I've used gpg4win's Kleopatra tool to create an OpenPGP RSA personal certificate. I want to export the private key for several reasons (import it on another machine, as well as backing it up in Keepass), so I right-clicked the certificate and chose "Export Secret Keys..." and chose to "ASCII armor" it.
If I open up the file in Notepad I see this kind of thing:
-----BEGIN PGP PRIVATE KEY BLOCK----- asdfhoewiqifEFJUIONsedfiOEJhioEFh8903FSED.....etc. etc. etc. etc. -----END PGP PRIVATE KEY BLOCK-----
How can I tell (or alternatively: know) if this is passphrase-protected?
Is this passphrase-protected? There's a high probability it is!
How can I know if this is passphrase-protected?
Simply enough: import the exported key and try to use it; if it was originally created with a passphrase, it will be exported with the passphrase. You need to know it after the import, too.
It is possible to create a passphrase-less key pair, but after confirming this three times and then finally re-entering the empty passphrase you should already be pretty aware that this isn't smart:
How can I tell if this is passphrase-protected?
You can also analyze the key with
gpg --list-packets --verbose private-exported.asc.
On a password protected key you'll see something like this:
pkey: 010001 iter+salt S2K, algo: 3, SHA1 protection, hash: 2, salt: 85B065E6EAFE95F6 protect count: 2752512 (181) protect IV: e6 47 c1 03 96 b1 5c e8 skey: [v4 protected] keyid: F5798EF2ECAC2051
While the unprotected key reveals all the keys like this:
pkey: BC1A19AD1A1AC852F7A5E.... pkey: 010001 skey: 02CA55EDF940900EFFD2A.... skey: D477DA74DF0DCD8E991AA.... skey: E2A43778C36FEE7E27903.... skey: E0CC81786737F2838A7FE....