diff --git a/g10/import.c b/g10/import.c index 048b136c9..82ccfa7df 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1331,6 +1331,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, unsigned char *wrappedkey = NULL; size_t wrappedkeylen; char *cache_nonce = NULL; + int stub_key_skipped = 0; /* Get the current KEK. */ err = agent_keywrap_key (ctrl, 0, &kek, &keklen); @@ -1391,7 +1392,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, has been inserted and a stub key is in turn generated by the agent. */ if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002) - continue; + { + stub_key_skipped = 1; + continue; + } /* Convert our internal secret key object into an S-expression. */ nskey = pubkey_get_nskey (pk->pubkey_algo); @@ -1568,6 +1572,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, } } + if (!err && stub_key_skipped) + /* We need to notify user how to migrate stub keys. */ + err = gpg_error (GPG_ERR_NOT_PROCESSED); + leave: gcry_sexp_release (curve); xfree (cache_nonce); @@ -1757,8 +1765,27 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, keystr_from_pk (pk)); else { + gpg_error_t err; + nr_prev = stats->secret_imported; - if (!transfer_secret_keys (ctrl, stats, keyblock, batch)) + err = transfer_secret_keys (ctrl, stats, keyblock, batch); + if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED) + { + /* TRANSLATORS: For smarcard, each private key on + host has a reference (stub) to a smartcard and + actual private key data is stored on the card. A + single smartcard can have up to three private key + data. Importing private key stub is always + skipped in 2.1, and it returns + GPG_ERR_NOT_PROCESSED. Instead, user should be + suggested to run 'gpg --card-status', then, + references to a card will be automatically + created again. */ + log_info (_("To migrate secring.gpg, with each smartcard, run:" + "gpg --card-status")); + err = 0; + } + if (!err) { int status = 16; if (!opt.quiet)