> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-11/offline-cracking/trick-0053.md).

# Crack PGP Passphrase (John the Ripper)

***

To crack the passphrase of a GnuPG secret key file (such as a file specified with `--export-secret-key` or `--export-secret-subkeys` option to `gpg`, or a file containing your secret key backup), you first need to extract the hash in a format compatible with John the Ripper. This can be done using the `gpg2john` program.

Convert the key file to a John-compatible format:

```bash
gpg2john key.asc > hash.txt
```

This command takes the PGP `.asc` file (`key.asc` in this example) and outputs the extracted hash to a file named `hash.txt`.

Then, use John the Ripper with a wordlist against the extracted hash file to recover the passphrase. For example, to use a wordlist named `rockyou.txt`:

```bash
john --wordlist=~/Downloads/rockyou.txt hash.txt
```

This command tells John the Ripper to use the specified wordlist (`~/Downloads/rockyou.txt`) to attempt to crack the password hash stored in `hash.txt`.
