rename Wrapped*Key* to Canonicalized*Key*

2014-07-31 17:08:33 +02:00
parent 9475285013
commit b156a057e8
25 changed files with 213 additions and 236 deletions
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringTestingHelper.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringTestingHelper.java
@@ -21,7 +21,6 @@ import android.content.Context;
 import org.spongycastle.util.Arrays;
 import org.sufficientlysecure.keychain.pgp.NullProgressable;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.OperationResults;
@@ -62,7 +61,7 @@ public class KeyringTestingHelper {
        boolean saveSuccess = saveKeyringResult.success();
        // Now re-retrieve the saved key. Should not throw an exception.
-        providerHelper.getWrappedPublicKeyRing(masterKeyId);
+        providerHelper.getCanonicalizedPublicKeyRing(masterKeyId);
        // A different ID should still fail
        retrieveKeyAndExpectNotFound(providerHelper, masterKeyId - 1);
@@ -345,7 +344,7 @@ public class KeyringTestingHelper {
    private void retrieveKeyAndExpectNotFound(ProviderHelper providerHelper, long masterKeyId) {
        try {
-            providerHelper.getWrappedPublicKeyRing(masterKeyId);
+            providerHelper.getCanonicalizedPublicKeyRing(masterKeyId);
            throw new AssertionError("Was expecting the previous call to fail!");
        } catch (ProviderHelper.NotFoundException expectedException) {
            // good
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/ProviderHelperStub.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/ProviderHelperStub.java
@@ -32,7 +32,7 @@ class ProviderHelperStub extends ProviderHelper {
    }
    @Override
-    public WrappedPublicKeyRing getWrappedPublicKeyRing(Uri id) throws NotFoundException {
+    public WrappedPublicKeyRing getCanonicalizedPublicKeyRing(Uri id) throws NotFoundException {
        byte[] data = TestDataUtil.readFully(getClass().getResourceAsStream("/public-key-for-sample.blob"));
        return new WrappedPublicKeyRing(data, false, 0);
    }
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpKeyOperationTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpKeyOperationTest.java
@@ -19,10 +19,10 @@ import org.spongycastle.bcpg.sig.KeyFlags;
 import org.spongycastle.openpgp.PGPSignature;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.Constants.choice.algorithm;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
 import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.WrappedSignature;
 import org.sufficientlysecure.keychain.service.OperationResultParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
@@ -250,7 +250,7 @@ public class PgpKeyOperationTest {
            parcel.mMasterKeyId = ring.getMasterKeyId() -1;
            parcel.mFingerprint = ring.getFingerprint();
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -263,7 +263,7 @@ public class PgpKeyOperationTest {
            parcel.mMasterKeyId = null;
            parcel.mFingerprint = ring.getFingerprint();
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -277,7 +277,7 @@ public class PgpKeyOperationTest {
            // some byte, off by one
            parcel.mFingerprint[5] += 1;
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -289,7 +289,7 @@ public class PgpKeyOperationTest {
            parcel.mMasterKeyId = ring.getMasterKeyId();
            parcel.mFingerprint = null;
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -297,7 +297,7 @@ public class PgpKeyOperationTest {
        }
        {
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, "bad passphrase", log, 0);
@@ -355,7 +355,7 @@ public class PgpKeyOperationTest {
            parcel.mAddSubKeys.add(new SubkeyAdd(
                    algorithm.rsa, new Random().nextInt(512), KeyFlags.SIGN_DATA, null));
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -367,7 +367,7 @@ public class PgpKeyOperationTest {
            parcel.mAddSubKeys.add(new SubkeyAdd(algorithm.rsa, 1024, KeyFlags.SIGN_DATA,
                    new Date().getTime()/1000-10));
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -436,7 +436,7 @@ public class PgpKeyOperationTest {
            parcel.reset();
            parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, new Date().getTime()/1000-10));
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -447,7 +447,7 @@ public class PgpKeyOperationTest {
            parcel.reset();
            parcel.mChangeSubKeys.add(new SubkeyChange(123, null, null));
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -469,7 +469,7 @@ public class PgpKeyOperationTest {
            parcel.reset();
            parcel.mRevokeSubKeys.add(123L);
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing otherModified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -572,7 +572,7 @@ public class PgpKeyOperationTest {
            parcel.reset();
            parcel.mChangePrimaryUserId = uid;
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(modified.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing otherModified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -621,7 +621,7 @@ public class PgpKeyOperationTest {
        {
            parcel.mAddUserIds.add("");
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
            Assert.assertNull("adding an empty user id should fail", modified);
@@ -692,7 +692,7 @@ public class PgpKeyOperationTest {
                parcel.mChangePrimaryUserId += "A";
            }
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
            modified = op.modifySecretKeyRing(secretRing, parcel, passphrase, log, 0);
@@ -721,7 +721,7 @@ public class PgpKeyOperationTest {
        try {
            Assert.assertTrue("modified keyring must be secret", ring.isSecret());
-            WrappedSecretKeyRing secretRing = new WrappedSecretKeyRing(ring.getEncoded(), false, 0);
+            CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
            PgpKeyOperation op = new PgpKeyOperation(null);
            OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringMergeTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringMergeTest.java
@@ -7,17 +7,14 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.robolectric.RobolectricTestRunner;
 import org.robolectric.shadows.ShadowLog;
 import org.spongycastle.bcpg.BCPGInputStream;
 import org.spongycastle.bcpg.Packet;
 import org.spongycastle.bcpg.PacketTags;
 import org.spongycastle.bcpg.PublicKeyPacket;
 import org.spongycastle.bcpg.sig.KeyFlags;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
 import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
 import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.service.OperationResultParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
@@ -25,9 +22,6 @@ import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -261,7 +255,7 @@ public class UncachedKeyringMergeTest {
            WrappedPublicKeyRing publicRing = new WrappedPublicKeyRing(
                    pubRing.getEncoded(), false, 0);
-            WrappedSecretKey secretKey = new WrappedSecretKeyRing(
+            CanonicalizedSecretKey secretKey = new WrappedSecretKeyRing(
                    ringB.getEncoded(), false, 0).getSecretKey();
            secretKey.unlock("");
            // sign all user ids
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
@@ -16,13 +16,11 @@ import java.io.OutputStream;
 * getter method.
 *
 */
-public abstract class WrappedKeyRing extends KeyRing {
+public abstract class CanonicalizedKeyRing extends KeyRing {
    private final boolean mHasAnySecret;
    private final int mVerified;
-    WrappedKeyRing(boolean hasAnySecret, int verified) {
+    CanonicalizedKeyRing(int verified) {
        mHasAnySecret = hasAnySecret;
        mVerified = verified;
    }
@@ -30,10 +28,6 @@ public abstract class WrappedKeyRing extends KeyRing {
        return getRing().getPublicKey().getKeyID();
    }
    public boolean hasAnySecret() {
        return mHasAnySecret;
    }
    public int getVerified() {
        return mVerified;
    }
@@ -56,7 +50,7 @@ public abstract class WrappedKeyRing extends KeyRing {
    }
    public long getEncryptId() throws PgpGeneralException {
-        for(WrappedPublicKey key : publicKeyIterator()) {
+        for(CanonicalizedPublicKey key : publicKeyIterator()) {
            if(key.canEncrypt()) {
                return key.getKeyId();
            }
@@ -74,7 +68,7 @@ public abstract class WrappedKeyRing extends KeyRing {
    }
    public long getSignId() throws PgpGeneralException {
-        for(WrappedPublicKey key : publicKeyIterator()) {
+        for(CanonicalizedPublicKey key : publicKeyIterator()) {
            if(key.canSign()) {
                return key.getKeyId();
            }
@@ -103,14 +97,14 @@ public abstract class WrappedKeyRing extends KeyRing {
    abstract PGPKeyRing getRing();
-    abstract public IterableIterator<WrappedPublicKey> publicKeyIterator();
+    abstract public IterableIterator<CanonicalizedPublicKey> publicKeyIterator();
-    public WrappedPublicKey getPublicKey() {
+    public CanonicalizedPublicKey getPublicKey() {
-        return new WrappedPublicKey(this, getRing().getPublicKey());
+        return new CanonicalizedPublicKey(this, getRing().getPublicKey());
    }
-    public WrappedPublicKey getPublicKey(long id) {
+    public CanonicalizedPublicKey getPublicKey(long id) {
-        return new WrappedPublicKey(this, getRing().getPublicKey(id));
+        return new CanonicalizedPublicKey(this, getRing().getPublicKey(id));
    }
    public byte[] getEncoded() throws IOException {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
@@ -14,12 +14,12 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
 * stored in the database.
 *
 */
-public class WrappedPublicKey extends UncachedPublicKey {
+public class CanonicalizedPublicKey extends UncachedPublicKey {
    // this is the parent key ring
    final KeyRing mRing;
-    WrappedPublicKey(KeyRing ring, PGPPublicKey key) {
+    CanonicalizedPublicKey(KeyRing ring, PGPPublicKey key) {
        super(key);
        mRing = ring;
    }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
@@ -10,33 +10,36 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
 import java.io.IOException;
 import java.util.Iterator;
-public class WrappedPublicKeyRing extends WrappedKeyRing {
+public class CanonicalizedPublicKeyRing extends CanonicalizedKeyRing {
    private PGPPublicKeyRing mRing;
    private final byte[] mPubKey;
-    public WrappedPublicKeyRing(byte[] blob, boolean hasAnySecret, int verified) {
+    CanonicalizedPublicKeyRing(PGPPublicKeyRing ring, int verified) {
-        super(hasAnySecret, verified);
+        super(verified);
-        mPubKey = blob;
+        mRing = ring;
    }
-    PGPPublicKeyRing getRing() {
+    public CanonicalizedPublicKeyRing(byte[] blob, int verified) {
        super(verified);
        if(mRing == null) {
            // get first object in block
-            PGPObjectFactory factory = new PGPObjectFactory(mPubKey);
+            PGPObjectFactory factory = new PGPObjectFactory(blob);
            try {
                Object obj = factory.nextObject();
                if (! (obj instanceof PGPPublicKeyRing)) {
-                    throw new RuntimeException("Error constructing WrappedPublicKeyRing, should never happen!");
+                    throw new RuntimeException("Error constructing CanonicalizedPublicKeyRing, should never happen!");
                }
                mRing = (PGPPublicKeyRing) obj;
                if (factory.nextObject() != null) {
                    throw new RuntimeException("Encountered trailing data after keyring, should never happen!");
                }
            } catch (IOException e) {
-                throw new RuntimeException("IO Error constructing WrappedPublicKeyRing, should never happen!");
+                throw new RuntimeException("IO Error constructing CanonicalizedPublicKeyRing, should never happen!");
            }
        }
    }
    PGPPublicKeyRing getRing() {
        return mRing;
    }
@@ -45,10 +48,10 @@ public class WrappedPublicKeyRing extends WrappedKeyRing {
    }
    /** Getter that returns the subkey that should be used for signing. */
-    WrappedPublicKey getEncryptionSubKey() throws PgpGeneralException {
+    CanonicalizedPublicKey getEncryptionSubKey() throws PgpGeneralException {
        PGPPublicKey key = getRing().getPublicKey(getEncryptId());
        if(key != null) {
-            WrappedPublicKey cKey = new WrappedPublicKey(this, key);
+            CanonicalizedPublicKey cKey = new CanonicalizedPublicKey(this, key);
            if(!cKey.canEncrypt()) {
                throw new PgpGeneralException("key error");
            }
@@ -57,18 +60,18 @@ public class WrappedPublicKeyRing extends WrappedKeyRing {
        throw new PgpGeneralException("no encryption key available");
    }
-    public IterableIterator<WrappedPublicKey> publicKeyIterator() {
+    public IterableIterator<CanonicalizedPublicKey> publicKeyIterator() {
        @SuppressWarnings("unchecked")
        final Iterator<PGPPublicKey> it = getRing().getPublicKeys();
-        return new IterableIterator<WrappedPublicKey>(new Iterator<WrappedPublicKey>() {
+        return new IterableIterator<CanonicalizedPublicKey>(new Iterator<CanonicalizedPublicKey>() {
            @Override
            public boolean hasNext() {
                return it.hasNext();
            }
            @Override
-            public WrappedPublicKey next() {
+            public CanonicalizedPublicKey next() {
-                return new WrappedPublicKey(WrappedPublicKeyRing.this, it.next());
+                return new CanonicalizedPublicKey(CanonicalizedPublicKeyRing.this, it.next());
            }
            @Override
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -37,18 +37,18 @@ import java.util.List;
 * properly imported secret keys only.
 *
 */
-public class WrappedSecretKey extends WrappedPublicKey {
+public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
    private final PGPSecretKey mSecretKey;
    private PGPPrivateKey mPrivateKey = null;
-    WrappedSecretKey(WrappedSecretKeyRing ring, PGPSecretKey key) {
+    CanonicalizedSecretKey(CanonicalizedSecretKeyRing ring, PGPSecretKey key) {
        super(ring, key.getPublicKey());
        mSecretKey = key;
    }
-    public WrappedSecretKeyRing getRing() {
+    public CanonicalizedSecretKeyRing getRing() {
-        return (WrappedSecretKeyRing) mRing;
+        return (CanonicalizedSecretKeyRing) mRing;
    }
    public boolean unlock(String passphrase) throws PgpGeneralException {
@@ -140,7 +140,7 @@ public class WrappedSecretKey extends WrappedPublicKey {
     * @param userIds          User IDs to certify, must not be null or empty
     * @return A keyring with added certifications
     */
-    public UncachedKeyRing certifyUserIds(WrappedPublicKeyRing publicKeyRing, List<String> userIds)
+    public UncachedKeyRing certifyUserIds(CanonicalizedPublicKeyRing publicKeyRing, List<String> userIds)
            throws PgpGeneralMsgIdException, NoSuchAlgorithmException, NoSuchProviderException,
            PGPException, SignatureException {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java
@@ -1,10 +1,12 @@
 package org.sufficientlysecure.keychain.pgp;
 import org.spongycastle.bcpg.S2K;
 import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPKeyRing;
 import org.spongycastle.openpgp.PGPObjectFactory;
 import org.spongycastle.openpgp.PGPPrivateKey;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPPublicKeyRing;
 import org.spongycastle.openpgp.PGPSecretKey;
 import org.spongycastle.openpgp.PGPSecretKeyRing;
 import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
@@ -15,15 +17,21 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
 import org.sufficientlysecure.keychain.util.Log;
 import java.io.IOException;
 import java.util.HashSet;
 import java.util.Iterator;
-public class WrappedSecretKeyRing extends WrappedKeyRing {
+public class CanonicalizedSecretKeyRing extends CanonicalizedKeyRing {
    private PGPSecretKeyRing mRing;
-    public WrappedSecretKeyRing(byte[] blob, boolean isRevoked, int verified)
+    CanonicalizedSecretKeyRing(PGPSecretKeyRing ring, int verified) {
        super(verified);
        mRing = ring;
    }
    public CanonicalizedSecretKeyRing(byte[] blob, boolean isRevoked, int verified)
    {
-        super(isRevoked, verified);
+        super(verified);
        PGPObjectFactory factory = new PGPObjectFactory(blob);
        PGPKeyRing keyRing = null;
        try {
@@ -41,19 +49,32 @@ public class WrappedSecretKeyRing extends WrappedKeyRing {
        return mRing;
    }
-    public WrappedSecretKey getSecretKey() {
+    public CanonicalizedSecretKey getSecretKey() {
-        return new WrappedSecretKey(this, mRing.getSecretKey());
+        return new CanonicalizedSecretKey(this, mRing.getSecretKey());
    }
-    public WrappedSecretKey getSecretKey(long id) {
+    public CanonicalizedSecretKey getSecretKey(long id) {
-        return new WrappedSecretKey(this, mRing.getSecretKey(id));
+        return new CanonicalizedSecretKey(this, mRing.getSecretKey(id));
    }
    public HashSet<Long> getAvailableSubkeys() {
        HashSet<Long> result = new HashSet<Long>();
        // then, mark exactly the keys we have available
        for (PGPSecretKey sub : new IterableIterator<PGPSecretKey>(getRing().getSecretKeys())) {
            S2K s2k = sub.getS2K();
            // Set to 1, except if the encryption type is GNU_DUMMY_S2K
            if(s2k == null || s2k.getType() != S2K.GNU_DUMMY_S2K) {
                result.add(sub.getKeyID());
            }
        }
        return result;
    }
    /** Getter that returns the subkey that should be used for signing. */
-    WrappedSecretKey getSigningSubKey() throws PgpGeneralException {
+    CanonicalizedSecretKey getSigningSubKey() throws PgpGeneralException {
        PGPSecretKey key = mRing.getSecretKey(getSignId());
        if(key != null) {
-            WrappedSecretKey cKey = new WrappedSecretKey(this, key);
+            CanonicalizedSecretKey cKey = new CanonicalizedSecretKey(this, key);
            if(!cKey.canSign()) {
                throw new PgpGeneralException("key error");
            }
@@ -88,17 +109,17 @@ public class WrappedSecretKeyRing extends WrappedKeyRing {
        }
    }
-    public IterableIterator<WrappedSecretKey> secretKeyIterator() {
+    public IterableIterator<CanonicalizedSecretKey> secretKeyIterator() {
        final Iterator<PGPSecretKey> it = mRing.getSecretKeys();
-        return new IterableIterator<WrappedSecretKey>(new Iterator<WrappedSecretKey>() {
+        return new IterableIterator<CanonicalizedSecretKey>(new Iterator<CanonicalizedSecretKey>() {
            @Override
            public boolean hasNext() {
                return it.hasNext();
            }
            @Override
-            public WrappedSecretKey next() {
+            public CanonicalizedSecretKey next() {
-                return new WrappedSecretKey(WrappedSecretKeyRing.this, it.next());
+                return new CanonicalizedSecretKey(CanonicalizedSecretKeyRing.this, it.next());
            }
            @Override
@@ -108,17 +129,17 @@ public class WrappedSecretKeyRing extends WrappedKeyRing {
        });
    }
-    public IterableIterator<WrappedPublicKey> publicKeyIterator() {
+    public IterableIterator<CanonicalizedPublicKey> publicKeyIterator() {
        final Iterator<PGPPublicKey> it = getRing().getPublicKeys();
-        return new IterableIterator<WrappedPublicKey>(new Iterator<WrappedPublicKey>() {
+        return new IterableIterator<CanonicalizedPublicKey>(new Iterator<CanonicalizedPublicKey>() {
            @Override
            public boolean hasNext() {
                return it.hasNext();
            }
            @Override
-            public WrappedPublicKey next() {
+            public CanonicalizedPublicKey next() {
-                return new WrappedPublicKey(WrappedSecretKeyRing.this, it.next());
+                return new CanonicalizedPublicKey(CanonicalizedSecretKeyRing.this, it.next());
            }
            @Override
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/KeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/KeyRing.java
@@ -12,7 +12,7 @@ import java.util.regex.Pattern;
 * keyring should in all cases agree on the output of all methods described
 * here.
 *
- * @see org.sufficientlysecure.keychain.pgp.WrappedKeyRing
+ * @see CanonicalizedKeyRing
 * @see org.sufficientlysecure.keychain.provider.CachedPublicKeyRing
 *
 */
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -231,7 +231,7 @@ public class PgpDecryptVerify {
        PGPPublicKeyEncryptedData encryptedDataAsymmetric = null;
        PGPPBEEncryptedData encryptedDataSymmetric = null;
-        WrappedSecretKey secretEncryptionKey = null;
+        CanonicalizedSecretKey secretEncryptionKey = null;
        Iterator<?> it = enc.getEncryptedDataObjects();
        boolean asymmetricPacketFound = false;
        boolean symmetricPacketFound = false;
@@ -243,10 +243,10 @@ public class PgpDecryptVerify {
                PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) obj;
-                WrappedSecretKeyRing secretKeyRing;
+                CanonicalizedSecretKeyRing secretKeyRing;
                try {
                    // get actual keyring object based on master key id
-                    secretKeyRing = mProviderHelper.getWrappedSecretKeyRing(
+                    secretKeyRing = mProviderHelper.getCanonicalizedSecretKeyRing(
                            KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(encData.getKeyID())
                    );
                } catch (ProviderHelper.NotFoundException e) {
@@ -365,8 +365,8 @@ public class PgpDecryptVerify {
        Object dataChunk = plainFact.nextObject();
        OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
        int signatureIndex = -1;
-        WrappedPublicKeyRing signingRing = null;
+        CanonicalizedPublicKeyRing signingRing = null;
-        WrappedPublicKey signingKey = null;
+        CanonicalizedPublicKey signingKey = null;
        if (dataChunk instanceof PGPCompressedData) {
            updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
@@ -390,7 +390,7 @@ public class PgpDecryptVerify {
            for (int i = 0; i < sigList.size(); ++i) {
                try {
                    long sigKeyId = sigList.get(i).getKeyID();
-                    signingRing = mProviderHelper.getWrappedPublicKeyRing(
+                    signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
                            KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
                    );
                    signingKey = signingRing.getPublicKey(sigKeyId);
@@ -566,8 +566,8 @@ public class PgpDecryptVerify {
            throw new InvalidDataException();
        }
-        WrappedPublicKeyRing signingRing = null;
+        CanonicalizedPublicKeyRing signingRing = null;
-        WrappedPublicKey signingKey = null;
+        CanonicalizedPublicKey signingKey = null;
        int signatureIndex = -1;
        // go through all signatures
@@ -575,7 +575,7 @@ public class PgpDecryptVerify {
        for (int i = 0; i < sigList.size(); ++i) {
            try {
                long sigKeyId = sigList.get(i).getKeyID();
-                signingRing = mProviderHelper.getWrappedPublicKeyRing(
+                signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
                        KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
                );
                signingKey = signingRing.getPublicKey(sigKeyId);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java
@@ -93,7 +93,7 @@ public class PgpImportExport {
        }
    }
-    public boolean uploadKeyRingToServer(HkpKeyserver server, WrappedPublicKeyRing keyring) {
+    public boolean uploadKeyRingToServer(HkpKeyserver server, CanonicalizedPublicKeyRing keyring) {
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        ArmoredOutputStream aos = null;
        try {
@@ -235,7 +235,7 @@ public class PgpImportExport {
            updateProgress(progress * 100 / masterKeyIdsSize, 100);
            try {
-                WrappedPublicKeyRing ring = mProviderHelper.getWrappedPublicKeyRing(
+                CanonicalizedPublicKeyRing ring = mProviderHelper.getCanonicalizedPublicKeyRing(
                        KeychainContract.KeyRings.buildUnifiedKeyRingUri(pubKeyMasterId)
                );
@@ -263,8 +263,8 @@ public class PgpImportExport {
            updateProgress(progress * 100 / masterKeyIdsSize, 100);
            try {
-                WrappedSecretKeyRing secretKeyRing =
+                CanonicalizedSecretKeyRing secretKeyRing =
-                        mProviderHelper.getWrappedSecretKeyRing(secretKeyMasterId);
+                        mProviderHelper.getCanonicalizedSecretKeyRing(secretKeyMasterId);
                secretKeyRing.encode(arOutStream);
            } catch (ProviderHelper.NotFoundException e) {
                Log.e(Constants.TAG, "key not found!", e);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -46,7 +46,6 @@ import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
 import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
 import org.sufficientlysecure.keychain.service.OperationResultParcel;
 import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
 import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
@@ -241,7 +240,7 @@ public class PgpKeyOperation {
     * are changed by adding new certificates, which implicitly override older certificates.
     *
     */
-    public EditKeyResult modifySecretKeyRing(WrappedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
+    public EditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
                                               String passphrase) {
        OperationLog log = new OperationLog();
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
@@ -266,11 +266,11 @@ public class PgpSignEncrypt {
        }
        /* Get keys for signature generation for later usage */
-        WrappedSecretKey signingKey = null;
+        CanonicalizedSecretKey signingKey = null;
        if (enableSignature) {
-            WrappedSecretKeyRing signingKeyRing;
+            CanonicalizedSecretKeyRing signingKeyRing;
            try {
-                signingKeyRing = mProviderHelper.getWrappedSecretKeyRing(mSignatureMasterKeyId);
+                signingKeyRing = mProviderHelper.getCanonicalizedSecretKeyRing(mSignatureMasterKeyId);
            } catch (ProviderHelper.NotFoundException e) {
                throw new NoSigningKeyException();
            }
@@ -316,9 +316,9 @@ public class PgpSignEncrypt {
                // Asymmetric encryption
                for (long id : mEncryptionMasterKeyIds) {
                    try {
-                        WrappedPublicKeyRing keyRing = mProviderHelper.getWrappedPublicKeyRing(
+                        CanonicalizedPublicKeyRing keyRing = mProviderHelper.getCanonicalizedPublicKeyRing(
                                KeyRings.buildUnifiedKeyRingUri(id));
-                        WrappedPublicKey key = keyRing.getEncryptionSubKey();
+                        CanonicalizedPublicKey key = keyRing.getEncryptionSubKey();
                        cPk.addMethod(key.getPubKeyEncryptionGenerator());
                    } catch (PgpGeneralException e) {
                        Log.e(Constants.TAG, "key not found!", e);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -49,7 +49,7 @@ import java.util.Vector;
 * treated equally for most purposes in UI code. It is up to the programmer to
 * take care of the differences.
 *
- * @see org.sufficientlysecure.keychain.pgp.WrappedKeyRing
+ * @see CanonicalizedKeyRing
 * @see org.sufficientlysecure.keychain.pgp.UncachedPublicKey
 * @see org.sufficientlysecure.keychain.pgp.UncachedSecretKey
 *
@@ -59,18 +59,10 @@ public class UncachedKeyRing {
    final PGPKeyRing mRing;
    final boolean mIsSecret;
    final boolean mIsCanonicalized;
    UncachedKeyRing(PGPKeyRing ring) {
        mRing = ring;
        mIsSecret = ring instanceof PGPSecretKeyRing;
        mIsCanonicalized = false;
    }
    private UncachedKeyRing(PGPKeyRing ring, boolean canonicalized) {
        mRing = ring;
        mIsSecret = ring instanceof PGPSecretKeyRing;
        mIsCanonicalized = canonicalized;
    }
    public long getMasterKeyId() {
@@ -105,10 +97,6 @@ public class UncachedKeyRing {
        return mIsSecret;
    }
    public boolean isCanonicalized() {
        return mIsCanonicalized;
    }
    public byte[] getEncoded() throws IOException {
        return mRing.getEncoded();
    }
@@ -164,25 +152,6 @@ public class UncachedKeyRing {
        aos.close();
    }
    public HashSet<Long> getAvailableSubkeys() {
        if(!isSecret()) {
            throw new RuntimeException("Tried to find available subkeys from non-secret keys. " +
                    "This is a programming error and should never happen!");
        }
        HashSet<Long> result = new HashSet<Long>();
        // then, mark exactly the keys we have available
        for (PGPSecretKey sub : new IterableIterator<PGPSecretKey>(
                ((PGPSecretKeyRing) mRing).getSecretKeys())) {
            S2K s2k = sub.getS2K();
            // Set to 1, except if the encryption type is GNU_DUMMY_S2K
            if(s2k == null || s2k.getType() != S2K.GNU_DUMMY_S2K) {
                result.add(sub.getKeyID());
            }
        }
        return result;
    }
    /** "Canonicalizes" a public key, removing inconsistencies in the process. This variant can be
     * applied to public keyrings only.
     *
@@ -207,7 +176,7 @@ public class UncachedKeyRing {
     *
     */
    @SuppressWarnings("ConstantConditions")
-    public UncachedKeyRing canonicalize(OperationLog log, int indent) {
+    public CanonicalizedKeyRing canonicalize(OperationLog log, int indent) {
        log.add(LogLevel.START, isSecret() ? LogType.MSG_KC_SECRET : LogType.MSG_KC_PUBLIC,
                indent, PgpKeyHelper.convertKeyIdToHex(getMasterKeyId()));
@@ -629,7 +598,8 @@ public class UncachedKeyRing {
            log.add(LogLevel.OK, LogType.MSG_KC_SUCCESS, indent);
        }
-        return new UncachedKeyRing(ring, true);
+        return isSecret() ? new CanonicalizedSecretKeyRing((PGPSecretKeyRing) ring, 1)
                          : new CanonicalizedPublicKeyRing((PGPPublicKeyRing) ring, 0);
    }
    /** This operation merges information from a different keyring, returning a combined
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java
@@ -113,7 +113,7 @@ public class WrappedSignature {
        return ((RevocationReason) p).getRevocationDescription();
    }
-    public void init(WrappedPublicKey key) throws PgpGeneralException {
+    public void init(CanonicalizedPublicKey key) throws PgpGeneralException {
        init(key.getPublicKey());
    }
@@ -191,7 +191,7 @@ public class WrappedSignature {
    public boolean verifySignature(UncachedPublicKey key, String uid) throws PgpGeneralException {
        return verifySignature(key.getPublicKey(), uid);
    }
-    public boolean verifySignature(WrappedPublicKey key, String uid) throws PgpGeneralException {
+    public boolean verifySignature(CanonicalizedPublicKey key, String uid) throws PgpGeneralException {
        return verifySignature(key.getPublicKey(), uid);
    }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -28,10 +28,12 @@ import android.os.RemoteException;
 import android.support.v4.util.LongSparseArray;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.pgp.NullProgressable;
 import org.sufficientlysecure.keychain.pgp.Progressable;
-import org.sufficientlysecure.keychain.pgp.WrappedPublicKey;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKey;
 import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
 import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
 import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
@@ -39,8 +41,6 @@ import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
 import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.WrappedSignature;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
@@ -180,7 +180,7 @@ public class ProviderHelper {
        return getGenericData(KeyRings.buildUnifiedKeyRingUri(masterKeyId), proj, types);
    }
-    private LongSparseArray<WrappedPublicKey> getTrustedMasterKeys() {
+    private LongSparseArray<CanonicalizedPublicKey> getTrustedMasterKeys() {
        Cursor cursor = mContentResolver.query(KeyRings.buildUnifiedKeyRingsUri(), new String[] {
                KeyRings.MASTER_KEY_ID,
                // we pick from cache only information that is not easily available from keyrings
@@ -190,16 +190,15 @@ public class ProviderHelper {
            }, KeyRings.HAS_ANY_SECRET + " = 1", null, null);
        try {
-            LongSparseArray<WrappedPublicKey> result = new LongSparseArray<WrappedPublicKey>();
+            LongSparseArray<CanonicalizedPublicKey> result = new LongSparseArray<CanonicalizedPublicKey>();
            if (cursor != null && cursor.moveToFirst()) do {
                long masterKeyId = cursor.getLong(0);
                boolean hasAnySecret = cursor.getInt(1) > 0;
                int verified = cursor.getInt(2);
                byte[] blob = cursor.getBlob(3);
                if (blob != null) {
                    result.put(masterKeyId,
-                            new WrappedPublicKeyRing(blob, hasAnySecret, verified).getPublicKey());
+                            new CanonicalizedPublicKeyRing(blob, verified).getPublicKey());
                }
            } while (cursor.moveToNext());
@@ -217,23 +216,23 @@ public class ProviderHelper {
        return new CachedPublicKeyRing(this, queryUri);
    }
-    public WrappedPublicKeyRing getWrappedPublicKeyRing(long id) throws NotFoundException {
+    public CanonicalizedPublicKeyRing getCanonicalizedPublicKeyRing(long id) throws NotFoundException {
-        return (WrappedPublicKeyRing) getWrappedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), false);
+        return (CanonicalizedPublicKeyRing) getCanonicalizedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), false);
    }
-    public WrappedPublicKeyRing getWrappedPublicKeyRing(Uri queryUri) throws NotFoundException {
+    public CanonicalizedPublicKeyRing getCanonicalizedPublicKeyRing(Uri queryUri) throws NotFoundException {
-        return (WrappedPublicKeyRing) getWrappedKeyRing(queryUri, false);
+        return (CanonicalizedPublicKeyRing) getCanonicalizedKeyRing(queryUri, false);
    }
-    public WrappedSecretKeyRing getWrappedSecretKeyRing(long id) throws NotFoundException {
+    public CanonicalizedSecretKeyRing getCanonicalizedSecretKeyRing(long id) throws NotFoundException {
-        return (WrappedSecretKeyRing) getWrappedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), true);
+        return (CanonicalizedSecretKeyRing) getCanonicalizedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), true);
    }
-    public WrappedSecretKeyRing getWrappedSecretKeyRing(Uri queryUri) throws NotFoundException {
+    public CanonicalizedSecretKeyRing getCanonicalizedSecretKeyRing(Uri queryUri) throws NotFoundException {
-        return (WrappedSecretKeyRing) getWrappedKeyRing(queryUri, true);
+        return (CanonicalizedSecretKeyRing) getCanonicalizedKeyRing(queryUri, true);
    }
-    private KeyRing getWrappedKeyRing(Uri queryUri, boolean secret) throws NotFoundException {
+    private KeyRing getCanonicalizedKeyRing(Uri queryUri, boolean secret) throws NotFoundException {
        Cursor cursor = mContentResolver.query(queryUri,
                new String[]{
                        // we pick from cache only information that is not easily available from keyrings
@@ -252,8 +251,8 @@ public class ProviderHelper {
                    throw new NotFoundException("Secret key not available!");
                }
                return secret
-                        ? new WrappedSecretKeyRing(blob, true, verified)
+                        ? new CanonicalizedSecretKeyRing(blob, true, verified)
-                        : new WrappedPublicKeyRing(blob, hasAnySecret, verified);
+                        : new CanonicalizedPublicKeyRing(blob, verified);
            } else {
                throw new NotFoundException("Key not found!");
            }
@@ -271,16 +270,8 @@ public class ProviderHelper {
     * and need to be saved externally to be preserved past the operation.
     */
    @SuppressWarnings("unchecked")
-    private int internalSavePublicKeyRing(UncachedKeyRing keyRing,
+    private int saveCanonicalizedPublicKeyRing(CanonicalizedPublicKeyRing keyRing,
-                Progressable progress, boolean selfCertsAreTrusted) {
+                                               Progressable progress, boolean selfCertsAreTrusted) {
        if (keyRing.isSecret()) {
            log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
            return SaveKeyringResult.RESULT_ERROR;
        }
        if (!keyRing.isCanonicalized()) {
            log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
            return SaveKeyringResult.RESULT_ERROR;
        }
        // start with ok result
        int result = SaveKeyringResult.SAVED_PUBLIC;
@@ -318,7 +309,7 @@ public class ProviderHelper {
            { // insert subkeys
                Uri uri = Keys.buildKeysUri(Long.toString(masterKeyId));
                int rank = 0;
-                for (UncachedPublicKey key : new IterableIterator<UncachedPublicKey>(keyRing.getPublicKeys())) {
+                for (CanonicalizedPublicKey key : keyRing.publicKeyIterator()) {
                    long keyId = key.getKeyId();
                    log(LogLevel.DEBUG, keyId == masterKeyId ? LogType.MSG_IP_MASTER : LogType.MSG_IP_SUBKEY,
                            PgpKeyHelper.convertKeyIdToHex(keyId)
@@ -401,7 +392,7 @@ public class ProviderHelper {
            mIndent -= 1;
            // get a list of owned secret keys, for verification filtering
-            LongSparseArray<WrappedPublicKey> trustedKeys = getTrustedMasterKeys();
+            LongSparseArray<CanonicalizedPublicKey> trustedKeys = getTrustedMasterKeys();
            // classify and order user ids. primary are moved to the front, revoked to the back,
            // otherwise the order in the keyfile is preserved.
@@ -445,7 +436,7 @@ public class ProviderHelper {
                        // verify signatures from known private keys
                        if (trustedKeys.indexOfKey(certId) >= 0) {
-                            WrappedPublicKey trustedKey = trustedKeys.get(certId);
+                            CanonicalizedPublicKey trustedKey = trustedKeys.get(certId);
                            cert.init(trustedKey);
                            if (cert.verifySignature(masterKey, userId)) {
                                item.trustedCerts.add(cert);
@@ -559,17 +550,7 @@ public class ProviderHelper {
    /** Saves an UncachedKeyRing of the secret variant into the db.
     * This method will fail if no corresponding public keyring is in the database!
     */
-    private int internalSaveSecretKeyRing(UncachedKeyRing keyRing) {
+    private int saveCanonicalizedSecretKeyRing(CanonicalizedSecretKeyRing keyRing) {
        if (!keyRing.isSecret()) {
            log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_PUBLIC);
            return SaveKeyringResult.RESULT_ERROR;
        }
        if (!keyRing.isCanonicalized()) {
            log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_UNCANON);
            return SaveKeyringResult.RESULT_ERROR;
        }
        long masterKeyId = keyRing.getMasterKeyId();
        log(LogLevel.START, LogType.MSG_IS, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
@@ -610,8 +591,7 @@ public class ProviderHelper {
                log(LogLevel.INFO, LogType.MSG_IS_IMPORTING_SUBKEYS);
                mIndent += 1;
                Set<Long> available = keyRing.getAvailableSubkeys();
-                for (UncachedPublicKey sub :
+                for (UncachedPublicKey sub : keyRing.publicKeyIterator()) {
                        new IterableIterator<UncachedPublicKey>(keyRing.getPublicKeys())) {
                    long id = sub.getKeyId();
                    if (available.contains(id)) {
                        int upd = mContentResolver.update(uri, values, Keys.KEY_ID + " = ?",
@@ -662,9 +642,16 @@ public class ProviderHelper {
            log(LogLevel.START, LogType.MSG_IP, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
            mIndent += 1;
            if (publicRing.isSecret()) {
                log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
            }
            CanonicalizedPublicKeyRing canPublicRing;
            // If there is an old keyring, merge it
            try {
-                UncachedKeyRing oldPublicRing = getWrappedPublicKeyRing(masterKeyId).getUncachedKeyRing();
+                UncachedKeyRing oldPublicRing = getCanonicalizedPublicKeyRing(masterKeyId).getUncachedKeyRing();
                // Merge data from new public ring into the old one
                publicRing = oldPublicRing.merge(publicRing, mLog, mIndent);
@@ -675,8 +662,8 @@ public class ProviderHelper {
                }
                // Canonicalize this keyring, to assert a number of assumptions made about it.
-                publicRing = publicRing.canonicalize(mLog, mIndent);
+                canPublicRing = (CanonicalizedPublicKeyRing) publicRing.canonicalize(mLog, mIndent);
-                if (publicRing == null) {
+                if (canPublicRing == null) {
                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
                }
@@ -690,39 +677,40 @@ public class ProviderHelper {
                // Not an issue, just means we are dealing with a new keyring.
                // Canonicalize this keyring, to assert a number of assumptions made about it.
-                publicRing = publicRing.canonicalize(mLog, mIndent);
+                canPublicRing = (CanonicalizedPublicKeyRing) publicRing.canonicalize(mLog, mIndent);
-                if (publicRing == null) {
+                if (canPublicRing == null) {
                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
                }
            }
            // If there is a secret key, merge new data (if any) and save the key for later
-            UncachedKeyRing secretRing;
+            CanonicalizedSecretKeyRing canSecretRing;
            try {
-                secretRing = getWrappedSecretKeyRing(publicRing.getMasterKeyId()).getUncachedKeyRing();
+                UncachedKeyRing secretRing = getCanonicalizedSecretKeyRing(publicRing.getMasterKeyId()).getUncachedKeyRing();
                // Merge data from new public ring into secret one
                secretRing = secretRing.merge(publicRing, mLog, mIndent);
                if (secretRing == null) {
                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
                }
-                secretRing = secretRing.canonicalize(mLog, mIndent);
+                // This has always been a secret key ring, this is a safe cast
-                if (secretRing == null) {
+                canSecretRing = (CanonicalizedSecretKeyRing) secretRing.canonicalize(mLog, mIndent);
                if (canSecretRing == null) {
                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
                }
            } catch (NotFoundException e) {
                // No secret key available (this is what happens most of the time)
-                secretRing = null;
+                canSecretRing = null;
            }
-            int result = internalSavePublicKeyRing(publicRing, progress, secretRing != null);
+            int result = saveCanonicalizedPublicKeyRing(canPublicRing, progress, canSecretRing != null);
            // Save the saved keyring (if any)
-            if (secretRing != null) {
+            if (canSecretRing != null) {
                progress.setProgress(LogType.MSG_IP_REINSERT_SECRET.getMsgId(), 90, 100);
-                int secretResult = internalSaveSecretKeyRing(secretRing);
+                int secretResult = saveCanonicalizedSecretKeyRing(canSecretRing);
                if ((secretResult & SaveKeyringResult.RESULT_ERROR) != SaveKeyringResult.RESULT_ERROR) {
                    result |= SaveKeyringResult.SAVED_SECRET;
                }
@@ -746,9 +734,16 @@ public class ProviderHelper {
            log(LogLevel.START, LogType.MSG_IS, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
            mIndent += 1;
            if ( ! secretRing.isSecret()) {
                log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_PUBLIC);
                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
            }
            CanonicalizedSecretKeyRing canSecretRing;
            // If there is an old secret key, merge it.
            try {
-                UncachedKeyRing oldSecretRing = getWrappedSecretKeyRing(masterKeyId).getUncachedKeyRing();
+                UncachedKeyRing oldSecretRing = getCanonicalizedSecretKeyRing(masterKeyId).getUncachedKeyRing();
                // Merge data from new secret ring into old one
                secretRing = secretRing.merge(oldSecretRing, mLog, mIndent);
@@ -759,8 +754,9 @@ public class ProviderHelper {
                }
                // Canonicalize this keyring, to assert a number of assumptions made about it.
-                secretRing = secretRing.canonicalize(mLog, mIndent);
+                // This is a safe cast, because we made sure this is a secret ring above
-                if (secretRing == null) {
+                canSecretRing = (CanonicalizedSecretKeyRing) secretRing.canonicalize(mLog, mIndent);
                if (canSecretRing == null) {
                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
                }
@@ -775,8 +771,9 @@ public class ProviderHelper {
                // Not an issue, just means we are dealing with a new keyring
                // Canonicalize this keyring, to assert a number of assumptions made about it.
-                secretRing = secretRing.canonicalize(mLog, mIndent);
+                // This is a safe cast, because we made sure this is a secret ring above
-                if (secretRing == null) {
+                canSecretRing = (CanonicalizedSecretKeyRing) secretRing.canonicalize(mLog, mIndent);
                if (canSecretRing == null) {
                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
                }
@@ -785,7 +782,7 @@ public class ProviderHelper {
            // Merge new data into public keyring as well, if there is any
            UncachedKeyRing publicRing;
            try {
-                UncachedKeyRing oldPublicRing = getWrappedPublicKeyRing(masterKeyId).getUncachedKeyRing();
+                UncachedKeyRing oldPublicRing = getCanonicalizedPublicKeyRing(masterKeyId).getUncachedKeyRing();
                // Merge data from new secret ring into public one
                publicRing = oldPublicRing.merge(secretRing, mLog, mIndent);
@@ -798,20 +795,20 @@ public class ProviderHelper {
                publicRing = secretRing.extractPublicKeyRing();
            }
-            publicRing = publicRing.canonicalize(mLog, mIndent);
+            CanonicalizedPublicKeyRing canPublicRing = (CanonicalizedPublicKeyRing) publicRing.canonicalize(mLog, mIndent);
-            if (publicRing == null) {
+            if (canPublicRing == null) {
                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
            }
            int result;
-            result = internalSavePublicKeyRing(publicRing, progress, true);
+            result = saveCanonicalizedPublicKeyRing(canPublicRing, progress, true);
            if ((result & SaveKeyringResult.RESULT_ERROR) == SaveKeyringResult.RESULT_ERROR) {
                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
            }
            progress.setProgress(LogType.MSG_IP_REINSERT_SECRET.getMsgId(), 90, 100);
-            result = internalSaveSecretKeyRing(secretRing);
+            result = saveCanonicalizedSecretKeyRing(canSecretRing);
            return new SaveKeyringResult(result, mLog);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -425,7 +425,7 @@ public class OpenPgpService extends RemoteService {
            try {
                // try to find key, throws NotFoundException if not in db!
-                mProviderHelper.getWrappedPublicKeyRing(masterKeyId);
+                mProviderHelper.getCanonicalizedPublicKeyRing(masterKeyId);
                Intent result = new Intent();
                result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -36,6 +36,8 @@ import org.sufficientlysecure.keychain.keyimport.Keyserver;
 import org.sufficientlysecure.keychain.keyimport.ImportKeysListEntry;
 import org.sufficientlysecure.keychain.keyimport.KeybaseKeyserver;
 import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
@@ -44,9 +46,7 @@ import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt;
 import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
-import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
 import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
@@ -337,8 +337,8 @@ public class KeychainIntentService extends IntentService
                if (saveParcel.mMasterKeyId != null) {
                    String passphrase = data.getString(SAVE_KEYRING_PASSPHRASE);
-                    WrappedSecretKeyRing secRing =
+                    CanonicalizedSecretKeyRing secRing =
-                            providerHelper.getWrappedSecretKeyRing(saveParcel.mMasterKeyId);
+                            providerHelper.getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
                    result = keyOperations.modifySecretKeyRing(secRing, saveParcel, passphrase);
                } else {
@@ -466,7 +466,7 @@ public class KeychainIntentService extends IntentService
                HkpKeyserver server = new HkpKeyserver(keyServer);
                ProviderHelper providerHelper = new ProviderHelper(this);
-                WrappedPublicKeyRing keyring = providerHelper.getWrappedPublicKeyRing(dataUri);
+                CanonicalizedPublicKeyRing keyring = providerHelper.getCanonicalizedPublicKeyRing(dataUri);
                PgpImportExport pgpImportExport = new PgpImportExport(this, null);
                boolean uploaded = pgpImportExport.uploadKeyRingToServer(server, keyring);
@@ -542,9 +542,9 @@ public class KeychainIntentService extends IntentService
                }
                ProviderHelper providerHelper = new ProviderHelper(this);
-                WrappedPublicKeyRing publicRing = providerHelper.getWrappedPublicKeyRing(pubKeyId);
+                CanonicalizedPublicKeyRing publicRing = providerHelper.getCanonicalizedPublicKeyRing(pubKeyId);
-                WrappedSecretKeyRing secretKeyRing = providerHelper.getWrappedSecretKeyRing(masterKeyId);
+                CanonicalizedSecretKeyRing secretKeyRing = providerHelper.getCanonicalizedSecretKeyRing(masterKeyId);
-                WrappedSecretKey certificationKey = secretKeyRing.getSecretKey();
+                CanonicalizedSecretKey certificationKey = secretKeyRing.getSecretKey();
                if(!certificationKey.unlock(signaturePassphrase)) {
                    throw new PgpGeneralException("Error extracting key (bad passphrase?)");
                }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
@@ -260,7 +260,6 @@ public class OperationResultParcel implements Parcelable {
        // import secret
        MSG_IS(R.string.msg_is),
        MSG_IS_BAD_TYPE_PUBLIC (R.string.msg_is_bad_type_public),
        MSG_IS_BAD_TYPE_UNCANON (R.string.msg_is_bad_type_uncanon),
        MSG_IS_DB_EXCEPTION (R.string.msg_is_db_exception),
        MSG_IS_FAIL_IO_EXC (R.string.msg_is_io_exc),
        MSG_IS_IMPORTING_SUBKEYS (R.string.msg_is_importing_subkeys),
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -41,7 +41,7 @@ import android.support.v4.app.NotificationCompat;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.helper.Preferences;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
@@ -184,7 +184,7 @@ public class PassphraseCacheService extends Service {
        // try to get master key id which is used as an identifier for cached passphrases
        try {
            Log.d(Constants.TAG, "PassphraseCacheService.getCachedPassphraseImpl() for masterKeyId " + keyId);
-            WrappedSecretKeyRing key = new ProviderHelper(this).getWrappedSecretKeyRing(
+            CanonicalizedSecretKeyRing key = new ProviderHelper(this).getCanonicalizedSecretKeyRing(
                    KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(keyId));
            // no passphrase needed? just add empty string and return it, then
            if (!key.hasPassphrase()) {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
@@ -42,14 +42,13 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
 import org.sufficientlysecure.keychain.helper.ActionBarHelper;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.service.OperationResults;
 import org.sufficientlysecure.keychain.service.OperationResults.EditKeyResult;
 import org.sufficientlysecure.keychain.service.OperationResults.ImportKeyResult;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.ui.adapter.SubkeysAdapter;
@@ -169,8 +168,8 @@ public class EditKeyFragment extends LoaderFragment implements
        try {
            Uri secretUri = KeychainContract.KeyRings.buildUnifiedKeyRingUri(mDataUri);
-            WrappedSecretKeyRing keyRing =
+            CanonicalizedSecretKeyRing keyRing =
-                    new ProviderHelper(getActivity()).getWrappedSecretKeyRing(secretUri);
+                    new ProviderHelper(getActivity()).getCanonicalizedSecretKeyRing(secretUri);
            mSaveKeyringParcel = new SaveKeyringParcel(keyRing.getMasterKeyId(),
                    keyRing.getUncachedKeyRing().getFingerprint());
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/LogDisplayFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/LogDisplayFragment.java
@@ -178,9 +178,11 @@ public class LogDisplayFragment extends ListFragment implements OnTouchListener
            if (entry.mParameters != null && entry.mParameters.length > 0
                    && entry.mParameters[0] instanceof Integer) {
                ih.mText.setText(getResources().getQuantityString(entry.mType.getMsgId(),
-                        (Integer) entry.mParameters[0], entry.mParameters));
+                        (Integer) entry.mParameters[0],
                        entry.mParameters));
            } else {
-                ih.mText.setText(getResources().getString(entry.mType.getMsgId(), entry.mParameters));
+                ih.mText.setText(getResources().getString(entry.mType.getMsgId(),
                        entry.mParameters));
            }
            ih.mText.setTextColor(entry.mLevel == LogLevel.DEBUG ? Color.GRAY : Color.BLACK);
            convertView.setPadding((entry.mIndent) * dipFactor, 0, 0, 0);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewCertActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewCertActivity.java
@@ -35,7 +35,7 @@ import android.widget.TextView;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
-import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.WrappedSignature;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
@@ -143,10 +143,10 @@ public class ViewCertActivity extends ActionBarActivity
            try {
                ProviderHelper providerHelper = new ProviderHelper(this);
-                WrappedPublicKeyRing signeeRing =
+                CanonicalizedPublicKeyRing signeeRing =
-                        providerHelper.getWrappedPublicKeyRing(data.getLong(INDEX_MASTER_KEY_ID));
+                        providerHelper.getCanonicalizedPublicKeyRing(data.getLong(INDEX_MASTER_KEY_ID));
-                WrappedPublicKeyRing signerRing =
+                CanonicalizedPublicKeyRing signerRing =
-                        providerHelper.getWrappedPublicKeyRing(sig.getKeyId());
+                        providerHelper.getCanonicalizedPublicKeyRing(sig.getKeyId());
                try {
                    sig.init(signerRing.getPublicKey());
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/PassphraseDialogFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/PassphraseDialogFragment.java
@@ -46,8 +46,8 @@ import android.widget.Toast;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
@@ -103,7 +103,7 @@ public class PassphraseDialogFragment extends DialogFragment implements OnEditor
        // check if secret key has a passphrase
        if (!(secretKeyId == Constants.key.symmetric || secretKeyId == Constants.key.none)) {
            try {
-                if (!new ProviderHelper(context).getWrappedSecretKeyRing(secretKeyId).hasPassphrase()) {
+                if (!new ProviderHelper(context).getCanonicalizedSecretKeyRing(secretKeyId).hasPassphrase()) {
                    throw new PgpGeneralException("No passphrase! No passphrase dialog needed!");
                }
            } catch (ProviderHelper.NotFoundException e) {
@@ -134,7 +134,7 @@ public class PassphraseDialogFragment extends DialogFragment implements OnEditor
        alert.setTitle(R.string.title_authentication);
-        final WrappedSecretKeyRing secretRing;
+        final CanonicalizedSecretKeyRing secretRing;
        String userId;
        if (secretKeyId == Constants.key.symmetric || secretKeyId == Constants.key.none) {
@@ -143,7 +143,7 @@ public class PassphraseDialogFragment extends DialogFragment implements OnEditor
        } else {
            try {
                ProviderHelper helper = new ProviderHelper(activity);
-                secretRing = helper.getWrappedSecretKeyRing(secretKeyId);
+                secretRing = helper.getCanonicalizedSecretKeyRing(secretKeyId);
                // yes the inner try/catch block is necessary, otherwise the final variable
                // above can't be statically verified to have been set in all cases because
                // the catch clause doesn't return.
@@ -193,9 +193,9 @@ public class PassphraseDialogFragment extends DialogFragment implements OnEditor
                    return;
                }
-                WrappedSecretKey unlockedSecretKey = null;
+                CanonicalizedSecretKey unlockedSecretKey = null;
-                for (WrappedSecretKey clickSecretKey : secretRing.secretKeyIterator()) {
+                for (CanonicalizedSecretKey clickSecretKey : secretRing.secretKeyIterator()) {
                    try {
                        boolean unlocked = clickSecretKey.unlock(passphrase);
                        if (unlocked) {