted media where
the passphrase has been *intentionally* reset to empty. I cannot access those
keyrings anymore with gpg2.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (800, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg depends on:
ii  gnupg-agent    2.1.15-2
ii  libassuan0     2.4.3-1
ii  libbz2-1.0     1.0.6-8
ii  libc6          2.23-5
ii  libgcrypt20    1.7.3-1
ii  libgpg-error0  1.24-1
ii  libksba8       1.3.4-4
ii  libreadline6   6.3-8+b4
ii  libsqlite3-0   3.14.1-1
ii  zlib1g         1:1.2.8.dfsg-2+b1

Versions of packages gnupg recommends:
ii  dirmngr     2.1.15-2
pn  gnupg-l10n  <none>

Versions of packages gnupg suggests:
pn  parcimonie  <none>
pn  xloadimage  <none>