security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-09 12:54:23 +01:00
Code Activity

g10: notify a user when importing stub is skipped.

Browse Source 
* g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
when stub_key_skipped.
(import_secret_one): Notify a user, suggesting --card-status.

--

Migration to 2.1 might be confusing with smartcard.  With this patch,
a user can learn to run gpg ---card-status.

Thanks to intrigeri for the report.

Debian-bug-id: 795881
This commit is contained in:
NIIBE Yutaka 2015-11-02 14:33:38 +09:00
parent 18cd09246f
commit 06f3eadb22
1 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
g10/import.c
View File

@ -1331,6 +1331,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
unsigned char *wrappedkey = NULL; unsigned char *wrappedkey = NULL;
size_t wrappedkeylen; size_t wrappedkeylen;
char *cache_nonce = NULL; char *cache_nonce = NULL;
int stub_key_skipped = 0;
/* Get the current KEK. */ /* Get the current KEK. */
err = agent_keywrap_key (ctrl, 0, &kek, &keklen); err = agent_keywrap_key (ctrl, 0, &kek, &keklen);
@ -1391,7 +1392,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
has been inserted and a stub key is in turn generated by the has been inserted and a stub key is in turn generated by the
agent. */ agent. */
if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002) if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
{
stub_key_skipped = 1;
continue; continue;
}
/* Convert our internal secret key object into an S-expression. */ /* Convert our internal secret key object into an S-expression. */
nskey = pubkey_get_nskey (pk->pubkey_algo); nskey = pubkey_get_nskey (pk->pubkey_algo);
@ -1568,6 +1572,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
} }
} }
if (!err && stub_key_skipped)
/* We need to notify user how to migrate stub keys. */
err = gpg_error (GPG_ERR_NOT_PROCESSED);
leave: leave:
gcry_sexp_release (curve); gcry_sexp_release (curve);
xfree (cache_nonce); xfree (cache_nonce);
@ -1757,8 +1765,27 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock,
keystr_from_pk (pk)); keystr_from_pk (pk));
else else
{ {
gpg_error_t err;
nr_prev = stats->secret_imported; nr_prev = stats->secret_imported;
if (!transfer_secret_keys (ctrl, stats, keyblock, batch)) err = transfer_secret_keys (ctrl, stats, keyblock, batch);
if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED)
{
/* TRANSLATORS: For smarcard, each private key on
host has a reference (stub) to a smartcard and
actual private key data is stored on the card. A
single smartcard can have up to three private key
data. Importing private key stub is always
skipped in 2.1, and it returns
GPG_ERR_NOT_PROCESSED. Instead, user should be
suggested to run 'gpg --card-status', then,
references to a card will be automatically
created again. */
log_info (_("To migrate secring.gpg, with each smartcard, run:"
"gpg --card-status"));
err = 0;
}
if (!err)
{ {
int status = 16; int status = 16;
if (!opt.quiet) if (!opt.quiet)