I figured this out. In case anyone else ever gets into a similar predicament, here's how I did it. It seems this could be much easier if the change-passphrase option took an optional --user argument so that an admin could affect someone else in one step. Instead, I had to do the following. Assumptions: LUSER=me # who forgot his passphrase HELPER=them # who can be trusted as an admin and does remember their passphrase KEY=f24 # the key for which $LUSER forgot his passphrase # Make the other (trusted) user an admin. sigul modify-user --admin yes $HELPER # Make them a key administrator of that key. sigul modify-key-user --key-admin yes $HELPER $KEY # Now have them reset my passphrase by revoking it and then granting it, # which will allow them to set an initial passphrase to something that's # known. sigul revoke-key-access $KEY $LUSER sigul grant-key-access $KEY $LUSER