g10: notify a user when importing stub is skipped.

* g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED when stub_key_skipped. (import_secret_one): Notify a user, suggesting --card-status. -- Migration to 2.1 might be confusing with smartcard. With this patch, a user can learn to run gpg ---card-status. Thanks to intrigeri for the report. Debian-bug-id: 795881
2024-12-22 10:19:57 +01:00 · 2015-11-02 14:33:38 +09:00 · 2015-11-02 14:33:38 +09:00 · 06f3eadb22
commit 06f3eadb22
parent 18cd09246f
1 changed files with 29 additions and 2 deletions
--- a/g10/import.c
+++ b/g10/import.c
@ -1331,6 +1331,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
  unsigned char *wrappedkey = NULL;
  size_t wrappedkeylen;
  char *cache_nonce = NULL;
+  int stub_key_skipped = 0;

  /* Get the current KEK.  */
  err = agent_keywrap_key (ctrl, 0, &kek, &keklen);
@ -1391,7 +1392,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
         has been inserted and a stub key is in turn generated by the
         agent.  */
      if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
-        continue;
+        {
+          stub_key_skipped = 1;
+          continue;
+        }

      /* Convert our internal secret key object into an S-expression.  */
      nskey = pubkey_get_nskey (pk->pubkey_algo);
@ -1568,6 +1572,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
        }
    }

+  if (!err && stub_key_skipped)
+    /* We need to notify user how to migrate stub keys.  */
+    err = gpg_error (GPG_ERR_NOT_PROCESSED);
+
 leave:
  gcry_sexp_release (curve);
  xfree (cache_nonce);
@ -1757,8 +1765,27 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock,
                       keystr_from_pk (pk));
          else
            {
+              gpg_error_t err;
+
 	      nr_prev = stats->secret_imported;
-              if (!transfer_secret_keys (ctrl, stats, keyblock, batch))
+              err = transfer_secret_keys (ctrl, stats, keyblock, batch);
+              if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED)
+                {
+                  /* TRANSLATORS: For smarcard, each private key on
+                     host has a reference (stub) to a smartcard and
+                     actual private key data is stored on the card.  A
+                     single smartcard can have up to three private key
+                     data.  Importing private key stub is always
+                     skipped in 2.1, and it returns
+                     GPG_ERR_NOT_PROCESSED.  Instead, user should be
+                     suggested to run 'gpg --card-status', then,
+                     references to a card will be automatically
+                     created again.  */
+                  log_info (_("To migrate secring.gpg, with each smartcard, run:"
+                              "gpg --card-status"));
+                  err = 0;
+                }
+              if (!err)
                {
 		  int status = 16;
                  if (!opt.quiet)