diff --git a/src/key.js b/src/key.js
index b21a64e4..0b8b034f 100644
--- a/src/key.js
+++ b/src/key.js
@@ -365,6 +365,22 @@ Key.prototype.getEncryptionKeyPacket = function() {
   return null;
 };
 
+/**
+ * Encrypts all secret key and subkey packets
+ * @param  {String} passphrase
+ */
+Key.prototype.encrypt = function(passphrase) {
+  if (!this.isPrivate()) {
+    throw new Error("Nothing to encrypt in a public key");
+  }
+
+  var keys = this.getAllKeyPackets();
+  for (var i = 0; i < keys.length; i++) {
+    keys[i].encrypt(passphrase);
+    keys[i].clearPrivateMPIs();
+  }
+};
+
 /**
  * Decrypts all secret key and subkey packets
  * @param  {String} passphrase
diff --git a/test/general/key.js b/test/general/key.js
index f5b342eb..34262885 100644
--- a/test/general/key.js
+++ b/test/general/key.js
@@ -706,5 +706,28 @@ var pgp_desktop_priv =
     }).catch(done);
   });
 
+  it('Encrypt key with new passphrase', function(done) {
+    var userId = 'test <a@b.com>';
+    var opt = {numBits: 512, userIds: userId, passphrase: 'passphrase'};
+    if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys
+    openpgp.generateKey(opt).then(function(key) {
+      key = key.key;
+      var armor1 = key.armor();
+      var armor2 = key.armor();
+      expect(armor1).to.equal(armor2);
+      expect(key.decrypt('passphrase')).to.be.true;
+      expect(key.primaryKey.isDecrypted).to.be.true;
+      key.encrypt('new_passphrase');
+      expect(key.primaryKey.isDecrypted).to.be.false;
+      expect(key.decrypt('passphrase')).to.be.false;
+      expect(key.primaryKey.isDecrypted).to.be.false;
+      expect(key.decrypt('new_passphrase')).to.be.true;
+      expect(key.primaryKey.isDecrypted).to.be.true;
+      var armor3 = key.armor();
+      expect(armor3).to.not.equal(armor1);
+      done();
+    }).catch(done);
+  });
+
 });