1 files changed, 42 insertions, 24 deletions

diff --git a/agent/findkey.c b/agent/findkey.c
index 098d5224f..3544764d0 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1309,24 +1309,36 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
           err = agent_get_shadow_info_type (buf, &s, &shadow_type);
           if (!err)
             {
-              n = gcry_sexp_canon_len (s, 0, NULL,NULL);
-              log_assert (n);
-              *shadow_info = xtrymalloc (n);
-              if (!*shadow_info)
+              if (!s)
                 {
-                  err = out_of_core ();
-                  goto shadow_error;
+                  *shadow_info = xstrdup ("tkd");
+                  if (!*shadow_info)
+                    {
+                      err = out_of_core ();
+                      goto shadow_error;
+                    }
                 }
               else
                 {
-                  memcpy (*shadow_info, s, n);
-                  /*
-                   * When it's a key on card (not on tpm2), maks sure
-                   * it's available.
-                   */
-                  if (strcmp (shadow_type, "t1-v1") == 0 && !grip)
-                    err = prompt_for_card (ctrl, ctrl->keygrip,
-                                           keymeta, *shadow_info);
+                  n = gcry_sexp_canon_len (s, 0, NULL,NULL);
+                  log_assert (n);
+                  *shadow_info = xtrymalloc (n);
+                  if (!*shadow_info)
+                    {
+                      err = out_of_core ();
+                      goto shadow_error;
+                    }
+                  else
+                    {
+                      memcpy (*shadow_info, s, n);
+                      /*
+                       * When it's a key on card (not on tpm2), make sure
+                       * it's available.
+                       */
+                      if (strcmp (shadow_type, "t1-v1") == 0 && !grip)
+                        err = prompt_for_card (ctrl, ctrl->keygrip,
+                                               keymeta, *shadow_info);
+                    }
                 }
             }
           else
@@ -1801,16 +1813,22 @@ agent_write_shadow_key (const unsigned char *grip,
   unsigned char *shdkey;
   size_t len;
 
-  /* Just in case some caller did not parse the stuff correctly, skip
-   * leading spaces.  */
-  while (spacep (serialno))
-    serialno++;
-  while (spacep (keyid))
-    keyid++;
-
-  shadow_info = make_shadow_info (serialno, keyid);
-  if (!shadow_info)
-    return gpg_error_from_syserror ();
+  if (serialno == NULL && keyid == NULL)
+    /* It's a token, identified by the keygrip.  */
+    shadow_info = NULL;
+  else
+    {
+      /* Just in case some caller did not parse the stuff correctly, skip
+       * leading spaces.  */
+      while (spacep (serialno))
+        serialno++;
+      while (spacep (keyid))
+        keyid++;
+
+      shadow_info = make_shadow_info (serialno, keyid);
+      if (!shadow_info)
+        return gpg_error_from_syserror ();
+    }
 
   err = agent_shadow_key (pkbuf, shadow_info, &shdkey);
   xfree (shadow_info);