stub-key migration from gpg 1.4/2.0 to 2.1

NIIBE Yutaka gniibe at
Wed Feb 24 02:25:31 CET 2016


While GnuPG 2.1 has g10/migrate.c, it doesn't support migrating
private key stub for smartcard/token.  Last year, I put the
message to the user in g10/import.c:

                  log_info (_("To migrate '%s', with each smartcard, "
                              "run: %s\n"), "secring.gpg", "gpg --card-status");

So that user can notice.  Still, this could be easily ignored.

I'd understand that extending gpg-agent to support importing stub
doesn't sound good.  Even so, I think that it's a developers' view
point.  For users, it's better not to be requested any user
intervention in migration, if possible.

If extending gpg-agent further would not be good, is it OK to offer
some other way to convert stub in secring.gpg to
private-keys-v1.d/*.key?  If violating the roles between gpg-frontend
and gpg-agent is ok for migration process, it will be simple file
format conversion.

More information about the Gnupg-devel mailing list