diff --git a/pkgs/tools/security/passphrase2pgp/default.nix b/pkgs/tools/security/passphrase2pgp/default.nix
index 7efb9d0bb18..03d766a3447 100644
--- a/pkgs/tools/security/passphrase2pgp/default.nix
+++ b/pkgs/tools/security/passphrase2pgp/default.nix
@@ -1,14 +1,14 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, nix-update-script }:
 
 buildGoModule rec {
   pname = "passphrase2pgp";
-  version = "1.2.1";
+  version = "1.3.0";
 
   src = fetchFromGitHub {
     owner = "skeeto";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-Ik/W3gGvrOyUvYgMYqT8FIFoxp62BXd2GpV14pYXEuY=";
+    hash = "sha256-it1XYzLiteL0oq4SZp5E3s6oSkFKi3ZY0Lt+P0gmNag=";
   };
 
   vendorSha256 = "sha256-2H9YRVCaari47ppSkcQYg/P4Dzb4k5PLjKAtfp39NR8=";
@@ -18,6 +18,16 @@ buildGoModule rec {
     cp README.md $out/share/doc/$name
   '';
 
+  checkPhase = ''
+    output=$(echo NONE | ../go/bin/passphrase2pgp -a -u NONE -i /dev/stdin | sha256sum)
+    if [[ "$output" != "23f59f4346f35e2feca6ef703ea64973524dec365ea672f23e7afe79be1049dd  -" ]] ; then
+      echo "passphrase2pgp introduced backward-incompatible change"
+      exit 1
+    fi
+  '';
+
+  passthru.updateScript = nix-update-script { };
+
   meta = with lib; {
     description = "Predictable, passphrase-based PGP key generator";
     homepage = "https://github.com/skeeto/passphrase2pgp";