From 4499caef1e64d2e1afec37d360958f516da4dd40 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Wed, 18 Mar 2015 13:45:16 +0100
Subject: [PATCH 01/80] introduce CryptoOperationParcel for nfc data

---
 .../service/CertifyActionsParcel.java         | 11 +++-
 .../service/input/CryptoOperationParcel.java  | 52 +++++++++++++++++++
 .../keychain/ui/CertifyKeyFragment.java       |  4 +-
 3 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
index f4b941109..d6da18e6e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
@@ -23,15 +23,17 @@ import android.os.Parcelable;
 
 import java.io.Serializable;
 import java.util.ArrayList;
+import java.util.Date;
 
 import org.sufficientlysecure.keychain.pgp.WrappedUserAttribute;
+import org.sufficientlysecure.keychain.service.input.CryptoOperationParcel;
 
 
 /**
  * This class is a a transferable representation for a number of keyrings to
  * be certified.
  */
-public class CertifyActionsParcel implements Parcelable {
+public class CertifyActionsParcel extends CryptoOperationParcel {
 
     // the master key id to certify with
     final public long mMasterKeyId;
@@ -39,12 +41,15 @@ public class CertifyActionsParcel implements Parcelable {
 
     public ArrayList<CertifyAction> mCertifyActions = new ArrayList<>();
 
-    public CertifyActionsParcel(long masterKeyId) {
+    public CertifyActionsParcel(Date operationTime, long masterKeyId) {
+        super(operationTime);
         mMasterKeyId = masterKeyId;
         mLevel = CertifyLevel.DEFAULT;
     }
 
     public CertifyActionsParcel(Parcel source) {
+        super(source);
+
         mMasterKeyId = source.readLong();
         // just like parcelables, this is meant for ad-hoc IPC only and is NOT portable!
         mLevel = CertifyLevel.values()[source.readInt()];
@@ -58,6 +63,8 @@ public class CertifyActionsParcel implements Parcelable {
 
     @Override
     public void writeToParcel(Parcel destination, int flags) {
+        super.writeToParcel(destination, flags);
+
         destination.writeLong(mMasterKeyId);
         destination.writeInt(mLevel.ordinal());
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java
new file mode 100644
index 000000000..2101755ad
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java
@@ -0,0 +1,52 @@
+package org.sufficientlysecure.keychain.service.input;
+
+import java.nio.ByteBuffer;
+import java.util.Date;
+import java.util.HashMap;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+
+/** This is a base class for the input of crypto operations.
+ *
+ */
+public abstract class CryptoOperationParcel implements Parcelable {
+
+    Date mOperationTime;
+
+    // this map contains both decrypted session keys and signed hashes to be
+    // used in the crypto operation described by this parcel.
+    HashMap<ByteBuffer,byte[]> mCryptoData;
+
+    protected CryptoOperationParcel(Date operationTime) {
+        mOperationTime = operationTime;
+    }
+
+    protected CryptoOperationParcel(Parcel source) {
+        mOperationTime = new Date(source.readLong());
+
+        {
+            int count = source.readInt();
+            mCryptoData = new HashMap<>(count);
+            for (int i = 0; i < count; i++) {
+                byte[] key = source.createByteArray();
+                byte[] value = source.createByteArray();
+                mCryptoData.put(ByteBuffer.wrap(key), value);
+            }
+        }
+
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeLong(mOperationTime.getTime());
+
+        dest.writeInt(mCryptoData.size());
+        for (HashMap.Entry<ByteBuffer,byte[]> entry : mCryptoData.entrySet()) {
+            dest.writeByteArray(entry.getKey().array());
+            dest.writeByteArray(entry.getValue());
+        }
+    }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
index 9cb4e5f65..049c6976d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
@@ -66,6 +66,8 @@ import org.sufficientlysecure.keychain.util.Preferences;
 
 import java.lang.reflect.Method;
 import java.util.ArrayList;
+import java.util.Date;
+
 
 public class CertifyKeyFragment extends LoaderFragment
         implements LoaderManager.LoaderCallbacks<Cursor> {
@@ -368,7 +370,7 @@ public class CertifyKeyFragment extends LoaderFragment
         Bundle data = new Bundle();
         {
             // fill values for this action
-            CertifyActionsParcel parcel = new CertifyActionsParcel(mSignMasterKeyId);
+            CertifyActionsParcel parcel = new CertifyActionsParcel(new Date(), mSignMasterKeyId);
             parcel.mCertifyActions.addAll(certifyActions);
 
             data.putParcelable(KeychainIntentService.CERTIFY_PARCEL, parcel);

From aca54e31eae450e7deec54cca6654ee202c7a90f Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Wed, 18 Mar 2015 18:25:44 +0100
Subject: [PATCH 02/80] generalize nfc crypto input structure

---
 .../keychain/pgp/PgpEncryptDecryptTest.java   |  10 +-
 OpenKeychain/src/main/AndroidManifest.xml     |   6 +
 .../NfcSyncPGPContentSignerBuilder.java       |  30 +-
 .../results/PgpSignEncryptResult.java         |  15 +-
 .../operations/results/SignEncryptResult.java |   3 +
 .../keychain/pgp/CanonicalizedSecretKey.java  |  47 +-
 ...ut.java => PgpSignEncryptInputParcel.java} | 139 +++--
 .../keychain/pgp/PgpSignEncryptOperation.java |  12 +-
 .../keychain/pgp/SignEncryptParcel.java       |  53 +-
 .../keychain/remote/OpenPgpService.java       |  29 +-
 .../service/CertifyActionsParcel.java         |  13 +-
 .../service/input/CryptoInputParcel.java      |  81 +++
 .../service/input/CryptoOperationParcel.java  |  52 --
 .../service/input/NfcOperationsParcel.java    |  85 +++
 .../keychain/ui/EncryptActivity.java          |  49 +-
 .../keychain/ui/EncryptFilesActivity.java     |   1 -
 .../keychain/ui/EncryptTextActivity.java      |   1 -
 .../keychain/ui/NfcOperationActivity.java     | 492 ++++++++++++++++++
 18 files changed, 883 insertions(+), 235 deletions(-)
 rename OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/{PgpSignEncryptInput.java => PgpSignEncryptInputParcel.java} (50%)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
 delete mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java

diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
index d782230c7..b404ac6d1 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
@@ -136,7 +136,7 @@ public class PgpEncryptDecryptTest {
 
             InputData data = new InputData(in, in.available());
 
-            PgpSignEncryptInput b = new PgpSignEncryptInput();
+            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
             b.setSymmetricPassphrase(mPassphrase);
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
 
@@ -220,7 +220,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application), null);
 
             InputData data = new InputData(in, in.available());
-            PgpSignEncryptInput b = new PgpSignEncryptInput();
+            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
 
             b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() });
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
@@ -301,7 +301,7 @@ public class PgpEncryptDecryptTest {
 
             InputData data = new InputData(in, in.available());
 
-            PgpSignEncryptInput b = new PgpSignEncryptInput();
+            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
             b.setEncryptionMasterKeyIds(new long[] {
                     mStaticRing1.getMasterKeyId(),
                     mStaticRing2.getMasterKeyId()
@@ -393,7 +393,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application), null);
 
             InputData data = new InputData(in, in.available());
-            PgpSignEncryptInput b = new PgpSignEncryptInput();
+            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
 
             b.setEncryptionMasterKeyIds(new long[] {
                     mStaticRing1.getMasterKeyId(),
@@ -475,7 +475,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application), null);
 
             InputData data = new InputData(in, in.available());
-            PgpSignEncryptInput b = new PgpSignEncryptInput();
+            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
 
             b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() });
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
diff --git a/OpenKeychain/src/main/AndroidManifest.xml b/OpenKeychain/src/main/AndroidManifest.xml
index 91c84fb18..c5317ae24 100644
--- a/OpenKeychain/src/main/AndroidManifest.xml
+++ b/OpenKeychain/src/main/AndroidManifest.xml
@@ -680,6 +680,12 @@
             android:taskAffinity=":Nfc"
             android:allowTaskReparenting="true" />
 
+        <activity
+            android:name=".ui.NfcOperationActivity"
+            android:launchMode="singleTop"
+            android:taskAffinity=":Nfc"
+            android:allowTaskReparenting="true" />
+
         <!--<activity-->
         <!--android:name=".ui.NfcIntentActivity"-->
         <!--android:launchMode="singleTop">-->
diff --git a/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java b/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java
index e0286ec15..0344b2173 100644
--- a/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java
+++ b/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java
@@ -14,8 +14,12 @@ import org.spongycastle.openpgp.operator.PGPContentSignerBuilder;
 import org.spongycastle.openpgp.operator.PGPDigestCalculator;
 
 import java.io.OutputStream;
+import java.nio.ByteBuffer;
 import java.security.Provider;
 import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
 
 /**
  * This class is based on JcaPGPContentSignerBuilder.
@@ -31,31 +35,27 @@ public class NfcSyncPGPContentSignerBuilder
     private int     keyAlgorithm;
     private long    keyID;
 
-    private byte[] signedHash;
-    private Date creationTimestamp;
+    private Map signedHashes;
 
     public static class NfcInteractionNeeded extends RuntimeException
     {
         public byte[] hashToSign;
-        public Date creationTimestamp;
         public int hashAlgo;
 
-        public NfcInteractionNeeded(byte[] hashToSign, int hashAlgo, Date creationTimestamp)
+        public NfcInteractionNeeded(byte[] hashToSign, int hashAlgo)
         {
             super("NFC interaction required!");
             this.hashToSign = hashToSign;
             this.hashAlgo = hashAlgo;
-            this.creationTimestamp = creationTimestamp;
         }
     }
 
-    public NfcSyncPGPContentSignerBuilder(int keyAlgorithm, int hashAlgorithm, long keyID, byte[] signedHash, Date creationTimestamp)
+    public NfcSyncPGPContentSignerBuilder(int keyAlgorithm, int hashAlgorithm, long keyID, Map signedHashes)
     {
         this.keyAlgorithm = keyAlgorithm;
         this.hashAlgorithm = hashAlgorithm;
         this.keyID = keyID;
-        this.signedHash = signedHash;
-        this.creationTimestamp = creationTimestamp;
+        this.signedHashes = signedHashes;
     }
 
     public NfcSyncPGPContentSignerBuilder setProvider(Provider provider)
@@ -125,14 +125,14 @@ public class NfcSyncPGPContentSignerBuilder
             }
 
             public byte[] getSignature() {
-                if (signedHash != null) {
-                    // we already have the signed hash from a previous execution, return this!
-                    return signedHash;
-                } else {
-                    // catch this when signatureGenerator.generate() is executed and divert digest to card,
-                    // when doing the operation again reuse creationTimestamp (this will be hashed)
-                    throw new NfcInteractionNeeded(digestCalculator.getDigest(), getHashAlgorithm(), creationTimestamp);
+                byte[] digest = digestCalculator.getDigest();
+                ByteBuffer buf = ByteBuffer.wrap(digest);
+                if (signedHashes.containsKey(buf)) {
+                    return (byte[]) signedHashes.get(buf);
                 }
+                // catch this when signatureGenerator.generate() is executed and divert digest to card,
+                // when doing the operation again reuse creationTimestamp (this will be hashed)
+                throw new NfcInteractionNeeded(digest, getHashAlgorithm());
             }
 
             public byte[] getDigest()
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
index de2f64404..a1204c0b5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
@@ -35,7 +35,6 @@ public class PgpSignEncryptResult extends OperationResult {
     long mNfcKeyId;
     byte[] mNfcHash;
     int mNfcAlgo;
-    Date mNfcTimestamp;
     String mNfcPassphrase;
     byte[] mDetachedSignature;
 
@@ -47,11 +46,10 @@ public class PgpSignEncryptResult extends OperationResult {
         mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
     }
 
-    public void setNfcData(long nfcKeyId, byte[] nfcHash, int nfcAlgo, Date nfcTimestamp, String passphrase) {
+    public void setNfcData(long nfcKeyId, byte[] nfcHash, int nfcAlgo, String passphrase) {
         mNfcKeyId = nfcKeyId;
         mNfcHash = nfcHash;
         mNfcAlgo = nfcAlgo;
-        mNfcTimestamp = nfcTimestamp;
         mNfcPassphrase = passphrase;
     }
 
@@ -71,10 +69,6 @@ public class PgpSignEncryptResult extends OperationResult {
         return mNfcAlgo;
     }
 
-    public Date getNfcTimestamp() {
-        return mNfcTimestamp;
-    }
-
     public String getNfcPassphrase() {
         return mNfcPassphrase;
     }
@@ -95,7 +89,6 @@ public class PgpSignEncryptResult extends OperationResult {
         super(source);
         mNfcHash = source.readInt() != 0 ? source.createByteArray() : null;
         mNfcAlgo = source.readInt();
-        mNfcTimestamp = source.readInt() != 0 ? new Date(source.readLong()) : null;
         mDetachedSignature = source.readInt() != 0 ? source.createByteArray() : null;
     }
 
@@ -112,12 +105,6 @@ public class PgpSignEncryptResult extends OperationResult {
             dest.writeInt(0);
         }
         dest.writeInt(mNfcAlgo);
-        if (mNfcTimestamp != null) {
-            dest.writeInt(1);
-            dest.writeLong(mNfcTimestamp.getTime());
-        } else {
-            dest.writeInt(0);
-        }
         if (mDetachedSignature != null) {
             dest.writeInt(1);
             dest.writeByteArray(mDetachedSignature);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
index ed0de65b0..23e8094b9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
@@ -21,6 +21,9 @@ import android.os.Parcel;
 
 import java.util.ArrayList;
 
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+
+
 public class SignEncryptResult extends OperationResult {
 
     ArrayList<PgpSignEncryptResult> mResults;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index ab91d7747..df409902f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -42,10 +42,13 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.util.Log;
 
+import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
+
 
 /**
  * Wrapper for a PGPSecretKey.
@@ -183,13 +186,13 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         return PgpConstants.sPreferredHashAlgorithms;
     }
 
-    private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo, byte[] nfcSignedHash,
-                                                            Date nfcCreationTimestamp) {
+    private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo,
+            Map<ByteBuffer,byte[]> signedHashes) {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
             // use synchronous "NFC based" SignerBuilder
             return new NfcSyncPGPContentSignerBuilder(
                     mSecretKey.getPublicKey().getAlgorithm(), hashAlgo,
-                    mSecretKey.getKeyID(), nfcSignedHash, nfcCreationTimestamp)
+                    mSecretKey.getKeyID(), signedHashes)
                     .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
         } else {
             // content signer based on signing key algorithm and chosen hash algorithm
@@ -200,28 +203,24 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
     }
 
     public PGPSignatureGenerator getSignatureGenerator(int hashAlgo, boolean cleartext,
-                                                       byte[] nfcSignedHash, Date nfcCreationTimestamp)
+            Map<ByteBuffer,byte[]> signedHashes, Date creationTimestamp)
             throws PgpGeneralException {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
             throw new PrivateKeyNotUnlockedException();
         }
-        if (nfcSignedHash != null && nfcCreationTimestamp == null) {
-            throw new PgpGeneralException("Got nfc hash without timestamp!!");
-        }
 
         // We explicitly create a signature creation timestamp in this place.
         // That way, we can inject an artificial one from outside, ie the one
         // used in previous runs of this function.
-        if (nfcCreationTimestamp == null) {
+        if (creationTimestamp == null) {
             // to sign using nfc PgpSignEncrypt is executed two times.
             // the first time it stops to return the PendingIntent for nfc connection and signing the hash
             // the second time the signed hash is used.
             // to get the same hash we cache the timestamp for the second round!
-            nfcCreationTimestamp = new Date();
+            creationTimestamp = new Date();
         }
 
-        PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(hashAlgo,
-                nfcSignedHash, nfcCreationTimestamp);
+        PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(hashAlgo, signedHashes);
 
         int signatureType;
         if (cleartext) {
@@ -237,7 +236,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
 
             PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
             spGen.setSignerUserID(false, mRing.getPrimaryUserIdWithFallback());
-            spGen.setSignatureCreationTime(false, nfcCreationTimestamp);
+            spGen.setSignatureCreationTime(false, creationTimestamp);
             signatureGenerator.setHashedSubpackets(spGen.generate());
             return signatureGenerator;
         } catch (PgpKeyNotFoundException | PGPException e) {
@@ -267,8 +266,9 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
      * @param userIds       User IDs to certify
      * @return A keyring with added certifications
      */
-    public UncachedKeyRing certifyUserIds(CanonicalizedPublicKeyRing publicKeyRing, List<String> userIds,
-                                          byte[] nfcSignedHash, Date nfcCreationTimestamp) {
+    public UncachedKeyRing certifyUserIds(CanonicalizedPublicKeyRing publicKeyRing,
+            List<String> userIds,
+            HashMap<ByteBuffer,byte[]> signedHashes, Date creationTimestamp) {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
             throw new PrivateKeyNotUnlockedException();
         }
@@ -283,7 +283,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         PGPSignatureGenerator signatureGenerator;
         {
             PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(
-                    PgpConstants.CERTIFY_HASH_ALGO, nfcSignedHash, nfcCreationTimestamp);
+                    PgpConstants.CERTIFY_HASH_ALGO, signedHashes);
 
             signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
             try {
@@ -296,9 +296,9 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
 
         { // supply signatureGenerator with a SubpacketVector
             PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
-            if (nfcCreationTimestamp != null) {
-                spGen.setSignatureCreationTime(false, nfcCreationTimestamp);
-                Log.d(Constants.TAG, "For NFC: set sig creation time to " + nfcCreationTimestamp);
+            if (creationTimestamp != null) {
+                spGen.setSignatureCreationTime(false, creationTimestamp);
+                Log.d(Constants.TAG, "For NFC: set sig creation time to " + creationTimestamp);
             }
             PGPSignatureSubpacketVector packetVector = spGen.generate();
             signatureGenerator.setHashedSubpackets(packetVector);
@@ -331,7 +331,8 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
      * @return A keyring with added certifications
      */
     public UncachedKeyRing certifyUserAttributes(CanonicalizedPublicKeyRing publicKeyRing,
-            List<WrappedUserAttribute> userAttributes, byte[] nfcSignedHash, Date nfcCreationTimestamp) {
+            List<WrappedUserAttribute> userAttributes,
+            HashMap<ByteBuffer,byte[]> signedHashes, Date creationTimestamp) {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
             throw new PrivateKeyNotUnlockedException();
         }
@@ -346,7 +347,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         PGPSignatureGenerator signatureGenerator;
         {
             PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(
-                    PgpConstants.CERTIFY_HASH_ALGO, nfcSignedHash, nfcCreationTimestamp);
+                    PgpConstants.CERTIFY_HASH_ALGO, signedHashes);
 
             signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
             try {
@@ -359,9 +360,9 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
 
         { // supply signatureGenerator with a SubpacketVector
             PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
-            if (nfcCreationTimestamp != null) {
-                spGen.setSignatureCreationTime(false, nfcCreationTimestamp);
-                Log.d(Constants.TAG, "For NFC: set sig creation time to " + nfcCreationTimestamp);
+            if (creationTimestamp != null) {
+                spGen.setSignatureCreationTime(false, creationTimestamp);
+                Log.d(Constants.TAG, "For NFC: set sig creation time to " + creationTimestamp);
             }
             PGPSignatureSubpacketVector packetVector = spGen.generate();
             signatureGenerator.setHashedSubpackets(packetVector);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInput.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
similarity index 50%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInput.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
index 2dec4b9c2..00ecc179e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInput.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
@@ -20,10 +20,17 @@ package org.sufficientlysecure.keychain.pgp;
 
 import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 
+import java.nio.ByteBuffer;
 import java.util.Date;
+import java.util.Map;
 
-public class PgpSignEncryptInput {
+import android.os.Parcel;
+import android.os.Parcelable;
+
+
+public class PgpSignEncryptInputParcel implements Parcelable {
 
     protected String mVersionHeader = null;
     protected boolean mEnableAsciiArmorOutput = false;
@@ -36,13 +43,71 @@ public class PgpSignEncryptInput {
     protected int mSignatureHashAlgorithm = PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED;
     protected String mSignaturePassphrase = null;
     protected long mAdditionalEncryptId = Constants.key.none;
-    protected byte[] mNfcSignedHash = null;
-    protected Date mNfcCreationTimestamp = null;
     protected boolean mFailOnMissingEncryptionKeyIds = false;
     protected String mCharset;
     protected boolean mCleartextSignature;
     protected boolean mDetachedSignature = false;
     protected boolean mHiddenRecipients = false;
+    protected CryptoInputParcel mCryptoInput = new CryptoInputParcel(null);
+
+    public PgpSignEncryptInputParcel() {
+
+    }
+
+    PgpSignEncryptInputParcel(Parcel source) {
+
+        // we do all of those here, so the PgpSignEncryptInput class doesn't have to be parcelable
+        mVersionHeader = source.readString();
+        mEnableAsciiArmorOutput  = source.readInt() == 1;
+        mCompressionId = source.readInt();
+        mEncryptionMasterKeyIds = source.createLongArray();
+        mSymmetricPassphrase = source.readString();
+        mSymmetricEncryptionAlgorithm = source.readInt();
+        mSignatureMasterKeyId = source.readLong();
+        mSignatureSubKeyId = source.readInt() == 1 ? source.readLong() : null;
+        mSignatureHashAlgorithm = source.readInt();
+        mSignaturePassphrase = source.readString();
+        mAdditionalEncryptId = source.readLong();
+        mFailOnMissingEncryptionKeyIds = source.readInt() == 1;
+        mCharset = source.readString();
+        mCleartextSignature = source.readInt() == 1;
+        mDetachedSignature = source.readInt() == 1;
+        mHiddenRecipients = source.readInt() == 1;
+
+        mCryptoInput = source.readParcelable(PgpSignEncryptInputParcel.class.getClassLoader());
+    }
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeString(mVersionHeader);
+        dest.writeInt(mEnableAsciiArmorOutput ? 1 : 0);
+        dest.writeInt(mCompressionId);
+        dest.writeLongArray(mEncryptionMasterKeyIds);
+        dest.writeString(mSymmetricPassphrase);
+        dest.writeInt(mSymmetricEncryptionAlgorithm);
+        dest.writeLong(mSignatureMasterKeyId);
+        if (mSignatureSubKeyId != null) {
+            dest.writeInt(1);
+            dest.writeLong(mSignatureSubKeyId);
+        } else {
+            dest.writeInt(0);
+        }
+        dest.writeInt(mSignatureHashAlgorithm);
+        dest.writeString(mSignaturePassphrase);
+        dest.writeLong(mAdditionalEncryptId);
+        dest.writeInt(mFailOnMissingEncryptionKeyIds ? 1 : 0);
+        dest.writeString(mCharset);
+        dest.writeInt(mCleartextSignature ? 1 : 0);
+        dest.writeInt(mDetachedSignature ? 1 : 0);
+        dest.writeInt(mHiddenRecipients ? 1 : 0);
+
+        dest.writeParcelable(mCryptoInput, 0);
+    }
 
     public String getCharset() {
         return mCharset;
@@ -56,19 +121,11 @@ public class PgpSignEncryptInput {
         return mFailOnMissingEncryptionKeyIds;
     }
 
-    public Date getNfcCreationTimestamp() {
-        return mNfcCreationTimestamp;
-    }
-
-    public byte[] getNfcSignedHash() {
-        return mNfcSignedHash;
-    }
-
     public long getAdditionalEncryptId() {
         return mAdditionalEncryptId;
     }
 
-    public PgpSignEncryptInput setAdditionalEncryptId(long additionalEncryptId) {
+    public PgpSignEncryptInputParcel setAdditionalEncryptId(long additionalEncryptId) {
         mAdditionalEncryptId = additionalEncryptId;
         return this;
     }
@@ -77,7 +134,7 @@ public class PgpSignEncryptInput {
         return mSignaturePassphrase;
     }
 
-    public PgpSignEncryptInput setSignaturePassphrase(String signaturePassphrase) {
+    public PgpSignEncryptInputParcel setSignaturePassphrase(String signaturePassphrase) {
         mSignaturePassphrase = signaturePassphrase;
         return this;
     }
@@ -86,7 +143,7 @@ public class PgpSignEncryptInput {
         return mSignatureHashAlgorithm;
     }
 
-    public PgpSignEncryptInput setSignatureHashAlgorithm(int signatureHashAlgorithm) {
+    public PgpSignEncryptInputParcel setSignatureHashAlgorithm(int signatureHashAlgorithm) {
         mSignatureHashAlgorithm = signatureHashAlgorithm;
         return this;
     }
@@ -95,7 +152,7 @@ public class PgpSignEncryptInput {
         return mSignatureSubKeyId;
     }
 
-    public PgpSignEncryptInput setSignatureSubKeyId(long signatureSubKeyId) {
+    public PgpSignEncryptInputParcel setSignatureSubKeyId(long signatureSubKeyId) {
         mSignatureSubKeyId = signatureSubKeyId;
         return this;
     }
@@ -104,7 +161,7 @@ public class PgpSignEncryptInput {
         return mSignatureMasterKeyId;
     }
 
-    public PgpSignEncryptInput setSignatureMasterKeyId(long signatureMasterKeyId) {
+    public PgpSignEncryptInputParcel setSignatureMasterKeyId(long signatureMasterKeyId) {
         mSignatureMasterKeyId = signatureMasterKeyId;
         return this;
     }
@@ -113,7 +170,7 @@ public class PgpSignEncryptInput {
         return mSymmetricEncryptionAlgorithm;
     }
 
-    public PgpSignEncryptInput setSymmetricEncryptionAlgorithm(int symmetricEncryptionAlgorithm) {
+    public PgpSignEncryptInputParcel setSymmetricEncryptionAlgorithm(int symmetricEncryptionAlgorithm) {
         mSymmetricEncryptionAlgorithm = symmetricEncryptionAlgorithm;
         return this;
     }
@@ -122,7 +179,7 @@ public class PgpSignEncryptInput {
         return mSymmetricPassphrase;
     }
 
-    public PgpSignEncryptInput setSymmetricPassphrase(String symmetricPassphrase) {
+    public PgpSignEncryptInputParcel setSymmetricPassphrase(String symmetricPassphrase) {
         mSymmetricPassphrase = symmetricPassphrase;
         return this;
     }
@@ -131,7 +188,7 @@ public class PgpSignEncryptInput {
         return mEncryptionMasterKeyIds;
     }
 
-    public PgpSignEncryptInput setEncryptionMasterKeyIds(long[] encryptionMasterKeyIds) {
+    public PgpSignEncryptInputParcel setEncryptionMasterKeyIds(long[] encryptionMasterKeyIds) {
         mEncryptionMasterKeyIds = encryptionMasterKeyIds;
         return this;
     }
@@ -140,7 +197,7 @@ public class PgpSignEncryptInput {
         return mCompressionId;
     }
 
-    public PgpSignEncryptInput setCompressionId(int compressionId) {
+    public PgpSignEncryptInputParcel setCompressionId(int compressionId) {
         mCompressionId = compressionId;
         return this;
     }
@@ -153,28 +210,22 @@ public class PgpSignEncryptInput {
         return mVersionHeader;
     }
 
-    public PgpSignEncryptInput setVersionHeader(String versionHeader) {
+    public PgpSignEncryptInputParcel setVersionHeader(String versionHeader) {
         mVersionHeader = versionHeader;
         return this;
     }
 
-    public PgpSignEncryptInput setEnableAsciiArmorOutput(boolean enableAsciiArmorOutput) {
+    public PgpSignEncryptInputParcel setEnableAsciiArmorOutput(boolean enableAsciiArmorOutput) {
         mEnableAsciiArmorOutput = enableAsciiArmorOutput;
         return this;
     }
 
-    public PgpSignEncryptInput setFailOnMissingEncryptionKeyIds(boolean failOnMissingEncryptionKeyIds) {
+    public PgpSignEncryptInputParcel setFailOnMissingEncryptionKeyIds(boolean failOnMissingEncryptionKeyIds) {
         mFailOnMissingEncryptionKeyIds = failOnMissingEncryptionKeyIds;
         return this;
     }
 
-    public PgpSignEncryptInput setNfcState(byte[] signedHash, Date creationTimestamp) {
-        mNfcSignedHash = signedHash;
-        mNfcCreationTimestamp = creationTimestamp;
-        return this;
-    }
-
-    public PgpSignEncryptInput setCleartextSignature(boolean cleartextSignature) {
+    public PgpSignEncryptInputParcel setCleartextSignature(boolean cleartextSignature) {
         this.mCleartextSignature = cleartextSignature;
         return this;
     }
@@ -183,7 +234,7 @@ public class PgpSignEncryptInput {
         return mCleartextSignature;
     }
 
-    public PgpSignEncryptInput setDetachedSignature(boolean detachedSignature) {
+    public PgpSignEncryptInputParcel setDetachedSignature(boolean detachedSignature) {
         this.mDetachedSignature = detachedSignature;
         return this;
     }
@@ -192,7 +243,7 @@ public class PgpSignEncryptInput {
         return mDetachedSignature;
     }
 
-    public PgpSignEncryptInput setHiddenRecipients(boolean hiddenRecipients) {
+    public PgpSignEncryptInputParcel setHiddenRecipients(boolean hiddenRecipients) {
         this.mHiddenRecipients = hiddenRecipients;
         return this;
     }
@@ -200,5 +251,29 @@ public class PgpSignEncryptInput {
     public boolean isHiddenRecipients() {
         return mHiddenRecipients;
     }
+
+    public PgpSignEncryptInputParcel setCryptoInput(CryptoInputParcel cryptoInput) {
+        mCryptoInput = cryptoInput;
+        return this;
+    }
+
+    public Map<ByteBuffer, byte[]> getCryptoData() {
+        return mCryptoInput.getCryptoData();
+    }
+
+    public Date getSignatureTime() {
+        return mCryptoInput.getSignatureTime();
+    }
+
+    public static final Creator<PgpSignEncryptInputParcel> CREATOR = new Creator<PgpSignEncryptInputParcel>() {
+        public PgpSignEncryptInputParcel createFromParcel(final Parcel source) {
+            return new PgpSignEncryptInputParcel(source);
+        }
+
+        public PgpSignEncryptInputParcel[] newArray(final int size) {
+            return new PgpSignEncryptInputParcel[size];
+        }
+    };
+
 }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index 94e04060d..2e515137a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -44,6 +44,8 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
@@ -71,7 +73,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
  *
  * For a high-level operation based on URIs, see SignEncryptOperation.
  *
- * @see org.sufficientlysecure.keychain.pgp.PgpSignEncryptInput
+ * @see PgpSignEncryptInputParcel
  * @see org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult
  * @see org.sufficientlysecure.keychain.operations.SignEncryptOperation
  *
@@ -99,7 +101,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
     /**
      * Signs and/or encrypts data based on parameters of class
      */
-    public PgpSignEncryptResult execute(PgpSignEncryptInput input,
+    public PgpSignEncryptResult execute(PgpSignEncryptInputParcel input,
                                      InputData inputData, OutputStream outputStream) {
 
         int indent = 0;
@@ -282,7 +284,8 @@ public class PgpSignEncryptOperation extends BaseOperation {
             try {
                 boolean cleartext = input.isCleartextSignature() && input.isEnableAsciiArmorOutput() && !enableEncryption;
                 signatureGenerator = signingKey.getSignatureGenerator(
-                        input.getSignatureHashAlgorithm(), cleartext, input.getNfcSignedHash(), input.getNfcCreationTimestamp());
+                        input.getSignatureHashAlgorithm(), cleartext,
+                        input.getCryptoData(), input.getSignatureTime());
             } catch (PgpGeneralException e) {
                 log.add(LogType.MSG_PSE_ERROR_NFC, indent);
                 return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
@@ -489,7 +492,8 @@ public class PgpSignEncryptOperation extends BaseOperation {
                             new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_PENDING_NFC, log);
                     // Note that the checked key here is the master key, not the signing key
                     // (although these are always the same on Yubikeys)
-                    result.setNfcData(input.getSignatureSubKeyId(), e.hashToSign, e.hashAlgo, e.creationTimestamp, input.getSignaturePassphrase());
+                    result.setNfcData(signingKey.getKeyId(), e.hashToSign, e.hashAlgo,
+                            input.getSignaturePassphrase());
                     Log.d(Constants.TAG, "e.hashToSign" + Hex.toHexString(e.hashToSign));
                     return result;
                 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java
index 8e71e8815..1b14e78fb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java
@@ -20,7 +20,6 @@ package org.sufficientlysecure.keychain.pgp;
 
 import android.net.Uri;
 import android.os.Parcel;
-import android.os.Parcelable;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -40,7 +39,7 @@ import java.util.List;
  *   left, which will be returned in a byte array as part of the result parcel.
  *
  */
-public class SignEncryptParcel extends PgpSignEncryptInput implements Parcelable {
+public class SignEncryptParcel extends PgpSignEncryptInputParcel {
 
     public ArrayList<Uri> mInputUris = new ArrayList<>();
     public ArrayList<Uri> mOutputUris = new ArrayList<>();
@@ -51,26 +50,7 @@ public class SignEncryptParcel extends PgpSignEncryptInput implements Parcelable
     }
 
     public SignEncryptParcel(Parcel src) {
-
-        // we do all of those here, so the PgpSignEncryptInput class doesn't have to be parcelable
-        mVersionHeader = src.readString();
-        mEnableAsciiArmorOutput  = src.readInt() == 1;
-        mCompressionId = src.readInt();
-        mEncryptionMasterKeyIds = src.createLongArray();
-        mSymmetricPassphrase = src.readString();
-        mSymmetricEncryptionAlgorithm = src.readInt();
-        mSignatureMasterKeyId = src.readLong();
-        mSignatureSubKeyId = src.readInt() == 1 ? src.readLong() : null;
-        mSignatureHashAlgorithm = src.readInt();
-        mSignaturePassphrase = src.readString();
-        mAdditionalEncryptId = src.readLong();
-        mNfcSignedHash = src.createByteArray();
-        mNfcCreationTimestamp = src.readInt() == 1 ? new Date(src.readLong()) : null;
-        mFailOnMissingEncryptionKeyIds = src.readInt() == 1;
-        mCharset = src.readString();
-        mCleartextSignature = src.readInt() == 1;
-        mDetachedSignature = src.readInt() == 1;
-        mHiddenRecipients = src.readInt() == 1;
+        super(src);
 
         mInputUris = src.createTypedArrayList(Uri.CREATOR);
         mOutputUris = src.createTypedArrayList(Uri.CREATOR);
@@ -108,34 +88,7 @@ public class SignEncryptParcel extends PgpSignEncryptInput implements Parcelable
     }
 
     public void writeToParcel(Parcel dest, int flags) {
-        dest.writeString(mVersionHeader);
-        dest.writeInt(mEnableAsciiArmorOutput ? 1 : 0);
-        dest.writeInt(mCompressionId);
-        dest.writeLongArray(mEncryptionMasterKeyIds);
-        dest.writeString(mSymmetricPassphrase);
-        dest.writeInt(mSymmetricEncryptionAlgorithm);
-        dest.writeLong(mSignatureMasterKeyId);
-        if (mSignatureSubKeyId != null) {
-            dest.writeInt(1);
-            dest.writeLong(mSignatureSubKeyId);
-        } else {
-            dest.writeInt(0);
-        }
-        dest.writeInt(mSignatureHashAlgorithm);
-        dest.writeString(mSignaturePassphrase);
-        dest.writeLong(mAdditionalEncryptId);
-        dest.writeByteArray(mNfcSignedHash);
-        if (mNfcCreationTimestamp != null) {
-            dest.writeInt(1);
-            dest.writeLong(mNfcCreationTimestamp.getTime());
-        } else {
-            dest.writeInt(0);
-        }
-        dest.writeInt(mFailOnMissingEncryptionKeyIds ? 1 : 0);
-        dest.writeString(mCharset);
-        dest.writeInt(mCleartextSignature ? 1 : 0);
-        dest.writeInt(mDetachedSignature ? 1 : 0);
-        dest.writeInt(mHiddenRecipients ? 1 : 0);
+        super.writeToParcel(dest, flags);
 
         dest.writeTypedList(mInputUris);
         dest.writeTypedList(mOutputUris);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index a4bc95602..f15bf7925 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -38,7 +38,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEnt
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
-import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInput;
+import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
@@ -48,6 +48,7 @@ import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.remote.ui.RemoteServiceActivity;
 import org.sufficientlysecure.keychain.remote.ui.SelectSignKeyIdActivity;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.ImportKeysActivity;
 import org.sufficientlysecure.keychain.ui.NfcActivity;
 import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
@@ -258,11 +259,13 @@ public class OpenPgpService extends RemoteService {
             }
 
             // carefully: only set if timestamp exists
-            Date nfcCreationDate = null;
+            Date nfcCreationDate;
             long nfcCreationTimestamp = data.getLongExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, -1);
             Log.d(Constants.TAG, "nfcCreationTimestamp: " + nfcCreationTimestamp);
             if (nfcCreationTimestamp != -1) {
                 nfcCreationDate = new Date(nfcCreationTimestamp);
+            } else {
+                nfcCreationDate = new Date();
             }
 
             // Get Input- and OutputStream from ParcelFileDescriptor
@@ -275,15 +278,18 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength);
 
+            CryptoInputParcel cryptoInput = new CryptoInputParcel(nfcCreationDate);
+            cryptoInput.addCryptoData(null, nfcSignedHash); // TODO fix
+
             // sign-only
-            PgpSignEncryptInput pseInput = new PgpSignEncryptInput()
+            PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
                     .setEnableAsciiArmorOutput(asciiArmor)
                     .setCleartextSignature(cleartextSign)
                     .setDetachedSignature(!cleartextSign)
                     .setVersionHeader(null)
                     .setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
                     .setSignatureMasterKeyId(signKeyId)
-                    .setNfcState(nfcSignedHash, nfcCreationDate);
+                    .setCryptoInput(cryptoInput);
 
             // execute PGP operation!
             PgpSignEncryptOperation pse = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
@@ -298,7 +304,7 @@ public class OpenPgpService extends RemoteService {
                     // return PendingIntent to execute NFC activity
                     // pass through the signature creation timestamp to be used again on second execution
                     // of PgpSignEncrypt when we have the signed hash!
-                    data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, pgpResult.getNfcTimestamp().getTime());
+                    data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, nfcCreationDate.getTime());
 
                     // return PendingIntent to be executed by client
                     Intent result = new Intent();
@@ -389,7 +395,7 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength, originalFilename);
 
-            PgpSignEncryptInput pseInput = new PgpSignEncryptInput();
+            PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel();
             pseInput.setEnableAsciiArmorOutput(asciiArmor)
                     .setVersionHeader(null)
                     .setCompressionId(compressionId)
@@ -412,16 +418,21 @@ public class OpenPgpService extends RemoteService {
 
                 byte[] nfcSignedHash = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_SIGNED_HASH);
                 // carefully: only set if timestamp exists
-                Date nfcCreationDate = null;
+                Date nfcCreationDate;
                 long nfcCreationTimestamp = data.getLongExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, -1);
                 if (nfcCreationTimestamp != -1) {
                     nfcCreationDate = new Date(nfcCreationTimestamp);
+                } else {
+                    nfcCreationDate = new Date();
                 }
 
+                CryptoInputParcel cryptoInput = new CryptoInputParcel(nfcCreationDate);
+                cryptoInput.addCryptoData(null, nfcSignedHash); // TODO fix!
+
                 // sign and encrypt
                 pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
                         .setSignatureMasterKeyId(signKeyId)
-                        .setNfcState(nfcSignedHash, nfcCreationDate)
+                        .setCryptoInput(cryptoInput)
                         .setAdditionalEncryptId(signKeyId); // add sign key for encryption
             }
 
@@ -439,7 +450,7 @@ public class OpenPgpService extends RemoteService {
                     // return PendingIntent to execute NFC activity
                     // pass through the signature creation timestamp to be used again on second execution
                     // of PgpSignEncrypt when we have the signed hash!
-                    data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, pgpResult.getNfcTimestamp().getTime());
+                    data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, 0L); // TODO fix
                     // return PendingIntent to be executed by client
                     Intent result = new Intent();
                     result.putExtra(OpenPgpApi.RESULT_INTENT,
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
index d6da18e6e..485d5de72 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
@@ -26,31 +26,31 @@ import java.util.ArrayList;
 import java.util.Date;
 
 import org.sufficientlysecure.keychain.pgp.WrappedUserAttribute;
-import org.sufficientlysecure.keychain.service.input.CryptoOperationParcel;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 
 
 /**
  * This class is a a transferable representation for a number of keyrings to
  * be certified.
  */
-public class CertifyActionsParcel extends CryptoOperationParcel {
+public class CertifyActionsParcel implements Parcelable {
 
     // the master key id to certify with
     final public long mMasterKeyId;
     public CertifyLevel mLevel;
 
     public ArrayList<CertifyAction> mCertifyActions = new ArrayList<>();
+    public CryptoInputParcel mCryptoInput;
 
     public CertifyActionsParcel(Date operationTime, long masterKeyId) {
-        super(operationTime);
         mMasterKeyId = masterKeyId;
+        mCryptoInput = new CryptoInputParcel(operationTime);
         mLevel = CertifyLevel.DEFAULT;
     }
 
     public CertifyActionsParcel(Parcel source) {
-        super(source);
-
         mMasterKeyId = source.readLong();
+        mCryptoInput = source.readParcelable(CertifyActionsParcel.class.getClassLoader());
         // just like parcelables, this is meant for ad-hoc IPC only and is NOT portable!
         mLevel = CertifyLevel.values()[source.readInt()];
 
@@ -63,9 +63,8 @@ public class CertifyActionsParcel extends CryptoOperationParcel {
 
     @Override
     public void writeToParcel(Parcel destination, int flags) {
-        super.writeToParcel(destination, flags);
-
         destination.writeLong(mMasterKeyId);
+        destination.writeParcelable(mCryptoInput, 0);
         destination.writeInt(mLevel.ordinal());
 
         destination.writeSerializable(mCertifyActions);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
new file mode 100644
index 000000000..e02eda4b3
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
@@ -0,0 +1,81 @@
+package org.sufficientlysecure.keychain.service.input;
+
+import java.nio.ByteBuffer;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+
+/** This is a base class for the input of crypto operations.
+ *
+ */
+public class CryptoInputParcel implements Parcelable {
+
+    Date mSignatureTime;
+
+    // this map contains both decrypted session keys and signed hashes to be
+    // used in the crypto operation described by this parcel.
+    private HashMap<ByteBuffer,byte[]> mCryptoData = new HashMap<>();
+
+    public CryptoInputParcel(Date signatureTime) {
+        mSignatureTime = signatureTime == null ? new Date() : signatureTime;
+    }
+
+    protected CryptoInputParcel(Parcel source) {
+        mSignatureTime = new Date(source.readLong());
+
+        {
+            int count = source.readInt();
+            mCryptoData = new HashMap<>(count);
+            for (int i = 0; i < count; i++) {
+                byte[] key = source.createByteArray();
+                byte[] value = source.createByteArray();
+                mCryptoData.put(ByteBuffer.wrap(key), value);
+            }
+        }
+
+    }
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeLong(mSignatureTime.getTime());
+
+        dest.writeInt(mCryptoData.size());
+        for (HashMap.Entry<ByteBuffer,byte[]> entry : mCryptoData.entrySet()) {
+            dest.writeByteArray(entry.getKey().array());
+            dest.writeByteArray(entry.getValue());
+        }
+    }
+
+    public void addCryptoData(byte[] hash, byte[] signedHash) {
+        mCryptoData.put(ByteBuffer.wrap(hash), signedHash);
+    }
+
+    public Map<ByteBuffer, byte[]> getCryptoData() {
+        return Collections.unmodifiableMap(mCryptoData);
+    }
+
+    public Date getSignatureTime() {
+        return mSignatureTime;
+    }
+
+    public static final Creator<CryptoInputParcel> CREATOR = new Creator<CryptoInputParcel>() {
+        public CryptoInputParcel createFromParcel(final Parcel source) {
+            return new CryptoInputParcel(source);
+        }
+
+        public CryptoInputParcel[] newArray(final int size) {
+            return new CryptoInputParcel[size];
+        }
+    };
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java
deleted file mode 100644
index 2101755ad..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoOperationParcel.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package org.sufficientlysecure.keychain.service.input;
-
-import java.nio.ByteBuffer;
-import java.util.Date;
-import java.util.HashMap;
-
-import android.os.Parcel;
-import android.os.Parcelable;
-
-
-/** This is a base class for the input of crypto operations.
- *
- */
-public abstract class CryptoOperationParcel implements Parcelable {
-
-    Date mOperationTime;
-
-    // this map contains both decrypted session keys and signed hashes to be
-    // used in the crypto operation described by this parcel.
-    HashMap<ByteBuffer,byte[]> mCryptoData;
-
-    protected CryptoOperationParcel(Date operationTime) {
-        mOperationTime = operationTime;
-    }
-
-    protected CryptoOperationParcel(Parcel source) {
-        mOperationTime = new Date(source.readLong());
-
-        {
-            int count = source.readInt();
-            mCryptoData = new HashMap<>(count);
-            for (int i = 0; i < count; i++) {
-                byte[] key = source.createByteArray();
-                byte[] value = source.createByteArray();
-                mCryptoData.put(ByteBuffer.wrap(key), value);
-            }
-        }
-
-    }
-
-    @Override
-    public void writeToParcel(Parcel dest, int flags) {
-        dest.writeLong(mOperationTime.getTime());
-
-        dest.writeInt(mCryptoData.size());
-        for (HashMap.Entry<ByteBuffer,byte[]> entry : mCryptoData.entrySet()) {
-            dest.writeByteArray(entry.getKey().array());
-            dest.writeByteArray(entry.getValue());
-        }
-    }
-
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
new file mode 100644
index 000000000..5d35e94e0
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
@@ -0,0 +1,85 @@
+package org.sufficientlysecure.keychain.service.input;
+
+import java.util.Date;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+
+public class NfcOperationsParcel implements Parcelable {
+
+    public enum NfcOperationType {
+        NFC_SIGN, NFC_DECRYPT
+    }
+
+    public Date mSignatureTime;
+    public final NfcOperationType mType;
+    public final byte[][] mInputHash;
+    public final int[] mSignAlgo;
+
+    private NfcOperationsParcel(NfcOperationType type, byte[] inputHash, int signAlgo, Date signatureTime) {
+        mType = type;
+        mInputHash = new byte[][] { inputHash };
+        mSignAlgo = new int[] { signAlgo };
+        mSignatureTime = signatureTime;
+    }
+
+    public NfcOperationsParcel(Parcel source) {
+        mType = NfcOperationType.values()[source.readInt()];
+
+        {
+            int count = source.readInt();
+            mInputHash = new byte[count][];
+            mSignAlgo = new int[count];
+            for (int i = 0; i < count; i++) {
+                mInputHash[i] = source.createByteArray();
+                mSignAlgo[i] = source.readInt();
+            }
+        }
+
+        mSignatureTime = source.readInt() != 0 ? new Date(source.readLong()) : null;
+
+    }
+
+    public static NfcOperationsParcel createNfcSignOperation(
+            byte[] inputHash, int signAlgo, Date signatureTime) {
+        return new NfcOperationsParcel(NfcOperationType.NFC_SIGN, inputHash, signAlgo, signatureTime);
+    }
+
+    public static NfcOperationsParcel createNfcDecryptOperation(byte[] inputHash) {
+        return new NfcOperationsParcel(NfcOperationType.NFC_DECRYPT, inputHash, 0, null);
+    }
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeInt(mType.ordinal());
+        dest.writeInt(mInputHash.length);
+        for (int i = 0; i < mInputHash.length; i++) {
+            dest.writeByteArray(mInputHash[i]);
+            dest.writeInt(mSignAlgo[i]);
+        }
+        if (mSignatureTime != null) {
+            dest.writeInt(1);
+            dest.writeLong(mSignatureTime.getTime());
+        } else {
+            dest.writeInt(0);
+        }
+
+    }
+
+    public static final Creator<NfcOperationsParcel> CREATOR = new Creator<NfcOperationsParcel>() {
+        public NfcOperationsParcel createFromParcel(final Parcel source) {
+            return new NfcOperationsParcel(source);
+        }
+
+        public NfcOperationsParcel[] newArray(final int size) {
+            return new NfcOperationsParcel[size];
+        }
+    };
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
index 35dfcb87c..75f22f01c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
@@ -25,15 +25,15 @@ import android.os.Message;
 import android.os.Messenger;
 import android.view.View;
 
-import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
 import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
 
-import java.util.Date;
 
 public abstract class EncryptActivity extends BaseActivity {
 
@@ -42,8 +42,6 @@ public abstract class EncryptActivity extends BaseActivity {
 
     // For NFC data
     protected String mSigningKeyPassphrase = null;
-    protected Date mNfcTimestamp = null;
-    protected byte[] mNfcHash = null;
 
     @Override
     public void onCreate(Bundle savedInstanceState) {
@@ -64,17 +62,12 @@ public abstract class EncryptActivity extends BaseActivity {
         startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
     }
 
-    protected void startNfcSign(long keyId, String pin, byte[] hashToSign, int hashAlgo) {
-        // build PendingIntent for Yubikey NFC operations
-        Intent intent = new Intent(this, NfcActivity.class);
-        intent.setAction(NfcActivity.ACTION_SIGN_HASH);
+    protected void startNfcSign(long keyId, String pin, NfcOperationsParcel nfcOps) {
 
-        // pass params through to activity that it can be returned again later to repeat pgp operation
-        intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
-        intent.putExtra(NfcActivity.EXTRA_KEY_ID, keyId);
-        intent.putExtra(NfcActivity.EXTRA_PIN, pin);
-        intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign);
-        intent.putExtra(NfcActivity.EXTRA_NFC_HASH_ALGO, hashAlgo);
+        Intent intent = new Intent(this, NfcOperationActivity.class);
+        intent.putExtra(NfcOperationActivity.EXTRA_PIN, pin);
+        intent.putExtra(NfcOperationActivity.EXTRA_NFC_OPS, nfcOps);
+        // TODO respect keyid(?)
 
         startActivityForResult(intent, REQUEST_CODE_NFC);
     }
@@ -93,8 +86,9 @@ public abstract class EncryptActivity extends BaseActivity {
 
             case REQUEST_CODE_NFC: {
                 if (resultCode == RESULT_OK && data != null) {
-                    mNfcHash = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_SIGNED_HASH);
-                    startEncrypt();
+                    CryptoInputParcel cryptoInput =
+                            data.getParcelableExtra(NfcOperationActivity.RESULT_DATA);
+                    startEncrypt(cryptoInput);
                     return;
                 }
                 break;
@@ -108,6 +102,10 @@ public abstract class EncryptActivity extends BaseActivity {
     }
 
     public void startEncrypt() {
+        startEncrypt(null);
+    }
+
+    public void startEncrypt(CryptoInputParcel cryptoInput) {
         if (!inputIsValid()) {
             // Notify was created by inputIsValid.
             return;
@@ -117,8 +115,13 @@ public abstract class EncryptActivity extends BaseActivity {
         Intent intent = new Intent(this, KeychainIntentService.class);
         intent.setAction(KeychainIntentService.ACTION_SIGN_ENCRYPT);
 
+        final SignEncryptParcel input = createEncryptBundle();
+        if (cryptoInput != null) {
+            input.setCryptoInput(cryptoInput);
+        }
+
         Bundle data = new Bundle();
-        data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, createEncryptBundle());
+        data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
         // Message is received after encrypting is done in KeychainIntentService
@@ -141,9 +144,13 @@ public abstract class EncryptActivity extends BaseActivity {
                         } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
                                 PgpSignEncryptResult.RESULT_PENDING_NFC) {
 
-                            mNfcTimestamp = pgpResult.getNfcTimestamp();
-                            startNfcSign(pgpResult.getNfcKeyId(), pgpResult.getNfcPassphrase(),
-                                    pgpResult.getNfcHash(), pgpResult.getNfcAlgo());
+                            NfcOperationsParcel parcel = NfcOperationsParcel.createNfcSignOperation(
+                                    pgpResult.getNfcHash(),
+                                    pgpResult.getNfcAlgo(),
+                                    input.getSignatureTime());
+                            startNfcSign(pgpResult.getNfcKeyId(),
+                                    pgpResult.getNfcPassphrase(), parcel);
+
                         } else {
                             throw new RuntimeException("Unhandled pending result!");
                         }
@@ -158,8 +165,6 @@ public abstract class EncryptActivity extends BaseActivity {
 
                     // no matter the result, reset parameters
                     mSigningKeyPassphrase = null;
-                    mNfcHash = null;
-                    mNfcTimestamp = null;
                 }
             }
         };
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
index f1784fab3..49a0f5016 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
@@ -252,7 +252,6 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
             data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
             data.setSignatureMasterKeyId(mSigningKeyId);
             data.setSignaturePassphrase(mSigningKeyPassphrase);
-            data.setNfcState(mNfcHash, mNfcTimestamp);
         }
         return data;
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
index 14f2c492d..894c1202d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
@@ -232,7 +232,6 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
             data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
             data.setSignatureMasterKeyId(mSigningKeyId);
             data.setSignaturePassphrase(mSigningKeyPassphrase);
-            data.setNfcState(mNfcHash, mNfcTimestamp);
         }
         return data;
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
new file mode 100644
index 000000000..c1403d748
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -0,0 +1,492 @@
+/**
+ * Copyright (c) 2013-2014 Philipp Jakubeit, Signe Rüsch, Dominik Schürmann
+ *
+ * Licensed under the Bouncy Castle License (MIT license). See LICENSE file for details.
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+import android.annotation.TargetApi;
+import android.app.PendingIntent;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.nfc.NfcAdapter;
+import android.nfc.Tag;
+import android.nfc.tech.IsoDep;
+import android.os.Build;
+import android.os.Bundle;
+import android.view.WindowManager;
+import android.widget.Toast;
+
+import org.spongycastle.bcpg.HashAlgorithmTags;
+import org.spongycastle.util.encoders.Hex;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.util.Iso7816TLV;
+import org.sufficientlysecure.keychain.util.Log;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+
+/**
+ * This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
+ * NFC devices.
+ *
+ * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
+ */
+@TargetApi(Build.VERSION_CODES.GINGERBREAD_MR1)
+public class NfcOperationActivity extends BaseActivity {
+
+    public static final String EXTRA_PIN = "pin";
+    public static final String EXTRA_NFC_OPS = "nfc_operations";
+
+    public static final String RESULT_DATA = "result_data";
+
+    private static final int TIMEOUT = 100000;
+
+    private NfcAdapter mNfcAdapter;
+    private IsoDep mIsoDep;
+
+    private String mPin;
+
+    NfcOperationsParcel mNfcOperations;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        Log.d(Constants.TAG, "NfcOperationActivity.onCreate");
+
+        getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
+
+        Intent intent = getIntent();
+        String action = intent.getAction();
+        if (NfcAdapter.ACTION_TAG_DISCOVERED.equals(action)) {
+            throw new AssertionError("should not happen: NfcOperationActivity.onCreate is called instead of onNewIntent!");
+        }
+
+        Bundle data = intent.getExtras();
+
+        mNfcOperations = data.getParcelable(EXTRA_NFC_OPS);
+        mPin = data.getString(EXTRA_PIN);
+
+    }
+
+    @Override
+    protected void initLayout() {
+        setContentView(R.layout.nfc_activity);
+    }
+
+    /**
+     * Called when the system is about to start resuming a previous activity,
+     * disables NFC Foreground Dispatch
+     */
+    public void onPause() {
+        super.onPause();
+        Log.d(Constants.TAG, "NfcOperationActivity.onPause");
+
+        disableNfcForegroundDispatch();
+    }
+
+    /**
+     * Called when the activity will start interacting with the user,
+     * enables NFC Foreground Dispatch
+     */
+    public void onResume() {
+        super.onResume();
+        Log.d(Constants.TAG, "NfcOperationActivity.onResume");
+
+        enableNfcForegroundDispatch();
+    }
+
+    /**
+     * This activity is started as a singleTop activity.
+     * All new NFC Intents which are delivered to this activity are handled here
+     */
+    public void onNewIntent(Intent intent) {
+        if (NfcAdapter.ACTION_TAG_DISCOVERED.equals(intent.getAction())) {
+            try {
+                handleNdefDiscoveredIntent(intent);
+            } catch (IOException e) {
+                Log.e(Constants.TAG, "Connection error!", e);
+                toast("Connection Error: " + e.getMessage());
+                setResult(RESULT_CANCELED);
+                finish();
+            }
+        }
+    }
+
+    /** Handle NFC communication and return a result.
+     *
+     * This method is called by onNewIntent above upon discovery of an NFC tag.
+     * It handles initialization and login to the application, subsequently
+     * calls either nfcCalculateSignature() or nfcDecryptSessionKey(), then
+     * finishes the activity with an appropiate result.
+     *
+     * On general communication, see also
+     * http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-a.aspx
+     *
+     * References to pages are generally related to the OpenPGP Application
+     * on ISO SmartCard Systems specification.
+     *
+     */
+    private void handleNdefDiscoveredIntent(Intent intent) throws IOException {
+
+        Tag detectedTag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
+
+        // Connect to the detected tag, setting a couple of settings
+        mIsoDep = IsoDep.get(detectedTag);
+        mIsoDep.setTimeout(TIMEOUT); // timeout is set to 100 seconds to avoid cancellation during calculation
+        mIsoDep.connect();
+
+        // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
+        // See specification, page 51
+        String accepted = "9000";
+
+        // Command APDU (page 51) for SELECT FILE command (page 29)
+        String opening =
+                "00" // CLA
+                        + "A4" // INS
+                        + "04" // P1
+                        + "00" // P2
+                        + "06" // Lc (number of bytes)
+                        + "D27600012401" // Data (6 bytes)
+                        + "00"; // Le
+        if ( ! card(opening).equals(accepted)) { // activate connection
+            toast("Opening Error!");
+            setResult(RESULT_CANCELED);
+            finish();
+            return;
+        }
+
+        // Command APDU for VERIFY command (page 32)
+        String login =
+                "00" // CLA
+                        + "20" // INS
+                        + "00" // P1
+                        + "82" // P2 (PW1)
+                        + String.format("%02x", mPin.length()) // Lc
+                        + Hex.toHexString(mPin.getBytes());
+        if ( ! card(login).equals(accepted)) { // login
+            toast("Wrong PIN!");
+            setResult(RESULT_CANCELED);
+            finish();
+            return;
+        }
+
+        CryptoInputParcel resultData = new CryptoInputParcel(mNfcOperations.mSignatureTime);
+
+        switch (mNfcOperations.mType) {
+
+            case NFC_DECRYPT:
+
+                for (int i = 0; i < mNfcOperations.mInputHash.length; i++) {
+                    byte[] hash = mNfcOperations.mInputHash[i];
+                    byte[] decryptedSessionKey = nfcDecryptSessionKey(hash);
+                    resultData.addCryptoData(hash, decryptedSessionKey);
+                }
+                break;
+
+            case NFC_SIGN:
+                for (int i = 0; i < mNfcOperations.mInputHash.length; i++) {
+                    byte[] hash = mNfcOperations.mInputHash[i];
+                    int algo = mNfcOperations.mSignAlgo[i];
+                    byte[] signedHash = nfcCalculateSignature(hash, algo);
+                    resultData.addCryptoData(hash, signedHash);
+                }
+                break;
+        }
+
+        // give data through for new service call
+        Intent result = new Intent();
+        result.putExtra(RESULT_DATA, resultData);
+        setResult(RESULT_OK, result);
+        finish();
+
+    }
+
+    /**
+     * Gets the user ID
+     *
+     * @return the user id as "name <email>"
+     * @throws java.io.IOException
+     */
+    public String getUserId() throws IOException {
+        String info = "00CA006500";
+        String data = "00CA005E00";
+        return getName(card(info)) + " <" + (new String(Hex.decode(getDataField(card(data))))) + ">";
+    }
+
+    /** Return the key id from application specific data stored on tag, or null
+     * if it doesn't exist.
+     *
+     * @param idx Index of the key to return the fingerprint from.
+     * @return The long key id of the requested key, or null if not found.
+     */
+    public static Long nfcGetKeyId(IsoDep isoDep, int idx) throws IOException {
+        byte[] fp = nfcGetFingerprint(isoDep, idx);
+        if (fp == null) {
+            return null;
+        }
+        ByteBuffer buf = ByteBuffer.wrap(fp);
+        // skip first 12 bytes of the fingerprint
+        buf.position(12);
+        // the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
+        return buf.getLong();
+    }
+
+    /** Return fingerprints of all keys from application specific data stored
+     * on tag, or null if data not available.
+     *
+     * @return The fingerprints of all subkeys in a contiguous byte array.
+     */
+    public static byte[] nfcGetFingerprints(IsoDep isoDep) throws IOException {
+        String data = "00CA006E00";
+        byte[] buf = isoDep.transceive(Hex.decode(data));
+
+        Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true);
+        Log.d(Constants.TAG, "nfc tlv data:\n" + tlv.prettyPrint());
+
+        Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5);
+        if (fptlv == null) {
+            return null;
+        }
+
+        return fptlv.mV;
+    }
+
+    /** Return the fingerprint from application specific data stored on tag, or
+     * null if it doesn't exist.
+     *
+     * @param idx Index of the key to return the fingerprint from.
+     * @return The fingerprint of the requested key, or null if not found.
+     */
+    public static byte[] nfcGetFingerprint(IsoDep isoDep, int idx) throws IOException {
+        byte[] data = nfcGetFingerprints(isoDep);
+
+        // return the master key fingerprint
+        ByteBuffer fpbuf = ByteBuffer.wrap(data);
+        byte[] fp = new byte[20];
+        fpbuf.position(idx*20);
+        fpbuf.get(fp, 0, 20);
+
+        return fp;
+    }
+
+    /**
+     * Calls to calculate the signature and returns the MPI value
+     *
+     * @param hash the hash for signing
+     * @return a big integer representing the MPI for the given hash
+     * @throws java.io.IOException
+     */
+    public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
+
+        // dsi, including Lc
+        String dsi;
+
+        Log.i(Constants.TAG, "Hash: " + hashAlgo);
+        switch (hashAlgo) {
+            case HashAlgorithmTags.SHA1:
+                if (hash.length != 20) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 10!");
+                }
+                dsi = "23" // Lc
+                        + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
+                        + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes
+                        + "0605" + "2B0E03021A" // OID of SHA1
+                        + "0500" // TLV coding of ZERO
+                        + "0414" + getHex(hash); // 0x14 are 20 hash bytes
+                break;
+            case HashAlgorithmTags.RIPEMD160:
+                if (hash.length != 20) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 20!");
+                }
+                dsi = "233021300906052B2403020105000414" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA224:
+                if (hash.length != 28) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 28!");
+                }
+                dsi = "2F302D300D06096086480165030402040500041C" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA256:
+                if (hash.length != 32) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 32!");
+                }
+                dsi = "333031300D060960864801650304020105000420" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA384:
+                if (hash.length != 48) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 48!");
+                }
+                dsi = "433041300D060960864801650304020205000430" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA512:
+                if (hash.length != 64) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 64!");
+                }
+                dsi = "533051300D060960864801650304020305000440" + getHex(hash);
+                break;
+            default:
+                throw new RuntimeException("Not supported hash algo!");
+        }
+
+        // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
+        String apdu  =
+                "002A9E9A" // CLA, INS, P1, P2
+                        + dsi // digital signature input
+                        + "00"; // Le
+
+        String response = card(apdu);
+
+        // split up response into signature and status
+        String status = response.substring(response.length()-4);
+        String signature = response.substring(0, response.length() - 4);
+
+        // while we are getting 0x61 status codes, retrieve more data
+        while (status.substring(0, 2).equals("61")) {
+            Log.d(Constants.TAG, "requesting more data, status " + status);
+            // Send GET RESPONSE command
+            response = card("00C00000" + status.substring(2));
+            status = response.substring(response.length()-4);
+            signature += response.substring(0, response.length()-4);
+        }
+
+        Log.d(Constants.TAG, "final response:" + status);
+
+        if ( ! status.equals("9000")) {
+            toast("Bad NFC response code: " + status);
+            return null;
+        }
+
+        // Make sure the signature we received is actually the expected number of bytes long!
+        if (signature.length() != 256 && signature.length() != 512) {
+            toast("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2);
+            return null;
+        }
+
+        return Hex.decode(signature);
+    }
+
+    /**
+     * Calls to calculate the signature and returns the MPI value
+     *
+     * @param encryptedSessionKey the encoded session key
+     * @return the decoded session key
+     * @throws java.io.IOException
+     */
+    public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
+        String firstApdu = "102a8086fe";
+        String secondApdu = "002a808603";
+        String le = "00";
+
+        byte[] one = new byte[254];
+        // leave out first byte:
+        System.arraycopy(encryptedSessionKey, 1, one, 0, one.length);
+
+        byte[] two = new byte[encryptedSessionKey.length - 1 - one.length];
+        for (int i = 0; i < two.length; i++) {
+            two[i] = encryptedSessionKey[i + one.length + 1];
+        }
+
+        String first = card(firstApdu + getHex(one));
+        String second = card(secondApdu + getHex(two) + le);
+
+        String decryptedSessionKey = getDataField(second);
+
+        Log.d(Constants.TAG, "decryptedSessionKey: " + decryptedSessionKey);
+
+        return Hex.decode(decryptedSessionKey);
+    }
+
+    /**
+     * Prints a message to the screen
+     *
+     * @param text the text which should be contained within the toast
+     */
+    private void toast(String text) {
+        Toast.makeText(this, text, Toast.LENGTH_LONG).show();
+    }
+
+    /**
+     * Receive new NFC Intents to this activity only by enabling foreground dispatch.
+     * This can only be done in onResume!
+     */
+    public void enableNfcForegroundDispatch() {
+        mNfcAdapter = NfcAdapter.getDefaultAdapter(this);
+        Intent nfcI = new Intent(this, NfcOperationActivity.class)
+                .addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
+        PendingIntent nfcPendingIntent = PendingIntent.getActivity(this, 0, nfcI, PendingIntent.FLAG_CANCEL_CURRENT);
+        IntentFilter[] writeTagFilters = new IntentFilter[]{
+                new IntentFilter(NfcAdapter.ACTION_TAG_DISCOVERED)
+        };
+
+        // https://code.google.com/p/android/issues/detail?id=62918
+        // maybe mNfcAdapter.enableReaderMode(); ?
+        try {
+            mNfcAdapter.enableForegroundDispatch(this, nfcPendingIntent, writeTagFilters, null);
+        } catch (IllegalStateException e) {
+            Log.i(Constants.TAG, "NfcForegroundDispatch Error!", e);
+        }
+        Log.d(Constants.TAG, "NfcForegroundDispatch has been enabled!");
+    }
+
+    /**
+     * Disable foreground dispatch in onPause!
+     */
+    public void disableNfcForegroundDispatch() {
+        mNfcAdapter.disableForegroundDispatch(this);
+        Log.d(Constants.TAG, "NfcForegroundDispatch has been disabled!");
+    }
+
+    /**
+     * Gets the name of the user out of the raw card output regarding card holder related data
+     *
+     * @param name the raw card holder related data from the card
+     * @return the name given in this data
+     */
+    public String getName(String name) {
+        String slength;
+        int ilength;
+        name = name.substring(6);
+        slength = name.substring(0, 2);
+        ilength = Integer.parseInt(slength, 16) * 2;
+        name = name.substring(2, ilength + 2);
+        name = (new String(Hex.decode(name))).replace('<', ' ');
+        return (name);
+    }
+
+    /**
+     * Reduces the raw data from the card by four characters
+     *
+     * @param output the raw data from the card
+     * @return the data field of that data
+     */
+    private String getDataField(String output) {
+        return output.substring(0, output.length() - 4);
+    }
+
+    /**
+     * Communicates with the OpenPgpCard via the APDU
+     *
+     * @param hex the hexadecimal APDU
+     * @return The answer from the card
+     * @throws java.io.IOException throws an exception if something goes wrong
+     */
+    public String card(String hex) throws IOException {
+        return getHex(mIsoDep.transceive(Hex.decode(hex)));
+    }
+
+    /**
+     * Converts a byte array into an hex string
+     *
+     * @param raw the byte array representation
+     * @return the  hexadecimal string representation
+     */
+    public static String getHex(byte[] raw) {
+        return new String(Hex.encode(raw));
+    }
+}

From d46fc3740bbfc3bac0b1133a3e9d47c7ce3e06e2 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Wed, 18 Mar 2015 21:12:31 +0100
Subject: [PATCH 03/80] yubikey certifications!

---
 .../keychain/operations/CertifyOperation.java |  46 +++---
 .../operations/results/CertifyResult.java     |  10 +-
 .../results/InputPendingResult.java           |  76 +++++++++
 .../operations/results/OperationResult.java   |   2 +-
 .../operations/results/SignEncryptResult.java |   1 +
 .../keychain/pgp/CanonicalizedSecretKey.java  | 151 +++---------------
 .../keychain/pgp/PgpCertifyOperation.java     | 149 +++++++++++++++++
 .../keychain/pgp/PgpSignEncryptOperation.java |   4 +-
 .../service/CertifyActionsParcel.java         |  14 +-
 .../service/KeychainIntentServiceHandler.java |   2 +
 .../service/input/NfcOperationsParcel.java    |  81 ++++++++--
 .../keychain/ui/CertifyKeyFragment.java       |  80 +++-------
 .../keychain/ui/CryptoOperationFragment.java  |  89 +++++++++++
 .../keychain/ui/NfcOperationActivity.java     |  10 +-
 OpenKeychain/src/main/res/values/strings.xml  |   2 +-
 15 files changed, 476 insertions(+), 241 deletions(-)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
index ebf0dc70b..140e03764 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -30,6 +30,8 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.PgpCertifyOperation;
+import org.sufficientlysecure.keychain.pgp.PgpCertifyOperation.PgpCertifyResult;
 import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
@@ -38,6 +40,8 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
 import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel.NfcSignOperationsBuilder;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.Log;
 
@@ -73,10 +77,6 @@ public class CertifyOperation extends BaseOperation {
                     mProviderHelper.getCanonicalizedSecretKeyRing(parcel.mMasterKeyId);
             log.add(LogType.MSG_CRT_UNLOCK, 1);
             certificationKey = secretKeyRing.getSecretKey();
-            if (certificationKey.getSecretKeyType() == SecretKeyType.DIVERT_TO_CARD) {
-                log.add(LogType.MSG_CRT_ERROR_DIVERT, 2);
-                return new CertifyResult(CertifyResult.RESULT_ERROR, log);
-            }
 
             // certification is always with the master key id, so use that one
             String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
@@ -102,6 +102,8 @@ public class CertifyOperation extends BaseOperation {
 
         int certifyOk = 0, certifyError = 0, uploadOk = 0, uploadError = 0;
 
+        NfcSignOperationsBuilder allRequiredInput = new NfcSignOperationsBuilder(parcel.getSignatureTime());
+
         // Work through all requested certifications
         for (CertifyAction action : parcel.mCertifyActions) {
 
@@ -122,28 +124,21 @@ public class CertifyOperation extends BaseOperation {
                 CanonicalizedPublicKeyRing publicRing =
                         mProviderHelper.getCanonicalizedPublicKeyRing(action.mMasterKeyId);
 
-                UncachedKeyRing certifiedKey = null;
-                if (action.mUserIds != null) {
-                    log.add(LogType.MSG_CRT_CERTIFY_UIDS, 2, action.mUserIds.size(),
-                            KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId));
+                PgpCertifyOperation op = new PgpCertifyOperation();
+                PgpCertifyResult result = op.certify(certificationKey, publicRing,
+                        log, 2, action, parcel.getSignatureData(), parcel.getSignatureTime());
 
-                    certifiedKey = certificationKey.certifyUserIds(
-                            publicRing, action.mUserIds, null, null);
-                }
-
-                if (action.mUserAttributes != null) {
-                    log.add(LogType.MSG_CRT_CERTIFY_UATS, 2, action.mUserAttributes.size(),
-                            KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId));
-
-                    certifiedKey = certificationKey.certifyUserAttributes(
-                            publicRing, action.mUserAttributes, null, null);
-                }
-
-                if (certifiedKey == null) {
+                if (!result.success()) {
                     certifyError += 1;
-                    log.add(LogType.MSG_CRT_WARN_CERT_FAILED, 3);
+                    continue;
                 }
-                certifiedKeys.add(certifiedKey);
+                if (result.nfcInputRequired()) {
+                    NfcOperationsParcel requiredInput = result.getRequiredInput();
+                    allRequiredInput.addAll(requiredInput);
+                    continue;
+                }
+
+                certifiedKeys.add(result.getCertifiedRing());
 
             } catch (NotFoundException e) {
                 certifyError += 1;
@@ -152,6 +147,11 @@ public class CertifyOperation extends BaseOperation {
 
         }
 
+        if ( ! allRequiredInput.isEmpty()) {
+            log.add(LogType.MSG_CRT_NFC_RETURN, 1);
+            return new CertifyResult(log, allRequiredInput.build());
+        }
+
         log.add(LogType.MSG_CRT_SAVING, 1);
 
         // Check if we were cancelled
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java
index 94684851a..33591fa03 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java
@@ -23,6 +23,7 @@ import android.content.Intent;
 import android.os.Parcel;
 
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
 import org.sufficientlysecure.keychain.ui.LogDisplayActivity;
 import org.sufficientlysecure.keychain.ui.LogDisplayFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
@@ -30,16 +31,19 @@ import org.sufficientlysecure.keychain.ui.util.Notify.ActionListener;
 import org.sufficientlysecure.keychain.ui.util.Notify.Showable;
 import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 
-public class CertifyResult extends OperationResult {
-
+public class CertifyResult extends InputPendingResult {
     int mCertifyOk, mCertifyError, mUploadOk, mUploadError;
 
     public CertifyResult(int result, OperationLog log) {
         super(result, log);
     }
 
+    public CertifyResult(OperationLog log, NfcOperationsParcel requiredInput) {
+        super(log, requiredInput);
+    }
+
     public CertifyResult(int result, OperationLog log, int certifyOk, int certifyError, int uploadOk, int uploadError) {
-        this(result, log);
+        super(result, log);
         mCertifyOk = certifyOk;
         mCertifyError = certifyError;
         mUploadOk = uploadOk;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
new file mode 100644
index 000000000..b681aba60
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
@@ -0,0 +1,76 @@
+package org.sufficientlysecure.keychain.operations.results;
+
+
+import android.os.Parcel;
+
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+
+
+public class InputPendingResult extends OperationResult {
+
+    // the fourth bit indicates a "data pending" result! (it's also a form of non-success)
+    public static final int RESULT_PENDING = RESULT_ERROR + 8;
+
+    public static final int RESULT_PENDING_PASSPHRASE = RESULT_PENDING + 16;
+    public static final int RESULT_PENDING_NFC = RESULT_PENDING + 32;
+
+    final NfcOperationsParcel mRequiredInput;
+    final Long mKeyIdPassphraseNeeded;
+
+    public InputPendingResult(int result, OperationLog log) {
+        super(result, log);
+        mRequiredInput = null;
+        mKeyIdPassphraseNeeded = null;
+    }
+
+    public InputPendingResult(OperationLog log, NfcOperationsParcel requiredInput) {
+        super(RESULT_PENDING_NFC, log);
+        mRequiredInput = requiredInput;
+        mKeyIdPassphraseNeeded = null;
+    }
+
+    public InputPendingResult(OperationLog log, long keyIdPassphraseNeeded) {
+        super(RESULT_PENDING_PASSPHRASE, log);
+        mRequiredInput = null;
+        mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
+    }
+
+    public InputPendingResult(Parcel source) {
+        super(source);
+        mRequiredInput = source.readParcelable(getClass().getClassLoader());
+        mKeyIdPassphraseNeeded = source.readInt() != 0 ? source.readLong() : null;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        super.writeToParcel(dest, flags);
+        dest.writeParcelable(mRequiredInput, 0);
+        if (mKeyIdPassphraseNeeded != null) {
+            dest.writeInt(1);
+            dest.writeLong(mKeyIdPassphraseNeeded);
+        } else {
+            dest.writeInt(0);
+        }
+    }
+
+    public boolean isPending() {
+        return (mResult & RESULT_PENDING) == RESULT_PENDING;
+    }
+
+    public boolean isNfcPending() {
+        return (mResult & RESULT_PENDING_NFC) == RESULT_PENDING_NFC;
+    }
+
+    public boolean isPassphrasePending() {
+        return (mResult & RESULT_PENDING_PASSPHRASE) == RESULT_PENDING_PASSPHRASE;
+    }
+
+    public NfcOperationsParcel getNfcOperationsParcel() {
+        return mRequiredInput;
+    }
+
+    public long getPassphraseKeyId() {
+        return mKeyIdPassphraseNeeded;
+    }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 068e314d5..989fb395e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -697,9 +697,9 @@ public abstract class OperationResult implements Parcelable {
         MSG_CRT_ERROR_MASTER_NOT_FOUND (LogLevel.ERROR, R.string.msg_crt_error_master_not_found),
         MSG_CRT_ERROR_NOTHING (LogLevel.ERROR, R.string.msg_crt_error_nothing),
         MSG_CRT_ERROR_UNLOCK (LogLevel.ERROR, R.string.msg_crt_error_unlock),
-        MSG_CRT_ERROR_DIVERT (LogLevel.ERROR, R.string.msg_crt_error_divert),
         MSG_CRT (LogLevel.START, R.string.msg_crt),
         MSG_CRT_MASTER_FETCH (LogLevel.DEBUG, R.string.msg_crt_master_fetch),
+        MSG_CRT_NFC_RETURN (LogLevel.OK, R.string.msg_crt_nfc_return),
         MSG_CRT_SAVE (LogLevel.DEBUG, R.string.msg_crt_save),
         MSG_CRT_SAVING (LogLevel.DEBUG, R.string.msg_crt_saving),
         MSG_CRT_SUCCESS (LogLevel.OK, R.string.msg_crt_success),
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
index 23e8094b9..5a0a51ee5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
@@ -31,6 +31,7 @@ public class SignEncryptResult extends OperationResult {
 
     public static final int RESULT_PENDING = RESULT_ERROR + 8;
 
+
     public PgpSignEncryptResult getPending() {
         for (PgpSignEncryptResult sub : mResults) {
             if (sub.isPending()) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index df409902f..c4d0d488e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -202,8 +202,26 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         }
     }
 
-    public PGPSignatureGenerator getSignatureGenerator(int hashAlgo, boolean cleartext,
-            Map<ByteBuffer,byte[]> signedHashes, Date creationTimestamp)
+    public PGPSignatureGenerator getCertSignatureGenerator(Map<ByteBuffer, byte[]> signedHashes) {
+        PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(
+                PgpConstants.CERTIFY_HASH_ALGO, signedHashes);
+
+        if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
+            throw new PrivateKeyNotUnlockedException();
+        }
+
+        PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
+        try {
+            signatureGenerator.init(PGPSignature.DEFAULT_CERTIFICATION, mPrivateKey);
+            return signatureGenerator;
+        } catch (PGPException e) {
+            Log.e(Constants.TAG, "signing error", e);
+            return null;
+        }
+    }
+
+    public PGPSignatureGenerator getDataSignatureGenerator(int hashAlgo, boolean cleartext,
+            Map<ByteBuffer, byte[]> signedHashes, Date creationTimestamp)
             throws PgpGeneralException {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
             throw new PrivateKeyNotUnlockedException();
@@ -259,135 +277,6 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         }
     }
 
-    /**
-     * Certify the given pubkeyid with the given masterkeyid.
-     *
-     * @param publicKeyRing Keyring to add certification to.
-     * @param userIds       User IDs to certify
-     * @return A keyring with added certifications
-     */
-    public UncachedKeyRing certifyUserIds(CanonicalizedPublicKeyRing publicKeyRing,
-            List<String> userIds,
-            HashMap<ByteBuffer,byte[]> signedHashes, Date creationTimestamp) {
-        if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
-            throw new PrivateKeyNotUnlockedException();
-        }
-        if (!isMasterKey()) {
-            throw new AssertionError("tried to certify with non-master key, this is a programming error!");
-        }
-        if (publicKeyRing.getMasterKeyId() == getKeyId()) {
-            throw new AssertionError("key tried to self-certify, this is a programming error!");
-        }
-
-        // create a signatureGenerator from the supplied masterKeyId and passphrase
-        PGPSignatureGenerator signatureGenerator;
-        {
-            PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(
-                    PgpConstants.CERTIFY_HASH_ALGO, signedHashes);
-
-            signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
-            try {
-                signatureGenerator.init(PGPSignature.DEFAULT_CERTIFICATION, mPrivateKey);
-            } catch (PGPException e) {
-                Log.e(Constants.TAG, "signing error", e);
-                return null;
-            }
-        }
-
-        { // supply signatureGenerator with a SubpacketVector
-            PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
-            if (creationTimestamp != null) {
-                spGen.setSignatureCreationTime(false, creationTimestamp);
-                Log.d(Constants.TAG, "For NFC: set sig creation time to " + creationTimestamp);
-            }
-            PGPSignatureSubpacketVector packetVector = spGen.generate();
-            signatureGenerator.setHashedSubpackets(packetVector);
-        }
-
-        // get the master subkey (which we certify for)
-        PGPPublicKey publicKey = publicKeyRing.getPublicKey().getPublicKey();
-
-        // fetch public key ring, add the certification and return it
-        try {
-            for (String userId : userIds) {
-                PGPSignature sig = signatureGenerator.generateCertification(userId, publicKey);
-                publicKey = PGPPublicKey.addCertification(publicKey, userId, sig);
-            }
-        } catch (PGPException e) {
-            Log.e(Constants.TAG, "signing error", e);
-            return null;
-        }
-
-        PGPPublicKeyRing ring = PGPPublicKeyRing.insertPublicKey(publicKeyRing.getRing(), publicKey);
-
-        return new UncachedKeyRing(ring);
-    }
-
-    /**
-     * Certify the given user attributes with the given masterkeyid.
-     *
-     * @param publicKeyRing Keyring to add certification to.
-     * @param userAttributes       User IDs to certify, or all if null
-     * @return A keyring with added certifications
-     */
-    public UncachedKeyRing certifyUserAttributes(CanonicalizedPublicKeyRing publicKeyRing,
-            List<WrappedUserAttribute> userAttributes,
-            HashMap<ByteBuffer,byte[]> signedHashes, Date creationTimestamp) {
-        if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
-            throw new PrivateKeyNotUnlockedException();
-        }
-        if (!isMasterKey()) {
-            throw new AssertionError("tried to certify with non-master key, this is a programming error!");
-        }
-        if (publicKeyRing.getMasterKeyId() == getKeyId()) {
-            throw new AssertionError("key tried to self-certify, this is a programming error!");
-        }
-
-        // create a signatureGenerator from the supplied masterKeyId and passphrase
-        PGPSignatureGenerator signatureGenerator;
-        {
-            PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(
-                    PgpConstants.CERTIFY_HASH_ALGO, signedHashes);
-
-            signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
-            try {
-                signatureGenerator.init(PGPSignature.DEFAULT_CERTIFICATION, mPrivateKey);
-            } catch (PGPException e) {
-                Log.e(Constants.TAG, "signing error", e);
-                return null;
-            }
-        }
-
-        { // supply signatureGenerator with a SubpacketVector
-            PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
-            if (creationTimestamp != null) {
-                spGen.setSignatureCreationTime(false, creationTimestamp);
-                Log.d(Constants.TAG, "For NFC: set sig creation time to " + creationTimestamp);
-            }
-            PGPSignatureSubpacketVector packetVector = spGen.generate();
-            signatureGenerator.setHashedSubpackets(packetVector);
-        }
-
-        // get the master subkey (which we certify for)
-        PGPPublicKey publicKey = publicKeyRing.getPublicKey().getPublicKey();
-
-        // fetch public key ring, add the certification and return it
-        try {
-            for (WrappedUserAttribute userAttribute : userAttributes) {
-                PGPUserAttributeSubpacketVector vector = userAttribute.getVector();
-                PGPSignature sig = signatureGenerator.generateCertification(vector, publicKey);
-                publicKey = PGPPublicKey.addCertification(publicKey, vector, sig);
-            }
-        } catch (PGPException e) {
-            Log.e(Constants.TAG, "signing error", e);
-            return null;
-        }
-
-        PGPPublicKeyRing ring = PGPPublicKeyRing.insertPublicKey(publicKeyRing.getRing(), publicKey);
-
-        return new UncachedKeyRing(ring);
-    }
-
     static class PrivateKeyNotUnlockedException extends RuntimeException {
         // this exception is a programming error which happens when an operation which requires
         // the private key is called without a previous call to unlock()
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
new file mode 100644
index 000000000..3c9daadbb
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
@@ -0,0 +1,149 @@
+package org.sufficientlysecure.keychain.pgp;
+
+
+import java.nio.ByteBuffer;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.spongycastle.openpgp.PGPException;
+import org.spongycastle.openpgp.PGPPublicKey;
+import org.spongycastle.openpgp.PGPPublicKeyRing;
+import org.spongycastle.openpgp.PGPSignature;
+import org.spongycastle.openpgp.PGPSignatureGenerator;
+import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator;
+import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
+import org.spongycastle.openpgp.PGPUserAttributeSubpacketVector;
+import org.spongycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
+import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
+import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel.NfcSignOperationsBuilder;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.util.Log;
+
+
+public class PgpCertifyOperation {
+
+    public PgpCertifyResult certify(
+            CanonicalizedSecretKey secretKey,
+            CanonicalizedPublicKeyRing publicRing,
+            OperationLog log,
+            int indent,
+            CertifyAction action,
+            Map<ByteBuffer,byte[]> signedHashes,
+            Date creationTimestamp) {
+
+        if (!secretKey.isMasterKey()) {
+            throw new AssertionError("tried to certify with non-master key, this is a programming error!");
+        }
+        if (publicRing.getMasterKeyId() == secretKey.getKeyId()) {
+            throw new AssertionError("key tried to self-certify, this is a programming error!");
+        }
+
+        // create a signatureGenerator from the supplied masterKeyId and passphrase
+        PGPSignatureGenerator signatureGenerator = secretKey.getCertSignatureGenerator(signedHashes);
+
+        { // supply signatureGenerator with a SubpacketVector
+            PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
+            if (creationTimestamp != null) {
+                spGen.setSignatureCreationTime(false, creationTimestamp);
+                Log.d(Constants.TAG, "For NFC: set sig creation time to " + creationTimestamp);
+            }
+            PGPSignatureSubpacketVector packetVector = spGen.generate();
+            signatureGenerator.setHashedSubpackets(packetVector);
+        }
+
+        // get the master subkey (which we certify for)
+        PGPPublicKey publicKey = publicRing.getPublicKey().getPublicKey();
+
+        NfcSignOperationsBuilder requiredInput = new NfcSignOperationsBuilder(creationTimestamp);
+
+        try {
+            if (action.mUserIds != null) {
+                log.add(LogType.MSG_CRT_CERTIFY_UIDS, 2, action.mUserIds.size(),
+                        KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId));
+
+                // fetch public key ring, add the certification and return it
+                for (String userId : action.mUserIds) {
+                    try {
+                        PGPSignature sig = signatureGenerator.generateCertification(userId, publicKey);
+                        publicKey = PGPPublicKey.addCertification(publicKey, userId, sig);
+                    } catch (NfcInteractionNeeded e) {
+                        requiredInput.addHash(e.hashToSign, e.hashAlgo);
+                    }
+                }
+
+            }
+
+            if (action.mUserAttributes != null) {
+                log.add(LogType.MSG_CRT_CERTIFY_UATS, 2, action.mUserAttributes.size(),
+                        KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId));
+
+                // fetch public key ring, add the certification and return it
+                for (WrappedUserAttribute userAttribute : action.mUserAttributes) {
+                    PGPUserAttributeSubpacketVector vector = userAttribute.getVector();
+                    try {
+                        PGPSignature sig = signatureGenerator.generateCertification(vector, publicKey);
+                        publicKey = PGPPublicKey.addCertification(publicKey, vector, sig);
+                    } catch (NfcInteractionNeeded e) {
+                        requiredInput.addHash(e.hashToSign, e.hashAlgo);
+                    }
+                }
+
+            }
+        } catch (PGPException e) {
+            Log.e(Constants.TAG, "signing error", e);
+            return new PgpCertifyResult();
+        }
+
+        if (!requiredInput.isEmpty()) {
+            return new PgpCertifyResult(requiredInput.build());
+        }
+
+        PGPPublicKeyRing ring = PGPPublicKeyRing.insertPublicKey(publicRing.getRing(), publicKey);
+        return new PgpCertifyResult(new UncachedKeyRing(ring));
+
+    }
+
+    public static class PgpCertifyResult {
+
+        final NfcOperationsParcel mRequiredInput;
+        final UncachedKeyRing mCertifiedRing;
+
+        PgpCertifyResult() {
+            mRequiredInput = null;
+            mCertifiedRing = null;
+        }
+
+        PgpCertifyResult(NfcOperationsParcel requiredInput) {
+            mRequiredInput = requiredInput;
+            mCertifiedRing = null;
+        }
+
+        PgpCertifyResult(UncachedKeyRing certifiedRing) {
+            mRequiredInput = null;
+            mCertifiedRing = certifiedRing;
+        }
+
+        public boolean success() {
+            return mCertifiedRing != null || mRequiredInput != null;
+        }
+
+        public boolean nfcInputRequired() {
+            return mRequiredInput != null;
+        }
+
+        public UncachedKeyRing getCertifiedRing() {
+            return mCertifiedRing;
+        }
+
+        public NfcOperationsParcel getRequiredInput() {
+            return mRequiredInput;
+        }
+
+    }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index 2e515137a..7253d9b18 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -44,8 +44,6 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
@@ -283,7 +281,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
 
             try {
                 boolean cleartext = input.isCleartextSignature() && input.isEnableAsciiArmorOutput() && !enableEncryption;
-                signatureGenerator = signingKey.getSignatureGenerator(
+                signatureGenerator = signingKey.getDataSignatureGenerator(
                         input.getSignatureHashAlgorithm(), cleartext,
                         input.getCryptoData(), input.getSignatureTime());
             } catch (PgpGeneralException e) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
index 485d5de72..63a7bf371 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
@@ -22,8 +22,10 @@ import android.os.Parcel;
 import android.os.Parcelable;
 
 import java.io.Serializable;
+import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.Map;
 
 import org.sufficientlysecure.keychain.pgp.WrappedUserAttribute;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
@@ -42,9 +44,9 @@ public class CertifyActionsParcel implements Parcelable {
     public ArrayList<CertifyAction> mCertifyActions = new ArrayList<>();
     public CryptoInputParcel mCryptoInput;
 
-    public CertifyActionsParcel(Date operationTime, long masterKeyId) {
+    public CertifyActionsParcel(CryptoInputParcel cryptoInput, long masterKeyId) {
         mMasterKeyId = masterKeyId;
-        mCryptoInput = new CryptoInputParcel(operationTime);
+        mCryptoInput = cryptoInput != null ? cryptoInput : new CryptoInputParcel(new Date());
         mLevel = CertifyLevel.DEFAULT;
     }
 
@@ -70,6 +72,14 @@ public class CertifyActionsParcel implements Parcelable {
         destination.writeSerializable(mCertifyActions);
     }
 
+    public Map<ByteBuffer, byte[]> getSignatureData() {
+        return mCryptoInput.getCryptoData();
+    }
+
+    public Date getSignatureTime() {
+        return mCryptoInput.getSignatureTime();
+    }
+
     public static final Creator<CertifyActionsParcel> CREATOR = new Creator<CertifyActionsParcel>() {
         public CertifyActionsParcel createFromParcel(final Parcel source) {
             return new CertifyActionsParcel(source);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java
index bd047518d..05d80b4e0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java
@@ -18,6 +18,7 @@
 package org.sufficientlysecure.keychain.service;
 
 import android.app.Activity;
+import android.content.Intent;
 import android.os.Bundle;
 import android.os.Handler;
 import android.os.Message;
@@ -26,6 +27,7 @@ import android.support.v4.app.FragmentManager;
 
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.operations.results.CertifyResult;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
index 5d35e94e0..b9ee9e6ca 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
@@ -1,5 +1,7 @@
 package org.sufficientlysecure.keychain.service.input;
 
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 
 import android.os.Parcel;
@@ -14,13 +16,14 @@ public class NfcOperationsParcel implements Parcelable {
 
     public Date mSignatureTime;
     public final NfcOperationType mType;
-    public final byte[][] mInputHash;
-    public final int[] mSignAlgo;
+    public final byte[][] mInputHashes;
+    public final int[] mSignAlgos;
 
-    private NfcOperationsParcel(NfcOperationType type, byte[] inputHash, int signAlgo, Date signatureTime) {
+    private NfcOperationsParcel(NfcOperationType type, byte[][] inputHashes,
+            int[] signAlgos, Date signatureTime) {
         mType = type;
-        mInputHash = new byte[][] { inputHash };
-        mSignAlgo = new int[] { signAlgo };
+        mInputHashes = inputHashes;
+        mSignAlgos = signAlgos;
         mSignatureTime = signatureTime;
     }
 
@@ -29,11 +32,11 @@ public class NfcOperationsParcel implements Parcelable {
 
         {
             int count = source.readInt();
-            mInputHash = new byte[count][];
-            mSignAlgo = new int[count];
+            mInputHashes = new byte[count][];
+            mSignAlgos = new int[count];
             for (int i = 0; i < count; i++) {
-                mInputHash[i] = source.createByteArray();
-                mSignAlgo[i] = source.readInt();
+                mInputHashes[i] = source.createByteArray();
+                mSignAlgos[i] = source.readInt();
             }
         }
 
@@ -43,11 +46,13 @@ public class NfcOperationsParcel implements Parcelable {
 
     public static NfcOperationsParcel createNfcSignOperation(
             byte[] inputHash, int signAlgo, Date signatureTime) {
-        return new NfcOperationsParcel(NfcOperationType.NFC_SIGN, inputHash, signAlgo, signatureTime);
+        return new NfcOperationsParcel(NfcOperationType.NFC_SIGN,
+                new byte[][] { inputHash }, new int[] { signAlgo }, signatureTime);
     }
 
     public static NfcOperationsParcel createNfcDecryptOperation(byte[] inputHash) {
-        return new NfcOperationsParcel(NfcOperationType.NFC_DECRYPT, inputHash, 0, null);
+        return new NfcOperationsParcel(NfcOperationType.NFC_DECRYPT,
+                new byte[][] { inputHash }, null, null);
     }
 
     @Override
@@ -58,10 +63,10 @@ public class NfcOperationsParcel implements Parcelable {
     @Override
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeInt(mType.ordinal());
-        dest.writeInt(mInputHash.length);
-        for (int i = 0; i < mInputHash.length; i++) {
-            dest.writeByteArray(mInputHash[i]);
-            dest.writeInt(mSignAlgo[i]);
+        dest.writeInt(mInputHashes.length);
+        for (int i = 0; i < mInputHashes.length; i++) {
+            dest.writeByteArray(mInputHashes[i]);
+            dest.writeInt(mSignAlgos[i]);
         }
         if (mSignatureTime != null) {
             dest.writeInt(1);
@@ -82,4 +87,50 @@ public class NfcOperationsParcel implements Parcelable {
         }
     };
 
+    public static class NfcSignOperationsBuilder {
+        Date mSignatureTime;
+        ArrayList<Integer> mSignAlgos = new ArrayList<>();
+        ArrayList<byte[]> mInputHashes = new ArrayList<>();
+
+        public NfcSignOperationsBuilder(Date signatureTime) {
+            mSignatureTime = signatureTime;
+        }
+
+        public NfcOperationsParcel build() {
+            byte[][] inputHashes = new byte[mInputHashes.size()][];
+            mInputHashes.toArray(inputHashes);
+            int[] signAlgos = new int[mSignAlgos.size()];
+            for (int i = 0; i < mSignAlgos.size(); i++) {
+                signAlgos[i] = mSignAlgos.get(i);
+            }
+
+            return new NfcOperationsParcel(NfcOperationType.NFC_SIGN,
+                    inputHashes, signAlgos, mSignatureTime);
+        }
+
+        public void addHash(byte[] hash, int algo) {
+            mInputHashes.add(hash);
+            mSignAlgos.add(algo);
+        }
+
+        public void addAll(NfcOperationsParcel input) {
+            if (!mSignatureTime.equals(input.mSignatureTime)) {
+                throw new AssertionError("input times must match, this is a programming error!");
+            }
+            if (input.mType != NfcOperationType.NFC_SIGN) {
+                throw new AssertionError("operation types must match, this is a progrmming error!");
+            }
+
+            Collections.addAll(mInputHashes, input.mInputHashes);
+            for (int signAlgo : input.mSignAlgos) {
+                mSignAlgos.add(signAlgo);
+            }
+        }
+
+        public boolean isEmpty() {
+            return mInputHashes.isEmpty();
+        }
+
+    }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
index 049c6976d..acb6b0b85 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
@@ -56,7 +56,7 @@ import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
-import org.sufficientlysecure.keychain.service.PassphraseCacheService;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.adapter.MultiUserIdsAdapter;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.ui.widget.CertifyKeySpinner;
@@ -66,14 +66,11 @@ import org.sufficientlysecure.keychain.util.Preferences;
 
 import java.lang.reflect.Method;
 import java.util.ArrayList;
-import java.util.Date;
 
 
-public class CertifyKeyFragment extends LoaderFragment
+public class CertifyKeyFragment extends CryptoOperationFragment
         implements LoaderManager.LoaderCallbacks<Cursor> {
 
-    public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
-
     private CheckBox mUploadKeyCheckbox;
     ListView mUserIds;
 
@@ -102,9 +99,6 @@ public class CertifyKeyFragment extends LoaderFragment
     public void onActivityCreated(Bundle savedInstanceState) {
         super.onActivityCreated(savedInstanceState);
 
-        // Start out with a progress indicator.
-        setContentShown(false);
-
         mPubMasterKeyIds = getActivity().getIntent().getLongArrayExtra(CertifyKeyActivity.EXTRA_KEY_IDS);
         if (mPubMasterKeyIds == null) {
             Log.e(Constants.TAG, "List of key ids to certify missing!");
@@ -114,6 +108,7 @@ public class CertifyKeyFragment extends LoaderFragment
 
         mPassthroughMessenger = getActivity().getIntent().getParcelableExtra(
                 KeychainIntentService.EXTRA_MESSENGER);
+        mPassthroughMessenger = null; // TODO remove, development hack
 
         // preselect certify key id if given
         long certifyKeyId = getActivity().getIntent().getLongExtra(CertifyKeyActivity.EXTRA_CERTIFY_KEY_ID, Constants.key.none);
@@ -143,9 +138,7 @@ public class CertifyKeyFragment extends LoaderFragment
 
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup superContainer, Bundle savedInstanceState) {
-        View root = super.onCreateView(inflater, superContainer, savedInstanceState);
-
-        View view = inflater.inflate(R.layout.certify_key_fragment, getContainer());
+        View view = inflater.inflate(R.layout.certify_key_fragment, null);
 
         mCertifyKeySpinner = (CertifyKeySpinner) view.findViewById(R.id.certify_key_spinner);
         mUploadKeyCheckbox = (CheckBox) view.findViewById(R.id.sign_key_upload_checkbox);
@@ -173,7 +166,7 @@ public class CertifyKeyFragment extends LoaderFragment
                     Notify.showNotify(getActivity(), getString(R.string.select_key_to_certify),
                             Notify.Style.ERROR);
                 } else {
-                    initiateCertifying();
+                    cryptoOperation();
                 }
             }
         });
@@ -183,7 +176,7 @@ public class CertifyKeyFragment extends LoaderFragment
             mUploadKeyCheckbox.setChecked(false);
         }
 
-        return root;
+        return view;
     }
 
     @Override
@@ -307,7 +300,6 @@ public class CertifyKeyFragment extends LoaderFragment
         }
 
         mUserIdsAdapter.swapCursor(matrix);
-        setContentShown(true, isResumed());
     }
 
     @Override
@@ -315,50 +307,17 @@ public class CertifyKeyFragment extends LoaderFragment
         mUserIdsAdapter.swapCursor(null);
     }
 
-    /**
-     * handles the UI bits of the signing process on the UI thread
-     */
-    private void initiateCertifying() {
-        // get the user's passphrase for this key (if required)
-        String passphrase;
-        try {
-            passphrase = PassphraseCacheService.getCachedPassphrase(getActivity(), mSignMasterKeyId, mSignMasterKeyId);
-        } catch (PassphraseCacheService.KeyNotFoundException e) {
-            Log.e(Constants.TAG, "Key not found!", e);
-            getActivity().finish();
-            return;
-        }
-        if (passphrase == null) {
-            Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
-            intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, mSignMasterKeyId);
-            startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
-            // bail out; need to wait until the user has entered the passphrase before trying again
-        } else {
-            startCertifying();
-        }
+    protected void cryptoOperation() {
+        cryptoOperation((CryptoInputParcel) null);
     }
 
     @Override
-    public void onActivityResult(int requestCode, int resultCode, Intent data) {
-        switch (requestCode) {
-            case REQUEST_CODE_PASSPHRASE: {
-                if (resultCode == Activity.RESULT_OK && data != null) {
-                    String passphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-                    startCertifying();
-                }
-                return;
-            }
-
-            default: {
-                super.onActivityResult(requestCode, resultCode, data);
-            }
-        }
+    protected void cryptoOperation(String passphrase) {
+        cryptoOperation((CryptoInputParcel) null);
     }
 
-    /**
-     * kicks off the actual signing process on a background thread
-     */
-    private void startCertifying() {
+    @Override
+    protected void cryptoOperation(CryptoInputParcel cryptoInput) {
         // Bail out if there is not at least one user id selected
         ArrayList<CertifyAction> certifyActions = mUserIdsAdapter.getSelectedCertifyActions();
         if (certifyActions.isEmpty()) {
@@ -370,7 +329,7 @@ public class CertifyKeyFragment extends LoaderFragment
         Bundle data = new Bundle();
         {
             // fill values for this action
-            CertifyActionsParcel parcel = new CertifyActionsParcel(new Date(), mSignMasterKeyId);
+            CertifyActionsParcel parcel = new CertifyActionsParcel(cryptoInput, mSignMasterKeyId);
             parcel.mCertifyActions.addAll(certifyActions);
 
             data.putParcelable(KeychainIntentService.CERTIFY_PARCEL, parcel);
@@ -390,14 +349,21 @@ public class CertifyKeyFragment extends LoaderFragment
         } else {
 
             // Message is received after signing is done in KeychainIntentService
-            KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity(),
-                    getString(R.string.progress_certifying), ProgressDialog.STYLE_SPINNER, true) {
+            KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(
+                    getActivity(), getString(R.string.progress_certifying),
+                    ProgressDialog.STYLE_SPINNER, true) {
                 public void handleMessage(Message message) {
-                    // handle messages by standard KeychainIntentServiceHandler first
+                    // handle messages by KeychainIntentCryptoServiceHandler first
                     super.handleMessage(message);
 
+                    // handle pending messages
+                    if (handlePendingMessage(message)) {
+                        return;
+                    }
+
                     if (message.arg1 == MessageStatus.OKAY.ordinal()) {
                         Bundle data = message.getData();
+
                         CertifyResult result = data.getParcelable(CertifyResult.EXTRA_RESULT);
 
                         Intent intent = new Intent();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
new file mode 100644
index 000000000..a1d70b011
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -0,0 +1,89 @@
+package org.sufficientlysecure.keychain.ui;
+
+
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.Message;
+import android.support.v4.app.Fragment;
+
+import org.sufficientlysecure.keychain.operations.results.CertifyResult;
+import org.sufficientlysecure.keychain.operations.results.InputPendingResult;
+import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler.MessageStatus;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+
+
+public abstract class CryptoOperationFragment extends Fragment {
+
+    public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
+    public static final int REQUEST_CODE_NFC = 0x00008002;
+
+    private void startPassphraseDialog(long subkeyId) {
+        Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
+        intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, subkeyId);
+        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
+    }
+
+    private void initiateNfcInput(NfcOperationsParcel nfcOps) {
+        Intent intent = new Intent(getActivity(), NfcOperationActivity.class);
+        intent.putExtra(NfcOperationActivity.EXTRA_PIN, "123456");
+        intent.putExtra(NfcOperationActivity.EXTRA_NFC_OPS, nfcOps);
+        startActivityForResult(intent, REQUEST_CODE_NFC);
+    }
+
+    @Override
+    public void onActivityResult(int requestCode, int resultCode, Intent data) {
+        switch (requestCode) {
+            case REQUEST_CODE_PASSPHRASE: {
+                if (resultCode == Activity.RESULT_OK && data != null) {
+                    String passphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
+                    cryptoOperation(passphrase);
+                }
+                return;
+            }
+
+            case REQUEST_CODE_NFC: {
+                if (resultCode == Activity.RESULT_OK && data != null) {
+                    CryptoInputParcel cryptoInput =
+                            data.getParcelableExtra(NfcOperationActivity.RESULT_DATA);
+                    cryptoOperation(cryptoInput);
+                    return;
+                }
+                break;
+            }
+
+            default: {
+                super.onActivityResult(requestCode, resultCode, data);
+            }
+        }
+    }
+
+    public boolean handlePendingMessage(Message message) {
+
+        if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+            Bundle data = message.getData();
+
+            InputPendingResult result = data.getParcelable(CertifyResult.EXTRA_RESULT);
+
+            if (result != null && result.isPending()) {
+                if (result.isPassphrasePending()) {
+                    startPassphraseDialog(result.getPassphraseKeyId());
+                    return true;
+                } else if (result.isNfcPending()) {
+                    NfcOperationsParcel requiredInput = result.getNfcOperationsParcel();
+                    initiateNfcInput(requiredInput);
+                    return true;
+                } else {
+                    throw new RuntimeException("Unhandled pending result!");
+                }
+            }
+        }
+
+        return false;
+    }
+
+    protected abstract void cryptoOperation(CryptoInputParcel cryptoInput);
+    protected abstract void cryptoOperation(String passphrase);
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index c1403d748..f226e71c0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -182,17 +182,17 @@ public class NfcOperationActivity extends BaseActivity {
 
             case NFC_DECRYPT:
 
-                for (int i = 0; i < mNfcOperations.mInputHash.length; i++) {
-                    byte[] hash = mNfcOperations.mInputHash[i];
+                for (int i = 0; i < mNfcOperations.mInputHashes.length; i++) {
+                    byte[] hash = mNfcOperations.mInputHashes[i];
                     byte[] decryptedSessionKey = nfcDecryptSessionKey(hash);
                     resultData.addCryptoData(hash, decryptedSessionKey);
                 }
                 break;
 
             case NFC_SIGN:
-                for (int i = 0; i < mNfcOperations.mInputHash.length; i++) {
-                    byte[] hash = mNfcOperations.mInputHash[i];
-                    int algo = mNfcOperations.mSignAlgo[i];
+                for (int i = 0; i < mNfcOperations.mInputHashes.length; i++) {
+                    byte[] hash = mNfcOperations.mInputHashes[i];
+                    int algo = mNfcOperations.mSignAlgos[i];
                     byte[] signedHash = nfcCalculateSignature(hash, algo);
                     resultData.addCryptoData(hash, signedHash);
                 }
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index f1c14bd32..2eb167c8c 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1099,9 +1099,9 @@
     <string name="msg_crt_error_master_not_found">"Master key not found!"</string>
     <string name="msg_crt_error_nothing">"No keys certified!"</string>
     <string name="msg_crt_error_unlock">"Error unlocking master key!"</string>
-    <string name="msg_crt_error_divert">"Certification with NFC is not (yet) supported!"</string>
     <string name="msg_crt">"Certifying keyrings"</string>
     <string name="msg_crt_master_fetch">"Fetching certifying master key"</string>
+    <string name="msg_crt_nfc_return">"Returning for NFC input"</string>
     <string name="msg_crt_save">"Saving certified key %s"</string>
     <string name="msg_crt_saving">"Saving keyrings"</string>
     <string name="msg_crt_unlock">"Unlocking master key"</string>

From 25d89b5550b7fd699988954b07cad61bee9a8ba5 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Thu, 19 Mar 2015 14:21:30 +0100
Subject: [PATCH 04/80] generalize NfcOperationParcel to RequiredInputParcel,
 including passphrases

---
 .../keychain/operations/CertifyOperation.java | 17 ++--
 .../operations/results/CertifyResult.java     |  4 +-
 .../results/InputPendingResult.java           |  8 +-
 .../operations/results/SignEncryptResult.java |  2 -
 .../keychain/pgp/PgpCertifyOperation.java     | 11 ++-
 .../service/input/CryptoInputParcel.java      | 19 ++++-
 ...nsParcel.java => RequiredInputParcel.java} | 84 ++++++++++++-------
 .../keychain/ui/CertifyKeyFragment.java       | 11 +--
 .../keychain/ui/CryptoOperationFragment.java  | 52 ++++++------
 .../keychain/ui/EncryptActivity.java          |  8 +-
 .../keychain/ui/NfcOperationActivity.java     |  8 +-
 .../keychain/ui/PassphraseDialogActivity.java | 18 +++-
 12 files changed, 147 insertions(+), 95 deletions(-)
 rename OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/{NfcOperationsParcel.java => RequiredInputParcel.java} (53%)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
index 140e03764..cc4ca88cb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -28,7 +28,6 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult.Operat
 import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
-import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpCertifyOperation;
 import org.sufficientlysecure.keychain.pgp.PgpCertifyOperation.PgpCertifyResult;
@@ -40,8 +39,8 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
 import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel.NfcSignOperationsBuilder;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.NfcSignOperationsBuilder;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.Log;
 
@@ -78,8 +77,13 @@ public class CertifyOperation extends BaseOperation {
             log.add(LogType.MSG_CRT_UNLOCK, 1);
             certificationKey = secretKeyRing.getSecretKey();
 
+            if (!parcel.mCryptoInput.hasPassphrase()) {
+                return new CertifyResult(log, RequiredInputParcel.createRequiredPassphrase(
+                        certificationKey.getKeyId(), null));
+            }
+
             // certification is always with the master key id, so use that one
-            String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
+            String passphrase = parcel.mCryptoInput.getPassphrase();
 
             if (!certificationKey.unlock(passphrase)) {
                 log.add(LogType.MSG_CRT_ERROR_UNLOCK, 2);
@@ -91,9 +95,6 @@ public class CertifyOperation extends BaseOperation {
         } catch (NotFoundException e) {
             log.add(LogType.MSG_CRT_ERROR_MASTER_NOT_FOUND, 2);
             return new CertifyResult(CertifyResult.RESULT_ERROR, log);
-        } catch (NoSecretKeyException e) {
-            log.add(LogType.MSG_CRT_ERROR_MASTER_NOT_FOUND, 2);
-            return new CertifyResult(CertifyResult.RESULT_ERROR, log);
         }
 
         ArrayList<UncachedKeyRing> certifiedKeys = new ArrayList<>();
@@ -133,7 +134,7 @@ public class CertifyOperation extends BaseOperation {
                     continue;
                 }
                 if (result.nfcInputRequired()) {
-                    NfcOperationsParcel requiredInput = result.getRequiredInput();
+                    RequiredInputParcel requiredInput = result.getRequiredInput();
                     allRequiredInput.addAll(requiredInput);
                     continue;
                 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java
index 33591fa03..582ed2fc8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/CertifyResult.java
@@ -23,7 +23,7 @@ import android.content.Intent;
 import android.os.Parcel;
 
 import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.ui.LogDisplayActivity;
 import org.sufficientlysecure.keychain.ui.LogDisplayFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
@@ -38,7 +38,7 @@ public class CertifyResult extends InputPendingResult {
         super(result, log);
     }
 
-    public CertifyResult(OperationLog log, NfcOperationsParcel requiredInput) {
+    public CertifyResult(OperationLog log, RequiredInputParcel requiredInput) {
         super(log, requiredInput);
     }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
index b681aba60..07d42c456 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
@@ -3,7 +3,7 @@ package org.sufficientlysecure.keychain.operations.results;
 
 import android.os.Parcel;
 
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
 
 public class InputPendingResult extends OperationResult {
@@ -14,7 +14,7 @@ public class InputPendingResult extends OperationResult {
     public static final int RESULT_PENDING_PASSPHRASE = RESULT_PENDING + 16;
     public static final int RESULT_PENDING_NFC = RESULT_PENDING + 32;
 
-    final NfcOperationsParcel mRequiredInput;
+    final RequiredInputParcel mRequiredInput;
     final Long mKeyIdPassphraseNeeded;
 
     public InputPendingResult(int result, OperationLog log) {
@@ -23,7 +23,7 @@ public class InputPendingResult extends OperationResult {
         mKeyIdPassphraseNeeded = null;
     }
 
-    public InputPendingResult(OperationLog log, NfcOperationsParcel requiredInput) {
+    public InputPendingResult(OperationLog log, RequiredInputParcel requiredInput) {
         super(RESULT_PENDING_NFC, log);
         mRequiredInput = requiredInput;
         mKeyIdPassphraseNeeded = null;
@@ -65,7 +65,7 @@ public class InputPendingResult extends OperationResult {
         return (mResult & RESULT_PENDING_PASSPHRASE) == RESULT_PENDING_PASSPHRASE;
     }
 
-    public NfcOperationsParcel getNfcOperationsParcel() {
+    public RequiredInputParcel getRequiredInputParcel() {
         return mRequiredInput;
     }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
index 5a0a51ee5..87483ade9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
@@ -21,8 +21,6 @@ import android.os.Parcel;
 
 import java.util.ArrayList;
 
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
-
 
 public class SignEncryptResult extends OperationResult {
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
index 3c9daadbb..ff162775a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
@@ -3,7 +3,6 @@ package org.sufficientlysecure.keychain.pgp;
 
 import java.nio.ByteBuffer;
 import java.util.Date;
-import java.util.HashMap;
 import java.util.Map;
 
 import org.spongycastle.openpgp.PGPException;
@@ -19,8 +18,8 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel.NfcSignOperationsBuilder;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.NfcSignOperationsBuilder;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.Log;
 
@@ -110,7 +109,7 @@ public class PgpCertifyOperation {
 
     public static class PgpCertifyResult {
 
-        final NfcOperationsParcel mRequiredInput;
+        final RequiredInputParcel mRequiredInput;
         final UncachedKeyRing mCertifiedRing;
 
         PgpCertifyResult() {
@@ -118,7 +117,7 @@ public class PgpCertifyOperation {
             mCertifiedRing = null;
         }
 
-        PgpCertifyResult(NfcOperationsParcel requiredInput) {
+        PgpCertifyResult(RequiredInputParcel requiredInput) {
             mRequiredInput = requiredInput;
             mCertifiedRing = null;
         }
@@ -140,7 +139,7 @@ public class PgpCertifyOperation {
             return mCertifiedRing;
         }
 
-        public NfcOperationsParcel getRequiredInput() {
+        public RequiredInputParcel getRequiredInput() {
             return mRequiredInput;
         }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
index e02eda4b3..7cc5069c8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
@@ -15,18 +15,26 @@ import android.os.Parcelable;
  */
 public class CryptoInputParcel implements Parcelable {
 
-    Date mSignatureTime;
+    final Date mSignatureTime;
+    final String mPassphrase;
 
     // this map contains both decrypted session keys and signed hashes to be
     // used in the crypto operation described by this parcel.
     private HashMap<ByteBuffer,byte[]> mCryptoData = new HashMap<>();
 
+    public CryptoInputParcel(Date signatureTime, String passphrase) {
+        mSignatureTime = signatureTime == null ? new Date() : signatureTime;
+        mPassphrase = passphrase;
+    }
+
     public CryptoInputParcel(Date signatureTime) {
         mSignatureTime = signatureTime == null ? new Date() : signatureTime;
+        mPassphrase = null;
     }
 
     protected CryptoInputParcel(Parcel source) {
         mSignatureTime = new Date(source.readLong());
+        mPassphrase = source.readString();
 
         {
             int count = source.readInt();
@@ -48,6 +56,7 @@ public class CryptoInputParcel implements Parcelable {
     @Override
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeLong(mSignatureTime.getTime());
+        dest.writeString(mPassphrase);
 
         dest.writeInt(mCryptoData.size());
         for (HashMap.Entry<ByteBuffer,byte[]> entry : mCryptoData.entrySet()) {
@@ -68,6 +77,14 @@ public class CryptoInputParcel implements Parcelable {
         return mSignatureTime;
     }
 
+    public boolean hasPassphrase() {
+        return mPassphrase != null;
+    }
+
+    public String getPassphrase() {
+        return mPassphrase;
+    }
+
     public static final Creator<CryptoInputParcel> CREATOR = new Creator<CryptoInputParcel>() {
         public CryptoInputParcel createFromParcel(final Parcel source) {
             return new CryptoInputParcel(source);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
similarity index 53%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
index b9ee9e6ca..a4df604be 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/NfcOperationsParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
@@ -8,29 +8,31 @@ import android.os.Parcel;
 import android.os.Parcelable;
 
 
-public class NfcOperationsParcel implements Parcelable {
+public class RequiredInputParcel implements Parcelable {
 
-    public enum NfcOperationType {
-        NFC_SIGN, NFC_DECRYPT
+    public enum RequiredInputType {
+        PASSPHRASE, NFC_SIGN, NFC_DECRYPT
     }
 
     public Date mSignatureTime;
-    public final NfcOperationType mType;
+    public final RequiredInputType mType;
     public final byte[][] mInputHashes;
     public final int[] mSignAlgos;
+    private Long mSubKeyId;
 
-    private NfcOperationsParcel(NfcOperationType type, byte[][] inputHashes,
-            int[] signAlgos, Date signatureTime) {
+    private RequiredInputParcel(RequiredInputType type, byte[][] inputHashes,
+            int[] signAlgos, Date signatureTime, Long keyId) {
         mType = type;
         mInputHashes = inputHashes;
         mSignAlgos = signAlgos;
         mSignatureTime = signatureTime;
+        mSubKeyId = keyId;
     }
 
-    public NfcOperationsParcel(Parcel source) {
-        mType = NfcOperationType.values()[source.readInt()];
+    public RequiredInputParcel(Parcel source) {
+        mType = RequiredInputType.values()[source.readInt()];
 
-        {
+        if (source.readInt() != 0) {
             int count = source.readInt();
             mInputHashes = new byte[count][];
             mSignAlgos = new int[count];
@@ -38,21 +40,34 @@ public class NfcOperationsParcel implements Parcelable {
                 mInputHashes[i] = source.createByteArray();
                 mSignAlgos[i] = source.readInt();
             }
+        } else {
+            mInputHashes = null;
+            mSignAlgos = null;
         }
 
         mSignatureTime = source.readInt() != 0 ? new Date(source.readLong()) : null;
+        mSubKeyId = source.readInt() != 0 ? source.readLong() : null;
 
     }
 
-    public static NfcOperationsParcel createNfcSignOperation(
+    public long getSubKeyId() {
+        return mSubKeyId;
+    }
+
+    public static RequiredInputParcel createNfcSignOperation(
             byte[] inputHash, int signAlgo, Date signatureTime) {
-        return new NfcOperationsParcel(NfcOperationType.NFC_SIGN,
-                new byte[][] { inputHash }, new int[] { signAlgo }, signatureTime);
+        return new RequiredInputParcel(RequiredInputType.NFC_SIGN,
+                new byte[][] { inputHash }, new int[] { signAlgo }, signatureTime, null);
     }
 
-    public static NfcOperationsParcel createNfcDecryptOperation(byte[] inputHash) {
-        return new NfcOperationsParcel(NfcOperationType.NFC_DECRYPT,
-                new byte[][] { inputHash }, null, null);
+    public static RequiredInputParcel createNfcDecryptOperation(byte[] inputHash) {
+        return new RequiredInputParcel(RequiredInputType.NFC_DECRYPT,
+                new byte[][] { inputHash }, null, null, null);
+    }
+
+    public static RequiredInputParcel createRequiredPassphrase(long keyId, Date signatureTime) {
+        return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
+                null, null, signatureTime, keyId);
     }
 
     @Override
@@ -63,10 +78,15 @@ public class NfcOperationsParcel implements Parcelable {
     @Override
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeInt(mType.ordinal());
-        dest.writeInt(mInputHashes.length);
-        for (int i = 0; i < mInputHashes.length; i++) {
-            dest.writeByteArray(mInputHashes[i]);
-            dest.writeInt(mSignAlgos[i]);
+        if (mInputHashes != null) {
+            dest.writeInt(1);
+            dest.writeInt(mInputHashes.length);
+            for (int i = 0; i < mInputHashes.length; i++) {
+                dest.writeByteArray(mInputHashes[i]);
+                dest.writeInt(mSignAlgos[i]);
+            }
+        } else {
+            dest.writeInt(0);
         }
         if (mSignatureTime != null) {
             dest.writeInt(1);
@@ -74,16 +94,22 @@ public class NfcOperationsParcel implements Parcelable {
         } else {
             dest.writeInt(0);
         }
+        if (mSubKeyId != null) {
+            dest.writeInt(1);
+            dest.writeLong(mSubKeyId);
+        } else {
+            dest.writeInt(0);
+        }
 
     }
 
-    public static final Creator<NfcOperationsParcel> CREATOR = new Creator<NfcOperationsParcel>() {
-        public NfcOperationsParcel createFromParcel(final Parcel source) {
-            return new NfcOperationsParcel(source);
+    public static final Creator<RequiredInputParcel> CREATOR = new Creator<RequiredInputParcel>() {
+        public RequiredInputParcel createFromParcel(final Parcel source) {
+            return new RequiredInputParcel(source);
         }
 
-        public NfcOperationsParcel[] newArray(final int size) {
-            return new NfcOperationsParcel[size];
+        public RequiredInputParcel[] newArray(final int size) {
+            return new RequiredInputParcel[size];
         }
     };
 
@@ -96,7 +122,7 @@ public class NfcOperationsParcel implements Parcelable {
             mSignatureTime = signatureTime;
         }
 
-        public NfcOperationsParcel build() {
+        public RequiredInputParcel build() {
             byte[][] inputHashes = new byte[mInputHashes.size()][];
             mInputHashes.toArray(inputHashes);
             int[] signAlgos = new int[mSignAlgos.size()];
@@ -104,8 +130,8 @@ public class NfcOperationsParcel implements Parcelable {
                 signAlgos[i] = mSignAlgos.get(i);
             }
 
-            return new NfcOperationsParcel(NfcOperationType.NFC_SIGN,
-                    inputHashes, signAlgos, mSignatureTime);
+            return new RequiredInputParcel(RequiredInputType.NFC_SIGN,
+                    inputHashes, signAlgos, mSignatureTime, null);
         }
 
         public void addHash(byte[] hash, int algo) {
@@ -113,11 +139,11 @@ public class NfcOperationsParcel implements Parcelable {
             mSignAlgos.add(algo);
         }
 
-        public void addAll(NfcOperationsParcel input) {
+        public void addAll(RequiredInputParcel input) {
             if (!mSignatureTime.equals(input.mSignatureTime)) {
                 throw new AssertionError("input times must match, this is a programming error!");
             }
-            if (input.mType != NfcOperationType.NFC_SIGN) {
+            if (input.mType != RequiredInputType.NFC_SIGN) {
                 throw new AssertionError("operation types must match, this is a progrmming error!");
             }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
index acb6b0b85..711e2f2e7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
@@ -166,7 +166,7 @@ public class CertifyKeyFragment extends CryptoOperationFragment
                     Notify.showNotify(getActivity(), getString(R.string.select_key_to_certify),
                             Notify.Style.ERROR);
                 } else {
-                    cryptoOperation();
+                    cryptoOperation(null);
                 }
             }
         });
@@ -307,15 +307,6 @@ public class CertifyKeyFragment extends CryptoOperationFragment
         mUserIdsAdapter.swapCursor(null);
     }
 
-    protected void cryptoOperation() {
-        cryptoOperation((CryptoInputParcel) null);
-    }
-
-    @Override
-    protected void cryptoOperation(String passphrase) {
-        cryptoOperation((CryptoInputParcel) null);
-    }
-
     @Override
     protected void cryptoOperation(CryptoInputParcel cryptoInput) {
         // Bail out if there is not at least one user id selected
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
index a1d70b011..585a9433a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -11,7 +11,7 @@ import org.sufficientlysecure.keychain.operations.results.CertifyResult;
 import org.sufficientlysecure.keychain.operations.results.InputPendingResult;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler.MessageStatus;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
 
 public abstract class CryptoOperationFragment extends Fragment {
@@ -19,17 +19,28 @@ public abstract class CryptoOperationFragment extends Fragment {
     public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
     public static final int REQUEST_CODE_NFC = 0x00008002;
 
-    private void startPassphraseDialog(long subkeyId) {
-        Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
-        intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, subkeyId);
-        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
-    }
+    private void initiateInputActivity(RequiredInputParcel requiredInput) {
+
+        switch (requiredInput.mType) {
+            case NFC_DECRYPT:
+            case NFC_SIGN: {
+                Intent intent = new Intent(getActivity(), NfcOperationActivity.class);
+                intent.putExtra(NfcOperationActivity.EXTRA_PIN, "123456");
+                intent.putExtra(NfcOperationActivity.EXTRA_REQUIRED_INPUT, requiredInput);
+                startActivityForResult(intent, REQUEST_CODE_NFC);
+                return;
+            }
+
+            case PASSPHRASE: {
+                Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
+                intent.putExtra(PassphraseDialogActivity.EXTRA_REQUIRED_INPUT, requiredInput);
+                startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
+                return;
+            }
+        }
+
+        throw new RuntimeException("Unhandled pending result!");
 
-    private void initiateNfcInput(NfcOperationsParcel nfcOps) {
-        Intent intent = new Intent(getActivity(), NfcOperationActivity.class);
-        intent.putExtra(NfcOperationActivity.EXTRA_PIN, "123456");
-        intent.putExtra(NfcOperationActivity.EXTRA_NFC_OPS, nfcOps);
-        startActivityForResult(intent, REQUEST_CODE_NFC);
     }
 
     @Override
@@ -37,8 +48,9 @@ public abstract class CryptoOperationFragment extends Fragment {
         switch (requestCode) {
             case REQUEST_CODE_PASSPHRASE: {
                 if (resultCode == Activity.RESULT_OK && data != null) {
-                    String passphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-                    cryptoOperation(passphrase);
+                    CryptoInputParcel cryptoInput =
+                            data.getParcelableExtra(PassphraseDialogActivity.RESULT_DATA);
+                    cryptoOperation(cryptoInput);
                 }
                 return;
             }
@@ -67,16 +79,9 @@ public abstract class CryptoOperationFragment extends Fragment {
             InputPendingResult result = data.getParcelable(CertifyResult.EXTRA_RESULT);
 
             if (result != null && result.isPending()) {
-                if (result.isPassphrasePending()) {
-                    startPassphraseDialog(result.getPassphraseKeyId());
-                    return true;
-                } else if (result.isNfcPending()) {
-                    NfcOperationsParcel requiredInput = result.getNfcOperationsParcel();
-                    initiateNfcInput(requiredInput);
-                    return true;
-                } else {
-                    throw new RuntimeException("Unhandled pending result!");
-                }
+                RequiredInputParcel requiredInput = result.getRequiredInputParcel();
+                initiateInputActivity(requiredInput);
+                return true;
             }
         }
 
@@ -84,6 +89,5 @@ public abstract class CryptoOperationFragment extends Fragment {
     }
 
     protected abstract void cryptoOperation(CryptoInputParcel cryptoInput);
-    protected abstract void cryptoOperation(String passphrase);
 
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
index 75f22f01c..f9b8e2ab6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
@@ -32,7 +32,7 @@ import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
 
 public abstract class EncryptActivity extends BaseActivity {
@@ -62,11 +62,11 @@ public abstract class EncryptActivity extends BaseActivity {
         startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
     }
 
-    protected void startNfcSign(long keyId, String pin, NfcOperationsParcel nfcOps) {
+    protected void startNfcSign(long keyId, String pin, RequiredInputParcel nfcOps) {
 
         Intent intent = new Intent(this, NfcOperationActivity.class);
         intent.putExtra(NfcOperationActivity.EXTRA_PIN, pin);
-        intent.putExtra(NfcOperationActivity.EXTRA_NFC_OPS, nfcOps);
+        intent.putExtra(NfcOperationActivity.EXTRA_REQUIRED_INPUT, nfcOps);
         // TODO respect keyid(?)
 
         startActivityForResult(intent, REQUEST_CODE_NFC);
@@ -144,7 +144,7 @@ public abstract class EncryptActivity extends BaseActivity {
                         } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
                                 PgpSignEncryptResult.RESULT_PENDING_NFC) {
 
-                            NfcOperationsParcel parcel = NfcOperationsParcel.createNfcSignOperation(
+                            RequiredInputParcel parcel = RequiredInputParcel.createNfcSignOperation(
                                     pgpResult.getNfcHash(),
                                     pgpResult.getNfcAlgo(),
                                     input.getSignatureTime());
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index f226e71c0..6a83c2361 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -23,7 +23,7 @@ import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
-import org.sufficientlysecure.keychain.service.input.NfcOperationsParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.util.Iso7816TLV;
 import org.sufficientlysecure.keychain.util.Log;
 
@@ -41,7 +41,7 @@ import java.nio.ByteBuffer;
 public class NfcOperationActivity extends BaseActivity {
 
     public static final String EXTRA_PIN = "pin";
-    public static final String EXTRA_NFC_OPS = "nfc_operations";
+    public static final String EXTRA_REQUIRED_INPUT = "required_input";
 
     public static final String RESULT_DATA = "result_data";
 
@@ -52,7 +52,7 @@ public class NfcOperationActivity extends BaseActivity {
 
     private String mPin;
 
-    NfcOperationsParcel mNfcOperations;
+    RequiredInputParcel mNfcOperations;
 
     @Override
     protected void onCreate(Bundle savedInstanceState) {
@@ -69,7 +69,7 @@ public class NfcOperationActivity extends BaseActivity {
 
         Bundle data = intent.getExtras();
 
-        mNfcOperations = data.getParcelable(EXTRA_NFC_OPS);
+        mNfcOperations = data.getParcelable(EXTRA_REQUIRED_INPUT);
         mPin = data.getString(EXTRA_PIN);
 
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index 48509710a..ca65f47cd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -41,6 +41,7 @@ import android.widget.EditText;
 import android.widget.TextView;
 import android.widget.Toast;
 
+import junit.framework.Assert;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
@@ -53,6 +54,9 @@ import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
 import org.sufficientlysecure.keychain.ui.dialog.CustomAlertDialogBuilder;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Preferences;
@@ -63,7 +67,9 @@ import org.sufficientlysecure.keychain.util.Preferences;
  */
 public class PassphraseDialogActivity extends FragmentActivity {
     public static final String MESSAGE_DATA_PASSPHRASE = "passphrase";
+    public static final String RESULT_DATA = "result_data";
 
+    public static final String EXTRA_REQUIRED_INPUT = "required_input";
     public static final String EXTRA_SUBKEY_ID = "secret_key_id";
 
     // special extra for OpenPgpService
@@ -86,7 +92,16 @@ public class PassphraseDialogActivity extends FragmentActivity {
 
         // this activity itself has no content view (see manifest)
 
-        long keyId = getIntent().getLongExtra(EXTRA_SUBKEY_ID, 0);
+        long keyId;
+        if (getIntent().hasExtra(EXTRA_SUBKEY_ID)) {
+            keyId = getIntent().getLongExtra(EXTRA_SUBKEY_ID, 0);
+        } else {
+            RequiredInputParcel requiredInput = getIntent().getParcelableExtra(EXTRA_REQUIRED_INPUT);
+            if (requiredInput.mType != RequiredInputType.PASSPHRASE) {
+                throw new AssertionError("Wrong required input type for PassphraseDialogActivity!");
+            }
+            keyId = requiredInput.getSubKeyId();
+        }
 
         Intent serviceIntent = getIntent().getParcelableExtra(EXTRA_DATA);
 
@@ -410,6 +425,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
                 // also return passphrase back to activity
                 Intent returnIntent = new Intent();
                 returnIntent.putExtra(MESSAGE_DATA_PASSPHRASE, passphrase);
+                returnIntent.putExtra(RESULT_DATA, new CryptoInputParcel(null, passphrase));
                 getActivity().setResult(RESULT_OK, returnIntent);
             }
 

From 3b04636f5daf3d171449296a5d9a67440abfbf75 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 20 Mar 2015 02:27:05 +0100
Subject: [PATCH 05/80] support yubikeys in (some) edit key operations

---
 .../keychain/operations/CertifyOperation.java |   6 +-
 .../keychain/operations/EditKeyOperation.java |  11 +-
 .../results/InputPendingResult.java           |  33 +-
 .../operations/results/OperationResult.java   |   3 +-
 .../operations/results/PgpEditKeyResult.java  |   9 +-
 .../keychain/pgp/CanonicalizedSecretKey.java  |   8 +-
 .../keychain/pgp/PgpKeyOperation.java         | 310 ++++++++++++------
 .../service/CertifyActionsParcel.java         |   4 -
 .../service/KeychainIntentService.java        |   6 +-
 .../service/input/CryptoInputParcel.java      |  19 +-
 .../service/input/RequiredInputParcel.java    |   4 +
 .../keychain/ui/CryptoOperationFragment.java  |  12 +-
 .../keychain/ui/EditKeyFragment.java          |  86 ++---
 .../keychain/ui/EncryptActivity.java          |   6 +-
 .../keychain/ui/NfcOperationActivity.java     |  10 +-
 .../dialog/SetPassphraseDialogFragment.java   |  12 +-
 OpenKeychain/src/main/res/values/strings.xml  |   3 +-
 17 files changed, 295 insertions(+), 247 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
index cc4ca88cb..bcdbf5f67 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -83,7 +83,7 @@ public class CertifyOperation extends BaseOperation {
             }
 
             // certification is always with the master key id, so use that one
-            String passphrase = parcel.mCryptoInput.getPassphrase();
+            char[] passphrase = parcel.mCryptoInput.getPassphrase();
 
             if (!certificationKey.unlock(passphrase)) {
                 log.add(LogType.MSG_CRT_ERROR_UNLOCK, 2);
@@ -103,7 +103,7 @@ public class CertifyOperation extends BaseOperation {
 
         int certifyOk = 0, certifyError = 0, uploadOk = 0, uploadError = 0;
 
-        NfcSignOperationsBuilder allRequiredInput = new NfcSignOperationsBuilder(parcel.getSignatureTime());
+        NfcSignOperationsBuilder allRequiredInput = new NfcSignOperationsBuilder(parcel.mCryptoInput.getSignatureTime());
 
         // Work through all requested certifications
         for (CertifyAction action : parcel.mCertifyActions) {
@@ -127,7 +127,7 @@ public class CertifyOperation extends BaseOperation {
 
                 PgpCertifyOperation op = new PgpCertifyOperation();
                 PgpCertifyResult result = op.certify(certificationKey, publicRing,
-                        log, 2, action, parcel.getSignatureData(), parcel.getSignatureTime());
+                        log, 2, action, parcel.getSignatureData(), parcel.mCryptoInput.getSignatureTime());
 
                 if (!result.success()) {
                     certifyError += 1;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
index bcd842dd0..a03664091 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
@@ -21,6 +21,7 @@ import android.content.Context;
 
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
+import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
 import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
@@ -34,6 +35,7 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException
 import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 
@@ -55,7 +57,7 @@ public class EditKeyOperation extends BaseOperation {
         super(context, providerHelper, progressable, cancelled);
     }
 
-    public EditKeyResult execute(SaveKeyringParcel saveParcel, String passphrase) {
+    public OperationResult execute(SaveKeyringParcel saveParcel, CryptoInputParcel cryptoInput) {
 
         OperationLog log = new OperationLog();
         log.add(LogType.MSG_ED, 0);
@@ -69,7 +71,7 @@ public class EditKeyOperation extends BaseOperation {
         PgpEditKeyResult modifyResult;
         {
             PgpKeyOperation keyOperations =
-                    new PgpKeyOperation(new ProgressScaler(mProgressable, 10, 60, 100), mCancelled);
+                    new PgpKeyOperation(new ProgressScaler(mProgressable, 10, 60, 100), mCancelled, cryptoInput);
 
             // If a key id is specified, fetch and edit
             if (saveParcel.mMasterKeyId != null) {
@@ -80,7 +82,10 @@ public class EditKeyOperation extends BaseOperation {
                     CanonicalizedSecretKeyRing secRing =
                             mProviderHelper.getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
 
-                    modifyResult = keyOperations.modifySecretKeyRing(secRing, saveParcel, passphrase);
+                    modifyResult = keyOperations.modifySecretKeyRing(secRing, saveParcel);
+                    if (modifyResult.isPending()) {
+                        return modifyResult;
+                    }
 
                 } catch (NotFoundException e) {
                     log.add(LogType.MSG_ED_ERROR_KEY_NOT_FOUND, 2);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
index 07d42c456..e0ba28fbe 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
@@ -11,66 +11,35 @@ public class InputPendingResult extends OperationResult {
     // the fourth bit indicates a "data pending" result! (it's also a form of non-success)
     public static final int RESULT_PENDING = RESULT_ERROR + 8;
 
-    public static final int RESULT_PENDING_PASSPHRASE = RESULT_PENDING + 16;
-    public static final int RESULT_PENDING_NFC = RESULT_PENDING + 32;
-
     final RequiredInputParcel mRequiredInput;
-    final Long mKeyIdPassphraseNeeded;
 
     public InputPendingResult(int result, OperationLog log) {
         super(result, log);
         mRequiredInput = null;
-        mKeyIdPassphraseNeeded = null;
     }
 
     public InputPendingResult(OperationLog log, RequiredInputParcel requiredInput) {
-        super(RESULT_PENDING_NFC, log);
+        super(RESULT_PENDING, log);
         mRequiredInput = requiredInput;
-        mKeyIdPassphraseNeeded = null;
-    }
-
-    public InputPendingResult(OperationLog log, long keyIdPassphraseNeeded) {
-        super(RESULT_PENDING_PASSPHRASE, log);
-        mRequiredInput = null;
-        mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
     }
 
     public InputPendingResult(Parcel source) {
         super(source);
         mRequiredInput = source.readParcelable(getClass().getClassLoader());
-        mKeyIdPassphraseNeeded = source.readInt() != 0 ? source.readLong() : null;
     }
 
     @Override
     public void writeToParcel(Parcel dest, int flags) {
         super.writeToParcel(dest, flags);
         dest.writeParcelable(mRequiredInput, 0);
-        if (mKeyIdPassphraseNeeded != null) {
-            dest.writeInt(1);
-            dest.writeLong(mKeyIdPassphraseNeeded);
-        } else {
-            dest.writeInt(0);
-        }
     }
 
     public boolean isPending() {
         return (mResult & RESULT_PENDING) == RESULT_PENDING;
     }
 
-    public boolean isNfcPending() {
-        return (mResult & RESULT_PENDING_NFC) == RESULT_PENDING_NFC;
-    }
-
-    public boolean isPassphrasePending() {
-        return (mResult & RESULT_PENDING_PASSPHRASE) == RESULT_PENDING_PASSPHRASE;
-    }
-
     public RequiredInputParcel getRequiredInputParcel() {
         return mRequiredInput;
     }
 
-    public long getPassphraseKeyId() {
-        return mKeyIdPassphraseNeeded;
-    }
-
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 989fb395e..25abab25b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -512,6 +512,7 @@ public abstract class OperationResult implements Parcelable {
 
         // secret key modify
         MSG_MF (LogLevel.START, R.string.msg_mr),
+        MSG_MF_DIVERT (LogLevel.DEBUG, R.string.msg_mf_divert),
         MSG_MF_ERROR_DIVERT_SERIAL (LogLevel.ERROR, R.string.msg_mf_error_divert_serial),
         MSG_MF_ERROR_ENCODE (LogLevel.ERROR, R.string.msg_mf_error_encode),
         MSG_MF_ERROR_FINGERPRINT (LogLevel.ERROR, R.string.msg_mf_error_fingerprint),
@@ -529,6 +530,7 @@ public abstract class OperationResult implements Parcelable {
         MSG_MF_ERROR_REVOKED_PRIMARY (LogLevel.ERROR, R.string.msg_mf_error_revoked_primary),
         MSG_MF_ERROR_SIG (LogLevel.ERROR, R.string.msg_mf_error_sig),
         MSG_MF_ERROR_SUBKEY_MISSING(LogLevel.ERROR, R.string.msg_mf_error_subkey_missing),
+        MSG_MF_INPUT_REQUIRED (LogLevel.OK, R.string.msg_mf_input_required),
         MSG_MF_MASTER (LogLevel.DEBUG, R.string.msg_mf_master),
         MSG_MF_NOTATION_PIN (LogLevel.DEBUG, R.string.msg_mf_notation_pin),
         MSG_MF_NOTATION_EMPTY (LogLevel.DEBUG, R.string.msg_mf_notation_empty),
@@ -596,7 +598,6 @@ public abstract class OperationResult implements Parcelable {
         MSG_PR_SUCCESS (LogLevel.OK, R.string.msg_pr_success),
 
         // messages used in UI code
-        MSG_EK_ERROR_DIVERT (LogLevel.ERROR, R.string.msg_ek_error_divert),
         MSG_EK_ERROR_DUMMY (LogLevel.ERROR, R.string.msg_ek_error_dummy),
         MSG_EK_ERROR_NOT_FOUND (LogLevel.ERROR, R.string.msg_ek_error_not_found),
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpEditKeyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpEditKeyResult.java
index 611353ac9..38edbf6ee 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpEditKeyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpEditKeyResult.java
@@ -22,8 +22,10 @@ import android.os.Parcel;
 
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
-public class PgpEditKeyResult extends OperationResult {
+
+public class PgpEditKeyResult extends InputPendingResult {
 
     private transient UncachedKeyRing mRing;
     public final long mRingMasterKeyId;
@@ -35,6 +37,11 @@ public class PgpEditKeyResult extends OperationResult {
         mRingMasterKeyId = ring != null ? ring.getMasterKeyId() : Constants.key.none;
     }
 
+    public PgpEditKeyResult(OperationLog log, RequiredInputParcel requiredInput) {
+        super(log, requiredInput);
+        mRingMasterKeyId = Constants.key.none;
+    }
+
     public UncachedKeyRing getRing() {
         return mRing;
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index c4d0d488e..36ab9dc1d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -149,10 +149,14 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
 
     }
 
+    public boolean unlock(String passphrase) throws PgpGeneralException {
+        return unlock(passphrase.toCharArray());
+    }
+
     /**
      * Returns true on right passphrase
      */
-    public boolean unlock(String passphrase) throws PgpGeneralException {
+    public boolean unlock(char[] passphrase) throws PgpGeneralException {
         // handle keys on OpenPGP cards like they were unlocked
         if (mSecretKey.getS2K() != null
                 && mSecretKey.getS2K().getType() == S2K.GNU_DUMMY_S2K
@@ -164,7 +168,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         // try to extract keys using the passphrase
         try {
             PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
-                    Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray());
+                    Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase);
             mPrivateKey = mSecretKey.extractPrivateKey(keyDecryptor);
             mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED;
         } catch (PGPException e) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 8fb5392e3..fb9edb1cd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -18,7 +18,7 @@
 
 package org.sufficientlysecure.keychain.pgp;
 
-import org.spongycastle.bcpg.HashAlgorithmTags;
+import org.spongycastle.bcpg.S2K;
 import org.spongycastle.bcpg.sig.Features;
 import org.spongycastle.bcpg.sig.KeyFlags;
 import org.spongycastle.jce.spec.ElGamalParameterSpec;
@@ -36,6 +36,7 @@ import org.spongycastle.openpgp.PGPUserAttributeSubpacketVector;
 import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
 import org.spongycastle.openpgp.operator.PBESecretKeyEncryptor;
 import org.spongycastle.openpgp.operator.PGPContentSignerBuilder;
+import org.spongycastle.openpgp.operator.PGPDataDecryptor;
 import org.spongycastle.openpgp.operator.PGPDigestCalculator;
 import org.spongycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
@@ -43,6 +44,8 @@ import org.spongycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBu
 import org.spongycastle.openpgp.operator.jcajce.JcaPGPKeyPair;
 import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
 import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
+import org.spongycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder;
+import org.spongycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
@@ -54,6 +57,9 @@ import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Curve;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.NfcSignOperationsBuilder;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.IterableIterator;
 import org.sufficientlysecure.keychain.util.Log;
@@ -85,9 +91,13 @@ import java.util.concurrent.atomic.AtomicBoolean;
  * This indicator may be null.
  */
 public class PgpKeyOperation {
+
     private Stack<Progressable> mProgress;
     private AtomicBoolean mCancelled;
 
+    NfcSignOperationsBuilder mNfcSignOps;
+    private CryptoInputParcel mCryptoInput;
+
     public PgpKeyOperation(Progressable progress) {
         super();
         if (progress != null) {
@@ -96,9 +106,11 @@ public class PgpKeyOperation {
         }
     }
 
-    public PgpKeyOperation(Progressable progress, AtomicBoolean cancelled) {
+    public PgpKeyOperation(Progressable progress, AtomicBoolean cancelled, CryptoInputParcel cryptoInput) {
         this(progress);
         mCancelled = cancelled;
+        mNfcSignOps = new NfcSignOperationsBuilder(cryptoInput.getSignatureTime());
+        mCryptoInput = cryptoInput;
     }
 
     private boolean checkCancelled() {
@@ -316,7 +328,8 @@ public class PgpKeyOperation {
                     masterSecretKey.getEncoded(), new JcaKeyFingerprintCalculator());
 
             subProgressPush(50, 100);
-            return internal(sKR, masterSecretKey, add.mFlags, add.mExpiry, saveParcel, "", log);
+            CryptoInputParcel cryptoInput = new CryptoInputParcel(new Date(), "");
+            return internal(sKR, masterSecretKey, add.mFlags, add.mExpiry, saveParcel, log);
 
         } catch (PGPException e) {
             log.add(LogType.MSG_CR_ERROR_INTERNAL_PGP, indent);
@@ -347,8 +360,8 @@ public class PgpKeyOperation {
      * namely stripping of subkeys and changing the protection mode of dummy keys.
      *
      */
-    public PgpEditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
-                                               String passphrase) {
+    public PgpEditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR,
+            SaveKeyringParcel saveParcel) {
 
         OperationLog log = new OperationLog();
         int indent = 0;
@@ -386,11 +399,16 @@ public class PgpKeyOperation {
             return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
         }
 
-        // If we have no passphrase, only allow restricted operation
-        if (passphrase == null) {
+        if (saveParcel.isRestrictedOnly()) {
             return internalRestricted(sKR, saveParcel, log);
         }
 
+        // Do we require a passphrase? If so, pass it along
+        if (!isDivertToCard(masterSecretKey) && !mCryptoInput.hasPassphrase()) {
+            return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredPassphrase(
+                    masterSecretKey.getKeyID(), mCryptoInput.getSignatureTime()));
+        }
+
         // read masterKeyFlags, and use the same as before.
         // since this is the master key, this contains at least CERTIFY_OTHER
         PGPPublicKey masterPublicKey = masterSecretKey.getPublicKey();
@@ -398,13 +416,13 @@ public class PgpKeyOperation {
         Date expiryTime = wsKR.getPublicKey().getExpiryTime();
         long masterKeyExpiry = expiryTime != null ? expiryTime.getTime() / 1000 : 0L;
 
-        return internal(sKR, masterSecretKey, masterKeyFlags, masterKeyExpiry, saveParcel, passphrase, log);
+        return internal(sKR, masterSecretKey, masterKeyFlags, masterKeyExpiry, saveParcel, log);
 
     }
 
     private PgpEditKeyResult internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
                                      int masterKeyFlags, long masterKeyExpiry,
-                                     SaveKeyringParcel saveParcel, String passphrase,
+                                     SaveKeyringParcel saveParcel,
                                      OperationLog log) {
 
         int indent = 1;
@@ -413,18 +431,25 @@ public class PgpKeyOperation {
 
         PGPPublicKey masterPublicKey = masterSecretKey.getPublicKey();
 
-        // 1. Unlock private key
-        progress(R.string.progress_modify_unlock, 10);
-        log.add(LogType.MSG_MF_UNLOCK, indent);
         PGPPrivateKey masterPrivateKey;
-        {
-            try {
-                PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
-                        Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray());
-                masterPrivateKey = masterSecretKey.extractPrivateKey(keyDecryptor);
-            } catch (PGPException e) {
-                log.add(LogType.MSG_MF_UNLOCK_ERROR, indent + 1);
-                return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
+
+        if (isDivertToCard(masterSecretKey)) {
+            masterPrivateKey = null;
+            log.add(LogType.MSG_MF_DIVERT, indent);
+        } else {
+
+            // 1. Unlock private key
+            progress(R.string.progress_modify_unlock, 10);
+            log.add(LogType.MSG_MF_UNLOCK, indent);
+            {
+                try {
+                    PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
+                            Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(mCryptoInput.getPassphrase());
+                    masterPrivateKey = masterSecretKey.extractPrivateKey(keyDecryptor);
+                } catch (PGPException e) {
+                    log.add(LogType.MSG_MF_UNLOCK_ERROR, indent + 1);
+                    return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
+                }
             }
         }
 
@@ -479,9 +504,16 @@ public class PgpKeyOperation {
                     boolean isPrimary = saveParcel.mChangePrimaryUserId != null
                             && userId.equals(saveParcel.mChangePrimaryUserId);
                     // generate and add new certificate
-                    PGPSignature cert = generateUserIdSignature(masterPrivateKey,
-                            masterPublicKey, userId, isPrimary, masterKeyFlags, masterKeyExpiry);
-                    modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
+                    try {
+                        PGPSignature cert = generateUserIdSignature(
+                                getSignatureGenerator(masterSecretKey, mCryptoInput),
+                                mCryptoInput.getSignatureTime(),
+                                masterPrivateKey, masterPublicKey, userId,
+                                isPrimary, masterKeyFlags, masterKeyExpiry);
+                        modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
+                    } catch (NfcInteractionNeeded e) {
+                        mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                    }
                 }
                 subProgressPop();
 
@@ -508,9 +540,15 @@ public class PgpKeyOperation {
                     PGPUserAttributeSubpacketVector vector = attribute.getVector();
 
                     // generate and add new certificate
-                    PGPSignature cert = generateUserAttributeSignature(masterPrivateKey,
-                            masterPublicKey, vector);
-                    modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, vector, cert);
+                    try {
+                        PGPSignature cert = generateUserAttributeSignature(
+                                getSignatureGenerator(masterSecretKey, mCryptoInput),
+                                mCryptoInput.getSignatureTime(),
+                                masterPrivateKey, masterPublicKey, vector);
+                        modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, vector, cert);
+                    } catch (NfcInteractionNeeded e) {
+                        mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                    }
                 }
                 subProgressPop();
 
@@ -538,9 +576,15 @@ public class PgpKeyOperation {
 
                     // a duplicate revocation will be removed during canonicalization, so no need to
                     // take care of that here.
-                    PGPSignature cert = generateRevocationSignature(masterPrivateKey,
-                            masterPublicKey, userId);
-                    modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
+                    try {
+                        PGPSignature cert = generateRevocationSignature(
+                                getSignatureGenerator(masterSecretKey, mCryptoInput),
+                                mCryptoInput.getSignatureTime(),
+                                masterPrivateKey, masterPublicKey, userId);
+                        modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
+                    } catch (NfcInteractionNeeded e) {
+                        mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                    }
                 }
                 subProgressPop();
 
@@ -610,11 +654,18 @@ public class PgpKeyOperation {
                             log.add(LogType.MSG_MF_PRIMARY_REPLACE_OLD, indent);
                             modifiedPublicKey = PGPPublicKey.removeCertification(
                                     modifiedPublicKey, userId, currentCert);
-                            PGPSignature newCert = generateUserIdSignature(
-                                    masterPrivateKey, masterPublicKey, userId, false,
-                                    masterKeyFlags, masterKeyExpiry);
-                            modifiedPublicKey = PGPPublicKey.addCertification(
-                                    modifiedPublicKey, userId, newCert);
+                            try {
+                                PGPSignature newCert = generateUserIdSignature(
+                                        getSignatureGenerator(masterSecretKey, mCryptoInput),
+                                        mCryptoInput.getSignatureTime(),
+                                        masterPrivateKey, masterPublicKey, userId, false,
+                                        masterKeyFlags, masterKeyExpiry);
+                                modifiedPublicKey = PGPPublicKey.addCertification(
+                                        modifiedPublicKey, userId, newCert);
+                            } catch (NfcInteractionNeeded e) {
+                                mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                            }
+
                             continue;
                         }
 
@@ -626,11 +677,17 @@ public class PgpKeyOperation {
                             log.add(LogType.MSG_MF_PRIMARY_NEW, indent);
                             modifiedPublicKey = PGPPublicKey.removeCertification(
                                     modifiedPublicKey, userId, currentCert);
-                            PGPSignature newCert = generateUserIdSignature(
-                                    masterPrivateKey, masterPublicKey, userId, true,
-                                    masterKeyFlags, masterKeyExpiry);
-                            modifiedPublicKey = PGPPublicKey.addCertification(
-                                    modifiedPublicKey, userId, newCert);
+                            try {
+                                PGPSignature newCert = generateUserIdSignature(
+                                        getSignatureGenerator(masterSecretKey, mCryptoInput),
+                                        mCryptoInput.getSignatureTime(),
+                                        masterPrivateKey, masterPublicKey, userId, true,
+                                        masterKeyFlags, masterKeyExpiry);
+                                modifiedPublicKey = PGPPublicKey.addCertification(
+                                        modifiedPublicKey, userId, newCert);
+                            } catch (NfcInteractionNeeded e) {
+                                mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                            }
                             ok = true;
                         }
 
@@ -717,7 +774,8 @@ public class PgpKeyOperation {
                     }
 
                     PGPPublicKey pKey =
-                            updateMasterCertificates(masterPrivateKey, masterPublicKey,
+                            updateMasterCertificates(
+                                    masterSecretKey, masterPrivateKey, masterPublicKey,
                                     flags, expiry, indent, log);
                     if (pKey == null) {
                         // error log entry has already been added by updateMasterCertificates itself
@@ -755,9 +813,16 @@ public class PgpKeyOperation {
                     pKey = PGPPublicKey.removeCertification(pKey, sig);
                 }
 
+                PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
+                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
+                                mCryptoInput.getPassphrase());
+                PGPPrivateKey subPrivateKey = sKey.extractPrivateKey(keyDecryptor);
+                PGPSignature sig = generateSubkeyBindingSignature(
+                        getSignatureGenerator(masterSecretKey, mCryptoInput),
+                        mCryptoInput.getSignatureTime(),
+                        masterPublicKey, masterPrivateKey, subPrivateKey, pKey, flags, expiry);
+
                 // generate and add new signature
-                PGPSignature sig = generateSubkeyBindingSignature(masterPublicKey, masterPrivateKey,
-                        sKey, pKey, flags, expiry, passphrase);
                 pKey = PGPPublicKey.addCertification(pKey, sig);
                 sKR = PGPSecretKeyRing.insertSecretKey(sKR, PGPSecretKey.replacePublicKey(sKey, pKey));
             }
@@ -781,10 +846,17 @@ public class PgpKeyOperation {
                 PGPPublicKey pKey = sKey.getPublicKey();
 
                 // generate and add new signature
-                PGPSignature sig = generateRevocationSignature(masterPublicKey, masterPrivateKey, pKey);
+                try {
+                    PGPSignature sig = generateRevocationSignature(
+                            getSignatureGenerator(masterSecretKey, mCryptoInput),
+                            mCryptoInput.getSignatureTime(),
+                            masterPublicKey, masterPrivateKey, pKey);
 
-                pKey = PGPPublicKey.addCertification(pKey, sig);
-                sKR = PGPSecretKeyRing.insertSecretKey(sKR, PGPSecretKey.replacePublicKey(sKey, pKey));
+                    pKey = PGPPublicKey.addCertification(pKey, sig);
+                    sKR = PGPSecretKeyRing.insertSecretKey(sKR, PGPSecretKey.replacePublicKey(sKey, pKey));
+                } catch (NfcInteractionNeeded e) {
+                    mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                }
             }
             subProgressPop();
 
@@ -827,19 +899,29 @@ public class PgpKeyOperation {
 
                 // add subkey binding signature (making this a sub rather than master key)
                 PGPPublicKey pKey = keyPair.getPublicKey();
-                PGPSignature cert = generateSubkeyBindingSignature(
-                        masterPublicKey, masterPrivateKey, keyPair.getPrivateKey(), pKey,
-                        add.mFlags, add.mExpiry);
-                pKey = PGPPublicKey.addSubkeyBindingCertification(pKey, cert);
+                try {
+                    PGPSignature cert = generateSubkeyBindingSignature(
+                            getSignatureGenerator(masterSecretKey, mCryptoInput),
+                            mCryptoInput.getSignatureTime(),
+                            masterPublicKey, masterPrivateKey, keyPair.getPrivateKey(), pKey,
+                            add.mFlags, add.mExpiry);
+                    pKey = PGPPublicKey.addSubkeyBindingCertification(pKey, cert);
+                } catch (NfcInteractionNeeded e) {
+                    mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                }
 
                 PGPSecretKey sKey; {
+                    char[] passphrase = mCryptoInput.getPassphrase();
+                    if (passphrase == null) {
+                        passphrase = new char[] { };
+                    }
                     // Build key encrypter and decrypter based on passphrase
                     PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder()
                             .build().get(PgpConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
                     PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder(
                             PgpConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
                             PgpConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
-                            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray());
+                            .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase);
 
                     PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder()
                             .build().get(PgpConstants.SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO);
@@ -867,7 +949,7 @@ public class PgpKeyOperation {
                 indent += 1;
 
                 sKR = applyNewUnlock(sKR, masterPublicKey, masterPrivateKey,
-                        passphrase, saveParcel.mNewUnlock, log, indent);
+                        mCryptoInput.getPassphrase(), saveParcel.mNewUnlock, log, indent);
                 if (sKR == null) {
                     // The error has been logged above, just return a bad state
                     return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
@@ -891,6 +973,12 @@ public class PgpKeyOperation {
         }
 
         progress(R.string.progress_done, 100);
+
+        if (!mNfcSignOps.isEmpty()) {
+            log.add(LogType.MSG_MF_INPUT_REQUIRED, indent);
+            return new PgpEditKeyResult(log, mNfcSignOps.build());
+        }
+
         log.add(LogType.MSG_MF_SUCCESS, indent);
         return new PgpEditKeyResult(OperationResult.RESULT_OK, log, new UncachedKeyRing(sKR));
 
@@ -967,7 +1055,7 @@ public class PgpKeyOperation {
             PGPSecretKeyRing sKR,
             PGPPublicKey masterPublicKey,
             PGPPrivateKey masterPrivateKey,
-            String passphrase,
+            char[] passphrase,
             ChangeUnlockParcel newUnlock,
             OperationLog log, int indent) throws PGPException {
 
@@ -1051,14 +1139,14 @@ public class PgpKeyOperation {
     private static PGPSecretKeyRing applyNewPassphrase(
             PGPSecretKeyRing sKR,
             PGPPublicKey masterPublicKey,
-            String passphrase,
+            char[] passphrase,
             String newPassphrase,
             OperationLog log, int indent) throws PGPException {
 
         PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder().build()
                 .get(PgpConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
         PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
-                Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray());
+                Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase);
         // Build key encryptor based on new passphrase
         PBESecretKeyEncryptor keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder(
                 PgpConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
@@ -1115,8 +1203,9 @@ public class PgpKeyOperation {
     }
 
     /** Update all (non-revoked) uid signatures with new flags and expiry time. */
-    private static PGPPublicKey updateMasterCertificates(
-            PGPPrivateKey masterPrivateKey, PGPPublicKey masterPublicKey,
+    private PGPPublicKey updateMasterCertificates(
+            PGPSecretKey masterSecretKey, PGPPrivateKey masterPrivateKey,
+            PGPPublicKey masterPublicKey,
             int flags, long expiry, int indent, OperationLog log)
             throws PGPException, IOException, SignatureException {
 
@@ -1172,10 +1261,16 @@ public class PgpKeyOperation {
                     currentCert.getHashedSubPackets().isPrimaryUserID();
             modifiedPublicKey = PGPPublicKey.removeCertification(
                     modifiedPublicKey, userId, currentCert);
-            PGPSignature newCert = generateUserIdSignature(
-                    masterPrivateKey, masterPublicKey, userId, isPrimary, flags, expiry);
-            modifiedPublicKey = PGPPublicKey.addCertification(
-                    modifiedPublicKey, userId, newCert);
+            try {
+                PGPSignature newCert = generateUserIdSignature(
+                        getSignatureGenerator(masterSecretKey, mCryptoInput),
+                        mCryptoInput.getSignatureTime(),
+                        masterPrivateKey, masterPublicKey, userId, isPrimary, flags, expiry);
+                modifiedPublicKey = PGPPublicKey.addCertification(
+                        modifiedPublicKey, userId, newCert);
+            } catch (NfcInteractionNeeded e) {
+                mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+            }
             ok = true;
 
         }
@@ -1190,15 +1285,37 @@ public class PgpKeyOperation {
 
     }
 
-    private static PGPSignature generateUserIdSignature(
+    private static PGPSignatureGenerator getSignatureGenerator(
+            PGPSecretKey secretKey, CryptoInputParcel cryptoInput) {
+
+        PGPContentSignerBuilder builder;
+
+        S2K s2k = secretKey.getS2K();
+        if (s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K
+                && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD) {
+            // use synchronous "NFC based" SignerBuilder
+            builder = new NfcSyncPGPContentSignerBuilder(
+                    secretKey.getPublicKey().getAlgorithm(),
+                    PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO,
+                    secretKey.getKeyID(), cryptoInput.getCryptoData())
+                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+        } else {
+            // content signer based on signing key algorithm and chosen hash algorithm
+            builder = new JcaPGPContentSignerBuilder(
+                    secretKey.getPublicKey().getAlgorithm(),
+                    PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
+                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+        }
+
+        return new PGPSignatureGenerator(builder);
+
+    }
+
+    private PGPSignature generateUserIdSignature(
+            PGPSignatureGenerator sGen, Date creationTime,
             PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary,
             int flags, long expiry)
             throws IOException, PGPException, SignatureException {
-        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
-                PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
-                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
 
         PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
         {
@@ -1222,7 +1339,7 @@ public class PgpKeyOperation {
             hashedPacketsGen.setPrimaryUserID(false, primary);
 
             /* critical subpackets: we consider those important for a modern pgp implementation */
-            hashedPacketsGen.setSignatureCreationTime(true, new Date());
+            hashedPacketsGen.setSignatureCreationTime(true, creationTime);
             // Request that senders add the MDC to the message (authenticate unsigned messages)
             hashedPacketsGen.setFeature(true, Features.FEATURE_MODIFICATION_DETECTION);
             hashedPacketsGen.setKeyFlags(true, flags);
@@ -1238,19 +1355,15 @@ public class PgpKeyOperation {
     }
 
     private static PGPSignature generateUserAttributeSignature(
+            PGPSignatureGenerator sGen, Date creationTime,
             PGPPrivateKey masterPrivateKey, PGPPublicKey pKey,
             PGPUserAttributeSubpacketVector vector)
                 throws IOException, PGPException, SignatureException {
-        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
-                PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
-                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
 
         PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
         {
             /* critical subpackets: we consider those important for a modern pgp implementation */
-            hashedPacketsGen.setSignatureCreationTime(true, new Date());
+            hashedPacketsGen.setSignatureCreationTime(true, creationTime);
         }
 
         sGen.setHashedSubpackets(hashedPacketsGen.generate());
@@ -1259,29 +1372,24 @@ public class PgpKeyOperation {
     }
 
     private static PGPSignature generateRevocationSignature(
+            PGPSignatureGenerator sGen, Date creationTime,
             PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId)
+
         throws IOException, PGPException, SignatureException {
-        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
-                PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
-                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
         PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
-        subHashedPacketsGen.setSignatureCreationTime(true, new Date());
+        subHashedPacketsGen.setSignatureCreationTime(true, creationTime);
         sGen.setHashedSubpackets(subHashedPacketsGen.generate());
         sGen.init(PGPSignature.CERTIFICATION_REVOCATION, masterPrivateKey);
         return sGen.generateCertification(userId, pKey);
     }
 
     private static PGPSignature generateRevocationSignature(
+            PGPSignatureGenerator sGen, Date creationTime,
             PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey, PGPPublicKey pKey)
             throws IOException, PGPException, SignatureException {
-        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPublicKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
-                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
+
         PGPSignatureSubpacketGenerator subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
-        subHashedPacketsGen.setSignatureCreationTime(true, new Date());
+        subHashedPacketsGen.setSignatureCreationTime(true, creationTime);
         sGen.setHashedSubpackets(subHashedPacketsGen.generate());
         // Generate key revocation or subkey revocation, depending on master/subkey-ness
         if (masterPublicKey.getKeyID() == pKey.getKeyID()) {
@@ -1293,26 +1401,12 @@ public class PgpKeyOperation {
         }
     }
 
-    private static PGPSignature generateSubkeyBindingSignature(
-            PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey,
-            PGPSecretKey sKey, PGPPublicKey pKey, int flags, long expiry, String passphrase)
-            throws IOException, PGPException, SignatureException {
-        PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
-                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
-                        passphrase.toCharArray());
-        PGPPrivateKey subPrivateKey = sKey.extractPrivateKey(keyDecryptor);
-        return generateSubkeyBindingSignature(masterPublicKey, masterPrivateKey, subPrivateKey,
-                pKey, flags, expiry);
-    }
-
     static PGPSignature generateSubkeyBindingSignature(
+            PGPSignatureGenerator sGen, Date creationTime,
             PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey,
             PGPPrivateKey subPrivateKey, PGPPublicKey pKey, int flags, long expiry)
             throws IOException, PGPException, SignatureException {
 
-        // date for signing
-        Date creationTime = new Date();
-
         PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator();
 
         // If this key can sign, we need a primary key binding signature
@@ -1323,10 +1417,10 @@ public class PgpKeyOperation {
             PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
                     pKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
                     .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-            PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
-            sGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
-            sGen.setHashedSubpackets(subHashedPacketsGen.generate());
-            PGPSignature certification = sGen.generateCertification(masterPublicKey, pKey);
+            PGPSignatureGenerator subSigGen = new PGPSignatureGenerator(signerBuilder);
+            subSigGen.init(PGPSignature.PRIMARYKEY_BINDING, subPrivateKey);
+            subSigGen.setHashedSubpackets(subHashedPacketsGen.generate());
+            PGPSignature certification = subSigGen.generateCertification(masterPublicKey, pKey);
             unhashedPacketsGen.setEmbeddedSignature(true, certification);
         }
 
@@ -1341,10 +1435,6 @@ public class PgpKeyOperation {
             }
         }
 
-        PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                masterPublicKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
-                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-        PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
         sGen.init(PGPSignature.SUBKEY_BINDING, masterPrivateKey);
         sGen.setHashedSubpackets(hashedPacketsGen.generate());
         sGen.setUnhashedSubpackets(unhashedPacketsGen.generate());
@@ -1371,4 +1461,10 @@ public class PgpKeyOperation {
         return flags;
     }
 
+    private static boolean isDivertToCard(PGPSecretKey secretKey) {
+        S2K s2k = secretKey.getS2K();
+        return s2k.getType() == S2K.GNU_DUMMY_S2K
+                && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD;
+    }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
index 63a7bf371..405a6a24b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
@@ -76,10 +76,6 @@ public class CertifyActionsParcel implements Parcelable {
         return mCryptoInput.getCryptoData();
     }
 
-    public Date getSignatureTime() {
-        return mCryptoInput.getSignatureTime();
-    }
-
     public static final Creator<CertifyActionsParcel> CREATOR = new Creator<CertifyActionsParcel>() {
         public CertifyActionsParcel createFromParcel(final Parcel source) {
             return new CertifyActionsParcel(source);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index bf6a62782..6535cb404 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -61,6 +61,7 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler.MessageStatus;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.util.FileHelper;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
@@ -160,6 +161,7 @@ public class KeychainIntentService extends IntentService implements Progressable
     // save keyring
     public static final String EDIT_KEYRING_PARCEL = "save_parcel";
     public static final String EDIT_KEYRING_PASSPHRASE = "passphrase";
+    public static final String EXTRA_CRYPTO_INPUT = "crypto_input";
 
     // delete keyring(s)
     public static final String DELETE_KEY_LIST = "delete_list";
@@ -469,11 +471,11 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 // Input
                 SaveKeyringParcel saveParcel = data.getParcelable(EDIT_KEYRING_PARCEL);
-                String passphrase = data.getString(EDIT_KEYRING_PASSPHRASE);
+                CryptoInputParcel cryptoInput = data.getParcelable(EXTRA_CRYPTO_INPUT);
 
                 // Operation
                 EditKeyOperation op = new EditKeyOperation(this, providerHelper, this, mActionCanceled);
-                EditKeyResult result = op.execute(saveParcel, passphrase);
+                OperationResult result = op.execute(saveParcel, cryptoInput);
 
                 // Result
                 sendMessageToHandler(MessageStatus.OKAY, result);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
index 7cc5069c8..836568533 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
@@ -81,8 +81,8 @@ public class CryptoInputParcel implements Parcelable {
         return mPassphrase != null;
     }
 
-    public String getPassphrase() {
-        return mPassphrase;
+    public char[] getPassphrase() {
+        return mPassphrase == null ? null : mPassphrase.toCharArray();
     }
 
     public static final Creator<CryptoInputParcel> CREATOR = new Creator<CryptoInputParcel>() {
@@ -95,4 +95,19 @@ public class CryptoInputParcel implements Parcelable {
         }
     };
 
+    @Override
+    public String toString() {
+        StringBuilder b = new StringBuilder();
+        b.append("CryptoInput: { ");
+        b.append(mSignatureTime).append(" ");
+        if (mPassphrase != null) {
+            b.append("passphrase");
+        }
+        if (mCryptoData != null) {
+            b.append(mCryptoData.size());
+            b.append(" hashes ");
+        }
+        b.append("}");
+        return b.toString();
+    }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
index a4df604be..3d91812eb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
@@ -15,9 +15,13 @@ public class RequiredInputParcel implements Parcelable {
     }
 
     public Date mSignatureTime;
+
     public final RequiredInputType mType;
+
+    public String mNfcPin = "123456";
     public final byte[][] mInputHashes;
     public final int[] mSignAlgos;
+
     private Long mSubKeyId;
 
     private RequiredInputParcel(RequiredInputType type, byte[][] inputHashes,
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
index 585a9433a..6b67d1db8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -9,6 +9,7 @@ import android.support.v4.app.Fragment;
 
 import org.sufficientlysecure.keychain.operations.results.CertifyResult;
 import org.sufficientlysecure.keychain.operations.results.InputPendingResult;
+import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler.MessageStatus;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -25,7 +26,6 @@ public abstract class CryptoOperationFragment extends Fragment {
             case NFC_DECRYPT:
             case NFC_SIGN: {
                 Intent intent = new Intent(getActivity(), NfcOperationActivity.class);
-                intent.putExtra(NfcOperationActivity.EXTRA_PIN, "123456");
                 intent.putExtra(NfcOperationActivity.EXTRA_REQUIRED_INPUT, requiredInput);
                 startActivityForResult(intent, REQUEST_CODE_NFC);
                 return;
@@ -76,10 +76,14 @@ public abstract class CryptoOperationFragment extends Fragment {
         if (message.arg1 == MessageStatus.OKAY.ordinal()) {
             Bundle data = message.getData();
 
-            InputPendingResult result = data.getParcelable(CertifyResult.EXTRA_RESULT);
+            OperationResult result = data.getParcelable(CertifyResult.EXTRA_RESULT);
+            if (result == null || ! (result instanceof InputPendingResult)) {
+                return false;
+            }
 
-            if (result != null && result.isPending()) {
-                RequiredInputParcel requiredInput = result.getRequiredInputParcel();
+            InputPendingResult pendingResult = (InputPendingResult) result;
+            if (pendingResult.isPending()) {
+                RequiredInputParcel requiredInput = pendingResult.getRequiredInputParcel();
                 initiateInputActivity(requiredInput);
                 return true;
             }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
index 8d16fe47e..9f2fa54f8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
@@ -17,6 +17,8 @@
 
 package org.sufficientlysecure.keychain.ui;
 
+import java.util.Date;
+
 import android.app.Activity;
 import android.app.ProgressDialog;
 import android.content.Intent;
@@ -51,10 +53,10 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
-import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.adapter.SubkeysAdapter;
 import org.sufficientlysecure.keychain.ui.adapter.SubkeysAddedAdapter;
 import org.sufficientlysecure.keychain.ui.adapter.UserIdsAdapter;
@@ -68,14 +70,12 @@ import org.sufficientlysecure.keychain.ui.dialog.SetPassphraseDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
 
-public class EditKeyFragment extends LoaderFragment implements
+public class EditKeyFragment extends CryptoOperationFragment implements
         LoaderManager.LoaderCallbacks<Cursor> {
 
     public static final String ARG_DATA_URI = "uri";
     public static final String ARG_SAVE_KEYRING_PARCEL = "save_keyring_parcel";
 
-    public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
-
     private ListView mUserIdsList;
     private ListView mSubkeysList;
     private ListView mUserIdsAddedList;
@@ -100,7 +100,6 @@ public class EditKeyFragment extends LoaderFragment implements
     private SaveKeyringParcel mSaveKeyringParcel;
 
     private String mPrimaryUserId;
-    private String mCurrentPassphrase;
 
     /**
      * Creates new instance of this fragment
@@ -129,8 +128,7 @@ public class EditKeyFragment extends LoaderFragment implements
 
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup superContainer, Bundle savedInstanceState) {
-        View root = super.onCreateView(inflater, superContainer, savedInstanceState);
-        View view = inflater.inflate(R.layout.edit_key_fragment, getContainer());
+        View view = inflater.inflate(R.layout.edit_key_fragment, null);
 
         mUserIdsList = (ListView) view.findViewById(R.id.edit_key_user_ids);
         mSubkeysList = (ListView) view.findViewById(R.id.edit_key_keys);
@@ -140,7 +138,7 @@ public class EditKeyFragment extends LoaderFragment implements
         mAddUserId = view.findViewById(R.id.edit_key_action_add_user_id);
         mAddSubkey = view.findViewById(R.id.edit_key_action_add_key);
 
-        return root;
+        return view;
     }
 
     @Override
@@ -155,7 +153,7 @@ public class EditKeyFragment extends LoaderFragment implements
                         if (mDataUri == null) {
                             returnKeyringParcel();
                         } else {
-                            saveInDatabase(mCurrentPassphrase);
+                            cryptoOperation(new CryptoInputParcel(new Date()));
                         }
                     }
                 }, new OnClickListener() {
@@ -185,18 +183,12 @@ public class EditKeyFragment extends LoaderFragment implements
     private void loadSaveKeyringParcel(SaveKeyringParcel saveKeyringParcel) {
         mSaveKeyringParcel = saveKeyringParcel;
         mPrimaryUserId = saveKeyringParcel.mChangePrimaryUserId;
-        if (saveKeyringParcel.mNewUnlock != null) {
-            mCurrentPassphrase = saveKeyringParcel.mNewUnlock.mNewPassphrase;
-        }
 
         mUserIdsAddedAdapter = new UserIdsAddedAdapter(getActivity(), mSaveKeyringParcel.mAddUserIds, true);
         mUserIdsAddedList.setAdapter(mUserIdsAddedAdapter);
 
         mSubkeysAddedAdapter = new SubkeysAddedAdapter(getActivity(), mSaveKeyringParcel.mAddSubKeys, true);
         mSubkeysAddedList.setAdapter(mSubkeysAddedAdapter);
-
-        // show directly
-        setContentShown(true);
     }
 
     private void loadData(Uri dataUri) {
@@ -216,9 +208,6 @@ public class EditKeyFragment extends LoaderFragment implements
                 case GNU_DUMMY:
                     finishWithError(LogType.MSG_EK_ERROR_DUMMY);
                     return;
-                case DIVERT_TO_CARD:
-                    finishWithError(LogType.MSG_EK_ERROR_DIVERT);
-                    break;
             }
 
             mSaveKeyringParcel = new SaveKeyringParcel(masterKeyId, keyRing.getFingerprint());
@@ -229,24 +218,10 @@ public class EditKeyFragment extends LoaderFragment implements
             return;
         }
 
-        try {
-            mCurrentPassphrase = PassphraseCacheService.getCachedPassphrase(getActivity(),
-                    mSaveKeyringParcel.mMasterKeyId, mSaveKeyringParcel.mMasterKeyId);
-        } catch (PassphraseCacheService.KeyNotFoundException e) {
-            finishWithError(LogType.MSG_EK_ERROR_NOT_FOUND);
-            return;
-        }
-
-        if (mCurrentPassphrase == null) {
-            Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
-            intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, mSaveKeyringParcel.mMasterKeyId);
-            startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
-        } else {
-            // Prepare the loaders. Either re-connect with an existing ones,
-            // or start new ones.
-            getLoaderManager().initLoader(LOADER_ID_USER_IDS, null, EditKeyFragment.this);
-            getLoaderManager().initLoader(LOADER_ID_SUBKEYS, null, EditKeyFragment.this);
-        }
+        // Prepare the loaders. Either re-connect with an existing ones,
+        // or start new ones.
+        getLoaderManager().initLoader(LOADER_ID_USER_IDS, null, EditKeyFragment.this);
+        getLoaderManager().initLoader(LOADER_ID_SUBKEYS, null, EditKeyFragment.this);
 
         mUserIdsAdapter = new UserIdsAdapter(getActivity(), null, 0, mSaveKeyringParcel);
         mUserIdsList.setAdapter(mUserIdsAdapter);
@@ -262,28 +237,6 @@ public class EditKeyFragment extends LoaderFragment implements
         mSubkeysAddedList.setAdapter(mSubkeysAddedAdapter);
     }
 
-    @Override
-    public void onActivityResult(int requestCode, int resultCode, Intent data) {
-        switch (requestCode) {
-            case REQUEST_CODE_PASSPHRASE: {
-                if (resultCode == Activity.RESULT_OK && data != null) {
-                    mCurrentPassphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-                    // Prepare the loaders. Either re-connect with an existing ones,
-                    // or start new ones.
-                    getLoaderManager().initLoader(LOADER_ID_USER_IDS, null, EditKeyFragment.this);
-                    getLoaderManager().initLoader(LOADER_ID_SUBKEYS, null, EditKeyFragment.this);
-                } else {
-                    getActivity().finish();
-                }
-                return;
-            }
-
-            default: {
-                super.onActivityResult(requestCode, resultCode, data);
-            }
-        }
-    }
-
     private void initView() {
         mChangePassphrase.setOnClickListener(new View.OnClickListener() {
             @Override
@@ -322,7 +275,6 @@ public class EditKeyFragment extends LoaderFragment implements
     }
 
     public Loader<Cursor> onCreateLoader(int id, Bundle args) {
-        setContentShown(false);
 
         switch (id) {
             case LOADER_ID_USER_IDS: {
@@ -355,7 +307,6 @@ public class EditKeyFragment extends LoaderFragment implements
                 break;
 
         }
-        setContentShown(true);
     }
 
     /**
@@ -397,7 +348,7 @@ public class EditKeyFragment extends LoaderFragment implements
         Messenger messenger = new Messenger(returnHandler);
 
         SetPassphraseDialogFragment setPassphraseDialog = SetPassphraseDialogFragment.newInstance(
-                messenger, mCurrentPassphrase, R.string.title_change_passphrase);
+                messenger, R.string.title_change_passphrase);
 
         setPassphraseDialog.show(getActivity().getSupportFragmentManager(), "setPassphraseDialog");
     }
@@ -593,8 +544,11 @@ public class EditKeyFragment extends LoaderFragment implements
         getActivity().finish();
     }
 
-    private void saveInDatabase(String passphrase) {
-        Log.d(Constants.TAG, "mSaveKeyringParcel:\n" + mSaveKeyringParcel.toString());
+    @Override
+    protected void cryptoOperation(CryptoInputParcel cryptoInput) {
+
+        Log.d(Constants.TAG, "cryptoInput:\n" + cryptoInput);
+        Log.d(Constants.TAG, "mSaveKeyringParcel:\n" + mSaveKeyringParcel);
 
         KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(
                 getActivity(),
@@ -605,6 +559,10 @@ public class EditKeyFragment extends LoaderFragment implements
                 // handle messages by standard KeychainIntentServiceHandler first
                 super.handleMessage(message);
 
+                if (handlePendingMessage(message)) {
+                    return;
+                }
+
                 if (message.arg1 == MessageStatus.OKAY.ordinal()) {
 
                     // get returned data bundle
@@ -640,7 +598,7 @@ public class EditKeyFragment extends LoaderFragment implements
 
         // fill values for this action
         Bundle data = new Bundle();
-        data.putString(KeychainIntentService.EDIT_KEYRING_PASSPHRASE, passphrase);
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
         data.putParcelable(KeychainIntentService.EDIT_KEYRING_PARCEL, mSaveKeyringParcel);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
index f9b8e2ab6..66d1ad5a6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
@@ -62,10 +62,9 @@ public abstract class EncryptActivity extends BaseActivity {
         startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
     }
 
-    protected void startNfcSign(long keyId, String pin, RequiredInputParcel nfcOps) {
+    protected void startNfcSign(long keyId, RequiredInputParcel nfcOps) {
 
         Intent intent = new Intent(this, NfcOperationActivity.class);
-        intent.putExtra(NfcOperationActivity.EXTRA_PIN, pin);
         intent.putExtra(NfcOperationActivity.EXTRA_REQUIRED_INPUT, nfcOps);
         // TODO respect keyid(?)
 
@@ -148,8 +147,7 @@ public abstract class EncryptActivity extends BaseActivity {
                                     pgpResult.getNfcHash(),
                                     pgpResult.getNfcAlgo(),
                                     input.getSignatureTime());
-                            startNfcSign(pgpResult.getNfcKeyId(),
-                                    pgpResult.getNfcPassphrase(), parcel);
+                            startNfcSign(pgpResult.getNfcKeyId(), parcel);
 
                         } else {
                             throw new RuntimeException("Unhandled pending result!");
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index 6a83c2361..69467daac 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -40,7 +40,6 @@ import java.nio.ByteBuffer;
 @TargetApi(Build.VERSION_CODES.GINGERBREAD_MR1)
 public class NfcOperationActivity extends BaseActivity {
 
-    public static final String EXTRA_PIN = "pin";
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
 
     public static final String RESULT_DATA = "result_data";
@@ -50,8 +49,6 @@ public class NfcOperationActivity extends BaseActivity {
     private NfcAdapter mNfcAdapter;
     private IsoDep mIsoDep;
 
-    private String mPin;
-
     RequiredInputParcel mNfcOperations;
 
     @Override
@@ -70,7 +67,6 @@ public class NfcOperationActivity extends BaseActivity {
         Bundle data = intent.getExtras();
 
         mNfcOperations = data.getParcelable(EXTRA_REQUIRED_INPUT);
-        mPin = data.getString(EXTRA_PIN);
 
     }
 
@@ -161,14 +157,16 @@ public class NfcOperationActivity extends BaseActivity {
             return;
         }
 
+        String pin = mNfcOperations.mNfcPin;
+
         // Command APDU for VERIFY command (page 32)
         String login =
                 "00" // CLA
                         + "20" // INS
                         + "00" // P1
                         + "82" // P2 (PW1)
-                        + String.format("%02x", mPin.length()) // Lc
-                        + Hex.toHexString(mPin.getBytes());
+                        + String.format("%02x", pin.length()) // Lc
+                        + Hex.toHexString(pin.getBytes());
         if ( ! card(login).equals(accepted)) { // login
             toast("Wrong PIN!");
             setResult(RESULT_CANCELED);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/SetPassphraseDialogFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/SetPassphraseDialogFragment.java
index b34dc2edc..dc8d8f303 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/SetPassphraseDialogFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/SetPassphraseDialogFragment.java
@@ -49,7 +49,6 @@ import org.sufficientlysecure.keychain.util.Log;
 public class SetPassphraseDialogFragment extends DialogFragment implements OnEditorActionListener {
     private static final String ARG_MESSENGER = "messenger";
     private static final String ARG_TITLE = "title";
-    private static final String ARG_OLD_PASSPHRASE = "old_passphrase";
 
     public static final int MESSAGE_OKAY = 1;
 
@@ -67,12 +66,11 @@ public class SetPassphraseDialogFragment extends DialogFragment implements OnEdi
      * @param messenger to communicate back after setting the passphrase
      * @return
      */
-    public static SetPassphraseDialogFragment newInstance(Messenger messenger, String oldPassphrase, int title) {
+    public static SetPassphraseDialogFragment newInstance(Messenger messenger, int title) {
         SetPassphraseDialogFragment frag = new SetPassphraseDialogFragment();
         Bundle args = new Bundle();
         args.putInt(ARG_TITLE, title);
         args.putParcelable(ARG_MESSENGER, messenger);
-        args.putString(ARG_OLD_PASSPHRASE, oldPassphrase);
 
         frag.setArguments(args);
 
@@ -88,7 +86,6 @@ public class SetPassphraseDialogFragment extends DialogFragment implements OnEdi
 
         int title = getArguments().getInt(ARG_TITLE);
         mMessenger = getArguments().getParcelable(ARG_MESSENGER);
-        String oldPassphrase = getArguments().getString(ARG_OLD_PASSPHRASE);
 
         CustomAlertDialogBuilder alert = new CustomAlertDialogBuilder(activity);
 
@@ -102,13 +99,6 @@ public class SetPassphraseDialogFragment extends DialogFragment implements OnEdi
         mPassphraseAgainEditText = (EditText) view.findViewById(R.id.passphrase_passphrase_again);
         mNoPassphraseCheckBox = (CheckBox) view.findViewById(R.id.passphrase_no_passphrase);
 
-
-        if (TextUtils.isEmpty(oldPassphrase)) {
-            mNoPassphraseCheckBox.setChecked(true);
-            mPassphraseEditText.setEnabled(false);
-            mPassphraseAgainEditText.setEnabled(false);
-        }
-
         mNoPassphraseCheckBox.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
             @Override
             public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 2eb167c8c..e8bcbcc31 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -897,6 +897,7 @@
 
     <!-- modifySecretKeyRing -->
     <string name="msg_mr">"Modifying keyring %s"</string>
+    <string name="msg_mf_divert">"Will divert to card/nfc for crypto operations"</string>
     <string name="msg_mf_error_divert_serial">"The serial number of a divert-to-card key must be 16 bytes! This is a programming error, please file a bug report!"</string>
     <string name="msg_mf_error_encode">"Encoding exception!"</string>
     <string name="msg_mf_error_fingerprint">"Actual key fingerprint does not match the expected one!"</string>
@@ -911,6 +912,7 @@
     <string name="msg_mf_error_passphrase_master">"Fatal error decrypting master key! This is likely a programming error, please file a bug report!"</string>
     <string name="msg_mf_error_pgp">"Internal OpenPGP error!"</string>
     <string name="msg_mf_error_sig">"Signature exception!"</string>
+    <string name="msg_mf_input_required">"Diverting to card/nfc for crypto operations"</string>
     <string name="msg_mf_master">"Modifying master certifications"</string>
     <string name="msg_mf_notation_empty">"Adding empty notation packet"</string>
     <string name="msg_mf_notation_pin">"Adding PIN notation packet"</string>
@@ -987,7 +989,6 @@
     <string name="msg_pr_success">"Key successfully promoted"</string>
 
     <!-- Other messages used in OperationLogs -->
-    <string name="msg_ek_error_divert">"Editing of NFC keys is not (yet) supported!"</string>
     <string name="msg_ek_error_dummy">"Cannot edit keyring with stripped master key!"</string>
     <string name="msg_ek_error_not_found">"Key not found!"</string>
 

From 6cf966b63fd32f27b021684950b1d342506d1d38 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 20 Mar 2015 14:10:00 +0100
Subject: [PATCH 06/80] re-inline cryptoInput variable

---
 .../keychain/pgp/PgpKeyOperation.java         | 66 ++++++++++---------
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 092fd9d48..0bae93055 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -97,7 +97,6 @@ public class PgpKeyOperation {
     private AtomicBoolean mCancelled;
 
     NfcSignOperationsBuilder mNfcSignOps;
-    private CryptoInputParcel mCryptoInput;
 
     public PgpKeyOperation(Progressable progress) {
         super();
@@ -111,7 +110,6 @@ public class PgpKeyOperation {
         this(progress);
         mCancelled = cancelled;
         mNfcSignOps = new NfcSignOperationsBuilder(cryptoInput.getSignatureTime());
-        mCryptoInput = cryptoInput;
     }
 
     private boolean checkCancelled() {
@@ -329,8 +327,8 @@ public class PgpKeyOperation {
                     masterSecretKey.getEncoded(), new JcaKeyFingerprintCalculator());
 
             subProgressPush(50, 100);
-            mCryptoInput = new CryptoInputParcel(new Date(), new Passphrase(""));
-            return internal(sKR, masterSecretKey, add.mFlags, add.mExpiry, saveParcel, log);
+            CryptoInputParcel cryptoInput = new CryptoInputParcel(new Date(), new Passphrase(""));
+            return internal(sKR, masterSecretKey, add.mFlags, add.mExpiry, cryptoInput, saveParcel, log);
 
         } catch (PGPException e) {
             log.add(LogType.MSG_CR_ERROR_INTERNAL_PGP, indent);
@@ -362,6 +360,7 @@ public class PgpKeyOperation {
      *
      */
     public PgpEditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR,
+            CryptoInputParcel cryptoInput,
             SaveKeyringParcel saveParcel) {
 
         OperationLog log = new OperationLog();
@@ -405,9 +404,9 @@ public class PgpKeyOperation {
         }
 
         // Do we require a passphrase? If so, pass it along
-        if (!isDivertToCard(masterSecretKey) && !mCryptoInput.hasPassphrase()) {
+        if (!isDivertToCard(masterSecretKey) && !cryptoInput.hasPassphrase()) {
             return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredPassphrase(
-                    masterSecretKey.getKeyID(), mCryptoInput.getSignatureTime()));
+                    masterSecretKey.getKeyID(), cryptoInput.getSignatureTime()));
         }
 
         // read masterKeyFlags, and use the same as before.
@@ -417,12 +416,13 @@ public class PgpKeyOperation {
         Date expiryTime = wsKR.getPublicKey().getExpiryTime();
         long masterKeyExpiry = expiryTime != null ? expiryTime.getTime() / 1000 : 0L;
 
-        return internal(sKR, masterSecretKey, masterKeyFlags, masterKeyExpiry, saveParcel, log);
+        return internal(sKR, masterSecretKey, masterKeyFlags, masterKeyExpiry, cryptoInput, saveParcel, log);
 
     }
 
     private PgpEditKeyResult internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
                                      int masterKeyFlags, long masterKeyExpiry,
+                                     CryptoInputParcel cryptoInput,
                                      SaveKeyringParcel saveParcel,
                                      OperationLog log) {
 
@@ -445,7 +445,7 @@ public class PgpKeyOperation {
             {
                 try {
                     PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
-                            Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(mCryptoInput.getPassphrase().getCharArray());
+                            Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(cryptoInput.getPassphrase().getCharArray());
                     masterPrivateKey = masterSecretKey.extractPrivateKey(keyDecryptor);
                 } catch (PGPException e) {
                     log.add(LogType.MSG_MF_UNLOCK_ERROR, indent + 1);
@@ -507,8 +507,8 @@ public class PgpKeyOperation {
                     // generate and add new certificate
                     try {
                         PGPSignature cert = generateUserIdSignature(
-                                getSignatureGenerator(masterSecretKey, mCryptoInput),
-                                mCryptoInput.getSignatureTime(),
+                                getSignatureGenerator(masterSecretKey, cryptoInput),
+                                cryptoInput.getSignatureTime(),
                                 masterPrivateKey, masterPublicKey, userId,
                                 isPrimary, masterKeyFlags, masterKeyExpiry);
                         modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
@@ -543,8 +543,8 @@ public class PgpKeyOperation {
                     // generate and add new certificate
                     try {
                         PGPSignature cert = generateUserAttributeSignature(
-                                getSignatureGenerator(masterSecretKey, mCryptoInput),
-                                mCryptoInput.getSignatureTime(),
+                                getSignatureGenerator(masterSecretKey, cryptoInput),
+                                cryptoInput.getSignatureTime(),
                                 masterPrivateKey, masterPublicKey, vector);
                         modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, vector, cert);
                     } catch (NfcInteractionNeeded e) {
@@ -579,8 +579,8 @@ public class PgpKeyOperation {
                     // take care of that here.
                     try {
                         PGPSignature cert = generateRevocationSignature(
-                                getSignatureGenerator(masterSecretKey, mCryptoInput),
-                                mCryptoInput.getSignatureTime(),
+                                getSignatureGenerator(masterSecretKey, cryptoInput),
+                                cryptoInput.getSignatureTime(),
                                 masterPrivateKey, masterPublicKey, userId);
                         modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
                     } catch (NfcInteractionNeeded e) {
@@ -657,8 +657,8 @@ public class PgpKeyOperation {
                                     modifiedPublicKey, userId, currentCert);
                             try {
                                 PGPSignature newCert = generateUserIdSignature(
-                                        getSignatureGenerator(masterSecretKey, mCryptoInput),
-                                        mCryptoInput.getSignatureTime(),
+                                        getSignatureGenerator(masterSecretKey, cryptoInput),
+                                        cryptoInput.getSignatureTime(),
                                         masterPrivateKey, masterPublicKey, userId, false,
                                         masterKeyFlags, masterKeyExpiry);
                                 modifiedPublicKey = PGPPublicKey.addCertification(
@@ -680,8 +680,8 @@ public class PgpKeyOperation {
                                     modifiedPublicKey, userId, currentCert);
                             try {
                                 PGPSignature newCert = generateUserIdSignature(
-                                        getSignatureGenerator(masterSecretKey, mCryptoInput),
-                                        mCryptoInput.getSignatureTime(),
+                                        getSignatureGenerator(masterSecretKey, cryptoInput),
+                                        cryptoInput.getSignatureTime(),
                                         masterPrivateKey, masterPublicKey, userId, true,
                                         masterKeyFlags, masterKeyExpiry);
                                 modifiedPublicKey = PGPPublicKey.addCertification(
@@ -777,7 +777,7 @@ public class PgpKeyOperation {
                     PGPPublicKey pKey =
                             updateMasterCertificates(
                                     masterSecretKey, masterPrivateKey, masterPublicKey,
-                                    flags, expiry, indent, log);
+                                    flags, expiry, cryptoInput,  indent, log);
                     if (pKey == null) {
                         // error log entry has already been added by updateMasterCertificates itself
                         return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
@@ -816,11 +816,11 @@ public class PgpKeyOperation {
 
                 PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
                         .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
-                                mCryptoInput.getPassphrase().getCharArray());
+                                cryptoInput.getPassphrase().getCharArray());
                 PGPPrivateKey subPrivateKey = sKey.extractPrivateKey(keyDecryptor);
                 PGPSignature sig = generateSubkeyBindingSignature(
-                        getSignatureGenerator(masterSecretKey, mCryptoInput),
-                        mCryptoInput.getSignatureTime(),
+                        getSignatureGenerator(masterSecretKey, cryptoInput),
+                        cryptoInput.getSignatureTime(),
                         masterPublicKey, masterPrivateKey, subPrivateKey, pKey, flags, expiry);
 
                 // generate and add new signature
@@ -849,8 +849,8 @@ public class PgpKeyOperation {
                 // generate and add new signature
                 try {
                     PGPSignature sig = generateRevocationSignature(
-                            getSignatureGenerator(masterSecretKey, mCryptoInput),
-                            mCryptoInput.getSignatureTime(),
+                            getSignatureGenerator(masterSecretKey, cryptoInput),
+                            cryptoInput.getSignatureTime(),
                             masterPublicKey, masterPrivateKey, pKey);
 
                     pKey = PGPPublicKey.addCertification(pKey, sig);
@@ -902,8 +902,8 @@ public class PgpKeyOperation {
                 PGPPublicKey pKey = keyPair.getPublicKey();
                 try {
                     PGPSignature cert = generateSubkeyBindingSignature(
-                            getSignatureGenerator(masterSecretKey, mCryptoInput),
-                            mCryptoInput.getSignatureTime(),
+                            getSignatureGenerator(masterSecretKey, cryptoInput),
+                            cryptoInput.getSignatureTime(),
                             masterPublicKey, masterPrivateKey, keyPair.getPrivateKey(), pKey,
                             add.mFlags, add.mExpiry);
                     pKey = PGPPublicKey.addSubkeyBindingCertification(pKey, cert);
@@ -919,7 +919,7 @@ public class PgpKeyOperation {
                             PgpConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
                             PgpConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
                             .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
-                                    mCryptoInput.getPassphrase().getCharArray());
+                                    cryptoInput.getPassphrase().getCharArray());
 
                     PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder()
                             .build().get(PgpConstants.SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO);
@@ -947,7 +947,7 @@ public class PgpKeyOperation {
                 indent += 1;
 
                 sKR = applyNewUnlock(sKR, masterPublicKey, masterPrivateKey,
-                        mCryptoInput.getPassphrase(), saveParcel.mNewUnlock, log, indent);
+                        cryptoInput.getPassphrase(), saveParcel.mNewUnlock, log, indent);
                 if (sKR == null) {
                     // The error has been logged above, just return a bad state
                     return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
@@ -1149,7 +1149,7 @@ public class PgpKeyOperation {
         PBESecretKeyEncryptor keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder(
                 PgpConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
                 PgpConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
-                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray());
+                .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(newPassphrase.getCharArray());
 
         // noinspection unchecked
         for (PGPSecretKey sKey : new IterableIterator<PGPSecretKey>(sKR.getSecretKeys())) {
@@ -1203,7 +1203,9 @@ public class PgpKeyOperation {
     private PGPPublicKey updateMasterCertificates(
             PGPSecretKey masterSecretKey, PGPPrivateKey masterPrivateKey,
             PGPPublicKey masterPublicKey,
-            int flags, long expiry, int indent, OperationLog log)
+            int flags, long expiry,
+            CryptoInputParcel cryptoInput,
+            int indent, OperationLog log)
             throws PGPException, IOException, SignatureException {
 
         // keep track if we actually changed one
@@ -1260,8 +1262,8 @@ public class PgpKeyOperation {
                     modifiedPublicKey, userId, currentCert);
             try {
                 PGPSignature newCert = generateUserIdSignature(
-                        getSignatureGenerator(masterSecretKey, mCryptoInput),
-                        mCryptoInput.getSignatureTime(),
+                        getSignatureGenerator(masterSecretKey, cryptoInput),
+                        cryptoInput.getSignatureTime(),
                         masterPrivateKey, masterPublicKey, userId, isPrimary, flags, expiry);
                 modifiedPublicKey = PGPPublicKey.addCertification(
                         modifiedPublicKey, userId, newCert);

From 879efc2c703d55cf3a50dc3c427129555ad58004 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 20 Mar 2015 14:21:55 +0100
Subject: [PATCH 07/80] fix unit tests (syntax)

---
 .../keychain/pgp/PgpKeyOperationTest.java     | 38 ++++++++++---------
 .../keychain/operations/EditKeyOperation.java |  4 +-
 .../pgp/PgpSignEncryptInputParcel.java        |  2 +-
 .../service/input/CryptoInputParcel.java      | 10 +++++
 4 files changed, 33 insertions(+), 21 deletions(-)

diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
index 144501c89..2ecc304e7 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
@@ -49,6 +49,7 @@ import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.support.KeyringBuilder;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
@@ -74,6 +75,7 @@ public class PgpKeyOperationTest {
 
     static UncachedKeyRing staticRing;
     final static Passphrase passphrase = TestingUtils.genPassphrase();
+    final static CryptoInputParcel cryptoInput = new CryptoInputParcel(new Date(), passphrase);
 
     UncachedKeyRing ring;
     PgpKeyOperation op;
@@ -302,7 +304,7 @@ public class PgpKeyOperationTest {
             }
 
             assertModifyFailure("keyring modification with bad passphrase should fail",
-                    ring, parcel, badphrase, LogType.MSG_MF_UNLOCK_ERROR);
+                    ring, parcel, new CryptoInputParcel(badphrase), LogType.MSG_MF_UNLOCK_ERROR);
         }
 
     }
@@ -646,7 +648,7 @@ public class PgpKeyOperationTest {
             parcel.mRevokeSubKeys.add(123L);
 
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
-            UncachedKeyRing otherModified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+            UncachedKeyRing otherModified = op.modifySecretKeyRing(secretRing, cryptoInput, parcel).getRing();
 
             Assert.assertNull("revoking a nonexistent subkey should fail", otherModified);
 
@@ -975,7 +977,7 @@ public class PgpKeyOperationTest {
 
         // applying the same modification AGAIN should not add more certifications but drop those
         // as duplicates
-        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, passphrase, true, false);
+        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, cryptoInput, true, false);
 
         Assert.assertEquals("duplicate modification: one extra packet in original", 1, onlyA.size());
         Assert.assertEquals("duplicate modification: one extra packet in modified", 1, onlyB.size());
@@ -1039,8 +1041,7 @@ public class PgpKeyOperationTest {
         // change passphrase to empty
         parcel.mNewUnlock = new ChangeUnlockParcel(new Passphrase());
         // note that canonicalization here necessarily strips the empty notation packet
-        UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB,
-                passphrase);
+        UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, cryptoInput);
 
         Assert.assertEquals("exactly three packets should have been modified (the secret keys)",
                 3, onlyB.size());
@@ -1052,8 +1053,9 @@ public class PgpKeyOperationTest {
 
         // modify keyring, change to non-empty passphrase
         Passphrase otherPassphrase = TestingUtils.genPassphrase(true);
+        CryptoInputParcel otherCryptoInput = new CryptoInputParcel(otherPassphrase);
         parcel.mNewUnlock = new ChangeUnlockParcel(otherPassphrase);
-        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, new Passphrase());
+        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, new CryptoInputParcel(new Date()));
 
         Assert.assertEquals("exactly three packets should have been modified (the secret keys)",
                 3, onlyB.size());
@@ -1086,7 +1088,7 @@ public class PgpKeyOperationTest {
             // we should still be able to modify it (and change its passphrase) without errors
             PgpKeyOperation op = new PgpKeyOperation(null);
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0);
-            PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, otherPassphrase);
+            PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, otherCryptoInput, parcel);
             Assert.assertTrue("key modification must succeed", result.success());
             Assert.assertFalse("log must not contain a warning",
                     result.getLog().containsWarnings());
@@ -1102,7 +1104,7 @@ public class PgpKeyOperationTest {
 
             PgpKeyOperation op = new PgpKeyOperation(null);
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0);
-            PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, otherPassphrase2);
+            PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(otherPassphrase2), parcel);
             Assert.assertTrue("key modification must succeed", result.success());
             Assert.assertTrue("log must contain a failed passphrase change warning",
                     result.getLog().containsType(LogType.MSG_MF_PASSPHRASE_FAIL));
@@ -1140,7 +1142,7 @@ public class PgpKeyOperationTest {
 
         {
             parcel.mNewUnlock = new ChangeUnlockParcel(new Passphrase("phrayse"), null);
-            applyModificationWithChecks(parcel, modified, onlyA, onlyB, pin, true, false);
+            applyModificationWithChecks(parcel, modified, onlyA, onlyB, new CryptoInputParcel(pin), true, false);
 
             Assert.assertEquals("exactly four packets should have been removed (the secret keys + notation packet)",
                     4, onlyA.size());
@@ -1157,7 +1159,7 @@ public class PgpKeyOperationTest {
 
         parcel.mAddUserIds.add("discord");
         PgpKeyOperation op = new PgpKeyOperation(null);
-        PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, null);
+        PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Date()), parcel);
         Assert.assertFalse("non-restricted operations should fail without passphrase", result.success());
     }
 
@@ -1165,15 +1167,15 @@ public class PgpKeyOperationTest {
                                                                UncachedKeyRing ring,
                                                                ArrayList<RawPacket> onlyA,
                                                                ArrayList<RawPacket> onlyB) {
-        return applyModificationWithChecks(parcel, ring, onlyA, onlyB, passphrase, true, true);
+        return applyModificationWithChecks(parcel, ring, onlyA, onlyB, cryptoInput, true, true);
     }
 
     private static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
                                                                UncachedKeyRing ring,
                                                                ArrayList<RawPacket> onlyA,
                                                                ArrayList<RawPacket> onlyB,
-                                                               Passphrase passphrase) {
-        return applyModificationWithChecks(parcel, ring, onlyA, onlyB, passphrase, true, true);
+                                                               CryptoInputParcel cryptoInput) {
+        return applyModificationWithChecks(parcel, ring, onlyA, onlyB, cryptoInput, true, true);
     }
 
     // applies a parcel modification while running some integrity checks
@@ -1181,7 +1183,7 @@ public class PgpKeyOperationTest {
                                                                UncachedKeyRing ring,
                                                                ArrayList<RawPacket> onlyA,
                                                                ArrayList<RawPacket> onlyB,
-                                                               Passphrase passphrase,
+                                                               CryptoInputParcel cryptoInput,
                                                                boolean canonicalize,
                                                                boolean constantCanonicalize) {
 
@@ -1191,7 +1193,7 @@ public class PgpKeyOperationTest {
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
 
             PgpKeyOperation op = new PgpKeyOperation(null);
-            PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
+            PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcel);
             Assert.assertTrue("key modification must succeed", result.success());
             UncachedKeyRing rawModified = result.getRing();
             Assert.assertNotNull("key modification must not return null", rawModified);
@@ -1258,11 +1260,11 @@ public class PgpKeyOperationTest {
     }
 
     private void assertModifyFailure(String reason, UncachedKeyRing ring,
-                                     SaveKeyringParcel parcel, Passphrase passphrase, LogType expected)
+                                     SaveKeyringParcel parcel, CryptoInputParcel cryptoInput, LogType expected)
             throws Exception {
 
         CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
-        PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
+        PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcel);
 
         Assert.assertFalse(reason, result.success());
         Assert.assertNull(reason, result.getRing());
@@ -1276,7 +1278,7 @@ public class PgpKeyOperationTest {
             throws Exception {
 
         CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
-        PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
+        PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcel);
 
         Assert.assertFalse(reason, result.success());
         Assert.assertNull(reason, result.getRing());
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
index 28ef7582b..4072d91c5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
@@ -72,7 +72,7 @@ public class EditKeyOperation extends BaseOperation {
         PgpEditKeyResult modifyResult;
         {
             PgpKeyOperation keyOperations =
-                    new PgpKeyOperation(new ProgressScaler(mProgressable, 10, 60, 100), mCancelled, cryptoInput);
+                    new PgpKeyOperation(new ProgressScaler(mProgressable, 10, 60, 100), mCancelled);
 
             // If a key id is specified, fetch and edit
             if (saveParcel.mMasterKeyId != null) {
@@ -83,7 +83,7 @@ public class EditKeyOperation extends BaseOperation {
                     CanonicalizedSecretKeyRing secRing =
                             mProviderHelper.getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
 
-                    modifyResult = keyOperations.modifySecretKeyRing(secRing, saveParcel);
+                    modifyResult = keyOperations.modifySecretKeyRing(secRing, cryptoInput, saveParcel);
                     if (modifyResult.isPending()) {
                         return modifyResult;
                     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
index 022dc4d32..d5f3cf964 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
@@ -49,7 +49,7 @@ public class PgpSignEncryptInputParcel implements Parcelable {
     protected boolean mCleartextSignature;
     protected boolean mDetachedSignature = false;
     protected boolean mHiddenRecipients = false;
-    protected CryptoInputParcel mCryptoInput = new CryptoInputParcel(null);
+    protected CryptoInputParcel mCryptoInput = new CryptoInputParcel();
 
     public PgpSignEncryptInputParcel() {
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
index d77bbe7e2..6edc48b09 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
@@ -24,11 +24,21 @@ public class CryptoInputParcel implements Parcelable {
     // used in the crypto operation described by this parcel.
     private HashMap<ByteBuffer,byte[]> mCryptoData = new HashMap<>();
 
+    public CryptoInputParcel() {
+        mSignatureTime = new Date();
+        mPassphrase = null;
+    }
+
     public CryptoInputParcel(Date signatureTime, Passphrase passphrase) {
         mSignatureTime = signatureTime == null ? new Date() : signatureTime;
         mPassphrase = passphrase;
     }
 
+    public CryptoInputParcel(Passphrase passphrase) {
+        mSignatureTime = new Date();
+        mPassphrase = null;
+    }
+
     public CryptoInputParcel(Date signatureTime) {
         mSignatureTime = signatureTime == null ? new Date() : signatureTime;
         mPassphrase = null;

From 3fce6d8a12884519fa77e1500e8f8441b3aa43cd Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 20 Mar 2015 14:22:07 +0100
Subject: [PATCH 08/80] inline mNfcSignOps variable

---
 .../keychain/pgp/PgpKeyOperation.java         | 33 +++++++++----------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 0bae93055..51f8460a4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -36,7 +36,6 @@ import org.spongycastle.openpgp.PGPUserAttributeSubpacketVector;
 import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
 import org.spongycastle.openpgp.operator.PBESecretKeyEncryptor;
 import org.spongycastle.openpgp.operator.PGPContentSignerBuilder;
-import org.spongycastle.openpgp.operator.PGPDataDecryptor;
 import org.spongycastle.openpgp.operator.PGPDigestCalculator;
 import org.spongycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
@@ -96,8 +95,6 @@ public class PgpKeyOperation {
     private Stack<Progressable> mProgress;
     private AtomicBoolean mCancelled;
 
-    NfcSignOperationsBuilder mNfcSignOps;
-
     public PgpKeyOperation(Progressable progress) {
         super();
         if (progress != null) {
@@ -106,10 +103,9 @@ public class PgpKeyOperation {
         }
     }
 
-    public PgpKeyOperation(Progressable progress, AtomicBoolean cancelled, CryptoInputParcel cryptoInput) {
+    public PgpKeyOperation(Progressable progress, AtomicBoolean cancelled) {
         this(progress);
         mCancelled = cancelled;
-        mNfcSignOps = new NfcSignOperationsBuilder(cryptoInput.getSignatureTime());
     }
 
     private boolean checkCancelled() {
@@ -428,6 +424,8 @@ public class PgpKeyOperation {
 
         int indent = 1;
 
+        NfcSignOperationsBuilder nfcSignOps = new NfcSignOperationsBuilder(cryptoInput.getSignatureTime());
+
         progress(R.string.progress_modify, 0);
 
         PGPPublicKey masterPublicKey = masterSecretKey.getPublicKey();
@@ -474,7 +472,7 @@ public class PgpKeyOperation {
                     String userId = saveParcel.mAddUserIds.get(i);
                     log.add(LogType.MSG_MF_UID_ADD, indent, userId);
 
-                    if (userId.equals("")) {
+                    if ("".equals(userId)) {
                         log.add(LogType.MSG_MF_UID_ERROR_EMPTY, indent + 1);
                         return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
                     }
@@ -513,7 +511,7 @@ public class PgpKeyOperation {
                                 isPrimary, masterKeyFlags, masterKeyExpiry);
                         modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
                     } catch (NfcInteractionNeeded e) {
-                        mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                        nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
                     }
                 }
                 subProgressPop();
@@ -548,7 +546,7 @@ public class PgpKeyOperation {
                                 masterPrivateKey, masterPublicKey, vector);
                         modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, vector, cert);
                     } catch (NfcInteractionNeeded e) {
-                        mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                        nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
                     }
                 }
                 subProgressPop();
@@ -584,7 +582,7 @@ public class PgpKeyOperation {
                                 masterPrivateKey, masterPublicKey, userId);
                         modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
                     } catch (NfcInteractionNeeded e) {
-                        mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                        nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
                     }
                 }
                 subProgressPop();
@@ -664,7 +662,7 @@ public class PgpKeyOperation {
                                 modifiedPublicKey = PGPPublicKey.addCertification(
                                         modifiedPublicKey, userId, newCert);
                             } catch (NfcInteractionNeeded e) {
-                                mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                                nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
                             }
 
                             continue;
@@ -687,7 +685,7 @@ public class PgpKeyOperation {
                                 modifiedPublicKey = PGPPublicKey.addCertification(
                                         modifiedPublicKey, userId, newCert);
                             } catch (NfcInteractionNeeded e) {
-                                mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                                nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
                             }
                             ok = true;
                         }
@@ -777,7 +775,7 @@ public class PgpKeyOperation {
                     PGPPublicKey pKey =
                             updateMasterCertificates(
                                     masterSecretKey, masterPrivateKey, masterPublicKey,
-                                    flags, expiry, cryptoInput,  indent, log);
+                                    flags, expiry, cryptoInput,  nfcSignOps, indent, log);
                     if (pKey == null) {
                         // error log entry has already been added by updateMasterCertificates itself
                         return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
@@ -856,7 +854,7 @@ public class PgpKeyOperation {
                     pKey = PGPPublicKey.addCertification(pKey, sig);
                     sKR = PGPSecretKeyRing.insertSecretKey(sKR, PGPSecretKey.replacePublicKey(sKey, pKey));
                 } catch (NfcInteractionNeeded e) {
-                    mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                    nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
                 }
             }
             subProgressPop();
@@ -908,7 +906,7 @@ public class PgpKeyOperation {
                             add.mFlags, add.mExpiry);
                     pKey = PGPPublicKey.addSubkeyBindingCertification(pKey, cert);
                 } catch (NfcInteractionNeeded e) {
-                    mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                    nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
                 }
 
                 PGPSecretKey sKey; {
@@ -972,9 +970,9 @@ public class PgpKeyOperation {
 
         progress(R.string.progress_done, 100);
 
-        if (!mNfcSignOps.isEmpty()) {
+        if (!nfcSignOps.isEmpty()) {
             log.add(LogType.MSG_MF_INPUT_REQUIRED, indent);
-            return new PgpEditKeyResult(log, mNfcSignOps.build());
+            return new PgpEditKeyResult(log, nfcSignOps.build());
         }
 
         log.add(LogType.MSG_MF_SUCCESS, indent);
@@ -1205,6 +1203,7 @@ public class PgpKeyOperation {
             PGPPublicKey masterPublicKey,
             int flags, long expiry,
             CryptoInputParcel cryptoInput,
+            NfcSignOperationsBuilder nfcSignOps,
             int indent, OperationLog log)
             throws PGPException, IOException, SignatureException {
 
@@ -1268,7 +1267,7 @@ public class PgpKeyOperation {
                 modifiedPublicKey = PGPPublicKey.addCertification(
                         modifiedPublicKey, userId, newCert);
             } catch (NfcInteractionNeeded e) {
-                mNfcSignOps.addHash(e.hashToSign, e.hashAlgo);
+                nfcSignOps.addHash(e.hashToSign, e.hashAlgo);
             }
             ok = true;
 

From e00ce86de911e5b3f9aa7f5d8f1cb40e310e95e3 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 20 Mar 2015 14:57:38 +0100
Subject: [PATCH 09/80] fix more unit tests (syntax)

---
 .../operations/CertifyOperationTest.java      | 51 +++++--------------
 .../keychain/pgp/PgpEncryptDecryptTest.java   | 10 ++--
 .../pgp/UncachedKeyringCanonicalizeTest.java  |  4 ++
 .../pgp/UncachedKeyringMergeTest.java         | 23 ++++++---
 .../keychain/operations/CertifyOperation.java | 11 ++--
 .../keychain/pgp/CanonicalizedSecretKey.java  |  5 ++
 .../keychain/pgp/PgpKeyOperation.java         |  2 +-
 .../service/CertifyActionsParcel.java         | 10 +---
 .../service/KeychainIntentService.java        |  3 +-
 .../keychain/ui/CertifyKeyFragment.java       |  3 +-
 10 files changed, 56 insertions(+), 66 deletions(-)

diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java
index 7c4b2e91e..130b86908 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java
@@ -46,6 +46,7 @@ import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyActio
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
@@ -152,8 +153,8 @@ public class CertifyOperationTest {
 
     @Test
     public void testCertifyId() throws Exception {
-        CertifyOperation op = operationWithFakePassphraseCache(
-                mStaticRing1.getMasterKeyId(), mStaticRing1.getMasterKeyId(), mKeyPhrase1);
+        CertifyOperation op = new CertifyOperation(Robolectric.application,
+                new ProviderHelper(Robolectric.application), null, null);
 
         {
             CanonicalizedPublicKeyRing ring = new ProviderHelper(Robolectric.application)
@@ -165,7 +166,7 @@ public class CertifyOperationTest {
         CertifyActionsParcel actions = new CertifyActionsParcel(mStaticRing1.getMasterKeyId());
         actions.add(new CertifyAction(mStaticRing2.getMasterKeyId(),
                 mStaticRing2.getPublicKey().getUnorderedUserIds()));
-        CertifyResult result = op.certify(actions, null);
+        CertifyResult result = op.certify(actions, new CryptoInputParcel(mKeyPhrase1), null);
 
         Assert.assertTrue("certification must succeed", result.success());
 
@@ -180,8 +181,8 @@ public class CertifyOperationTest {
 
     @Test
     public void testCertifyAttribute() throws Exception {
-        CertifyOperation op = operationWithFakePassphraseCache(
-                mStaticRing1.getMasterKeyId(), mStaticRing1.getMasterKeyId(), mKeyPhrase1);
+        CertifyOperation op = new CertifyOperation(Robolectric.application,
+                new ProviderHelper(Robolectric.application), null, null);
 
         {
             CanonicalizedPublicKeyRing ring = new ProviderHelper(Robolectric.application)
@@ -193,7 +194,7 @@ public class CertifyOperationTest {
         CertifyActionsParcel actions = new CertifyActionsParcel(mStaticRing1.getMasterKeyId());
         actions.add(new CertifyAction(mStaticRing2.getMasterKeyId(), null,
                 mStaticRing2.getPublicKey().getUnorderedUserAttributes()));
-        CertifyResult result = op.certify(actions, null);
+        CertifyResult result = op.certify(actions, new CryptoInputParcel(mKeyPhrase1), null);
 
         Assert.assertTrue("certification must succeed", result.success());
 
@@ -209,14 +210,14 @@ public class CertifyOperationTest {
 
     @Test
     public void testCertifySelf() throws Exception {
-        CertifyOperation op = operationWithFakePassphraseCache(
-                mStaticRing1.getMasterKeyId(), mStaticRing1.getMasterKeyId(), mKeyPhrase1);
+        CertifyOperation op = new CertifyOperation(Robolectric.application,
+                new ProviderHelper(Robolectric.application), null, null);
 
         CertifyActionsParcel actions = new CertifyActionsParcel(mStaticRing1.getMasterKeyId());
         actions.add(new CertifyAction(mStaticRing1.getMasterKeyId(),
                 mStaticRing2.getPublicKey().getUnorderedUserIds()));
 
-        CertifyResult result = op.certify(actions, null);
+        CertifyResult result = op.certify(actions, new CryptoInputParcel(mKeyPhrase1), null);
 
         Assert.assertFalse("certification with itself must fail!", result.success());
         Assert.assertTrue("error msg must be about self certification",
@@ -226,7 +227,8 @@ public class CertifyOperationTest {
     @Test
     public void testCertifyNonexistent() throws Exception {
 
-        CertifyOperation op = operationWithFakePassphraseCache(null, null, mKeyPhrase1);
+        CertifyOperation op = new CertifyOperation(Robolectric.application,
+                new ProviderHelper(Robolectric.application), null, null);
 
         {
             CertifyActionsParcel actions = new CertifyActionsParcel(mStaticRing1.getMasterKeyId());
@@ -234,7 +236,7 @@ public class CertifyOperationTest {
             uids.add("nonexistent");
             actions.add(new CertifyAction(1234L, uids));
 
-            CertifyResult result = op.certify(actions, null);
+            CertifyResult result = op.certify(actions, new CryptoInputParcel(mKeyPhrase1), null);
 
             Assert.assertFalse("certification of nonexistent key must fail", result.success());
             Assert.assertTrue("must contain error msg about not found",
@@ -246,7 +248,7 @@ public class CertifyOperationTest {
             actions.add(new CertifyAction(mStaticRing1.getMasterKeyId(),
                     mStaticRing2.getPublicKey().getUnorderedUserIds()));
 
-            CertifyResult result = op.certify(actions, null);
+            CertifyResult result = op.certify(actions, new CryptoInputParcel(mKeyPhrase1), null);
 
             Assert.assertFalse("certification of nonexistent key must fail", result.success());
             Assert.assertTrue("must contain error msg about not found",
@@ -255,29 +257,4 @@ public class CertifyOperationTest {
 
     }
 
-    private CertifyOperation operationWithFakePassphraseCache(
-            final Long checkMasterKeyId, final Long checkSubKeyId, final Passphrase passphrase) {
-
-        return new CertifyOperation(Robolectric.application,
-                new ProviderHelper(Robolectric.application),
-                null, null) {
-            @Override
-            public Passphrase getCachedPassphrase(long masterKeyId, long subKeyId)
-                    throws NoSecretKeyException {
-                if (checkMasterKeyId != null) {
-                    Assert.assertEquals("requested passphrase should be for expected master key id",
-                            (long) checkMasterKeyId, masterKeyId);
-                }
-                if (checkSubKeyId != null) {
-                    Assert.assertEquals("requested passphrase should be for expected sub key id",
-                            (long) checkSubKeyId, subKeyId);
-                }
-                if (passphrase == null) {
-                    return null;
-                }
-                return passphrase;
-            }
-        };
-    }
-
 }
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
index 6b7e20b04..5a90af2dc 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
@@ -138,7 +138,7 @@ public class PgpEncryptDecryptTest {
 
             InputData data = new InputData(in, in.available());
 
-            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
+            PgpSignEncryptInputParcel b = new PgpSignEncryptInputParcel();
             b.setSymmetricPassphrase(mPassphrase);
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
 
@@ -222,7 +222,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application), null);
 
             InputData data = new InputData(in, in.available());
-            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
+            PgpSignEncryptInputParcel b = new PgpSignEncryptInputParcel();
 
             b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() });
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
@@ -303,7 +303,7 @@ public class PgpEncryptDecryptTest {
 
             InputData data = new InputData(in, in.available());
 
-            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
+            PgpSignEncryptInputParcel b = new PgpSignEncryptInputParcel();
             b.setEncryptionMasterKeyIds(new long[] {
                     mStaticRing1.getMasterKeyId(),
                     mStaticRing2.getMasterKeyId()
@@ -395,7 +395,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application), null);
 
             InputData data = new InputData(in, in.available());
-            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
+            PgpSignEncryptInputParcel b = new PgpSignEncryptInputParcel();
 
             b.setEncryptionMasterKeyIds(new long[] {
                     mStaticRing1.getMasterKeyId(),
@@ -477,7 +477,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application), null);
 
             InputData data = new InputData(in, in.available());
-            PgpSignEncryptInputParcel b = new setSignatureTimestamp();
+            PgpSignEncryptInputParcel b = new PgpSignEncryptInputParcel();
 
             b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() });
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java
index bfe34b14b..2b184c075 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java
@@ -59,6 +59,7 @@ import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
 import org.sufficientlysecure.keychain.util.Passphrase;
@@ -549,7 +550,10 @@ public class UncachedKeyringCanonicalizeTest {
             CanonicalizedSecretKey masterSecretKey = canonicalized.getSecretKey();
             masterSecretKey.unlock(new Passphrase());
             PGPPublicKey masterPublicKey = masterSecretKey.getPublicKey();
+            CryptoInputParcel cryptoInput = new CryptoInputParcel();
             PGPSignature cert = PgpKeyOperation.generateSubkeyBindingSignature(
+                    PgpKeyOperation.getSignatureGenerator(masterSecretKey.getSecretKey(), cryptoInput),
+                    cryptoInput.getSignatureTime(),
                     masterPublicKey, masterSecretKey.getPrivateKey(), masterSecretKey.getPrivateKey(),
                     masterPublicKey, masterSecretKey.getKeyUsage(), 0);
             PGPPublicKey subPubKey = PGPPublicKey.addSubkeyBindingCertification(masterPublicKey, cert);
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java
index 712f0563d..732c13f62 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java
@@ -35,9 +35,12 @@ import org.spongycastle.util.Strings;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
+import org.sufficientlysecure.keychain.pgp.PgpCertifyOperation.PgpCertifyResult;
+import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
 import org.sufficientlysecure.keychain.util.Passphrase;
@@ -46,6 +49,7 @@ import org.sufficientlysecure.keychain.util.ProgressScaler;
 import java.io.ByteArrayInputStream;
 import java.security.Security;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.Iterator;
 import java.util.Random;
 
@@ -186,11 +190,11 @@ public class UncachedKeyringMergeTest {
 
             parcel.reset();
             parcel.mAddUserIds.add("flim");
-            modifiedA = op.modifySecretKeyRing(secretRing, parcel, new Passphrase()).getRing();
+            modifiedA = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
 
             parcel.reset();
             parcel.mAddUserIds.add("flam");
-            modifiedB = op.modifySecretKeyRing(secretRing, parcel, new Passphrase()).getRing();
+            modifiedB = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
         }
 
         { // merge A into base
@@ -227,8 +231,8 @@ public class UncachedKeyringMergeTest {
             parcel.reset();
             parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
                     Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
-            modifiedA = op.modifySecretKeyRing(secretRing, parcel, new Passphrase()).getRing();
-            modifiedB = op.modifySecretKeyRing(secretRing, parcel, new Passphrase()).getRing();
+            modifiedA = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
+            modifiedB = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
 
             subKeyIdA = KeyringTestingHelper.getSubkeyId(modifiedA, 2);
             subKeyIdB = KeyringTestingHelper.getSubkeyId(modifiedB, 2);
@@ -269,7 +273,7 @@ public class UncachedKeyringMergeTest {
             parcel.mRevokeSubKeys.add(KeyringTestingHelper.getSubkeyId(ringA, 1));
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(
                     ringA.getEncoded(), false, 0);
-            modified = op.modifySecretKeyRing(secretRing, parcel, new Passphrase()).getRing();
+            modified = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
         }
 
         {
@@ -295,8 +299,13 @@ public class UncachedKeyringMergeTest {
             CanonicalizedSecretKey secretKey = new CanonicalizedSecretKeyRing(
                     ringB.getEncoded(), false, 0).getSecretKey();
             secretKey.unlock(new Passphrase());
+            PgpCertifyOperation op = new PgpCertifyOperation();
+            CertifyAction action = new CertifyAction(pubRing.getMasterKeyId(), publicRing.getPublicKey().getUnorderedUserIds());
             // sign all user ids
-            modified = secretKey.certifyUserIds(publicRing, publicRing.getPublicKey().getUnorderedUserIds(), null, null);
+            PgpCertifyResult result = op.certify(secretKey, publicRing, new OperationLog(), 0, action, null, new Date());
+            Assert.assertTrue("certification must succeed", result.success());
+            Assert.assertNotNull("certification must yield result", result.getCertifiedRing());
+            modified = result.getCertifiedRing();
         }
 
         {
@@ -363,7 +372,7 @@ public class UncachedKeyringMergeTest {
 
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(
                     ringA.getEncoded(), false, 0);
-            modified = op.modifySecretKeyRing(secretRing, parcel, new Passphrase()).getRing();
+            modified = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
         }
 
         {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
index ad2b297dd..7c299a6bd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -39,6 +39,7 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
 import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.NfcSignOperationsBuilder;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
@@ -63,7 +64,7 @@ public class CertifyOperation extends BaseOperation {
         super(context, providerHelper, progressable, cancelled);
     }
 
-    public CertifyResult certify(CertifyActionsParcel parcel, String keyServerUri) {
+    public CertifyResult certify(CertifyActionsParcel parcel, CryptoInputParcel cryptoInput, String keyServerUri) {
 
         OperationLog log = new OperationLog();
         log.add(LogType.MSG_CRT, 0);
@@ -78,13 +79,13 @@ public class CertifyOperation extends BaseOperation {
             log.add(LogType.MSG_CRT_UNLOCK, 1);
             certificationKey = secretKeyRing.getSecretKey();
 
-            if (!parcel.mCryptoInput.hasPassphrase()) {
+            if (!cryptoInput.hasPassphrase()) {
                 return new CertifyResult(log, RequiredInputParcel.createRequiredPassphrase(
                         certificationKey.getKeyId(), null));
             }
 
             // certification is always with the master key id, so use that one
-            Passphrase passphrase = parcel.mCryptoInput.getPassphrase();
+            Passphrase passphrase = cryptoInput.getPassphrase();
 
             if (!certificationKey.unlock(passphrase)) {
                 log.add(LogType.MSG_CRT_ERROR_UNLOCK, 2);
@@ -104,7 +105,7 @@ public class CertifyOperation extends BaseOperation {
 
         int certifyOk = 0, certifyError = 0, uploadOk = 0, uploadError = 0;
 
-        NfcSignOperationsBuilder allRequiredInput = new NfcSignOperationsBuilder(parcel.mCryptoInput.getSignatureTime());
+        NfcSignOperationsBuilder allRequiredInput = new NfcSignOperationsBuilder(cryptoInput.getSignatureTime());
 
         // Work through all requested certifications
         for (CertifyAction action : parcel.mCertifyActions) {
@@ -128,7 +129,7 @@ public class CertifyOperation extends BaseOperation {
 
                 PgpCertifyOperation op = new PgpCertifyOperation();
                 PgpCertifyResult result = op.certify(certificationKey, publicRing,
-                        log, 2, action, parcel.getSignatureData(), parcel.mCryptoInput.getSignatureTime());
+                        log, 2, action, cryptoInput.getCryptoData(), cryptoInput.getSignatureTime());
 
                 if (!result.success()) {
                     certifyError += 1;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index 715d5af30..21b6e551b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -292,4 +292,9 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         return mPrivateKey;
     }
 
+    // HACK, for TESTING ONLY!!
+    PGPSecretKey getSecretKey() {
+        return mSecretKey;
+    }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 51f8460a4..f739cfb69 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -1283,7 +1283,7 @@ public class PgpKeyOperation {
 
     }
 
-    private static PGPSignatureGenerator getSignatureGenerator(
+    static PGPSignatureGenerator getSignatureGenerator(
             PGPSecretKey secretKey, CryptoInputParcel cryptoInput) {
 
         PGPContentSignerBuilder builder;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
index 405a6a24b..8721f4c0c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/CertifyActionsParcel.java
@@ -42,17 +42,14 @@ public class CertifyActionsParcel implements Parcelable {
     public CertifyLevel mLevel;
 
     public ArrayList<CertifyAction> mCertifyActions = new ArrayList<>();
-    public CryptoInputParcel mCryptoInput;
 
-    public CertifyActionsParcel(CryptoInputParcel cryptoInput, long masterKeyId) {
+    public CertifyActionsParcel(long masterKeyId) {
         mMasterKeyId = masterKeyId;
-        mCryptoInput = cryptoInput != null ? cryptoInput : new CryptoInputParcel(new Date());
         mLevel = CertifyLevel.DEFAULT;
     }
 
     public CertifyActionsParcel(Parcel source) {
         mMasterKeyId = source.readLong();
-        mCryptoInput = source.readParcelable(CertifyActionsParcel.class.getClassLoader());
         // just like parcelables, this is meant for ad-hoc IPC only and is NOT portable!
         mLevel = CertifyLevel.values()[source.readInt()];
 
@@ -66,16 +63,11 @@ public class CertifyActionsParcel implements Parcelable {
     @Override
     public void writeToParcel(Parcel destination, int flags) {
         destination.writeLong(mMasterKeyId);
-        destination.writeParcelable(mCryptoInput, 0);
         destination.writeInt(mLevel.ordinal());
 
         destination.writeSerializable(mCertifyActions);
     }
 
-    public Map<ByteBuffer, byte[]> getSignatureData() {
-        return mCryptoInput.getCryptoData();
-    }
-
     public static final Creator<CertifyActionsParcel> CREATOR = new Creator<CertifyActionsParcel>() {
         public CertifyActionsParcel createFromParcel(final Parcel source) {
             return new CertifyActionsParcel(source);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index cd3e06705..ed6453e9d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -254,11 +254,12 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 // Input
                 CertifyActionsParcel parcel = data.getParcelable(CERTIFY_PARCEL);
+                CryptoInputParcel cryptoInput = data.getParcelable(EXTRA_CRYPTO_INPUT);
                 String keyServerUri = data.getString(UPLOAD_KEY_SERVER);
 
                 // Operation
                 CertifyOperation op = new CertifyOperation(this, providerHelper, this, mActionCanceled);
-                CertifyResult result = op.certify(parcel, keyServerUri);
+                CertifyResult result = op.certify(parcel, cryptoInput, keyServerUri);
 
                 // Result
                 sendMessageToHandler(MessageStatus.OKAY, result);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
index a5f818734..a42c52e63 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
@@ -321,9 +321,10 @@ public class CertifyKeyFragment extends CryptoOperationFragment
         Bundle data = new Bundle();
         {
             // fill values for this action
-            CertifyActionsParcel parcel = new CertifyActionsParcel(cryptoInput, mSignMasterKeyId);
+            CertifyActionsParcel parcel = new CertifyActionsParcel(mSignMasterKeyId);
             parcel.mCertifyActions.addAll(certifyActions);
 
+            data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
             data.putParcelable(KeychainIntentService.CERTIFY_PARCEL, parcel);
             if (mUploadKeyCheckbox.isChecked()) {
                 String keyserver = Preferences.getPreferences(getActivity()).getPreferredKeyserver();

From 3e51da3afa542c62b82bbcf9a953cdcd379950a2 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 20 Mar 2015 18:45:00 +0100
Subject: [PATCH 10/80] fix unit tests (for real)

---
 .../keychain/pgp/PgpKeyOperationTest.java     | 21 ++++++++++++-------
 .../pgp/UncachedKeyringMergeTest.java         | 12 +++++------
 .../operations/results/OperationResult.java   |  4 +++-
 .../keychain/pgp/PgpKeyOperation.java         | 12 +++++++++--
 .../keychain/service/SaveKeyringParcel.java   |  2 +-
 .../service/input/CryptoInputParcel.java      |  2 +-
 OpenKeychain/src/main/res/values/strings.xml  |  6 ++++--
 7 files changed, 39 insertions(+), 20 deletions(-)

diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
index 2ecc304e7..e6ada202b 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
@@ -75,7 +75,6 @@ public class PgpKeyOperationTest {
 
     static UncachedKeyRing staticRing;
     final static Passphrase passphrase = TestingUtils.genPassphrase();
-    final static CryptoInputParcel cryptoInput = new CryptoInputParcel(new Date(), passphrase);
 
     UncachedKeyRing ring;
     PgpKeyOperation op;
@@ -83,6 +82,8 @@ public class PgpKeyOperationTest {
     ArrayList<RawPacket> onlyA = new ArrayList<RawPacket>();
     ArrayList<RawPacket> onlyB = new ArrayList<RawPacket>();
 
+    static CryptoInputParcel cryptoInput;
+
     @BeforeClass
     public static void setUpOnce() throws Exception {
         Security.insertProviderAt(new BouncyCastleProvider(), 1);
@@ -110,6 +111,9 @@ public class PgpKeyOperationTest {
 
         // we sleep here for a second, to make sure all new certificates have different timestamps
         Thread.sleep(1000);
+
+        cryptoInput = new CryptoInputParcel(new Date(), passphrase);
+
     }
 
     @Before public void setUp() throws Exception {
@@ -302,6 +306,7 @@ public class PgpKeyOperationTest {
             if (badphrase.equals(passphrase)) {
                 badphrase = new Passphrase("a");
             }
+            parcel.mAddUserIds.add("allure");
 
             assertModifyFailure("keyring modification with bad passphrase should fail",
                     ring, parcel, new CryptoInputParcel(badphrase), LogType.MSG_MF_UNLOCK_ERROR);
@@ -659,7 +664,8 @@ public class PgpKeyOperationTest {
             parcel.reset();
             parcel.mRevokeSubKeys.add(keyId);
 
-            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
+            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB,
+                    new CryptoInputParcel(new Date(), passphrase));
 
             Assert.assertEquals("no extra packets in original", 0, onlyA.size());
             Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
@@ -779,7 +785,7 @@ public class PgpKeyOperationTest {
         { // we should be able to change the stripped/divert status of subkeys without passphrase
             parcel.reset();
             parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, null));
-            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, null);
+            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, new CryptoInputParcel());
             Assert.assertEquals("one extra packet in modified", 1, onlyB.size());
             Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
             Assert.assertEquals("new packet should have GNU_DUMMY S2K type",
@@ -795,7 +801,7 @@ public class PgpKeyOperationTest {
                     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             };
             parcel.mChangeSubKeys.add(new SubkeyChange(keyId, false, serial));
-            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, null);
+            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, new CryptoInputParcel());
             Assert.assertEquals("one extra packet in modified", 1, onlyB.size());
             Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
             Assert.assertEquals("new packet should have GNU_DUMMY S2K type",
@@ -972,12 +978,12 @@ public class PgpKeyOperationTest {
         Assert.assertEquals("signature type must be positive certification",
                 PGPSignature.POSITIVE_CERTIFICATION, ((SignaturePacket) p).getSignatureType());
 
-        // make sure packets can be distinguished by timestamp
         Thread.sleep(1000);
 
         // applying the same modification AGAIN should not add more certifications but drop those
         // as duplicates
-        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, cryptoInput, true, false);
+        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB,
+                new CryptoInputParcel(new Date(), passphrase), true, false);
 
         Assert.assertEquals("duplicate modification: one extra packet in original", 1, onlyA.size());
         Assert.assertEquals("duplicate modification: one extra packet in modified", 1, onlyB.size());
@@ -1055,7 +1061,8 @@ public class PgpKeyOperationTest {
         Passphrase otherPassphrase = TestingUtils.genPassphrase(true);
         CryptoInputParcel otherCryptoInput = new CryptoInputParcel(otherPassphrase);
         parcel.mNewUnlock = new ChangeUnlockParcel(otherPassphrase);
-        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, new CryptoInputParcel(new Date()));
+        modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB,
+                new CryptoInputParcel(new Date(), new Passphrase()));
 
         Assert.assertEquals("exactly three packets should have been modified (the secret keys)",
                 3, onlyB.size());
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java
index 732c13f62..755a0b00d 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java
@@ -190,11 +190,11 @@ public class UncachedKeyringMergeTest {
 
             parcel.reset();
             parcel.mAddUserIds.add("flim");
-            modifiedA = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
+            modifiedA = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Passphrase()), parcel).getRing();
 
             parcel.reset();
             parcel.mAddUserIds.add("flam");
-            modifiedB = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
+            modifiedB = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Passphrase()), parcel).getRing();
         }
 
         { // merge A into base
@@ -231,8 +231,8 @@ public class UncachedKeyringMergeTest {
             parcel.reset();
             parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
                     Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
-            modifiedA = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
-            modifiedB = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
+            modifiedA = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Passphrase()), parcel).getRing();
+            modifiedB = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Passphrase()), parcel).getRing();
 
             subKeyIdA = KeyringTestingHelper.getSubkeyId(modifiedA, 2);
             subKeyIdB = KeyringTestingHelper.getSubkeyId(modifiedB, 2);
@@ -273,7 +273,7 @@ public class UncachedKeyringMergeTest {
             parcel.mRevokeSubKeys.add(KeyringTestingHelper.getSubkeyId(ringA, 1));
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(
                     ringA.getEncoded(), false, 0);
-            modified = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
+            modified = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Passphrase()), parcel).getRing();
         }
 
         {
@@ -372,7 +372,7 @@ public class UncachedKeyringMergeTest {
 
             CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(
                     ringA.getEncoded(), false, 0);
-            modified = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(), parcel).getRing();
+            modified = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Passphrase()), parcel).getRing();
         }
 
         {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 25abab25b..4646aef8a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -530,7 +530,6 @@ public abstract class OperationResult implements Parcelable {
         MSG_MF_ERROR_REVOKED_PRIMARY (LogLevel.ERROR, R.string.msg_mf_error_revoked_primary),
         MSG_MF_ERROR_SIG (LogLevel.ERROR, R.string.msg_mf_error_sig),
         MSG_MF_ERROR_SUBKEY_MISSING(LogLevel.ERROR, R.string.msg_mf_error_subkey_missing),
-        MSG_MF_INPUT_REQUIRED (LogLevel.OK, R.string.msg_mf_input_required),
         MSG_MF_MASTER (LogLevel.DEBUG, R.string.msg_mf_master),
         MSG_MF_NOTATION_PIN (LogLevel.DEBUG, R.string.msg_mf_notation_pin),
         MSG_MF_NOTATION_EMPTY (LogLevel.DEBUG, R.string.msg_mf_notation_empty),
@@ -540,6 +539,9 @@ public abstract class OperationResult implements Parcelable {
         MSG_MF_PASSPHRASE_FAIL (LogLevel.WARN, R.string.msg_mf_passphrase_fail),
         MSG_MF_PRIMARY_REPLACE_OLD (LogLevel.DEBUG, R.string.msg_mf_primary_replace_old),
         MSG_MF_PRIMARY_NEW (LogLevel.DEBUG, R.string.msg_mf_primary_new),
+        MSG_MF_RESTRICTED_MODE (LogLevel.INFO, R.string.msg_mf_restricted_mode),
+        MSG_MF_REQUIRE_DIVERT (LogLevel.OK, R.string.msg_mf_require_divert),
+        MSG_MF_REQUIRE_PASSPHRASE (LogLevel.OK, R.string.msg_mf_require_passphrase),
         MSG_MF_SUBKEY_CHANGE (LogLevel.INFO, R.string.msg_mf_subkey_change),
         MSG_MF_SUBKEY_NEW_ID (LogLevel.DEBUG, R.string.msg_mf_subkey_new_id),
         MSG_MF_SUBKEY_NEW (LogLevel.INFO, R.string.msg_mf_subkey_new),
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index f739cfb69..454a35cd6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -395,12 +395,14 @@ public class PgpKeyOperation {
             return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
         }
 
-        if (saveParcel.isRestrictedOnly()) {
+        if (isDummy(masterSecretKey) || saveParcel.isRestrictedOnly()) {
+            log.add(LogType.MSG_MF_RESTRICTED_MODE, indent);
             return internalRestricted(sKR, saveParcel, log);
         }
 
         // Do we require a passphrase? If so, pass it along
         if (!isDivertToCard(masterSecretKey) && !cryptoInput.hasPassphrase()) {
+            log.add(LogType.MSG_MF_REQUIRE_PASSPHRASE, indent);
             return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredPassphrase(
                     masterSecretKey.getKeyID(), cryptoInput.getSignatureTime()));
         }
@@ -971,7 +973,7 @@ public class PgpKeyOperation {
         progress(R.string.progress_done, 100);
 
         if (!nfcSignOps.isEmpty()) {
-            log.add(LogType.MSG_MF_INPUT_REQUIRED, indent);
+            log.add(LogType.MSG_MF_REQUIRE_DIVERT, indent);
             return new PgpEditKeyResult(log, nfcSignOps.build());
         }
 
@@ -1459,6 +1461,12 @@ public class PgpKeyOperation {
         return flags;
     }
 
+    private static boolean isDummy(PGPSecretKey secretKey) {
+        S2K s2k = secretKey.getS2K();
+        return s2k.getType() == S2K.GNU_DUMMY_S2K
+                && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY;
+    }
+
     private static boolean isDivertToCard(PGPSecretKey secretKey) {
         S2K s2k = secretKey.getS2K();
         return s2k.getType() == S2K.GNU_DUMMY_S2K
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
index 9fd278c13..88f258c58 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
@@ -85,7 +85,7 @@ public class SaveKeyringParcel implements Parcelable {
     /** Returns true iff this parcel does not contain any operations which require a passphrase. */
     public boolean isRestrictedOnly() {
         if (mNewUnlock != null || !mAddUserIds.isEmpty() || !mAddUserAttribute.isEmpty()
-                || !mAddSubKeys.isEmpty() || mChangePrimaryUserId != null || !mRevokeSubKeys .isEmpty()
+                || !mAddSubKeys.isEmpty() || mChangePrimaryUserId != null || !mRevokeUserIds.isEmpty()
                 || !mRevokeSubKeys.isEmpty()) {
             return false;
         }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
index 6edc48b09..21aacd1f0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
@@ -36,7 +36,7 @@ public class CryptoInputParcel implements Parcelable {
 
     public CryptoInputParcel(Passphrase passphrase) {
         mSignatureTime = new Date();
-        mPassphrase = null;
+        mPassphrase = passphrase;
     }
 
     public CryptoInputParcel(Date signatureTime) {
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index a7e9cdf7e..76514575c 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -913,7 +913,7 @@
     <string name="msg_mf_error_passphrase_master">"Fatal error decrypting master key! This is likely a programming error, please file a bug report!"</string>
     <string name="msg_mf_error_pgp">"Internal OpenPGP error!"</string>
     <string name="msg_mf_error_sig">"Signature exception!"</string>
-    <string name="msg_mf_input_required">"Diverting to card/nfc for crypto operations"</string>
+    <string name="msg_mf_error_subkey_missing">"Tried to operate on missing subkey %s!"</string>
     <string name="msg_mf_master">"Modifying master certifications"</string>
     <string name="msg_mf_notation_empty">"Adding empty notation packet"</string>
     <string name="msg_mf_notation_pin">"Adding PIN notation packet"</string>
@@ -923,8 +923,10 @@
     <string name="msg_mf_passphrase_fail">"Passphrase for subkey could not be changed! (Does it have a different one from the other keys?)"</string>
     <string name="msg_mf_primary_replace_old">"Replacing certificate of previous primary user ID"</string>
     <string name="msg_mf_primary_new">"Generating new certificate for new primary user ID"</string>
+    <string name="msg_mf_restricted_mode">"Changing to restricted operation mode"</string>
     <string name="msg_mf_subkey_change">"Modifying subkey %s"</string>
-    <string name="msg_mf_error_subkey_missing">"Tried to operate on missing subkey %s!"</string>
+    <string name="msg_mf_require_divert">"Diverting to card/nfc for crypto operations"</string>
+    <string name="msg_mf_require_passphrase">"Passphrase required for operations"</string>
     <string name="msg_mf_subkey_new">"Adding new subkey of type %s"</string>
     <string name="msg_mf_subkey_new_id">"New subkey ID: %s"</string>
     <string name="msg_mf_error_past_expiry">"Expiry date cannot be in the past!"</string>

From 88ca41d55586e5084cc3f177eb12617aa640ae1d Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 20 Mar 2015 18:55:16 +0100
Subject: [PATCH 11/80] add edit key unit test for no-op

---
 .../keychain/pgp/PgpKeyOperationTest.java                   | 6 ++++++
 .../keychain/operations/results/OperationResult.java        | 1 +
 .../sufficientlysecure/keychain/pgp/PgpKeyOperation.java    | 5 +++++
 .../keychain/service/SaveKeyringParcel.java                 | 4 ++++
 OpenKeychain/src/main/res/values/strings.xml                | 1 +
 5 files changed, 17 insertions(+)

diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
index e6ada202b..54ccccc3d 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
@@ -312,6 +312,12 @@ public class PgpKeyOperationTest {
                     ring, parcel, new CryptoInputParcel(badphrase), LogType.MSG_MF_UNLOCK_ERROR);
         }
 
+        {
+            parcel.reset();
+            assertModifyFailure("no-op should fail",
+                    ring, parcel, cryptoInput, LogType.MSG_MF_ERROR_NOOP);
+        }
+
     }
 
     @Test
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 4646aef8a..033039df6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -522,6 +522,7 @@ public abstract class OperationResult implements Parcelable {
         MSG_MF_ERROR_NO_CERTIFY (LogLevel.ERROR, R.string.msg_cr_error_no_certify),
         MSG_MF_ERROR_NOEXIST_PRIMARY (LogLevel.ERROR, R.string.msg_mf_error_noexist_primary),
         MSG_MF_ERROR_NOEXIST_REVOKE (LogLevel.ERROR, R.string.msg_mf_error_noexist_revoke),
+        MSG_MF_ERROR_NOOP (LogLevel.ERROR, R.string.msg_mf_error_noop),
         MSG_MF_ERROR_NULL_EXPIRY (LogLevel.ERROR, R.string.msg_mf_error_null_expiry),
         MSG_MF_ERROR_PASSPHRASE_MASTER(LogLevel.ERROR, R.string.msg_mf_error_passphrase_master),
         MSG_MF_ERROR_PAST_EXPIRY(LogLevel.ERROR, R.string.msg_mf_error_past_expiry),
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 454a35cd6..f4eccf298 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -395,6 +395,11 @@ public class PgpKeyOperation {
             return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
         }
 
+        if (saveParcel.isEmpty()) {
+            log.add(LogType.MSG_MF_ERROR_NOOP, indent);
+            return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
+        }
+
         if (isDummy(masterSecretKey) || saveParcel.isRestrictedOnly()) {
             log.add(LogType.MSG_MF_RESTRICTED_MODE, indent);
             return internalRestricted(sKR, saveParcel, log);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
index 88f258c58..2e0524141 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
@@ -82,6 +82,10 @@ public class SaveKeyringParcel implements Parcelable {
         mRevokeSubKeys = new ArrayList<>();
     }
 
+    public boolean isEmpty() {
+        return isRestrictedOnly() && mChangeSubKeys.isEmpty();
+    }
+
     /** Returns true iff this parcel does not contain any operations which require a passphrase. */
     public boolean isRestrictedOnly() {
         if (mNewUnlock != null || !mAddUserIds.isEmpty() || !mAddUserAttribute.isEmpty()
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 76514575c..6c8ccd340 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -910,6 +910,7 @@
     <string name="msg_mf_error_restricted">"Tried to execute restricted operation without passphrase! This is a programming error, please file a bug report!"</string>
     <string name="msg_mf_error_revoked_primary">"Revoked user IDs cannot be primary!"</string>
     <string name="msg_mf_error_null_expiry">"Expiry time cannot be "same as before" on subkey creation. This is a programming error, please file a bug report!"</string>
+    <string name="msg_mf_error_noop">"Nothing to do!"</string>
     <string name="msg_mf_error_passphrase_master">"Fatal error decrypting master key! This is likely a programming error, please file a bug report!"</string>
     <string name="msg_mf_error_pgp">"Internal OpenPGP error!"</string>
     <string name="msg_mf_error_sig">"Signature exception!"</string>

From 93c7eb72fbbf93938043566dfc1707b6714f325b Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sat, 21 Mar 2015 15:16:32 +0100
Subject: [PATCH 12/80] more data in RequiredInputParcel, OperationResult
 notifications

- pass both masterkeyid and subkeyid though RequiredInputParcel parcel
- fix numeric vales in OperationResult.createNotify()
---
 .../keychain/operations/CertifyOperation.java |  6 +-
 .../operations/results/EditKeyResult.java     |  9 ++-
 .../operations/results/OperationResult.java   | 22 ++++---
 .../keychain/pgp/PgpCertifyOperation.java     |  3 +-
 .../keychain/pgp/PgpKeyOperation.java         |  7 ++-
 .../service/input/RequiredInputParcel.java    | 39 +++++++++---
 .../keychain/ui/NfcOperationActivity.java     | 60 +++++++++++++++----
 7 files changed, 110 insertions(+), 36 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
index 7c299a6bd..eb2a3d33f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -81,7 +81,7 @@ public class CertifyOperation extends BaseOperation {
 
             if (!cryptoInput.hasPassphrase()) {
                 return new CertifyResult(log, RequiredInputParcel.createRequiredPassphrase(
-                        certificationKey.getKeyId(), null));
+                        certificationKey.getKeyId(), certificationKey.getKeyId(), null));
             }
 
             // certification is always with the master key id, so use that one
@@ -105,7 +105,9 @@ public class CertifyOperation extends BaseOperation {
 
         int certifyOk = 0, certifyError = 0, uploadOk = 0, uploadError = 0;
 
-        NfcSignOperationsBuilder allRequiredInput = new NfcSignOperationsBuilder(cryptoInput.getSignatureTime());
+        NfcSignOperationsBuilder allRequiredInput = new NfcSignOperationsBuilder(
+                cryptoInput.getSignatureTime(), certificationKey.getKeyId(),
+                certificationKey.getKeyId());
 
         // Work through all requested certifications
         for (CertifyAction action : parcel.mCertifyActions) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/EditKeyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/EditKeyResult.java
index abcf575af..842b75c3b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/EditKeyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/EditKeyResult.java
@@ -31,13 +31,18 @@ public class EditKeyResult extends OperationResult {
 
     public EditKeyResult(Parcel source) {
         super(source);
-        mMasterKeyId = source.readLong();
+        mMasterKeyId = source.readInt() != 0 ? source.readLong() : null;
     }
 
     @Override
     public void writeToParcel(Parcel dest, int flags) {
         super.writeToParcel(dest, flags);
-        dest.writeLong(mMasterKeyId);
+        if (mMasterKeyId != null) {
+            dest.writeInt(1);
+            dest.writeLong(mMasterKeyId);
+        } else {
+            dest.writeInt(0);
+        }
     }
 
     public static Creator<EditKeyResult> CREATOR = new Creator<EditKeyResult>() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 033039df6..d6e71046d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -250,12 +250,20 @@ public abstract class OperationResult implements Parcelable {
 
     public Showable createNotify(final Activity activity) {
 
-        Log.d(Constants.TAG, "mLog.getLast()"+mLog.getLast());
-        Log.d(Constants.TAG, "mLog.getLast().mType"+mLog.getLast().mType);
-        Log.d(Constants.TAG, "mLog.getLast().mType.getMsgId()"+mLog.getLast().mType.getMsgId());
-
         // Take the last message as string
-        int msgId = mLog.getLast().mType.getMsgId();
+        String logText;
+
+        LogEntryParcel entryParcel = mLog.getLast();
+        // special case: first parameter may be a quantity
+        if (entryParcel.mParameters != null && entryParcel.mParameters.length > 0
+                && entryParcel.mParameters[0] instanceof Integer) {
+            logText = activity.getResources().getQuantityString(entryParcel.mType.getMsgId(),
+                    (Integer) entryParcel.mParameters[0],
+                    entryParcel.mParameters);
+        } else {
+            logText = activity.getString(entryParcel.mType.getMsgId(),
+                    entryParcel.mParameters);
+        }
 
         Style style;
 
@@ -273,10 +281,10 @@ public abstract class OperationResult implements Parcelable {
         }
 
         if (getLog() == null || getLog().isEmpty()) {
-            return Notify.createNotify(activity, msgId, Notify.LENGTH_LONG, style);
+            return Notify.createNotify(activity, logText, Notify.LENGTH_LONG, style);
         }
 
-        return Notify.createNotify(activity, msgId, Notify.LENGTH_LONG, style,
+        return Notify.createNotify(activity, logText, Notify.LENGTH_LONG, style,
             new ActionListener() {
                 @Override
                 public void onAction() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
index ff162775a..90ec3053f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpCertifyOperation.java
@@ -58,7 +58,8 @@ public class PgpCertifyOperation {
         // get the master subkey (which we certify for)
         PGPPublicKey publicKey = publicRing.getPublicKey().getPublicKey();
 
-        NfcSignOperationsBuilder requiredInput = new NfcSignOperationsBuilder(creationTimestamp);
+        NfcSignOperationsBuilder requiredInput = new NfcSignOperationsBuilder(creationTimestamp,
+                publicKey.getKeyID(), publicKey.getKeyID());
 
         try {
             if (action.mUserIds != null) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index f4eccf298..f73bada06 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -409,7 +409,8 @@ public class PgpKeyOperation {
         if (!isDivertToCard(masterSecretKey) && !cryptoInput.hasPassphrase()) {
             log.add(LogType.MSG_MF_REQUIRE_PASSPHRASE, indent);
             return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredPassphrase(
-                    masterSecretKey.getKeyID(), cryptoInput.getSignatureTime()));
+                    masterSecretKey.getKeyID(), masterSecretKey.getKeyID(),
+                    cryptoInput.getSignatureTime()));
         }
 
         // read masterKeyFlags, and use the same as before.
@@ -431,7 +432,9 @@ public class PgpKeyOperation {
 
         int indent = 1;
 
-        NfcSignOperationsBuilder nfcSignOps = new NfcSignOperationsBuilder(cryptoInput.getSignatureTime());
+        NfcSignOperationsBuilder nfcSignOps = new NfcSignOperationsBuilder(
+                cryptoInput.getSignatureTime(), masterSecretKey.getKeyID(),
+                masterSecretKey.getKeyID());
 
         progress(R.string.progress_modify, 0);
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
index 3d91812eb..d8d87114e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
@@ -18,19 +18,20 @@ public class RequiredInputParcel implements Parcelable {
 
     public final RequiredInputType mType;
 
-    public String mNfcPin = "123456";
     public final byte[][] mInputHashes;
     public final int[] mSignAlgos;
 
+    private Long mMasterKeyId;
     private Long mSubKeyId;
 
     private RequiredInputParcel(RequiredInputType type, byte[][] inputHashes,
-            int[] signAlgos, Date signatureTime, Long keyId) {
+            int[] signAlgos, Date signatureTime, Long masterKeyId, Long subKeyId) {
         mType = type;
         mInputHashes = inputHashes;
         mSignAlgos = signAlgos;
         mSignatureTime = signatureTime;
-        mSubKeyId = keyId;
+        mMasterKeyId = masterKeyId;
+        mSubKeyId = subKeyId;
     }
 
     public RequiredInputParcel(Parcel source) {
@@ -50,6 +51,7 @@ public class RequiredInputParcel implements Parcelable {
         }
 
         mSignatureTime = source.readInt() != 0 ? new Date(source.readLong()) : null;
+        mMasterKeyId = source.readInt() != 0 ? source.readLong() : null;
         mSubKeyId = source.readInt() != 0 ? source.readLong() : null;
 
     }
@@ -61,19 +63,28 @@ public class RequiredInputParcel implements Parcelable {
     public static RequiredInputParcel createNfcSignOperation(
             byte[] inputHash, int signAlgo, Date signatureTime) {
         return new RequiredInputParcel(RequiredInputType.NFC_SIGN,
-                new byte[][] { inputHash }, new int[] { signAlgo }, signatureTime, null);
+                new byte[][] { inputHash }, new int[] { signAlgo },
+                signatureTime, null, null);
     }
 
     public static RequiredInputParcel createNfcDecryptOperation(byte[] inputHash) {
         return new RequiredInputParcel(RequiredInputType.NFC_DECRYPT,
-                new byte[][] { inputHash }, null, null, null);
+                new byte[][] { inputHash }, null, null, null, null);
     }
 
-    public static RequiredInputParcel createRequiredPassphrase(long keyId, Date signatureTime) {
+    public static RequiredInputParcel createRequiredPassphrase(
+            long masterKeyId, long subKeyId, Date signatureTime) {
         return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
-                null, null, signatureTime, keyId);
+                null, null, signatureTime, masterKeyId, subKeyId);
     }
 
+    public static RequiredInputParcel createRequiredPassphrase(
+            RequiredInputParcel req) {
+        return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
+                null, null, req.mSignatureTime, req.mMasterKeyId, req.mSubKeyId);
+    }
+
+
     @Override
     public int describeContents() {
         return 0;
@@ -98,6 +109,12 @@ public class RequiredInputParcel implements Parcelable {
         } else {
             dest.writeInt(0);
         }
+        if (mMasterKeyId != null) {
+            dest.writeInt(1);
+            dest.writeLong(mMasterKeyId);
+        } else {
+            dest.writeInt(0);
+        }
         if (mSubKeyId != null) {
             dest.writeInt(1);
             dest.writeLong(mSubKeyId);
@@ -121,9 +138,13 @@ public class RequiredInputParcel implements Parcelable {
         Date mSignatureTime;
         ArrayList<Integer> mSignAlgos = new ArrayList<>();
         ArrayList<byte[]> mInputHashes = new ArrayList<>();
+        long mMasterKeyId;
+        long mSubKeyId;
 
-        public NfcSignOperationsBuilder(Date signatureTime) {
+        public NfcSignOperationsBuilder(Date signatureTime, long masterKeyId, long subKeyId) {
             mSignatureTime = signatureTime;
+            mMasterKeyId = masterKeyId;
+            mSubKeyId = subKeyId;
         }
 
         public RequiredInputParcel build() {
@@ -135,7 +156,7 @@ public class RequiredInputParcel implements Parcelable {
             }
 
             return new RequiredInputParcel(RequiredInputType.NFC_SIGN,
-                    inputHashes, signAlgos, mSignatureTime, null);
+                    inputHashes, signAlgos, mSignatureTime, mMasterKeyId, mSubKeyId);
         }
 
         public void addHash(byte[] hash, int algo) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index 69467daac..68eee2513 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -26,6 +26,8 @@ import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.util.Iso7816TLV;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;
+import org.sufficientlysecure.keychain.util.Preferences;
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
@@ -40,6 +42,8 @@ import java.nio.ByteBuffer;
 @TargetApi(Build.VERSION_CODES.GINGERBREAD_MR1)
 public class NfcOperationActivity extends BaseActivity {
 
+    public static final int REQUEST_CODE_PASSPHRASE = 1;
+
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
 
     public static final String RESULT_DATA = "result_data";
@@ -49,7 +53,8 @@ public class NfcOperationActivity extends BaseActivity {
     private NfcAdapter mNfcAdapter;
     private IsoDep mIsoDep;
 
-    RequiredInputParcel mNfcOperations;
+    RequiredInputParcel mRequiredInput;
+    private Passphrase mPin;
 
     @Override
     protected void onCreate(Bundle savedInstanceState) {
@@ -66,8 +71,38 @@ public class NfcOperationActivity extends BaseActivity {
 
         Bundle data = intent.getExtras();
 
-        mNfcOperations = data.getParcelable(EXTRA_REQUIRED_INPUT);
+        mRequiredInput = data.getParcelable(EXTRA_REQUIRED_INPUT);
 
+        obtainPassphrase();
+
+    }
+
+    private void obtainPassphrase() {
+
+        Preferences prefs = Preferences.getPreferences(this);
+        if (prefs.useDefaultYubikeyPin()) {
+            mPin = new Passphrase("123456");
+            return;
+        }
+
+        Intent intent = new Intent(this, PassphraseDialogActivity.class);
+        intent.putExtra(PassphraseDialogActivity.EXTRA_REQUIRED_INPUT,
+                RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
+        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
+
+    }
+
+    @Override
+    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+        switch (requestCode) {
+            case REQUEST_CODE_PASSPHRASE:
+                CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_DATA);
+                mPin = input.getPassphrase();
+                break;
+
+            default:
+                super.onActivityResult(requestCode, resultCode, data);
+        }
     }
 
     @Override
@@ -157,7 +192,7 @@ public class NfcOperationActivity extends BaseActivity {
             return;
         }
 
-        String pin = mNfcOperations.mNfcPin;
+        byte[] pin = new String(mPin.getCharArray()).getBytes();
 
         // Command APDU for VERIFY command (page 32)
         String login =
@@ -165,8 +200,8 @@ public class NfcOperationActivity extends BaseActivity {
                         + "20" // INS
                         + "00" // P1
                         + "82" // P2 (PW1)
-                        + String.format("%02x", pin.length()) // Lc
-                        + Hex.toHexString(pin.getBytes());
+                        + String.format("%02x", pin.length) // Lc
+                        + Hex.toHexString(pin);
         if ( ! card(login).equals(accepted)) { // login
             toast("Wrong PIN!");
             setResult(RESULT_CANCELED);
@@ -174,23 +209,22 @@ public class NfcOperationActivity extends BaseActivity {
             return;
         }
 
-        CryptoInputParcel resultData = new CryptoInputParcel(mNfcOperations.mSignatureTime);
+        CryptoInputParcel resultData = new CryptoInputParcel(mRequiredInput.mSignatureTime);
 
-        switch (mNfcOperations.mType) {
+        switch (mRequiredInput.mType) {
 
             case NFC_DECRYPT:
-
-                for (int i = 0; i < mNfcOperations.mInputHashes.length; i++) {
-                    byte[] hash = mNfcOperations.mInputHashes[i];
+                for (int i = 0; i < mRequiredInput.mInputHashes.length; i++) {
+                    byte[] hash = mRequiredInput.mInputHashes[i];
                     byte[] decryptedSessionKey = nfcDecryptSessionKey(hash);
                     resultData.addCryptoData(hash, decryptedSessionKey);
                 }
                 break;
 
             case NFC_SIGN:
-                for (int i = 0; i < mNfcOperations.mInputHashes.length; i++) {
-                    byte[] hash = mNfcOperations.mInputHashes[i];
-                    int algo = mNfcOperations.mSignAlgos[i];
+                for (int i = 0; i < mRequiredInput.mInputHashes.length; i++) {
+                    byte[] hash = mRequiredInput.mInputHashes[i];
+                    int algo = mRequiredInput.mSignAlgos[i];
                     byte[] signedHash = nfcCalculateSignature(hash, algo);
                     resultData.addCryptoData(hash, signedHash);
                 }

From 147003123fffc84b1d658f78d0a888479ce4ff35 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sat, 21 Mar 2015 17:13:31 +0100
Subject: [PATCH 13/80] first steps toward yubikey activity

- move BaseActivity into new package
- extract BaseNfcActivity from NfcOperationsActivity
---
 .../remote/ui/AccountSettingsActivity.java    |   2 +-
 .../remote/ui/AppSettingsActivity.java        |   4 +-
 .../remote/ui/RemoteServiceActivity.java      |   2 +-
 .../remote/ui/SelectSignKeyIdActivity.java    |   2 +-
 .../ui/CertifyFingerprintActivity.java        |   1 +
 .../keychain/ui/CertifyKeyActivity.java       |   2 +
 .../keychain/ui/CreateKeyActivity.java        |   8 +-
 .../keychain/ui/CreateKeyStartFragment.java   |  10 +-
 .../keychain/ui/CreateKeyYubiFragment.java    |  90 ++++
 .../keychain/ui/DecryptFilesActivity.java     |   2 +-
 .../keychain/ui/DecryptTextActivity.java      |   1 +
 .../keychain/ui/EditKeyActivity.java          |   1 +
 .../keychain/ui/EncryptActivity.java          |   1 +
 .../keychain/ui/HelpActivity.java             |   2 +
 .../keychain/ui/ImportKeysActivity.java       |   1 +
 .../keychain/ui/LogDisplayActivity.java       |   2 +
 .../keychain/ui/NfcActivity.java              |   1 +
 .../keychain/ui/NfcIntentActivity.java        |   1 +
 .../keychain/ui/NfcOperationActivity.java     | 446 +----------------
 .../keychain/ui/QrCodeViewActivity.java       |   1 +
 .../keychain/ui/SafeSlingerActivity.java      |   1 +
 .../ui/SettingsKeyServerActivity.java         |   1 +
 .../keychain/ui/UploadKeyActivity.java        |   1 +
 .../keychain/ui/ViewCertActivity.java         |   1 +
 .../keychain/ui/ViewKeyActivity.java          |   1 +
 .../keychain/ui/ViewKeyAdvActivity.java       |   1 +
 .../keychain/ui/{ => base}/BaseActivity.java  |   6 +-
 .../keychain/ui/base/BaseNfcActivity.java     | 448 ++++++++++++++++++
 .../res/layout/create_key_start_fragment.xml  |  34 +-
 .../res/layout/create_yubikey_fragment.xml    |  83 ++++
 30 files changed, 689 insertions(+), 468 deletions(-)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
 rename OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/{ => base}/BaseActivity.java (96%)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
 create mode 100644 OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsActivity.java
index 507d4dea5..e19757d65 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsActivity.java
@@ -31,7 +31,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult.LogTyp
 import org.sufficientlysecure.keychain.operations.results.SingletonResult;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.remote.AccountSettings;
-import org.sufficientlysecure.keychain.ui.BaseActivity;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Log;
 
 public class AccountSettingsActivity extends BaseActivity {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppSettingsActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppSettingsActivity.java
index 407480c98..2b71d6dc1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppSettingsActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppSettingsActivity.java
@@ -40,9 +40,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.remote.AppSettings;
-import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
-import org.sufficientlysecure.keychain.ui.BaseActivity;
-import org.sufficientlysecure.keychain.ui.dialog.AddSubkeyDialogFragment;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.dialog.AdvancedAppSettingsDialogFragment;
 import org.sufficientlysecure.keychain.util.Log;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteServiceActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteServiceActivity.java
index e8c3e4511..f312c0d44 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteServiceActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteServiceActivity.java
@@ -38,7 +38,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.remote.AccountSettings;
 import org.sufficientlysecure.keychain.remote.AppSettings;
-import org.sufficientlysecure.keychain.ui.BaseActivity;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.SelectPublicKeyFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/SelectSignKeyIdActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/SelectSignKeyIdActivity.java
index 98a44466d..cb9f46f7f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/SelectSignKeyIdActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/SelectSignKeyIdActivity.java
@@ -29,7 +29,7 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
-import org.sufficientlysecure.keychain.ui.BaseActivity;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
 import org.sufficientlysecure.keychain.util.Log;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyFingerprintActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyFingerprintActivity.java
index b7c80c1ed..016ab5f3c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyFingerprintActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyFingerprintActivity.java
@@ -23,6 +23,7 @@ import android.view.View;
 
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Log;
 
 public class CertifyFingerprintActivity extends BaseActivity {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java
index 1fb88b182..3845e07cb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java
@@ -19,6 +19,8 @@
 package org.sufficientlysecure.keychain.ui;
 
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
+
 
 /**
  * Signs the specified public key with the specified secret master key
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
index ab76f693e..4ae901c6c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
@@ -17,12 +17,18 @@
 
 package org.sufficientlysecure.keychain.ui;
 
+import android.app.PendingIntent;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.nfc.NfcAdapter;
 import android.os.Bundle;
 import android.support.v4.app.Fragment;
 import android.support.v4.app.FragmentTransaction;
-import android.view.View;
 
+import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
+import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.util.ArrayList;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java
index 180a52a1c..d23d598fa 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java
@@ -78,7 +78,7 @@ public class CreateKeyStartFragment extends Fragment {
 
         mCreateKey = view.findViewById(R.id.create_key_create_key_button);
         mImportKey = view.findViewById(R.id.create_key_import_button);
-//        mYubiKey = view.findViewById(R.id.create_key_yubikey_button);
+        mYubiKey = view.findViewById(R.id.create_key_yubikey_button);
         mCancel = (TextView) view.findViewById(R.id.create_key_cancel);
 
         if (mCreateKeyActivity.mFirstTime) {
@@ -95,6 +95,14 @@ public class CreateKeyStartFragment extends Fragment {
             }
         });
 
+        mYubiKey.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                CreateKeyYubiFragment frag = new CreateKeyYubiFragment();
+                mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);
+            }
+        });
+
         mImportKey.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
new file mode 100644
index 000000000..665c68d65
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+import android.app.Activity;
+import android.content.Context;
+import android.os.Bundle;
+import android.support.v4.app.Fragment;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.EditText;
+
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
+import org.sufficientlysecure.keychain.ui.widget.NameEditText;
+
+
+public class CreateKeyYubiFragment extends Fragment {
+
+    CreateKeyActivity mCreateKeyActivity;
+    NameEditText mNameEdit;
+    View mBackButton;
+    View mNextButton;
+
+    private static boolean isEditTextNotEmpty(Context context, EditText editText) {
+        boolean output = true;
+        if (editText.getText().length() == 0) {
+            editText.setError(context.getString(R.string.create_key_empty));
+            editText.requestFocus();
+            output = false;
+        } else {
+            editText.setError(null);
+        }
+
+        return output;
+    }
+
+    @Override
+    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
+        View view = inflater.inflate(R.layout.create_yubikey_fragment, container, false);
+
+        mBackButton.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                mCreateKeyActivity.loadFragment(null, FragAction.TO_LEFT);
+            }
+        });
+        mNextButton.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                nextClicked();
+            }
+        });
+
+        return view;
+    }
+
+    @Override
+    public void onAttach(Activity activity) {
+        super.onAttach(activity);
+        mCreateKeyActivity = (CreateKeyActivity) getActivity();
+    }
+
+    private void nextClicked() {
+        if (isEditTextNotEmpty(getActivity(), mNameEdit)) {
+            // save state
+            mCreateKeyActivity.mName = mNameEdit.getText().toString();
+
+            CreateKeyEmailFragment frag = CreateKeyEmailFragment.newInstance();
+            mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);
+        }
+    }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesActivity.java
index 162b10eca..dce2386b5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesActivity.java
@@ -21,12 +21,12 @@ import android.app.Activity;
 import android.content.Intent;
 import android.net.Uri;
 import android.os.Bundle;
-import android.os.PersistableBundle;
 import android.view.View;
 
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.api.OpenKeychainIntents;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Log;
 
 public class DecryptFilesActivity extends BaseActivity {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextActivity.java
index bc2ec014a..728e3ba41 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextActivity.java
@@ -31,6 +31,7 @@ import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.operations.results.SingletonResult;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java
index 6dc2994cf..b607ba9f4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java
@@ -23,6 +23,7 @@ import android.os.Bundle;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Log;
 
 public class EditKeyActivity extends BaseActivity {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
index b87dec8fc..5254af19f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
@@ -33,6 +33,7 @@ import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/HelpActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/HelpActivity.java
index cd6cdf4d6..4aa706f57 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/HelpActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/HelpActivity.java
@@ -26,6 +26,8 @@ import com.astuetz.PagerSlidingTabStrip;
 
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.ui.adapter.PagerTabStripAdapter;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
+
 
 public class HelpActivity extends BaseActivity {
     public static final String EXTRA_SELECTED_TAB = "selected_tab";
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java
index 9143609ad..9a7c405d0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java
@@ -37,6 +37,7 @@ import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/LogDisplayActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/LogDisplayActivity.java
index 0de7bb391..df325d31d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/LogDisplayActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/LogDisplayActivity.java
@@ -22,6 +22,8 @@ import android.os.Bundle;
 import android.view.View;
 
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
+
 
 public class LogDisplayActivity extends BaseActivity {
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
index 7311f4879..57acf3e93 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
@@ -22,6 +22,7 @@ import org.spongycastle.bcpg.HashAlgorithmTags;
 import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Iso7816TLV;
 import org.sufficientlysecure.keychain.util.Log;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java
index 0ccb206d1..a1affbc39 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java
@@ -21,6 +21,7 @@ import android.widget.Toast;
 import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.Iso7816TLV;
 import org.sufficientlysecure.keychain.util.Log;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index 68eee2513..549d9ece7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -7,31 +7,19 @@
 package org.sufficientlysecure.keychain.ui;
 
 import android.annotation.TargetApi;
-import android.app.PendingIntent;
 import android.content.Intent;
-import android.content.IntentFilter;
-import android.nfc.NfcAdapter;
-import android.nfc.Tag;
-import android.nfc.tech.IsoDep;
 import android.os.Build;
 import android.os.Bundle;
 import android.view.WindowManager;
-import android.widget.Toast;
 
-import org.spongycastle.bcpg.HashAlgorithmTags;
-import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
-import org.sufficientlysecure.keychain.util.Iso7816TLV;
+import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
 import org.sufficientlysecure.keychain.util.Log;
-import org.sufficientlysecure.keychain.util.Passphrase;
-import org.sufficientlysecure.keychain.util.Preferences;
 
 import java.io.IOException;
-import java.nio.ByteBuffer;
-
 
 /**
  * This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
@@ -40,21 +28,13 @@ import java.nio.ByteBuffer;
  * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
  */
 @TargetApi(Build.VERSION_CODES.GINGERBREAD_MR1)
-public class NfcOperationActivity extends BaseActivity {
-
-    public static final int REQUEST_CODE_PASSPHRASE = 1;
+public class NfcOperationActivity extends BaseNfcActivity {
 
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
 
     public static final String RESULT_DATA = "result_data";
 
-    private static final int TIMEOUT = 100000;
-
-    private NfcAdapter mNfcAdapter;
-    private IsoDep mIsoDep;
-
     RequiredInputParcel mRequiredInput;
-    private Passphrase mPin;
 
     @Override
     protected void onCreate(Bundle savedInstanceState) {
@@ -64,45 +44,12 @@ public class NfcOperationActivity extends BaseActivity {
         getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
 
         Intent intent = getIntent();
-        String action = intent.getAction();
-        if (NfcAdapter.ACTION_TAG_DISCOVERED.equals(action)) {
-            throw new AssertionError("should not happen: NfcOperationActivity.onCreate is called instead of onNewIntent!");
-        }
-
         Bundle data = intent.getExtras();
 
         mRequiredInput = data.getParcelable(EXTRA_REQUIRED_INPUT);
 
-        obtainPassphrase();
-
-    }
-
-    private void obtainPassphrase() {
-
-        Preferences prefs = Preferences.getPreferences(this);
-        if (prefs.useDefaultYubikeyPin()) {
-            mPin = new Passphrase("123456");
-            return;
-        }
-
-        Intent intent = new Intent(this, PassphraseDialogActivity.class);
-        intent.putExtra(PassphraseDialogActivity.EXTRA_REQUIRED_INPUT,
-                RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
-        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
-
-    }
-
-    @Override
-    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
-        switch (requestCode) {
-            case REQUEST_CODE_PASSPHRASE:
-                CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_DATA);
-                mPin = input.getPassphrase();
-                break;
-
-            default:
-                super.onActivityResult(requestCode, resultCode, data);
-        }
+        // obtain passphrase for this subkey
+        obtainYubikeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
     }
 
     @Override
@@ -110,104 +57,8 @@ public class NfcOperationActivity extends BaseActivity {
         setContentView(R.layout.nfc_activity);
     }
 
-    /**
-     * Called when the system is about to start resuming a previous activity,
-     * disables NFC Foreground Dispatch
-     */
-    public void onPause() {
-        super.onPause();
-        Log.d(Constants.TAG, "NfcOperationActivity.onPause");
-
-        disableNfcForegroundDispatch();
-    }
-
-    /**
-     * Called when the activity will start interacting with the user,
-     * enables NFC Foreground Dispatch
-     */
-    public void onResume() {
-        super.onResume();
-        Log.d(Constants.TAG, "NfcOperationActivity.onResume");
-
-        enableNfcForegroundDispatch();
-    }
-
-    /**
-     * This activity is started as a singleTop activity.
-     * All new NFC Intents which are delivered to this activity are handled here
-     */
-    public void onNewIntent(Intent intent) {
-        if (NfcAdapter.ACTION_TAG_DISCOVERED.equals(intent.getAction())) {
-            try {
-                handleNdefDiscoveredIntent(intent);
-            } catch (IOException e) {
-                Log.e(Constants.TAG, "Connection error!", e);
-                toast("Connection Error: " + e.getMessage());
-                setResult(RESULT_CANCELED);
-                finish();
-            }
-        }
-    }
-
-    /** Handle NFC communication and return a result.
-     *
-     * This method is called by onNewIntent above upon discovery of an NFC tag.
-     * It handles initialization and login to the application, subsequently
-     * calls either nfcCalculateSignature() or nfcDecryptSessionKey(), then
-     * finishes the activity with an appropiate result.
-     *
-     * On general communication, see also
-     * http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-a.aspx
-     *
-     * References to pages are generally related to the OpenPGP Application
-     * on ISO SmartCard Systems specification.
-     *
-     */
-    private void handleNdefDiscoveredIntent(Intent intent) throws IOException {
-
-        Tag detectedTag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
-
-        // Connect to the detected tag, setting a couple of settings
-        mIsoDep = IsoDep.get(detectedTag);
-        mIsoDep.setTimeout(TIMEOUT); // timeout is set to 100 seconds to avoid cancellation during calculation
-        mIsoDep.connect();
-
-        // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
-        // See specification, page 51
-        String accepted = "9000";
-
-        // Command APDU (page 51) for SELECT FILE command (page 29)
-        String opening =
-                "00" // CLA
-                        + "A4" // INS
-                        + "04" // P1
-                        + "00" // P2
-                        + "06" // Lc (number of bytes)
-                        + "D27600012401" // Data (6 bytes)
-                        + "00"; // Le
-        if ( ! card(opening).equals(accepted)) { // activate connection
-            toast("Opening Error!");
-            setResult(RESULT_CANCELED);
-            finish();
-            return;
-        }
-
-        byte[] pin = new String(mPin.getCharArray()).getBytes();
-
-        // Command APDU for VERIFY command (page 32)
-        String login =
-                "00" // CLA
-                        + "20" // INS
-                        + "00" // P1
-                        + "82" // P2 (PW1)
-                        + String.format("%02x", pin.length) // Lc
-                        + Hex.toHexString(pin);
-        if ( ! card(login).equals(accepted)) { // login
-            toast("Wrong PIN!");
-            setResult(RESULT_CANCELED);
-            finish();
-            return;
-        }
+    @Override
+    protected void onNfcPerform() throws IOException {
 
         CryptoInputParcel resultData = new CryptoInputParcel(mRequiredInput.mSignatureTime);
 
@@ -233,292 +84,9 @@ public class NfcOperationActivity extends BaseActivity {
 
         // give data through for new service call
         Intent result = new Intent();
-        result.putExtra(RESULT_DATA, resultData);
+        result.putExtra(NfcOperationActivity.RESULT_DATA, resultData);
         setResult(RESULT_OK, result);
         finish();
 
     }
-
-    /**
-     * Gets the user ID
-     *
-     * @return the user id as "name <email>"
-     * @throws java.io.IOException
-     */
-    public String getUserId() throws IOException {
-        String info = "00CA006500";
-        String data = "00CA005E00";
-        return getName(card(info)) + " <" + (new String(Hex.decode(getDataField(card(data))))) + ">";
-    }
-
-    /** Return the key id from application specific data stored on tag, or null
-     * if it doesn't exist.
-     *
-     * @param idx Index of the key to return the fingerprint from.
-     * @return The long key id of the requested key, or null if not found.
-     */
-    public static Long nfcGetKeyId(IsoDep isoDep, int idx) throws IOException {
-        byte[] fp = nfcGetFingerprint(isoDep, idx);
-        if (fp == null) {
-            return null;
-        }
-        ByteBuffer buf = ByteBuffer.wrap(fp);
-        // skip first 12 bytes of the fingerprint
-        buf.position(12);
-        // the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
-        return buf.getLong();
-    }
-
-    /** Return fingerprints of all keys from application specific data stored
-     * on tag, or null if data not available.
-     *
-     * @return The fingerprints of all subkeys in a contiguous byte array.
-     */
-    public static byte[] nfcGetFingerprints(IsoDep isoDep) throws IOException {
-        String data = "00CA006E00";
-        byte[] buf = isoDep.transceive(Hex.decode(data));
-
-        Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true);
-        Log.d(Constants.TAG, "nfc tlv data:\n" + tlv.prettyPrint());
-
-        Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5);
-        if (fptlv == null) {
-            return null;
-        }
-
-        return fptlv.mV;
-    }
-
-    /** Return the fingerprint from application specific data stored on tag, or
-     * null if it doesn't exist.
-     *
-     * @param idx Index of the key to return the fingerprint from.
-     * @return The fingerprint of the requested key, or null if not found.
-     */
-    public static byte[] nfcGetFingerprint(IsoDep isoDep, int idx) throws IOException {
-        byte[] data = nfcGetFingerprints(isoDep);
-
-        // return the master key fingerprint
-        ByteBuffer fpbuf = ByteBuffer.wrap(data);
-        byte[] fp = new byte[20];
-        fpbuf.position(idx*20);
-        fpbuf.get(fp, 0, 20);
-
-        return fp;
-    }
-
-    /**
-     * Calls to calculate the signature and returns the MPI value
-     *
-     * @param hash the hash for signing
-     * @return a big integer representing the MPI for the given hash
-     * @throws java.io.IOException
-     */
-    public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
-
-        // dsi, including Lc
-        String dsi;
-
-        Log.i(Constants.TAG, "Hash: " + hashAlgo);
-        switch (hashAlgo) {
-            case HashAlgorithmTags.SHA1:
-                if (hash.length != 20) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 10!");
-                }
-                dsi = "23" // Lc
-                        + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
-                        + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes
-                        + "0605" + "2B0E03021A" // OID of SHA1
-                        + "0500" // TLV coding of ZERO
-                        + "0414" + getHex(hash); // 0x14 are 20 hash bytes
-                break;
-            case HashAlgorithmTags.RIPEMD160:
-                if (hash.length != 20) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 20!");
-                }
-                dsi = "233021300906052B2403020105000414" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA224:
-                if (hash.length != 28) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 28!");
-                }
-                dsi = "2F302D300D06096086480165030402040500041C" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA256:
-                if (hash.length != 32) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 32!");
-                }
-                dsi = "333031300D060960864801650304020105000420" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA384:
-                if (hash.length != 48) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 48!");
-                }
-                dsi = "433041300D060960864801650304020205000430" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA512:
-                if (hash.length != 64) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 64!");
-                }
-                dsi = "533051300D060960864801650304020305000440" + getHex(hash);
-                break;
-            default:
-                throw new RuntimeException("Not supported hash algo!");
-        }
-
-        // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
-        String apdu  =
-                "002A9E9A" // CLA, INS, P1, P2
-                        + dsi // digital signature input
-                        + "00"; // Le
-
-        String response = card(apdu);
-
-        // split up response into signature and status
-        String status = response.substring(response.length()-4);
-        String signature = response.substring(0, response.length() - 4);
-
-        // while we are getting 0x61 status codes, retrieve more data
-        while (status.substring(0, 2).equals("61")) {
-            Log.d(Constants.TAG, "requesting more data, status " + status);
-            // Send GET RESPONSE command
-            response = card("00C00000" + status.substring(2));
-            status = response.substring(response.length()-4);
-            signature += response.substring(0, response.length()-4);
-        }
-
-        Log.d(Constants.TAG, "final response:" + status);
-
-        if ( ! status.equals("9000")) {
-            toast("Bad NFC response code: " + status);
-            return null;
-        }
-
-        // Make sure the signature we received is actually the expected number of bytes long!
-        if (signature.length() != 256 && signature.length() != 512) {
-            toast("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2);
-            return null;
-        }
-
-        return Hex.decode(signature);
-    }
-
-    /**
-     * Calls to calculate the signature and returns the MPI value
-     *
-     * @param encryptedSessionKey the encoded session key
-     * @return the decoded session key
-     * @throws java.io.IOException
-     */
-    public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
-        String firstApdu = "102a8086fe";
-        String secondApdu = "002a808603";
-        String le = "00";
-
-        byte[] one = new byte[254];
-        // leave out first byte:
-        System.arraycopy(encryptedSessionKey, 1, one, 0, one.length);
-
-        byte[] two = new byte[encryptedSessionKey.length - 1 - one.length];
-        for (int i = 0; i < two.length; i++) {
-            two[i] = encryptedSessionKey[i + one.length + 1];
-        }
-
-        String first = card(firstApdu + getHex(one));
-        String second = card(secondApdu + getHex(two) + le);
-
-        String decryptedSessionKey = getDataField(second);
-
-        Log.d(Constants.TAG, "decryptedSessionKey: " + decryptedSessionKey);
-
-        return Hex.decode(decryptedSessionKey);
-    }
-
-    /**
-     * Prints a message to the screen
-     *
-     * @param text the text which should be contained within the toast
-     */
-    private void toast(String text) {
-        Toast.makeText(this, text, Toast.LENGTH_LONG).show();
-    }
-
-    /**
-     * Receive new NFC Intents to this activity only by enabling foreground dispatch.
-     * This can only be done in onResume!
-     */
-    public void enableNfcForegroundDispatch() {
-        mNfcAdapter = NfcAdapter.getDefaultAdapter(this);
-        Intent nfcI = new Intent(this, NfcOperationActivity.class)
-                .addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
-        PendingIntent nfcPendingIntent = PendingIntent.getActivity(this, 0, nfcI, PendingIntent.FLAG_CANCEL_CURRENT);
-        IntentFilter[] writeTagFilters = new IntentFilter[]{
-                new IntentFilter(NfcAdapter.ACTION_TAG_DISCOVERED)
-        };
-
-        // https://code.google.com/p/android/issues/detail?id=62918
-        // maybe mNfcAdapter.enableReaderMode(); ?
-        try {
-            mNfcAdapter.enableForegroundDispatch(this, nfcPendingIntent, writeTagFilters, null);
-        } catch (IllegalStateException e) {
-            Log.i(Constants.TAG, "NfcForegroundDispatch Error!", e);
-        }
-        Log.d(Constants.TAG, "NfcForegroundDispatch has been enabled!");
-    }
-
-    /**
-     * Disable foreground dispatch in onPause!
-     */
-    public void disableNfcForegroundDispatch() {
-        mNfcAdapter.disableForegroundDispatch(this);
-        Log.d(Constants.TAG, "NfcForegroundDispatch has been disabled!");
-    }
-
-    /**
-     * Gets the name of the user out of the raw card output regarding card holder related data
-     *
-     * @param name the raw card holder related data from the card
-     * @return the name given in this data
-     */
-    public String getName(String name) {
-        String slength;
-        int ilength;
-        name = name.substring(6);
-        slength = name.substring(0, 2);
-        ilength = Integer.parseInt(slength, 16) * 2;
-        name = name.substring(2, ilength + 2);
-        name = (new String(Hex.decode(name))).replace('<', ' ');
-        return (name);
-    }
-
-    /**
-     * Reduces the raw data from the card by four characters
-     *
-     * @param output the raw data from the card
-     * @return the data field of that data
-     */
-    private String getDataField(String output) {
-        return output.substring(0, output.length() - 4);
-    }
-
-    /**
-     * Communicates with the OpenPgpCard via the APDU
-     *
-     * @param hex the hexadecimal APDU
-     * @return The answer from the card
-     * @throws java.io.IOException throws an exception if something goes wrong
-     */
-    public String card(String hex) throws IOException {
-        return getHex(mIsoDep.transceive(Hex.decode(hex)));
-    }
-
-    /**
-     * Converts a byte array into an hex string
-     *
-     * @param raw the byte array representation
-     * @return the  hexadecimal string representation
-     */
-    public static String getHex(byte[] raw) {
-        return new String(Hex.encode(raw));
-    }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/QrCodeViewActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/QrCodeViewActivity.java
index 43af07bbe..d4858ee5d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/QrCodeViewActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/QrCodeViewActivity.java
@@ -30,6 +30,7 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.ui.util.Notify.Style;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SafeSlingerActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SafeSlingerActivity.java
index 863aef65f..a41416a47 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SafeSlingerActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SafeSlingerActivity.java
@@ -40,6 +40,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.ParcelableFileCache;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsKeyServerActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsKeyServerActivity.java
index 080dc2495..9f2e46b38 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsKeyServerActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsKeyServerActivity.java
@@ -27,6 +27,7 @@ import android.view.ViewGroup;
 import android.widget.TextView;
 
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.widget.Editor;
 import org.sufficientlysecure.keychain.ui.widget.Editor.EditorListener;
 import org.sufficientlysecure.keychain.ui.widget.KeyServerEditor;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/UploadKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/UploadKeyActivity.java
index 4fb2074a5..ad13e390d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/UploadKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/UploadKeyActivity.java
@@ -37,6 +37,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Preferences;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewCertActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewCertActivity.java
index a80503591..8d876ba69 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewCertActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewCertActivity.java
@@ -40,6 +40,7 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.Log;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
index 484956e6a..fc30eafcc 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
@@ -66,6 +66,7 @@ import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler.MessageStatus;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.dialog.DeleteKeyDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.FormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyAdvActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyAdvActivity.java
index f17d6e0fd..9e8a12c8a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyAdvActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyAdvActivity.java
@@ -38,6 +38,7 @@ import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.ui.adapter.PagerTabStripAdapter;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.ContactHelper;
 import org.sufficientlysecure.keychain.util.ExportHelper;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/BaseActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseActivity.java
similarity index 96%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/BaseActivity.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseActivity.java
index 41fa50705..07d2ef8c0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/BaseActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseActivity.java
@@ -15,7 +15,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-package org.sufficientlysecure.keychain.ui;
+package org.sufficientlysecure.keychain.ui.base;
 
 import android.app.Activity;
 import android.os.Bundle;
@@ -63,8 +63,8 @@ public abstract class BaseActivity extends ActionBarActivity {
      * Inflate custom design to look like a full screen dialog, as specified in Material Design Guidelines
      * see http://www.google.com/design/spec/components/dialogs.html#dialogs-full-screen-dialogs
      */
-    protected void setFullScreenDialogDoneClose(int doneText, View.OnClickListener doneOnClickListener,
-                                                View.OnClickListener cancelOnClickListener) {
+    public void setFullScreenDialogDoneClose(int doneText, View.OnClickListener doneOnClickListener,
+            View.OnClickListener cancelOnClickListener) {
         setActionBarIcon(R.drawable.ic_close_white_24dp);
 
         // Inflate the custom action bar view
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
new file mode 100644
index 000000000..0a7b7611b
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -0,0 +1,448 @@
+package org.sufficientlysecure.keychain.ui.base;
+
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+import android.app.PendingIntent;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.nfc.NfcAdapter;
+import android.nfc.Tag;
+import android.nfc.tech.IsoDep;
+import android.os.Bundle;
+import android.widget.Toast;
+
+import org.spongycastle.bcpg.HashAlgorithmTags;
+import org.spongycastle.util.encoders.Hex;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.ui.NfcOperationActivity;
+import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
+import org.sufficientlysecure.keychain.util.Iso7816TLV;
+import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;
+import org.sufficientlysecure.keychain.util.Preferences;
+
+
+public abstract class BaseNfcActivity extends BaseActivity {
+
+    public static final int REQUEST_CODE_PASSPHRASE = 1;
+
+    protected Passphrase mPin;
+    private NfcAdapter mNfcAdapter;
+    private IsoDep mIsoDep;
+
+    private static final int TIMEOUT = 100000;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        Intent intent = getIntent();
+        String action = intent.getAction();
+        if (NfcAdapter.ACTION_TAG_DISCOVERED.equals(action)) {
+            throw new AssertionError("should not happen: NfcOperationActivity.onCreate is called instead of onNewIntent!");
+        }
+
+    }
+
+    /**
+     * This activity is started as a singleTop activity.
+     * All new NFC Intents which are delivered to this activity are handled here
+     */
+    @Override
+    public void onNewIntent(Intent intent) {
+        if (NfcAdapter.ACTION_TAG_DISCOVERED.equals(intent.getAction())) {
+            try {
+                handleNdefDiscoveredIntent(intent);
+            } catch (IOException e) {
+                Log.e(Constants.TAG, "Connection error!", e);
+                toast("Connection Error: " + e.getMessage());
+                setResult(RESULT_CANCELED);
+                finish();
+            }
+        }
+    }
+
+    /**
+     * Called when the system is about to start resuming a previous activity,
+     * disables NFC Foreground Dispatch
+     */
+    public void onPause() {
+        super.onPause();
+        Log.d(Constants.TAG, "NfcOperationActivity.onPause");
+
+        disableNfcForegroundDispatch();
+    }
+
+    /**
+     * Called when the activity will start interacting with the user,
+     * enables NFC Foreground Dispatch
+     */
+    public void onResume() {
+        super.onResume();
+        Log.d(Constants.TAG, "NfcOperationActivity.onResume");
+
+        enableNfcForegroundDispatch();
+    }
+
+    protected void obtainYubikeyPin(RequiredInputParcel requiredInput) {
+
+        Preferences prefs = Preferences.getPreferences(this);
+        if (prefs.useDefaultYubikeyPin()) {
+            mPin = new Passphrase("123456");
+            return;
+        }
+
+        Intent intent = new Intent(this, PassphraseDialogActivity.class);
+        intent.putExtra(PassphraseDialogActivity.EXTRA_REQUIRED_INPUT,
+                RequiredInputParcel.createRequiredPassphrase(requiredInput));
+        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
+
+    }
+
+    protected void setYubikeyPin(Passphrase pin) {
+        mPin = pin;
+    }
+
+    @Override
+    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+        switch (requestCode) {
+            case REQUEST_CODE_PASSPHRASE:
+                CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_DATA);
+                mPin = input.getPassphrase();
+                break;
+
+            default:
+                super.onActivityResult(requestCode, resultCode, data);
+        }
+    }
+
+    /** Handle NFC communication and return a result.
+     *
+     * This method is called by onNewIntent above upon discovery of an NFC tag.
+     * It handles initialization and login to the application, subsequently
+     * calls either nfcCalculateSignature() or nfcDecryptSessionKey(), then
+     * finishes the activity with an appropiate result.
+     *
+     * On general communication, see also
+     * http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-a.aspx
+     *
+     * References to pages are generally related to the OpenPGP Application
+     * on ISO SmartCard Systems specification.
+     *
+     */
+    protected void handleNdefDiscoveredIntent(Intent intent) throws IOException {
+
+        Tag detectedTag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
+
+        // Connect to the detected tag, setting a couple of settings
+        mIsoDep = IsoDep.get(detectedTag);
+        mIsoDep.setTimeout(TIMEOUT); // timeout is set to 100 seconds to avoid cancellation during calculation
+        mIsoDep.connect();
+
+        // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
+        // See specification, page 51
+        String accepted = "9000";
+
+        // Command APDU (page 51) for SELECT FILE command (page 29)
+        String opening =
+                "00" // CLA
+                        + "A4" // INS
+                        + "04" // P1
+                        + "00" // P2
+                        + "06" // Lc (number of bytes)
+                        + "D27600012401" // Data (6 bytes)
+                        + "00"; // Le
+        if ( ! nfcCommunicate(opening).equals(accepted)) { // activate connection
+            toast("Opening Error!");
+            setResult(RESULT_CANCELED);
+            finish();
+            return;
+        }
+
+        if (mPin != null) {
+
+            byte[] pin = new String(mPin.getCharArray()).getBytes();
+
+            // Command APDU for VERIFY command (page 32)
+            String login =
+                    "00" // CLA
+                            + "20" // INS
+                            + "00" // P1
+                            + "82" // P2 (PW1)
+                            + String.format("%02x", pin.length) // Lc
+                            + Hex.toHexString(pin);
+            if (!nfcCommunicate(login).equals(accepted)) { // login
+                toast("Wrong PIN!");
+                setResult(RESULT_CANCELED);
+                finish();
+                return;
+            }
+
+        }
+
+        onNfcPerform();
+
+        mIsoDep.close();
+        mIsoDep = null;
+
+    }
+
+    protected abstract void onNfcPerform() throws IOException;
+
+    /** Return the key id from application specific data stored on tag, or null
+     * if it doesn't exist.
+     *
+     * @param idx Index of the key to return the fingerprint from.
+     * @return The long key id of the requested key, or null if not found.
+     */
+    public Long nfcGetKeyId(int idx) throws IOException {
+        byte[] fp = nfcGetFingerprint(idx);
+        if (fp == null) {
+            return null;
+        }
+        ByteBuffer buf = ByteBuffer.wrap(fp);
+        // skip first 12 bytes of the fingerprint
+        buf.position(12);
+        // the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
+        return buf.getLong();
+    }
+
+    /** Return fingerprints of all keys from application specific data stored
+     * on tag, or null if data not available.
+     *
+     * @return The fingerprints of all subkeys in a contiguous byte array.
+     */
+    public byte[] nfcGetFingerprints() throws IOException {
+        String data = "00CA006E00";
+        byte[] buf = mIsoDep.transceive(Hex.decode(data));
+
+        Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true);
+        Log.d(Constants.TAG, "nfc tlv data:\n" + tlv.prettyPrint());
+
+        Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5);
+        if (fptlv == null) {
+            return null;
+        }
+
+        return fptlv.mV;
+    }
+
+    /** Return the fingerprint from application specific data stored on tag, or
+     * null if it doesn't exist.
+     *
+     * @param idx Index of the key to return the fingerprint from.
+     * @return The fingerprint of the requested key, or null if not found.
+     */
+    public byte[] nfcGetFingerprint(int idx) throws IOException {
+        byte[] data = nfcGetFingerprints();
+
+        // return the master key fingerprint
+        ByteBuffer fpbuf = ByteBuffer.wrap(data);
+        byte[] fp = new byte[20];
+        fpbuf.position(idx*20);
+        fpbuf.get(fp, 0, 20);
+
+        return fp;
+    }
+
+
+    public String nfcGetUserId() throws IOException {
+        String info = "00CA006500";
+        String data = "00CA005E00";
+        return nfcGetHolderName(nfcCommunicate(info)) + " <" + (new String(Hex.decode(nfcGetDataField(
+                nfcCommunicate(data))))) + ">";
+    }
+
+    /**
+     * Calls to calculate the signature and returns the MPI value
+     *
+     * @param hash the hash for signing
+     * @return a big integer representing the MPI for the given hash
+     */
+    public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
+
+        // dsi, including Lc
+        String dsi;
+
+        Log.i(Constants.TAG, "Hash: " + hashAlgo);
+        switch (hashAlgo) {
+            case HashAlgorithmTags.SHA1:
+                if (hash.length != 20) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 10!");
+                }
+                dsi = "23" // Lc
+                        + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
+                        + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes
+                        + "0605" + "2B0E03021A" // OID of SHA1
+                        + "0500" // TLV coding of ZERO
+                        + "0414" + getHex(hash); // 0x14 are 20 hash bytes
+                break;
+            case HashAlgorithmTags.RIPEMD160:
+                if (hash.length != 20) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 20!");
+                }
+                dsi = "233021300906052B2403020105000414" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA224:
+                if (hash.length != 28) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 28!");
+                }
+                dsi = "2F302D300D06096086480165030402040500041C" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA256:
+                if (hash.length != 32) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 32!");
+                }
+                dsi = "333031300D060960864801650304020105000420" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA384:
+                if (hash.length != 48) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 48!");
+                }
+                dsi = "433041300D060960864801650304020205000430" + getHex(hash);
+                break;
+            case HashAlgorithmTags.SHA512:
+                if (hash.length != 64) {
+                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 64!");
+                }
+                dsi = "533051300D060960864801650304020305000440" + getHex(hash);
+                break;
+            default:
+                throw new RuntimeException("Not supported hash algo!");
+        }
+
+        // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
+        String apdu  =
+                "002A9E9A" // CLA, INS, P1, P2
+                        + dsi // digital signature input
+                        + "00"; // Le
+
+        String response = nfcCommunicate(apdu);
+
+        // split up response into signature and status
+        String status = response.substring(response.length()-4);
+        String signature = response.substring(0, response.length() - 4);
+
+        // while we are getting 0x61 status codes, retrieve more data
+        while (status.substring(0, 2).equals("61")) {
+            Log.d(Constants.TAG, "requesting more data, status " + status);
+            // Send GET RESPONSE command
+            response = nfcCommunicate("00C00000" + status.substring(2));
+            status = response.substring(response.length()-4);
+            signature += response.substring(0, response.length()-4);
+        }
+
+        Log.d(Constants.TAG, "final response:" + status);
+
+        if ( ! "9000".equals(status)) {
+            toast("Bad NFC response code: " + status);
+            return null;
+        }
+
+        // Make sure the signature we received is actually the expected number of bytes long!
+        if (signature.length() != 256 && signature.length() != 512) {
+            toast("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2);
+            return null;
+        }
+
+        return Hex.decode(signature);
+    }
+
+    /**
+     * Calls to calculate the signature and returns the MPI value
+     *
+     * @param encryptedSessionKey the encoded session key
+     * @return the decoded session key
+     */
+    public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
+        String firstApdu = "102a8086fe";
+        String secondApdu = "002a808603";
+        String le = "00";
+
+        byte[] one = new byte[254];
+        // leave out first byte:
+        System.arraycopy(encryptedSessionKey, 1, one, 0, one.length);
+
+        byte[] two = new byte[encryptedSessionKey.length - 1 - one.length];
+        for (int i = 0; i < two.length; i++) {
+            two[i] = encryptedSessionKey[i + one.length + 1];
+        }
+
+        String first = nfcCommunicate(firstApdu + getHex(one));
+        String second = nfcCommunicate(secondApdu + getHex(two) + le);
+
+        String decryptedSessionKey = nfcGetDataField(second);
+
+        Log.d(Constants.TAG, "decryptedSessionKey: " + decryptedSessionKey);
+
+        return Hex.decode(decryptedSessionKey);
+    }
+
+    /**
+     * Prints a message to the screen
+     *
+     * @param text the text which should be contained within the toast
+     */
+    protected void toast(String text) {
+        Toast.makeText(this, text, Toast.LENGTH_LONG).show();
+    }
+
+    /**
+     * Receive new NFC Intents to this activity only by enabling foreground dispatch.
+     * This can only be done in onResume!
+     */
+    public void enableNfcForegroundDispatch() {
+        mNfcAdapter = NfcAdapter.getDefaultAdapter(this);
+        Intent nfcI = new Intent(this, NfcOperationActivity.class)
+                .addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
+        PendingIntent nfcPendingIntent = PendingIntent.getActivity(this, 0, nfcI, PendingIntent.FLAG_CANCEL_CURRENT);
+        IntentFilter[] writeTagFilters = new IntentFilter[]{
+                new IntentFilter(NfcAdapter.ACTION_TAG_DISCOVERED)
+        };
+
+        // https://code.google.com/p/android/issues/detail?id=62918
+        // maybe mNfcAdapter.enableReaderMode(); ?
+        try {
+            mNfcAdapter.enableForegroundDispatch(this, nfcPendingIntent, writeTagFilters, null);
+        } catch (IllegalStateException e) {
+            Log.i(Constants.TAG, "NfcForegroundDispatch Error!", e);
+        }
+        Log.d(Constants.TAG, "NfcForegroundDispatch has been enabled!");
+    }
+
+    /**
+     * Disable foreground dispatch in onPause!
+     */
+    public void disableNfcForegroundDispatch() {
+        mNfcAdapter.disableForegroundDispatch(this);
+        Log.d(Constants.TAG, "NfcForegroundDispatch has been disabled!");
+    }
+
+    public String nfcGetHolderName(String name) {
+        String slength;
+        int ilength;
+        name = name.substring(6);
+        slength = name.substring(0, 2);
+        ilength = Integer.parseInt(slength, 16) * 2;
+        name = name.substring(2, ilength + 2);
+        name = (new String(Hex.decode(name))).replace('<', ' ');
+        return (name);
+    }
+
+    private String nfcGetDataField(String output) {
+        return output.substring(0, output.length() - 4);
+    }
+
+    public String nfcCommunicate(String apdu) throws IOException {
+        return getHex(mIsoDep.transceive(Hex.decode(apdu)));
+    }
+
+    public static String getHex(byte[] raw) {
+        return new String(Hex.encode(raw));
+    }
+
+}
diff --git a/OpenKeychain/src/main/res/layout/create_key_start_fragment.xml b/OpenKeychain/src/main/res/layout/create_key_start_fragment.xml
index 79ffe58b1..2db147475 100644
--- a/OpenKeychain/src/main/res/layout/create_key_start_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/create_key_start_fragment.xml
@@ -50,22 +50,22 @@
             android:clickable="true"
             style="?android:attr/borderlessButtonStyle" />
 
-        <!--<TextView-->
-            <!--android:id="@+id/create_key_yubikey_button"-->
-            <!--android:paddingLeft="16dp"-->
-            <!--android:paddingRight="16dp"-->
-            <!--android:textAppearance="?android:attr/textAppearanceMedium"-->
-            <!--android:layout_width="match_parent"-->
-            <!--android:layout_height="wrap_content"-->
-            <!--android:layout_weight="1"-->
-            <!--android:text="@string/first_time_yubikey"-->
-            <!--android:textAllCaps="true"-->
-            <!--android:minHeight="?android:attr/listPreferredItemHeight"-->
-            <!--android:drawableRight="@drawable/ic_chevron_right_grey_24dp"-->
-            <!--android:drawablePadding="8dp"-->
-            <!--android:gravity="right|center_vertical"-->
-            <!--android:clickable="true"-->
-            <!--style="?android:attr/borderlessButtonStyle" />-->
+        <TextView
+            android:id="@+id/create_key_yubikey_button"
+            android:paddingLeft="16dp"
+            android:paddingRight="16dp"
+            android:textAppearance="?android:attr/textAppearanceMedium"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_weight="1"
+            android:text="@string/first_time_yubikey"
+            android:textAllCaps="true"
+            android:minHeight="?android:attr/listPreferredItemHeight"
+            android:drawableRight="@drawable/ic_chevron_right_grey_24dp"
+            android:drawablePadding="8dp"
+            android:gravity="right|center_vertical"
+            android:clickable="true"
+            style="?android:attr/borderlessButtonStyle" />
 
         <TextView
             android:id="@+id/create_key_import_button"
@@ -101,4 +101,4 @@
             android:clickable="true"
             style="?android:attr/borderlessButtonStyle" />
     </LinearLayout>
-</RelativeLayout>
\ No newline at end of file
+</RelativeLayout>
diff --git a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
new file mode 100644
index 000000000..d8c95c658
--- /dev/null
+++ b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent">
+
+    <ScrollView
+        android:layout_width="match_parent"
+        android:layout_height="match_parent"
+        android:fillViewport="true"
+        android:layout_above="@+id/create_key_buttons">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:paddingLeft="16dp"
+            android:paddingRight="16dp"
+            android:orientation="vertical">
+
+            <TextView
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_marginTop="16dp"
+                android:layout_marginLeft="8dp"
+                android:textAppearance="?android:attr/textAppearanceMedium"
+                android:text="Hold Yubikey against device dawg" />
+
+            <TextView
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_marginTop="16dp"
+                android:layout_marginLeft="8dp"
+                android:textAppearance="?android:attr/textAppearanceMedium"
+                android:text="(yubikey fingerprint)" />
+
+        </LinearLayout>
+
+    </ScrollView>
+
+    <LinearLayout
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="horizontal"
+        android:layout_alignParentBottom="true"
+        android:layout_alignParentLeft="true"
+        android:layout_alignParentStart="true"
+        android:background="@color/holo_gray_bright"
+        android:id="@+id/create_key_buttons">
+
+        <TextView
+            android:id="@+id/create_key_back_button"
+            android:paddingLeft="16dp"
+            android:paddingRight="16dp"
+            android:textAppearance="?android:attr/textAppearanceMedium"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_weight="1"
+            android:text="@string/btn_back"
+            android:textAllCaps="true"
+            android:minHeight="?android:attr/listPreferredItemHeight"
+            android:drawableLeft="@drawable/ic_chevron_left_grey_24dp"
+            android:drawablePadding="8dp"
+            android:gravity="left|center_vertical"
+            android:clickable="true"
+            style="?android:attr/borderlessButtonStyle" />
+
+        <TextView
+            android:id="@+id/create_key_next_button"
+            android:paddingLeft="16dp"
+            android:paddingRight="16dp"
+            android:textAppearance="?android:attr/textAppearanceMedium"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_weight="1"
+            android:text="@string/btn_next"
+            android:textAllCaps="true"
+            android:minHeight="?android:attr/listPreferredItemHeight"
+            android:drawableRight="@drawable/ic_chevron_right_grey_24dp"
+            android:drawablePadding="8dp"
+            android:gravity="right|center_vertical"
+            android:clickable="true"
+            style="?android:attr/borderlessButtonStyle" />
+    </LinearLayout>
+</RelativeLayout>
\ No newline at end of file

From 1ad3635d139ea5033b06e5cdd87a7b2eab5f2e75 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sat, 21 Mar 2015 19:52:10 +0100
Subject: [PATCH 14/80] work on ad-hoc yubikey import support

---
 OpenKeychain/src/main/AndroidManifest.xml     |   2 +
 .../operations/results/PromoteKeyResult.java  |   9 +-
 .../service/KeychainIntentService.java        |   2 +-
 .../keychain/ui/CreateKeyActivity.java        |  22 +-
 .../keychain/ui/CreateKeyYubiFragment.java    | 261 +++++++++++++++++-
 .../keychain/ui/base/BaseNfcActivity.java     |   7 +-
 .../res/layout/create_yubikey_fragment.xml    | 101 +++++--
 7 files changed, 366 insertions(+), 38 deletions(-)

diff --git a/OpenKeychain/src/main/AndroidManifest.xml b/OpenKeychain/src/main/AndroidManifest.xml
index d983498cc..fd999b0fb 100644
--- a/OpenKeychain/src/main/AndroidManifest.xml
+++ b/OpenKeychain/src/main/AndroidManifest.xml
@@ -90,6 +90,8 @@
             android:name=".ui.CreateKeyActivity"
             android:windowSoftInputMode="adjustResize"
             android:label="@string/title_manage_my_keys"
+            android:launchMode="singleTop"
+            android:allowTaskReparenting="true"
             android:parentActivityName=".ui.MainActivity">
             <meta-data
                 android:name="android.support.PARENT_ACTIVITY"
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PromoteKeyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PromoteKeyResult.java
index af9aff84a..d6c7a1ee0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PromoteKeyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PromoteKeyResult.java
@@ -31,13 +31,18 @@ public class PromoteKeyResult extends OperationResult {
 
     public PromoteKeyResult(Parcel source) {
         super(source);
-        mMasterKeyId = source.readLong();
+        mMasterKeyId = source.readInt() != 0 ? source.readLong() : null;
     }
 
     @Override
     public void writeToParcel(Parcel dest, int flags) {
         super.writeToParcel(dest, flags);
-        dest.writeLong(mMasterKeyId);
+        if (mMasterKeyId != null) {
+            dest.writeInt(1);
+            dest.writeLong(mMasterKeyId);
+        } else {
+            dest.writeInt(0);
+        }
     }
 
     public static Creator<PromoteKeyResult> CREATOR = new Creator<PromoteKeyResult>() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index ed6453e9d..5a9c146f7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -487,7 +487,7 @@ public class KeychainIntentService extends IntentService implements Progressable
             case ACTION_PROMOTE_KEYRING: {
 
                 // Input
-                long keyRingId = data.getInt(EXPORT_KEY_RING_MASTER_KEY_ID);
+                long keyRingId = data.getLong(PROMOTE_MASTER_KEY_ID);
 
                 // Operation
                 PromoteKeyOperation op = new PromoteKeyOperation(this, providerHelper, this, mActionCanceled);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
index 4ae901c6c..9919e2aab 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
@@ -17,23 +17,18 @@
 
 package org.sufficientlysecure.keychain.ui;
 
-import android.app.PendingIntent;
-import android.content.Intent;
-import android.content.IntentFilter;
-import android.nfc.NfcAdapter;
 import android.os.Bundle;
 import android.support.v4.app.Fragment;
 import android.support.v4.app.FragmentTransaction;
 
-import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.ui.base.BaseActivity;
-import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
+import java.io.IOException;
 import java.util.ArrayList;
 
-public class CreateKeyActivity extends BaseActivity {
+public class CreateKeyActivity extends BaseNfcActivity {
 
     public static final String EXTRA_NAME = "name";
     public static final String EXTRA_EMAIL = "email";
@@ -85,6 +80,13 @@ public class CreateKeyActivity extends BaseActivity {
         }
     }
 
+    @Override
+    protected void onNfcPerform() throws IOException {
+        if (mCurrentFragment instanceof NfcListenerFragment) {
+            ((NfcListenerFragment) mCurrentFragment).onNfcPerform();
+        }
+    }
+
     @Override
     protected void onSaveInstanceState(Bundle outState) {
         super.onSaveInstanceState(outState);
@@ -135,4 +137,8 @@ public class CreateKeyActivity extends BaseActivity {
         getSupportFragmentManager().executePendingTransactions();
     }
 
+    interface NfcListenerFragment {
+        public void onNfcPerform() throws IOException;
+    }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
index 665c68d65..483a5f4e5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
@@ -17,26 +17,77 @@
 
 package org.sufficientlysecure.keychain.ui;
 
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.Arrays;
+
 import android.app.Activity;
+import android.app.ProgressDialog;
 import android.content.Context;
+import android.content.Intent;
+import android.database.Cursor;
+import android.net.Uri;
 import android.os.Bundle;
+import android.os.Message;
+import android.os.Messenger;
 import android.support.v4.app.Fragment;
+import android.support.v4.app.LoaderManager;
+import android.support.v4.content.CursorLoader;
+import android.support.v4.content.Loader;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
 import android.widget.EditText;
+import android.widget.TextView;
+import android.widget.ViewAnimator;
 
+import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
+import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
+import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
+import org.sufficientlysecure.keychain.operations.results.PromoteKeyResult;
+import org.sufficientlysecure.keychain.provider.KeychainContract;
+import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
+import org.sufficientlysecure.keychain.service.KeychainIntentService;
+import org.sufficientlysecure.keychain.service.KeychainIntentService.IOType;
+import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity.NfcListenerFragment;
+import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.ui.util.Notify;
+import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.ui.widget.NameEditText;
+import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Preferences;
 
 
-public class CreateKeyYubiFragment extends Fragment {
+public class CreateKeyYubiFragment extends Fragment implements NfcListenerFragment,
+        LoaderManager.LoaderCallbacks<Cursor> {
 
     CreateKeyActivity mCreateKeyActivity;
     NameEditText mNameEdit;
     View mBackButton;
     View mNextButton;
+    private TextView mUnknownFingerprint;
+
+    public static final String ARGS_MASTER_KEY_ID = "master_key_id";
+    private byte[] mScannedFingerprint;
+    private long mScannedMasterKeyId;
+    private ViewAnimator mAnimator;
+    private TextView mFingerprint;
+    private TextView mUserId;
+
+    private YubiImportState mState = YubiImportState.SCAN;
+
+    enum YubiImportState {
+        SCAN, // waiting for scan
+        UNKNOWN, // scanned unknown key (ready to import)
+        BAD_FINGERPRINT, // scanned key, bad fingerprint
+        IMPORTED, // imported key (ready to promote)
+    }
 
     private static boolean isEditTextNotEmpty(Context context, EditText editText) {
         boolean output = true;
@@ -55,6 +106,16 @@ public class CreateKeyYubiFragment extends Fragment {
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.create_yubikey_fragment, container, false);
 
+        mAnimator = (ViewAnimator) view.findViewById(R.id.create_yubikey_animator);
+
+        mUnknownFingerprint = (TextView) view.findViewById(R.id.create_yubikey_unknown_fp);
+
+        mFingerprint = (TextView) view.findViewById(R.id.create_yubikey_fingerprint);
+        mUserId = (TextView) view.findViewById(R.id.create_yubikey_user_id);
+
+        mBackButton = view.findViewById(R.id.create_key_back_button);
+        mNextButton = view.findViewById(R.id.create_key_next_button);
+
         mBackButton.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
@@ -77,14 +138,200 @@ public class CreateKeyYubiFragment extends Fragment {
         mCreateKeyActivity = (CreateKeyActivity) getActivity();
     }
 
-    private void nextClicked() {
-        if (isEditTextNotEmpty(getActivity(), mNameEdit)) {
-            // save state
-            mCreateKeyActivity.mName = mNameEdit.getText().toString();
+    @Override
+    public void onNfcPerform() throws IOException {
 
-            CreateKeyEmailFragment frag = CreateKeyEmailFragment.newInstance();
-            mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);
+        mScannedFingerprint = mCreateKeyActivity.nfcGetFingerprint(0);
+        mScannedMasterKeyId = getKeyIdFromFingerprint(mScannedFingerprint);
+
+        getLoaderManager().initLoader(0, null, this);
+
+    }
+
+    // These are the rows that we will retrieve.
+    static final String[] UNIFIED_PROJECTION = new String[]{
+            KeychainContract.KeyRings._ID,
+            KeychainContract.KeyRings.MASTER_KEY_ID,
+            KeychainContract.KeyRings.USER_ID,
+            KeychainContract.KeyRings.IS_REVOKED,
+            KeychainContract.KeyRings.IS_EXPIRED,
+            KeychainContract.KeyRings.HAS_ANY_SECRET,
+            KeychainContract.KeyRings.FINGERPRINT,
+    };
+
+    static final int INDEX_MASTER_KEY_ID = 1;
+    static final int INDEX_USER_ID = 2;
+    static final int INDEX_IS_REVOKED = 3;
+    static final int INDEX_IS_EXPIRED = 4;
+    static final int INDEX_HAS_ANY_SECRET = 5;
+    static final int INDEX_FINGERPRINT = 6;
+
+    @Override
+    public Loader<Cursor> onCreateLoader(int id, Bundle args) {
+        Uri baseUri = KeychainContract.KeyRings.buildUnifiedKeyRingUri(
+                KeyRings.buildUnifiedKeyRingUri(mScannedMasterKeyId)
+        );
+        return new CursorLoader(getActivity(), baseUri, UNIFIED_PROJECTION, null, null, null);
+    }
+
+    @Override
+    public void onLoadFinished(Loader<Cursor> loader, Cursor data) {
+        if (data.moveToFirst()) {
+
+            byte[] fingerprint = data.getBlob(INDEX_FINGERPRINT);
+            if (!Arrays.equals(fingerprint, mScannedFingerprint)) {
+                mState = YubiImportState.BAD_FINGERPRINT;
+                Notify.create(getActivity(), "Fingerprint mismatch!", Style.ERROR);
+                return;
+            }
+
+            showKey(data);
+
+        } else {
+            showUnknownKey();
         }
     }
 
+    public void showUnknownKey() {
+        String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
+        mUnknownFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
+
+        mAnimator.setDisplayedChild(1);
+        mState = YubiImportState.UNKNOWN;
+    }
+
+    public void showKey(Cursor data) {
+        String userId = data.getString(INDEX_USER_ID);
+        boolean hasSecret = data.getInt(INDEX_HAS_ANY_SECRET) != 0;
+
+        String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
+        mFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
+
+        mUserId.setText(userId);
+
+        mAnimator.setDisplayedChild(2);
+        mState = YubiImportState.IMPORTED;
+    }
+
+
+    private void nextClicked() {
+
+        switch (mState) {
+            case UNKNOWN:
+                importKey();
+                break;
+            case IMPORTED:
+                promoteKey();
+                break;
+        }
+
+    }
+
+    public void promoteKey() {
+
+        // Message is received after decrypting is done in KeychainIntentService
+        KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity()) {
+            public void handleMessage(Message message) {
+                // handle messages by standard KeychainIntentServiceHandler first
+                super.handleMessage(message);
+
+                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+                    // get returned data bundle
+                    Bundle returnData = message.getData();
+
+                    PromoteKeyResult result =
+                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
+
+                    result.createNotify(getActivity()).show();
+                }
+
+            }
+        };
+
+        // Send all information needed to service to decrypt in other thread
+        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+
+        // fill values for this action
+
+        intent.setAction(KeychainIntentService.ACTION_PROMOTE_KEYRING);
+
+        Bundle data = new Bundle();
+        data.putLong(KeychainIntentService.PROMOTE_MASTER_KEY_ID, mScannedMasterKeyId);
+        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+        // Create a new Messenger for the communication back
+        Messenger messenger = new Messenger(saveHandler);
+        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+        // start service with intent
+        getActivity().startService(intent);
+
+    }
+
+    public void importKey() {
+
+        // Message is received after decrypting is done in KeychainIntentService
+        KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity()) {
+            public void handleMessage(Message message) {
+                // handle messages by standard KeychainIntentServiceHandler first
+                super.handleMessage(message);
+
+                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+                    // get returned data bundle
+                    Bundle returnData = message.getData();
+
+                    ImportKeyResult result =
+                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
+
+                    result.createNotify(getActivity()).show();
+                }
+
+            }
+        };
+
+        // Send all information needed to service to decrypt in other thread
+        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+
+        // fill values for this action
+        Bundle data = new Bundle();
+
+        intent.setAction(KeychainIntentService.ACTION_IMPORT_KEYRING);
+
+        String hexFp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
+        ArrayList<ParcelableKeyRing> keyList = new ArrayList<>();
+        keyList.add(new ParcelableKeyRing(hexFp, null, null));
+        data.putParcelableArrayList(KeychainIntentService.IMPORT_KEY_LIST, keyList);
+
+        {
+            Preferences prefs = Preferences.getPreferences(getActivity());
+            Preferences.CloudSearchPrefs cloudPrefs =
+                    new Preferences.CloudSearchPrefs(true, true, prefs.getPreferredKeyserver());
+            data.putString(KeychainIntentService.IMPORT_KEY_SERVER, cloudPrefs.keyserver);
+        }
+
+        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+        // Create a new Messenger for the communication back
+        Messenger messenger = new Messenger(saveHandler);
+        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+        // start service with intent
+        getActivity().startService(intent);
+
+    }
+
+
+    @Override
+    public void onLoaderReset(Loader<Cursor> loader) {
+
+    }
+
+    static long getKeyIdFromFingerprint(byte[] fingerprint) {
+        ByteBuffer buf = ByteBuffer.wrap(fingerprint);
+        // skip first 12 bytes of the fingerprint
+        buf.position(12);
+        // the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
+        return buf.getLong();
+    }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index 0a7b7611b..ca1d79155 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -18,7 +18,6 @@ import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
-import org.sufficientlysecure.keychain.ui.NfcOperationActivity;
 import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
 import org.sufficientlysecure.keychain.util.Iso7816TLV;
 import org.sufficientlysecure.keychain.util.Log;
@@ -72,7 +71,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
      */
     public void onPause() {
         super.onPause();
-        Log.d(Constants.TAG, "NfcOperationActivity.onPause");
+        Log.d(Constants.TAG, "BaseNfcActivity.onPause");
 
         disableNfcForegroundDispatch();
     }
@@ -83,7 +82,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
      */
     public void onResume() {
         super.onResume();
-        Log.d(Constants.TAG, "NfcOperationActivity.onResume");
+        Log.d(Constants.TAG, "BaseNfcActivity.onResume");
 
         enableNfcForegroundDispatch();
     }
@@ -397,7 +396,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
      */
     public void enableNfcForegroundDispatch() {
         mNfcAdapter = NfcAdapter.getDefaultAdapter(this);
-        Intent nfcI = new Intent(this, NfcOperationActivity.class)
+        Intent nfcI = new Intent(this, getClass())
                 .addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
         PendingIntent nfcPendingIntent = PendingIntent.getActivity(this, 0, nfcI, PendingIntent.FLAG_CANCEL_CURRENT);
         IntentFilter[] writeTagFilters = new IntentFilter[]{
diff --git a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
index d8c95c658..ec2505706 100644
--- a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
@@ -9,30 +9,97 @@
         android:fillViewport="true"
         android:layout_above="@+id/create_key_buttons">
 
-        <LinearLayout
-            android:layout_width="match_parent"
+        <ViewAnimator
+            android:layout_width="fill_parent"
             android:layout_height="wrap_content"
+            android:inAnimation="@anim/abc_fade_in"
+            android:outAnimation="@anim/abc_fade_out"
             android:paddingLeft="16dp"
             android:paddingRight="16dp"
-            android:orientation="vertical">
+            android:id="@+id/create_yubikey_animator"
+            >
 
-            <TextView
-                android:layout_width="wrap_content"
+            <LinearLayout
+                android:layout_width="match_parent"
                 android:layout_height="wrap_content"
-                android:layout_marginTop="16dp"
-                android:layout_marginLeft="8dp"
-                android:textAppearance="?android:attr/textAppearanceMedium"
-                android:text="Hold Yubikey against device dawg" />
+                android:orientation="vertical">
 
-            <TextView
-                android:layout_width="wrap_content"
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="16dp"
+                    android:layout_marginLeft="8dp"
+                    android:textAppearance="?android:attr/textAppearanceMedium"
+                    android:text="Hold Yubikey against device dawg"
+                    />
+
+                <ImageView
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:src="@drawable/yubikey_phone" />
+
+            </LinearLayout>
+
+            <LinearLayout
+                android:layout_width="match_parent"
                 android:layout_height="wrap_content"
-                android:layout_marginTop="16dp"
-                android:layout_marginLeft="8dp"
-                android:textAppearance="?android:attr/textAppearanceMedium"
-                android:text="(yubikey fingerprint)" />
+                android:orientation="vertical">
 
-        </LinearLayout>
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="16dp"
+                    android:layout_marginLeft="8dp"
+                    android:textAppearance="?android:attr/textAppearanceMedium"
+                    android:id="@+id/create_yubikey_unknown_fp"
+                    android:text="(yubikey fingerprint)" />
+
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="16dp"
+                    android:layout_marginLeft="8dp"
+                    android:textAppearance="?android:attr/textAppearanceMedium"
+                    android:text="Hit next to import this key"
+                    />
+
+            </LinearLayout>
+
+            <LinearLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:orientation="vertical">
+
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="16dp"
+                    android:layout_marginLeft="8dp"
+                    android:textAppearance="?android:attr/textAppearanceMedium"
+                    android:id="@+id/create_yubikey_fingerprint"
+                    android:text="(yubikey fingerprint)" />
+
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="16dp"
+                    android:layout_marginLeft="8dp"
+                    android:textAppearance="?android:attr/textAppearanceMedium"
+                    android:id="@+id/create_yubikey_user_id"
+                    android:text="(yubikey fingerprint)" />
+
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="16dp"
+                    android:layout_marginLeft="8dp"
+                    android:textAppearance="?android:attr/textAppearanceMedium"
+                    android:text="Hit next to add this Yubikey to your own!"
+                    />
+
+            </LinearLayout>
+
+        </ViewAnimator>
 
     </ScrollView>
 
@@ -79,5 +146,7 @@
             android:gravity="right|center_vertical"
             android:clickable="true"
             style="?android:attr/borderlessButtonStyle" />
+
     </LinearLayout>
+
 </RelativeLayout>
\ No newline at end of file

From 04c7639a5a9b4f85122b7d5f299ba09131ce3036 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sat, 21 Mar 2015 22:18:58 +0100
Subject: [PATCH 15/80] split up wait/action yubikey fragments

---
 Graphics/drawables/yubi_icon.svg              |  32 +++++
 Graphics/update-drawables.sh                  |   4 +-
 .../operations/PromoteKeyOperation.java       |   2 +-
 .../pgp/CanonicalizedPublicKeyRing.java       |   6 +-
 .../keychain/ui/CreateKeyActivity.java        |   6 +
 .../keychain/ui/CreateKeyStartFragment.java   |   2 +-
 .../keychain/ui/CreateKeyYubiFragment.java    | 109 +++++++-----------
 .../ui/CreateKeyYubiWaitFragment.java         |  88 ++++++++++++++
 .../src/main/res/drawable-hdpi/yubi_icon.png  | Bin 0 -> 2517 bytes
 .../main/res/drawable-hdpi/yubi_icon_24dp.png | Bin 0 -> 1203 bytes
 .../src/main/res/drawable-mdpi/yubi_icon.png  | Bin 0 -> 1715 bytes
 .../main/res/drawable-mdpi/yubi_icon_24dp.png | Bin 0 -> 753 bytes
 .../src/main/res/drawable-xhdpi/yubi_icon.png | Bin 0 -> 4078 bytes
 .../res/drawable-xhdpi/yubi_icon_24dp.png     | Bin 0 -> 1715 bytes
 .../main/res/drawable-xxhdpi/yubi_icon.png    | Bin 0 -> 5808 bytes
 .../res/drawable-xxhdpi/yubi_icon_24dp.png    | Bin 0 -> 2854 bytes
 .../res/drawable-xxxhdpi/yubi_icon_24dp.png   | Bin 0 -> 4078 bytes
 .../res/layout/create_yubikey_fragment.xml    |  24 +---
 .../layout/create_yubikey_wait_fragment.xml   |  83 +++++++++++++
 glyph_authlite.png                            | Bin 0 -> 3869 bytes
 20 files changed, 266 insertions(+), 90 deletions(-)
 create mode 100644 Graphics/drawables/yubi_icon.svg
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiWaitFragment.java
 create mode 100644 OpenKeychain/src/main/res/drawable-hdpi/yubi_icon.png
 create mode 100644 OpenKeychain/src/main/res/drawable-hdpi/yubi_icon_24dp.png
 create mode 100644 OpenKeychain/src/main/res/drawable-mdpi/yubi_icon.png
 create mode 100644 OpenKeychain/src/main/res/drawable-mdpi/yubi_icon_24dp.png
 create mode 100644 OpenKeychain/src/main/res/drawable-xhdpi/yubi_icon.png
 create mode 100644 OpenKeychain/src/main/res/drawable-xhdpi/yubi_icon_24dp.png
 create mode 100644 OpenKeychain/src/main/res/drawable-xxhdpi/yubi_icon.png
 create mode 100644 OpenKeychain/src/main/res/drawable-xxhdpi/yubi_icon_24dp.png
 create mode 100644 OpenKeychain/src/main/res/drawable-xxxhdpi/yubi_icon_24dp.png
 create mode 100644 OpenKeychain/src/main/res/layout/create_yubikey_wait_fragment.xml
 create mode 100644 glyph_authlite.png

diff --git a/Graphics/drawables/yubi_icon.svg b/Graphics/drawables/yubi_icon.svg
new file mode 100644
index 000000000..027257550
--- /dev/null
+++ b/Graphics/drawables/yubi_icon.svg
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   version="1.1"
+   width="70"
+   height="62.406281"
+   id="svg2">
+  <metadata
+     id="metadata8">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <defs
+     id="defs6" />
+  <path
+     d="M 52.3657,58.43801 C 47.458994,54.62787 46.155582,54.06779 43.398952,54.58493 40.399791,55.14758 38.763996,54.05889 20.086731,39.06961 7.730768,29.153433 0,22.274008 0,21.194906 0,18.644017 15.681185,0 17.826696,0 18.808287,0 28.361339,7.09013 39.055703,15.755845 56.31613,29.742087 58.53511,31.874951 58.81263,34.74603 c 0.24723,2.55776 1.45004,4.12268 5.75,7.48098 C 67.65157,44.63951 70,47.27165 70,48.32128 70,50.36282 61.61149,61.55137 59.46262,62.37597 58.717,62.66209 55.52339,60.89001 52.3657,58.43801 z m 7.98161,-4.04013 c 0.94475,-1.98117 2.6031,-3.83366 3.68521,-4.11664 3.08813,-0.80756 2.3486,-2.54551 -2.78252,-6.53917 L 56.5,40.04505 52.37071,44.7553 c -2.27111,2.59063 -3.93658,5.16799 -3.70104,5.72747 0.45926,1.09086 8.4545,7.47432 9.39512,7.50113 0.31063,0.009 1.33777,-1.60486 2.28252,-3.58602 z m 5.20186,-2.18204 c -0.85757,-0.85757 -3.55092,1.94357 -3.5159,3.6566 0.0257,1.25888 0.48444,1.0858 2.025,-0.7641 1.09546,-1.31542 1.76636,-2.61704 1.4909,-2.8925 z M 47.573574,48.4862 C 48.39799,46.74888 50.80267,43.52685 52.91732,41.32613 59.85163,34.10958 60.37768,34.99685 38.834338,17.572733 28.24449,9.00773 18.828918,2 17.910844,2 15.98216,2 2.014962,18.730529 2.005994,21.051535 c -0.0033,0.853344 8.785659,8.598609 19.531012,17.211695 18.295855,14.66531 19.695848,15.5878 22.037322,14.52095 1.375173,-0.62657 3.174834,-2.56066 3.999246,-4.29798 z M 22.153135,37.36544 C 11.618911,28.862306 3,21.435201 3,20.86076 3,20.286319 4.004197,18.603773 5.231549,17.121769 l 2.231549,-2.694552 1.518451,3.036391 C 10.291844,20.083758 11.046491,20.5 14.486525,20.5 c 3.40146,0 4.188035,-0.420435 5.35957,-2.864761 1.227741,-2.561596 1.165068,-3.143637 -0.592223,-5.5 C 18.172975,10.685858 16.131556,9.275 14.717385,9 L 12.146166,8.5 14.525117,5.75 C 15.83354,4.2375 17.403231,3 18.013319,3 19.191537,3 56.29941,32.61103 56.7872,33.940454 c 0.15796,0.430506 -1.05275,2.307516 -2.69047,4.171146 -6.574606,7.48151 -8.129309,9.45228 -8.591582,10.89088 -0.26554,0.82636 -1.318918,2.02463 -2.34084,2.66283 -1.618911,1.01103 -4.323025,-0.82935 -21.011173,-14.29987 z M 37.931436,36.25 C 44.595087,30.065353 40.901626,20 31.968531,20 28.745553,20 27.208412,20.637742 24.923077,22.923077 16.352,31.494154 29.044823,44.49781 37.931436,36.25 z M 25.923077,35.07692 C 22.66548,31.819326 22.293119,29.267638 24.463015,25.071521 26.128048,21.851703 27.789913,21 32.407473,21 c 8.048979,0 10.806778,11.769366 3.6277,15.48181 -4.304155,2.22577 -6.832743,1.87447 -10.112096,-1.40489 z M 36.92742,33.365141 C 39.649186,29.904977 39.544086,27.453177 36.545455,24.454545 33.546823,21.455914 31.095023,21.350814 27.634859,24.07258 25.860414,25.468358 25,27.10111 25,29.07258 c 0,6.47951 7.955148,9.34249 11.92742,4.292561 z M 30.666667,30.333333 C 29.516033,29.1827 29.938426,28 31.5,28 c 0.825,0 1.5,0.675 1.5,1.5 0,1.561574 -1.1827,1.983967 -2.333333,0.833333 z M 9.979785,17.962227 C 7.664953,13.636924 12.068603,8.798967 16.487721,10.812451 21.403259,13.052121 19.505702,20 13.97848,20 12.075855,20 10.693296,19.295435 9.979785,17.962227 z m 7.089782,-0.54605 C 18.846012,15.275691 17.059122,12.5 13.904709,12.5 c -2.721086,0 -3.747785,2.77923 -1.86484,5.048039 1.568288,1.889672 3.391646,1.84187 5.029698,-0.131862 z"
+     id="path3031"
+     style="fill:#000000" />
+</svg>
diff --git a/Graphics/update-drawables.sh b/Graphics/update-drawables.sh
index 8da894725..61dc51099 100755
--- a/Graphics/update-drawables.sh
+++ b/Graphics/update-drawables.sh
@@ -22,7 +22,7 @@ SRC_DIR=./drawables/
 #inkscape -w 512 -h 512 -e "$PLAY_DIR/$NAME.png" $NAME.svg
 
 
-for NAME in "ic_cloud_search" "ic_action_encrypt_file" "ic_action_encrypt_text" "ic_action_verified_cutout" "ic_action_encrypt_copy" "ic_action_encrypt_save" "ic_action_encrypt_share" "status_lock_closed" "status_lock_error" "status_lock_open" "status_signature_expired_cutout" "status_signature_invalid_cutout" "status_signature_revoked_cutout" "status_signature_unknown_cutout" "status_signature_unverified_cutout" "status_signature_verified_cutout" "key_flag_authenticate" "key_flag_certify" "key_flag_encrypt" "key_flag_sign"
+for NAME in "ic_cloud_search" "ic_action_encrypt_file" "ic_action_encrypt_text" "ic_action_verified_cutout" "ic_action_encrypt_copy" "ic_action_encrypt_save" "ic_action_encrypt_share" "status_lock_closed" "status_lock_error" "status_lock_open" "status_signature_expired_cutout" "status_signature_invalid_cutout" "status_signature_revoked_cutout" "status_signature_unknown_cutout" "status_signature_unverified_cutout" "status_signature_verified_cutout" "key_flag_authenticate" "key_flag_certify" "key_flag_encrypt" "key_flag_sign" "yubi_icon"
 do
 echo $NAME
 inkscape -w 24 -h 24 -e "$MDPI_DIR/${NAME}_24dp.png" "$SRC_DIR/$NAME.svg"
@@ -60,4 +60,4 @@ for NAME in "first_time_1"
 do
 echo $NAME
 inkscape -w 512 -h 512 -e "$DRAWABLE_DIR/$NAME.png" "$SRC_DIR/$NAME.svg"
-done
\ No newline at end of file
+done
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java
index fd86d4b92..46db30ad0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java
@@ -74,7 +74,7 @@ public class PromoteKeyOperation extends BaseOperation {
                         mProviderHelper.getCanonicalizedPublicKeyRing(masterKeyId);
 
                 // create divert-to-card secret key from public key
-                promotedRing = pubRing.createDummySecretRing();
+                promotedRing = pubRing.createDummySecretRing(true);
 
             } catch (PgpKeyNotFoundException e) {
                 log.add(LogType.MSG_PR_ERROR_KEY_NOT_FOUND, 2);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
index c2506685d..fa5b0785e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
@@ -97,10 +97,12 @@ public class CanonicalizedPublicKeyRing extends CanonicalizedKeyRing {
     }
 
     /** Create a dummy secret ring from this key */
-    public UncachedKeyRing createDummySecretRing () {
+    public UncachedKeyRing createDummySecretRing (boolean divertToCard) {
 
         PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(),
-                S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY);
+                divertToCard
+                        ? S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD
+                        : S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY);
         return new UncachedKeyRing(secRing);
 
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
index 9919e2aab..5c2fcde82 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
@@ -84,7 +84,13 @@ public class CreateKeyActivity extends BaseNfcActivity {
     protected void onNfcPerform() throws IOException {
         if (mCurrentFragment instanceof NfcListenerFragment) {
             ((NfcListenerFragment) mCurrentFragment).onNfcPerform();
+            return;
         }
+
+        byte[] scannedFingerprint = nfcGetFingerprint(0);
+        Fragment frag = CreateKeyYubiFragment.createInstance(scannedFingerprint);
+        loadFragment(frag, FragAction.TO_RIGHT);
+
     }
 
     @Override
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java
index d23d598fa..3f56949f5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyStartFragment.java
@@ -98,7 +98,7 @@ public class CreateKeyStartFragment extends Fragment {
         mYubiKey.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
-                CreateKeyYubiFragment frag = new CreateKeyYubiFragment();
+                CreateKeyYubiWaitFragment frag = new CreateKeyYubiWaitFragment();
                 mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);
             }
         });
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
index 483a5f4e5..63549c3d6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
@@ -23,8 +23,6 @@ import java.util.ArrayList;
 import java.util.Arrays;
 
 import android.app.Activity;
-import android.app.ProgressDialog;
-import android.content.Context;
 import android.content.Intent;
 import android.database.Cursor;
 import android.net.Uri;
@@ -38,11 +36,9 @@ import android.support.v4.content.Loader;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
-import android.widget.EditText;
 import android.widget.TextView;
 import android.widget.ViewAnimator;
 
-import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
@@ -51,57 +47,59 @@ import org.sufficientlysecure.keychain.operations.results.PromoteKeyResult;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
-import org.sufficientlysecure.keychain.service.KeychainIntentService.IOType;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
 import org.sufficientlysecure.keychain.ui.CreateKeyActivity.NfcListenerFragment;
-import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.ui.widget.NameEditText;
-import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Preferences;
 
 
-public class CreateKeyYubiFragment extends Fragment implements NfcListenerFragment,
-        LoaderManager.LoaderCallbacks<Cursor> {
+public class CreateKeyYubiFragment extends Fragment
+        implements LoaderManager.LoaderCallbacks<Cursor> {
+
+    private static final String ARG_FINGERPRINT = "fingerprint";
 
     CreateKeyActivity mCreateKeyActivity;
-    NameEditText mNameEdit;
-    View mBackButton;
-    View mNextButton;
-    private TextView mUnknownFingerprint;
 
-    public static final String ARGS_MASTER_KEY_ID = "master_key_id";
     private byte[] mScannedFingerprint;
     private long mScannedMasterKeyId;
+
     private ViewAnimator mAnimator;
+    private TextView mUnknownFingerprint;
     private TextView mFingerprint;
     private TextView mUserId;
 
-    private YubiImportState mState = YubiImportState.SCAN;
+    private YubiImportState mState;
+
+    public static Fragment createInstance(byte[] scannedFingerprint) {
+        Bundle args = new Bundle();
+        args.putByteArray(ARG_FINGERPRINT, scannedFingerprint);
+
+        CreateKeyYubiFragment frag = new CreateKeyYubiFragment();
+        frag.setArguments(args);
+
+        return frag;
+    }
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        mScannedFingerprint = getArguments().getByteArray(ARG_FINGERPRINT);
+        mScannedMasterKeyId = getKeyIdFromFingerprint(mScannedFingerprint);
+
+        getLoaderManager().initLoader(0, null, this);
+    }
 
     enum YubiImportState {
-        SCAN, // waiting for scan
         UNKNOWN, // scanned unknown key (ready to import)
         BAD_FINGERPRINT, // scanned key, bad fingerprint
         IMPORTED, // imported key (ready to promote)
     }
 
-    private static boolean isEditTextNotEmpty(Context context, EditText editText) {
-        boolean output = true;
-        if (editText.getText().length() == 0) {
-            editText.setError(context.getString(R.string.create_key_empty));
-            editText.requestFocus();
-            output = false;
-        } else {
-            editText.setError(null);
-        }
-
-        return output;
-    }
-
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.create_yubikey_fragment, container, false);
@@ -113,8 +111,8 @@ public class CreateKeyYubiFragment extends Fragment implements NfcListenerFragme
         mFingerprint = (TextView) view.findViewById(R.id.create_yubikey_fingerprint);
         mUserId = (TextView) view.findViewById(R.id.create_yubikey_user_id);
 
-        mBackButton = view.findViewById(R.id.create_key_back_button);
-        mNextButton = view.findViewById(R.id.create_key_next_button);
+        View mBackButton = view.findViewById(R.id.create_key_back_button);
+        View mNextButton = view.findViewById(R.id.create_key_next_button);
 
         mBackButton.setOnClickListener(new View.OnClickListener() {
             @Override
@@ -138,16 +136,6 @@ public class CreateKeyYubiFragment extends Fragment implements NfcListenerFragme
         mCreateKeyActivity = (CreateKeyActivity) getActivity();
     }
 
-    @Override
-    public void onNfcPerform() throws IOException {
-
-        mScannedFingerprint = mCreateKeyActivity.nfcGetFingerprint(0);
-        mScannedMasterKeyId = getKeyIdFromFingerprint(mScannedFingerprint);
-
-        getLoaderManager().initLoader(0, null, this);
-
-    }
-
     // These are the rows that we will retrieve.
     static final String[] UNIFIED_PROJECTION = new String[]{
             KeychainContract.KeyRings._ID,
@@ -185,35 +173,26 @@ public class CreateKeyYubiFragment extends Fragment implements NfcListenerFragme
                 return;
             }
 
-            showKey(data);
+            String userId = data.getString(INDEX_USER_ID);
+            boolean hasSecret = data.getInt(INDEX_HAS_ANY_SECRET) != 0;
+
+            String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
+            mFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
+
+            mUserId.setText(userId);
+
+            mAnimator.setDisplayedChild(2);
+            mState = YubiImportState.IMPORTED;
 
         } else {
-            showUnknownKey();
+            String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
+            mUnknownFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
+
+            mAnimator.setDisplayedChild(1);
+            mState = YubiImportState.UNKNOWN;
         }
     }
 
-    public void showUnknownKey() {
-        String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
-        mUnknownFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
-
-        mAnimator.setDisplayedChild(1);
-        mState = YubiImportState.UNKNOWN;
-    }
-
-    public void showKey(Cursor data) {
-        String userId = data.getString(INDEX_USER_ID);
-        boolean hasSecret = data.getInt(INDEX_HAS_ANY_SECRET) != 0;
-
-        String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
-        mFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
-
-        mUserId.setText(userId);
-
-        mAnimator.setDisplayedChild(2);
-        mState = YubiImportState.IMPORTED;
-    }
-
-
     private void nextClicked() {
 
         switch (mState) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiWaitFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiWaitFragment.java
new file mode 100644
index 000000000..c338a0f1f
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiWaitFragment.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.Arrays;
+
+import android.app.Activity;
+import android.content.Context;
+import android.content.Intent;
+import android.database.Cursor;
+import android.net.Uri;
+import android.os.Bundle;
+import android.os.Message;
+import android.os.Messenger;
+import android.support.v4.app.Fragment;
+import android.support.v4.app.LoaderManager;
+import android.support.v4.content.CursorLoader;
+import android.support.v4.content.Loader;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.EditText;
+import android.widget.TextView;
+import android.widget.ViewAnimator;
+
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
+import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
+import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
+import org.sufficientlysecure.keychain.operations.results.PromoteKeyResult;
+import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
+import org.sufficientlysecure.keychain.service.KeychainIntentService;
+import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity.NfcListenerFragment;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.ui.util.Notify;
+import org.sufficientlysecure.keychain.ui.util.Notify.Style;
+import org.sufficientlysecure.keychain.ui.widget.NameEditText;
+import org.sufficientlysecure.keychain.util.Preferences;
+
+
+public class CreateKeyYubiWaitFragment extends Fragment {
+
+    CreateKeyActivity mCreateKeyActivity;
+    View mBackButton;
+
+    @Override
+    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
+        View view = inflater.inflate(R.layout.create_yubikey_wait_fragment, container, false);
+
+        mBackButton = view.findViewById(R.id.create_key_back_button);
+
+        mBackButton.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                mCreateKeyActivity.loadFragment(null, FragAction.TO_LEFT);
+            }
+        });
+
+        return view;
+    }
+
+    @Override
+    public void onAttach(Activity activity) {
+        super.onAttach(activity);
+        mCreateKeyActivity = (CreateKeyActivity) getActivity();
+    }
+
+}
diff --git a/OpenKeychain/src/main/res/drawable-hdpi/yubi_icon.png b/OpenKeychain/src/main/res/drawable-hdpi/yubi_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..428ad6fad6a98fd45754dd37e7472d0f61fca5bf
GIT binary patch
literal 2517
zcmV;`2`cu9P)<h;3K|Lk000e1NJLTq002M$002M;1^@s6s%dfF00004b3#c}2nYxW
zd<bNS00009a7bBm000g$000g$0Tc$ZBme*a8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H12~tT!K~#90-J5%qRaG6wKO4|V5R;G^>EV!KR)T;s3dvGT4Dc~a
zQlk_c97!lMwAI5NhK~h3mbGk3lI0^cVo+NpEgx%{6egLx6dC2AiKY`G0}PBXz|64w
z<NG_@GiT1d_uM;k?<MzId(GMB?#J)<J^T0Edz|;4e2a5#0&o*B&3nH-?}<uSdgMFM
zIaduV2F?IhI_IW#7g0qm-us*@a3kP>Rlqo4qqXk?dgn7|scJsV&oXBJ3QPl*0+ql*
zd;bb>a;X_B2mrw6fi~bF;09yZ1G|7K;2NL>*aKWuYUa8X0ALWX4frQe4IBso;H~{*
zV0cI*ehRo!GudSTfIh%WKm%|Qus6bdxc&(k2rRO89Z*(kM!O2Y!@xe^0^rRI%m?*l
zU@&l-wVwg{m73YS004eqOk8bSx-|g+9%uwc+qhO>9WbcW4Ce%Zeerf+Ug+Hi%=G;u
z0SGO?Bwzy247>xJR%)gb0RS9pO7B_VFniYvI1ji4_=qvrk_Ciz;5t)|{{`LyE+{qQ
zNdR~f*a3XZ+C!1!6K1T|z(^t%w*wWXAKHMKrDi@Y0KnIb=*z8rF0kL;Z8n7%F!nI;
z^@Mt15l{~NjYGst#xegXU^nnkWH)RDPPcY%`|{1k$k`;b4uM4|2Nqa+Atf}EQRaIA
z%S~2~wReM&lT#f7);MEgY7V==V-^9JW9_As$V^5Vnr#G40RCdkUt{k^rxBMeNXea&
z0|0?2jj;LK43vsu18^`LcFt8In?DaY37Np_?dyZALWkm<bI2<^3^*(LdzMmeU;aNR
zj`%q6oO5nSj`MV_*jMZU)B|sz_&!i_yMZzGye#JHpNmXof8fvLwgZCN3e*6nqFu2K
zs4S`o0AC^H?L8hLa1OA<p67;`KLL0P$$q(kl@9<xosIOut4O(yEeZfYPhdUpItq8A
zguMrh1lC%+9(dH=&$sdSbdmX>&O@TM8aY@6cbFV71$Y3MjuITB>0I6her3$|MWV6|
z$^Lj09%n0iQL<#Mjr}z68Q{1`zdr&qQO@CWz*O&jU4r@ZF0Y^j#wSr?BgvPF<^nR+
zCZyyBBiFeGWtGMw-7%7shy`^C@L?2Mw*%7)DFQ#VMHc{L4UF#C&K}qRTnVfQz1xhm
zf3VJ@D6Xi90J|FH74Ek74TaPJ%WRRKBOhRY3^Tdb6~LvWl;djPl+eO`fNPNzc-MBq
zHzISq1{@E}wf4=0vH~AM86R)k^AhBo<jZ_Ja3-?x9{2?oQO10Mi3ZYZz>%afN#Pwc
z4CNpX0KcRg<A*RI<;Vmb04^gw@0W`<|B*faA;C7Rvc9#z$uaBhMDfN{+cEb5J-QVD
zBjgkI)%Mzgx%l@%Z3G6O{Nc+$pM<hF-xw_eo`{)uFH)lCBmJ=`-LA?T03+l?BfbeZ
z4VlOG8~}I_d59jEl7lkpgM5oB;N~=Qw*g;8=5Yt`7;r>a0O)iy=DpvD<hK!-qgR2+
zNHHcU8?8Smg?_L&m0`}g-ZAU$2L6uxkhN*%?g`w5tkqe->A(}txxNW$>r`UT2EF&2
zPz>-U+Kw&2g-BUtD;tq0HG1#=9r^7F;02)G0;y<Oj>M-i%Nn;L9rXpIAfI;5^-n-s
zr;_$?)O)`fp}Yn;B*&ome@B)%-$vfz;W59hw7=!nCt3y}i<E?!>yc8Nh`h=topWUg
z#&swePlvtt+mSpkMY25%f$~m<VMBoJz){Y*^2mJakeR*3d%r7Y><F~$1|+2aIwWov
zp?t)z6OQXZR1yVMhIWBRC&S01;3=IFyvm-h$UzB?w=vap_64%lTHrhOoYR?P@{UqK
z_uC>rLvHHY7-C*W+juANVh(fHBSkx$%tvqO>Ycz-NM8-?b^we}2i#!`-i7qSzha2F
z7%4mtd@sSgfvY<Y$#y=@mq%8_1J@P=fDplfovs7=8S-I5-a>Be0_4@rBF1w=I_M@F
zvlZ!=<_rvGs|%45eyX4V81b`=xyON{fkz_5+yNYcqCJny-#1ap?M$R6>g~4;C=a<J
z19REx0pvrh0h$U9fPpX#d1ueqPPjWlR4qD7yf+QeEyx8v3Eel!mwAtZr2eGhh#>_B
zz(AOUlBlat5@T+Juq7zoA89~5i!91)>tBUZ>s?`fodG>R^scTb02m14kRQJuIWs}7
zKOm+R>4_OAzPJ?len>pJQd^LJGA%|VCKm+&1EJEs<QC+kPo!%KEoq&O9H_Wc>Q-P<
zQ2;Oy2HAGpgG}KFbj(&L<{v;l$0lpnAQ21q*$<pw6aWl_e#joTBb$C4$_sQi^YzHo
zK4$Ho*!pF3_9XWL<B9@+5pg)F)8AU8ouirGuGD5^IlgP{r-7cK^&L8T50BXcoLv+E
zLPP|Yq!!!Gc(9uQn2eGlt;p#bkcNgCbX3O8z^I}C5F(<+2wjOzeQxUl;~qtP{f+T`
z*qwz8>t9C48!SzP?kN=<03+f&bm;O1It{8J`E9dsU2fu4XYH(UhOJ*k$6GDifT2YL
zz=#-XU#$r^2W4}To<w=u%AZAUv<IFeB=-r{4{p2#^Q{AV6%7C*;-kQe$TVGvk{AsM
z0k{+Cl@%y8cVZsv-yWHBW>En!BKnd_d(TD}BVNkFd=m=2tF4{aF&T1~!_L{Jq61)r
z^djZA-*3!CL+Wt78Y#Yaje#TcT=ytC9{b%}5&%L3-H3elB`6PgYeZRj;CI&dK5PFz
z&$X%z!0_CaB?Z6;n@sBNz+hx0f@`>IP)=b=i0IwGm>lNsfzBqQyXtxGi)aP15IF{!
zrhVvy`e<|)(E;D4^I738;EaTG2g%Ycz;Erj9lM8Aa^^#X4kYz&H(OE8AX5y{1e}^+
z&Sqo2f>h@DHwXKan(-K-$D-uQcH8a^q))*gbZFAd6~rT7G*MWEj@v(Y$O4donF<vC
zMnTvCTo}`TRA@Ij;9J)Ia)*AUW-JdNYUq58=K#9S*VFnqQtA2)z?V$!7k8Sk)C}bb
z!cb!@x*LN0<K-~`H2}xFF90wQ`i7KdxHiz)y>182iJhm^jC2DKGsu3FHYeS9XOsM2
z7w6n?bg}Y;n4g!SOi)|g*u4LF`cNv~`xnq<>qjC#J&zKivCISSj~x&$&bd)2RbByH
f?7iQassH}~RCrB!*PSp?00000NkvXXu0mjf*l~((

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-hdpi/yubi_icon_24dp.png b/OpenKeychain/src/main/res/drawable-hdpi/yubi_icon_24dp.png
new file mode 100644
index 0000000000000000000000000000000000000000..6fb41223dd39c5ecd18b78b5c93a7e9bdb1af8bb
GIT binary patch
literal 1203
zcmV;k1WfyhP)<h;3K|Lk000e1NJLTq001Na001Ni1^@s6;Q*MJ00004b3#c}2nYxW
zd<bNS00009a7bBm000O4000O40r1pGd;kCd8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H11TaZNK~z|U#n*l8)>9bA@z+T)Ke3{fwe_@S{J|Ds)}q*yX=5wa
zdJ@%Y=?^2+iY$-Q5MyC0qoF7!tt3egR31tmQw(X+W~`N2PkzTA=iK^scmM9+L%(#k
z^T&OEuXBCh=en-*xz0Dl7*!h~gs~Wa;W5U&RgIfrw5SJWGDhHQtPUY`J7GW}gkk87
z?HGqQu{4Bm#c?HyF&;J16C3b0VxIePA2wrjrFG3QE5UTY7kI1yQ=BvL4xYeC#}x=I
zu^RoQboRow3Q+U$ESBPo<^(FQp{ZDdZ?O#Xa<mqg*$u||Sc^3wgzinQnetJH&ZYPm
zt?(Wu;ySFrGuT=oQa?xqzZHF(EoG?5k(hu^SYH4=4eKze0#L-C7?anJJyxKWIZ!k3
zKBnUUI))Hh#TXAtb@e;WsUyg3F$;HLU<jd0jB#p{Q<h(}1+V2D|0EUmB3y}8xF$nY
zicoPrfZ2E&p(zmxn44dAJ3@wBiGBD38!-r%mu=+N{A@eAX86__W}hS<qhgHzG$uL$
z%kcq5qoJo|k<?B)OY(5KB%%XxEnbug{bCG_F&=0PR2xZsM@XrwFD>)&s?<u(%7xz%
zpW;^R%ytW<6SxF5jXh=E@ICtB%PKH?Bso})7G<J(CN|;vg8jP~D#=KL1hnYzvK*ma
z_^b|~Ia1Aaujq`2aSLh-Yd*}7E77j8t>Yr8Hu_?H1)#}TSFrDoNrm5?FfB*2xbAaF
z-8Z9SgIh<8aT9KkPRjk#@h^^m9wCIb`S&l<2`i1>8RoCDbv-1FTYx1Ygj3Zu>Ii-3
zyqiH%y_9x3Pim@z>sYr8PdYMX#rZQ{!JG!Atju|Pe1e;#<{GgZ7v}%Fmf7EoUD7?O
z+9};7iEsNx0p*vpk-Gl`=@>`6j#2mx_ee+mWl3D8*8>yrmedu-S5)f!;yOnNp$2bA
zSB>)|y;__@KT1;P6_Pqn$-nCw`_U(_-x6c&bCgAcw1JZ)L7a(4@=gy(I<pYpG$1mi
zQ(CIYT8wK{%F3Vu9+edOHXLjqL}{+VLy|~N$w0Lj(<Gn**m!(|k=WZnnB5p66?41n
zXGl(AEk-sOC_5V<wU{9e_pWMl48Fo8Wq$hQ)E~l)O$N%&dgj_0QBMuc!{eAyho9j&
zN(a!Z$w1jz7pb96kghQ0FgtQIcdF7{rH_k<4OKs->l-n~?YK(12d$O#s5A~qH-lN2
z7GvB~#Z~Fqj$?{YnJmo33m7KdjqY%`K~Ji(_U>$R2<J8nP{H{`>0WiOBYR-PQ;xnv
z^_N=B0?a<9qOJnfF@rsb=kQ$tY5`8kb{(WosH^cKIvp3F3V=1z9lHdzTI!L{OX9i=
zcm8L8ynzZ}qw#l!+Lmi3;-w?({x6^mbwODQ*OyXwLVz+<YpEx0#M$M~{{`nGZ~0=!
RO=185002ovPDHLkV1lh#C@BB{

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-mdpi/yubi_icon.png b/OpenKeychain/src/main/res/drawable-mdpi/yubi_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..05c21c052c3d6a71ab25af5f2d2f7f39412f6a46
GIT binary patch
literal 1715
zcmV;k22A;hP)<h;3K|Lk000e1NJLTq001xm001xu1^@s6R|5Hm00004b3#c}2nYxW
zd<bNS00009a7bBm000W5000W50ofx2%>V!Z8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H11~5rPK~!jg&Dnd9msJ@D@Xx!b1uESXv=|~UV;9g+5gK*Kk_kg|
zN=-;iO>IU^Vg@hMScq0w<CVb~9W|}&Vv_|<wWgBOl#WITDVmI03N&^>EKx4IEWQ2l
zoLAoc@w>b~`7P_2IkUUxJ(uVEoagd=&dT##)sEBfTa0dJ-9Yv(6<d~NbMPH>VR@Ei
zCsbWKpsk|jzk>BR6&K-R^x!(|I+!<5Mfel24kzIm<XDVju?l~{d)|})a1j23S@>rX
zzUYr(9Da#4IQUHk0K>5o^YM6%@I_yP@wf`F;MkoFpso{VS(f34cp4953;tJU>L~mU
z58)F0BFnNfD>+}MS_AFR#b2;zY3u`7r2b9x2{W69*KqlunGh!7)g<s+@GW5~k6<=#
zX#gU}LQE9?a=V=np=yQS9na#+>F)>d67EUkInEQwtPzM`;b38Y_hb0Z1aJ$MAj6^f
zH%64cUxBUocoP7*aQZ`pe>`pg!)#gjPl=HEX-vgDEUp2#OERx_;>8vqUc{03NixB4
z0|o#ileW*tb9fME;LkMxc1!mC;TFOdeFHv&tMOkP)oB1l7`*~dU@Z2>G1vo#WLb7D
zWLegQ%kX_1ty&v~pC-^>#l2aUO|7`LavLpp&F9f;oA#c?g7o|S!f_YjgF>5CZlK(+
z#&ltVCwJ-wGTe+Y!v3e%fO`llFhp>keQ}C#(0c6&EK6&4OJJvB@AUoFq=dULJJ0hw
zDyz9kdl+|%Oxmtii@p`t;Bz8xbc?)klZaT~5Scs|PJJ}iO5u8koEZBER(TyREFDy}
z_X&Ev1{;$i4#0kbBW+Im&MK|x#$jpA+)hNHv4V_Ugmc>ju|SyG^EjxEhEB#Nd<;J?
zt^2)Tvnz3JC-T4);mk9IL-$n>{vX0`dN85MHD8RUlGe-XmkB@lqwtTeHw+*hbXL0Z
zX`=et(gMId!CDuzu+uIq7x|;Mu2`8sED_G#7JsUD*y+iZPZ3$UrwM?Wf_;9rw0?-F
z-riob?>xby?yIxUs$|9whyrP7RRG)719_g`i5d7V-X$_=Pwl+a)(QgnTxo2Qh-!1{
z%-u`<x?(hbBcjz9k?`Ky;LLulZb6gh`8|RgU61#Rx_D!qsf9rAE{#1RLg}w-=8jK$
zjBFsw2vKW)Q<Sm`s{m*fV<+Ned>xZT7A;@>m4b0z-(sJAgsIKY+$0PBbXod&M%zA6
z=kReN+AI|8vP>hEirZO_1Dot|hp_WGErc(6k1)fv*ky+RBmoY<3;3R}@pYxc&cY4p
zrnW2UMR}TwMAnLemwUIMH&b>PKoVq>sInH}2tmJdQL!B;oPLW4g*S@Vj6bEZvvF@5
z!uJY4SdH5{0w96dOS}gyNgxW1uEj?Mjre;S+bELLG?8_y3ZIMMF(LiFPLtfw7Jvj|
zxNzJ@MP_}nq_w+67C#av;%mY`+7bQ*ybpgZjh){y013oU{7lpg6GRMeN62Q*J4rkY
zY$}a!#mtTYNFcg!ZSsL*goE!WfG-KB?@hOOscpov57RpapakRs5#vu4bm5H(f0yv9
zK3rJZe}>>^xd;d+bre84<am+fF2R}lm!?(vN)aHQ!Vl`~KiM{4>c#OL1&|IoOeDOU
z@d?%I<_&_#%})S^HQ0YjNimzH{LnD~>5$PPDs|%{B96BLFbjtZr#-aA{xeHHu>tSx
zD1dax+eDsNo&;OgMEGX}n|)Hn(o#5fvHs4E14xJLD)`UpbQ9eT0Gue^q*iIcd206G
z^tu8D0zm1Yxycuf!?*P>Q*RU$WHaVh+;1d)RNCXx0R@l_Jza#^!q)G@k3|i!GzqdA
zV_NL<p>$J)@ar*RzyYMgCku+OLcCI(CaSoyIsFZz8mu28Ub&azoHT!So_9D3wE!_p
zR9i2n2=Xue=|bVu`_@@|LHa&kytOXJkev#k0jQz)VggivcpitB=Db5N(g#yO=*7g>
zzYivWl8|G?|Kth~n{i(Hc0(F_Isv(=-`c?zz64@-+Y`dY`qPp}Ys2lJ3tk7v7ep~s
zn=@X)e%s9-Y=IkqDBes9;d?Nx?%cr^wh4$m#GC30e6rEJ{{y)#APO{!_ZI*F002ov
JPDHLkV1m6yDsTV*

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-mdpi/yubi_icon_24dp.png b/OpenKeychain/src/main/res/drawable-mdpi/yubi_icon_24dp.png
new file mode 100644
index 0000000000000000000000000000000000000000..753f226079aa4c7cdcc71e6e166c0780ddfbf87f
GIT binary patch
literal 753
zcmV<N0uKF&P)<h;3K|Lk000e1NJLTq000;O000;W1^@s6;CDUv00004b3#c}2nYxW
zd<bNS00009a7bBm000G3000G30i_y`CIA2c8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H10&Yn}K~zYIrPfJ^S4R*A@L$aYcX7yNL`=v*P(gGMB6tW0o<xX<
z7;+GdirYb44idbWXhvLc!{8`UB1QxQAs`A09`vFI#RUcRAczPOObCf4nyAwrx(6O_
z7XSaTpf0bg`|J9u`l~0Ur0!UVA2G78^=7<9%_3qJR%0}dM8x=dOjB07`BYrPD<qu5
zNz52*2GzsI<9p04AgTBzbm7av07N-lL>#~=?88v}hS??2Tlf`k(3yHRHDE2}@P)X8
zrI>>?xQG8s+%$ZJ-*GS^hBsUTjKKvw!C8EaPtjSSsmGsUk=$Wzjdsx{v|((?Xe$<D
zdgT%?a0P$kFfL+OM6|!__JO?^hcEhxxsAK!_RsNJrfVlAVn<5p(Lf-ra$$e!gOXQ;
zj+LdZfp742S^pNhF>$~)Eg<`G1l<*Y^Z2E#x0Tpo*n<B`Oc%DJqu-aDQhI|8_!ox?
z2>gK;WqoNxOiC%e#6N{DScOU091$P&;-~hKTXCRJ_8NcTn2IK0CeG9{O}K%*18PyZ
z={kIXJs6HZaV#R{N5o=m#D}FGRqMcK5z$fo*h}mR$Xbk)J7qaW;B&NNRLP=lr|=Rh
z`lYBwSBqS{ZL)0CJFM!D<=XvRs9V)b>;?c@BiH0!KZkeAUDa9Qm&g*cpdo;=X&!#S
z<vswq3O%ir_+@y8DUIuT)~DmLUR68iC}#E%e;7BL8y<WjzxX}4j~#f3(Y3hgrEcFf
zKcTYv?!$?~b;5PDm-Tje3SPjNL5;x**eF@}p5p-~6yVc6o%CJ+6`;wuDi5S?9BsHw
jn*eFWdih6TNYD4TnM^8^E{v3o00000NkvXXu0mjf{H{>q

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-xhdpi/yubi_icon.png b/OpenKeychain/src/main/res/drawable-xhdpi/yubi_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..cfa799e74eaa845ee1736c7232b6786f8666fae8
GIT binary patch
literal 4078
zcmV<K4-xQ*P)<h;3K|Lk000e1NJLTq003YB003YJ1^@s6;+S_h00004b3#c}2nYxW
zd<bNS00009a7bBm000$B000$B0keFlHvj+t8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H14{J$8K~#90?VWkF6~z&Uzu^hU@{mnHb`V6tNJJnIV-Ocy2%;!1
zEQ;dpQ86ld6qR_?s6<Wl#E3?X8!93(h(<#qNDx<0TtWl^(T6NC1XOl-oj<C^?mOI>
zJ9m3?A2R3EIdAIDOjp%!rn{=Tx}Rr^p;(9Kd82@_z<6WK<f1iHjSsIF0C=8P20Q_r
z;jmu;E;hz2D|my|_$W94p6As79tVb}`FTAs!Wc8Xpp91JqedYg=6Rk6JcKp=9N<vk
zIX&MCnC5xjIK6iFVT>sl0rvq$={^MDgMl*O1fatCeJW7DknLATDx~qxcZ~Z-pe69M
zp3eZ9D9v!L`vmBev=OR306<@0iyCzjun(}<F|+}e0^Rj%xXa=H4>&GqLsVM;)YxCC
zG5-NH2IdEh@6!h0G`(*Guu=ItfXkCMMzsR~s0GYbBQ6J812aR6@6sJQKJ?K0eEvN^
zjiilIodB4qhTEjZoEXFSKD`1o0`>-GIsE5=I!PO*<N*i_x+8%zvoO9-p8*E~djJnR
z{JB8Wq>WRu00aiz-vK{z`txk*JK$t}?u`zAF+TtgDHr3rgYGQEwOo{=@qMZUuGHtB
z32asVe}Fzo8>wUfAa&6F0%!*83G@T51^$Ah8*&BWUSx1S(s|BC;H0DtRVo1ZgY0IY
zSI9MufeFaKoC^q3fjZi)eaSBFre<UOp^lNx4!NcVP)q-AjpTrG0b#CoZLNS09R4on
zrp7gXD`2e}VPfF7w#Y!dM&H!Uz{|kdh<7t7M-UbP9f5M-Rfj(X*fVLvRT%()ht1zC
z0_r-y{eo!kXF4)Y{5eMuRs+2h$VUQS$S&cg#sOfAD!m=}iNhZVY>Q#Ug+K!&O_2)-
z8-PLDrt79I0`^VXfJFrW36eIe!Z$nox`-F#56IJibAeNU-vj>&81Y7+eTJ_kinaq6
zYTIXF-PAQyb2l~0__crqs_47G9?oyqI>s3qa{sN)HJcE3^`;yF@aZ<BOFW8HH}%A%
z4Ot8TCO8W2ANcKU{q5NdUyuvJPZ1Y2PPY|BPwLANbW<-&+L#3c0O*fIrv|tbNtm6W
zzcq4xyC4Gq4Yd0(z$MC?l_vlO8Bg{?yt4%k|8A<8o0`sO4YB?E-w@yaW#A+Iy^W*r
zu#64BdwT6?J<oM84$?<RtkFQ_^!e4wO-*Mo-)~>5Z`f6iaz`OkjsE#1F#wpU*ACS4
zWd#DjAal$I0X2a~9sV4kVbaFU8UUn@$5-NXpf}dzFu+Sl|ND)ef0DuYZLz^wQ)EiA
zP{#LZJ#eJ9cay{a5ZEVa1IGpc=~LIJ@XsTz=8}N2l|UC@vco$j0)X*)%_Kd)i^2n7
z^d%XoZH#hWnx&L@O4~KoZ&m0`h|hj^h_X)sgPrr`qzQ<Sm|&ZJEe8Pgfv<}MfKS(H
z+s7gSoB>t=2PbXlNC1GYSoiQ2B>dkVqGTn~mE7X+Rv>AKIzV%z9&{Vh{rG+VbwxJ5
zPkud8Uu^zrJ<u;{V@Cnt=Xxp-uVO(4CEwIH`k?@SlLOpBUumGTV~nbxXOOX~o4y>r
zY=e_Fc$%JqzK-Bm0LR2sawam!c0~H!M-g}RPGA@|E!_t@gO&?bDtJqfa+l@UI3$W@
zAeq$m*crR+grw4wA`f@~xIl$#jf@4S6Yns<TZqT;4e%{ec+~)jC;BNsxg0YQmw37{
zW|jMc=XrI3{eb;}lYmo0o-q$N4oP3Uf|N-Dj5Wqg$Wg9>AAViVmq@<mdaACgNJp!I
z)Aj3V35-^m?n1t@r+{mKBY?g1y57L-kmoG|Iv_8_OoxAG(r>@t1-a!Ve^BNf2^oJO
z&;qHhex1x+O(l|vZLV?;Cw;EzD<ojs6L`VlKLV5`3V;gk7R;Wiy!#U{eoNpt0seL*
z?zj{<MBnCLB94F$&>C#6Y8c{u1)skT_&L%=x|2IEkYMV<2cRAD=^Lak?}_xAk5!TJ
zSF7<K3GkN!hemw9Cz3kHaJlj?2x(^%T48}W3qJpKv^z@#02SyUtgE;dTgg17$i}Zk
zJg*}H{D*<^7=378Y=E}~=&t-AnC=&Ko?bK7;lGb|Wr+Zw0`<n`dDb8SS}owOMFe1i
z0`0~gSq+egN96napCAEYC&GhC1B}yq&vC9>475oM02Qbo_Oo88%GIGTdHf))MSS(M
z9o{T*7#NXEtv@D=SKbpD+V`X86R}gTOMrHX0ic2(i>>|q5*hf)u`^+XqMNlnzuImE
zd2|Cv-H-v6=y|soGWb#R;n-=;Wk83-08rtFIG^S+WFn>!5_lED_&bmkbw`JHbY9Ac
zoB6RmtGDu2#gN61ntNa~!fBI?RR(|xe;PKmyF|Z)dZfCoxzaps!!I@2fHU!*2MFit
z^X}I3S7XZa9y0aX8TcIg^><DT09D|4?3hr249vBWIfHxvxJRG=sh-a+h(h*@dRx!4
z2`c@lxfSqlY`54YF#uGFpJV&SuaP(*7|>)(qmfA<|9nD3`+a~nkl<@T40)FU%k=LN
zS<2-{%`LGD4OapOBnE&g(gUg2H;Aj+4+++Co#i?W$)<jP9?|w|&ULHF&{ZKhpAGu=
zIXTF-R`qRzox@%YbSpFfu~*6)W99>gA>B|pl3hIB7;_~sF79)jV*`>P^N;!w*DiAY
zZiaX_QAbyxuIG96kO`t}k4C`XwXOchSkMf3&GWprIXo}?$f1vIht02V#bz!qCSIQ2
zr!l0?Mcf+EW^-(ywGF5jacwi_y4u*O)?8>Ul7H&twEqrJyUM$uGzRe_*Bxkq7Lo{y
zTlqE_`I7vF9M5EEvl(zZ8OjimqG1Cp(DP^V0Kgy%$$KJm4}O;5fkXjN#TsG*D1%IL
z_y&kmgu6nopQ`7}DU2KXratd6q^x~)3|ZoWFw)_TN)!N9wjQZ|_HD{{y{0H?hs?hD
z=V#<8&#BI{#sGr~V0;&ZUdV)y(U<JUi2|TX*CI7zdOzYFxlv^p4O0;PS-E+6%Hh{B
zZ9=A33!TYb2ON#{jAkSbfGS@`>O$)$k<Y&iw$3yiy|4HF44d}2I!75MIM1DcRAO(5
zXgePe?$y7yl4l8IK>$z#c%&9{O+#`sZLm>gI=VvdAFt<?$gW!1w0(WRK#hS1i(q{B
z#qnR5tYj@30FE(ka0Gn~@pSe^DiqQw^DWX{lmY*A-mGhYni<;KBVhbWWR81iNLz)X
za~)YDy|*d{Kn-&#HYRvS-^d2Y)L%M<rs{o-v0jWpmO2dq8V8<V6Nzx$+SN^J_;$#E
zSuErKS6?cBGpc1J2Y?!BBsM1a7}?^W4zhAGonn4nXFYbFfvZHiu{V%0B{<Wy8p#*c
z)@zFS_WS!Ct#o)fuh=Xa04n5QQfHbvAl=4OA<8|8j2kt{Jey^Z{{9Z6l%+A@wLyiV
zr&X`60sc8934jWF1k%qNB%JSx4A}RDDET&8*N>zD9>!KW`(MKnq>Qp$uj_(MYZr@F
z0FAW0$${UNl3~0`3;-3lH_~?+B%R$$`C%2)6-a4GJ-x0WvShY7sjD?xAaTdmkmnSN
zD$z7Jsf$=#x~OCUP{9wx7U_Nq9IO0Mgy)aeAzjfWNOau~7yw+2tP9I^Ly&CgR+Y6S
z;Z@!nfI~_a09Bv^wyW5N=2MUY+V85!nAy@y#6_+{=K1gyK&z4kK#korpom|e(~Hch
zi>juTNH^z^y7SAzh<oOfMRZ){0I0F+0xvp3KcH_}XLeqfmK1FV4p(`9?eOOyUfMN;
z&wqSC%<`H<08pjMNL^twO@V1nc+^~#<i{mv1-^)V939ReJm2&w(6(d&aFqC!BlKHH
z7gbK`;_IrWmyvGgK<wPcHsG){^7kWrVEzKwucQG`CC<l2xBf;=HIcxqs*V2zvRhX@
zQg?j`-7*bX1-dNcd0$0=kht+3B?dWf+bSdo^GGctFE(vOx4!}Y<nSlOkiP|XTZSN2
z03Ayj09B$7w$$8>6~>U=gnzCyM%z2f;eCj+OIQZ^qpAj%lcwl5aigbEqKor6Z$no#
zB6UQ?m|*c~inenAHubTNELYki3Beab+E@y-E@=Q%i5AGDhcEaI%I{Bp`;vyyVkBK&
zM(Qq&BXg9$CgIbei-DFU4S*_99{8Lms)4%dn^Y*{Z%4N>04{R)Q}dL+jBqDnA^P7#
z5;t^=H_1(1`>{e(?2J^t<gW~Eh%LQb12iju{54eObnQM^@&Kq39;p-V?;=UDTBPm~
zlnbo~_SSaX8rLBOl)t$HY>);dZs05wxg5LvbOq2;`D01HEHw`K#blkaDeWhUAp6N7
z?Z1?`VY5_ZAhtYkBX)XlFxh8Qm!dVESg&OrMcQc#ac6@vR3vWH92DtBYQpYj?WVdD
zU4s;)q58a&9Nzs!l>6N@GTfH9L332538||#ryzrK3sS2p!f1{@r<~OPZPud*vNlJu
zy+Ijv0PPbuW*&;wB(?ZzK2ii$23#4@C2jBxjjeDq!15x<INIqlgEZY3Q~F*|3?(na
zCh}Hcb2;tUxdi4LG^2^ED-I6cR~1O68tlC1MUV#W5&)>e1F*$dTaZ$f2Kw76NS)EE
z*kXXNJpK-JqwqZC$+UoR*7w&YZM*`4(1q0hWwQpjkie>YWZ&zk#NKy6|2*Uv?mTOo
zc86|+y%p%X%K@Ou*Vnh-EmQdzi6JgV)_ukCkT&^UM3(KBV=F&4qYKZG@=E{Nx2N2b
zw9$$L#Qx+zqqdcZm75{$x)J+0hd)z!pA$%JCvL1F12F{IJ;m>GHY2gZd&Hak-+}IV
z9iy!-&X@NQS}8~BKe#(#r~8sNQWXJFk3faB@;f1WV@Fj}SEA|g3~jiztXC_q3AWT`
zTH5=PHclxJQn{VUb9o%yiZjjq9Z9X&?v504`IXumfcCoq$PC0O*h1oTG#hA==Dy%R
zG3`p~tk`*>Z6>XBsS&bI#PSFb76S)4*LPs&n8K~*elD`Tq!lhjLh?6rBS6@S{6CvU
zL>G}QCqs7C(*}1Rfy48>+Q{03;SrZ@M3R8%jvdI}*>6O(6MM6cAKGDz*<y?tfvk7i
z5^`CX@j<p@i!?s4`wNJ3c%F9%@GP)z%v)w7>5R%u7w-N7VjRYpc}S(+lo*#+0K?-L
zA9e!}`!L3=H^vMlx=X4+-u#NV&)wYx<#2eO*8}nWdpd02_@8C<tla?Qc6grWA%WXv
gNS)H4Y>f}_e<I0m`-LDIMgRZ+07*qoM6N<$f^aI5?EnA(

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-xhdpi/yubi_icon_24dp.png b/OpenKeychain/src/main/res/drawable-xhdpi/yubi_icon_24dp.png
new file mode 100644
index 0000000000000000000000000000000000000000..05c21c052c3d6a71ab25af5f2d2f7f39412f6a46
GIT binary patch
literal 1715
zcmV;k22A;hP)<h;3K|Lk000e1NJLTq001xm001xu1^@s6R|5Hm00004b3#c}2nYxW
zd<bNS00009a7bBm000W5000W50ofx2%>V!Z8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H11~5rPK~!jg&Dnd9msJ@D@Xx!b1uESXv=|~UV;9g+5gK*Kk_kg|
zN=-;iO>IU^Vg@hMScq0w<CVb~9W|}&Vv_|<wWgBOl#WITDVmI03N&^>EKx4IEWQ2l
zoLAoc@w>b~`7P_2IkUUxJ(uVEoagd=&dT##)sEBfTa0dJ-9Yv(6<d~NbMPH>VR@Ei
zCsbWKpsk|jzk>BR6&K-R^x!(|I+!<5Mfel24kzIm<XDVju?l~{d)|})a1j23S@>rX
zzUYr(9Da#4IQUHk0K>5o^YM6%@I_yP@wf`F;MkoFpso{VS(f34cp4953;tJU>L~mU
z58)F0BFnNfD>+}MS_AFR#b2;zY3u`7r2b9x2{W69*KqlunGh!7)g<s+@GW5~k6<=#
zX#gU}LQE9?a=V=np=yQS9na#+>F)>d67EUkInEQwtPzM`;b38Y_hb0Z1aJ$MAj6^f
zH%64cUxBUocoP7*aQZ`pe>`pg!)#gjPl=HEX-vgDEUp2#OERx_;>8vqUc{03NixB4
z0|o#ileW*tb9fME;LkMxc1!mC;TFOdeFHv&tMOkP)oB1l7`*~dU@Z2>G1vo#WLb7D
zWLegQ%kX_1ty&v~pC-^>#l2aUO|7`LavLpp&F9f;oA#c?g7o|S!f_YjgF>5CZlK(+
z#&ltVCwJ-wGTe+Y!v3e%fO`llFhp>keQ}C#(0c6&EK6&4OJJvB@AUoFq=dULJJ0hw
zDyz9kdl+|%Oxmtii@p`t;Bz8xbc?)klZaT~5Scs|PJJ}iO5u8koEZBER(TyREFDy}
z_X&Ev1{;$i4#0kbBW+Im&MK|x#$jpA+)hNHv4V_Ugmc>ju|SyG^EjxEhEB#Nd<;J?
zt^2)Tvnz3JC-T4);mk9IL-$n>{vX0`dN85MHD8RUlGe-XmkB@lqwtTeHw+*hbXL0Z
zX`=et(gMId!CDuzu+uIq7x|;Mu2`8sED_G#7JsUD*y+iZPZ3$UrwM?Wf_;9rw0?-F
z-riob?>xby?yIxUs$|9whyrP7RRG)719_g`i5d7V-X$_=Pwl+a)(QgnTxo2Qh-!1{
z%-u`<x?(hbBcjz9k?`Ky;LLulZb6gh`8|RgU61#Rx_D!qsf9rAE{#1RLg}w-=8jK$
zjBFsw2vKW)Q<Sm`s{m*fV<+Ned>xZT7A;@>m4b0z-(sJAgsIKY+$0PBbXod&M%zA6
z=kReN+AI|8vP>hEirZO_1Dot|hp_WGErc(6k1)fv*ky+RBmoY<3;3R}@pYxc&cY4p
zrnW2UMR}TwMAnLemwUIMH&b>PKoVq>sInH}2tmJdQL!B;oPLW4g*S@Vj6bEZvvF@5
z!uJY4SdH5{0w96dOS}gyNgxW1uEj?Mjre;S+bELLG?8_y3ZIMMF(LiFPLtfw7Jvj|
zxNzJ@MP_}nq_w+67C#av;%mY`+7bQ*ybpgZjh){y013oU{7lpg6GRMeN62Q*J4rkY
zY$}a!#mtTYNFcg!ZSsL*goE!WfG-KB?@hOOscpov57RpapakRs5#vu4bm5H(f0yv9
zK3rJZe}>>^xd;d+bre84<am+fF2R}lm!?(vN)aHQ!Vl`~KiM{4>c#OL1&|IoOeDOU
z@d?%I<_&_#%})S^HQ0YjNimzH{LnD~>5$PPDs|%{B96BLFbjtZr#-aA{xeHHu>tSx
zD1dax+eDsNo&;OgMEGX}n|)Hn(o#5fvHs4E14xJLD)`UpbQ9eT0Gue^q*iIcd206G
z^tu8D0zm1Yxycuf!?*P>Q*RU$WHaVh+;1d)RNCXx0R@l_Jza#^!q)G@k3|i!GzqdA
zV_NL<p>$J)@ar*RzyYMgCku+OLcCI(CaSoyIsFZz8mu28Ub&azoHT!So_9D3wE!_p
zR9i2n2=Xue=|bVu`_@@|LHa&kytOXJkev#k0jQz)VggivcpitB=Db5N(g#yO=*7g>
zzYivWl8|G?|Kth~n{i(Hc0(F_Isv(=-`c?zz64@-+Y`dY`qPp}Ys2lJ3tk7v7ep~s
zn=@X)e%s9-Y=IkqDBes9;d?Nx?%cr^wh4$m#GC30e6rEJ{{y)#APO{!_ZI*F002ov
JPDHLkV1m6yDsTV*

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-xxhdpi/yubi_icon.png b/OpenKeychain/src/main/res/drawable-xxhdpi/yubi_icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..f20f562ec5c98fbe0903e746536b0b52d63ab357
GIT binary patch
literal 5808
zcmV;h7EkGkP)<h;3K|Lk000e1NJLTq004jh004jp1^@s6!#-il00004b3#c}2nYxW
zd<bNS00009a7bBm0010h0010h0nO7{<p2Nx8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H17A;9cK~#90?VWj;6~(o{e>K1Wf?+hE;tIj#X@HoB+Y|R7?w}7b
z8bM9`^l6N^?}!>T8coy~pX3>%4>a;L8sipsG_JTr4DRBF>%@hfK?bJs$2m<`*X?_6
z-+TMszB5dH-}&xLRd;pOIj6hotYxgVWL1nYdjVGflYwikwQZRVW)&?a3kER8^hAh0
z-l={bINDnKO3eqf3YVHQfH9^KxEmN5)4UwG95~NfyS%0YTSZGv8Ne9R6}TN3UF6co
zfw9)wFRDJMRlGFR>Osbs24D(N;(rM24_pJd>;Epmi^iC(YBj!9wpeSc4uApv09Xg6
z0INIKYzNHpu4w_r*J6yTD%6SrF7OC@qcTMw<n5oJ*L4FXB6|V%`m2GiStF|>LM@1Y
z0P=Ych&c^edJX|Tck1s0`sqDC1itc^;BjEBtP$4HpxVUW0$AV>@h+e%aGXcn06qhL
zsP}#c_@~!C2N;$$(mE1UllV=*I}Y(41sZ`L0W0z_fYr}`uq5<Cqy~Rqa9Gxe>nKny
z;x_>IJ4AaQ_%<T@FDpQN7bXYmK5%vn)0~?%@;U-kivfP=5NZjqC9o~9C?WCPuf`hM
z=ib0Pul*05o5MO|0N@~xNQVMz1D}>i`~cntHr2j21>W%5AHWeOJ0U{`0ET*R`EP(O
zz++_+KY+P}o5ODb_j>Iw1M6mu%=QRr5`RtLJ%=cdDe*6<koW<#0>|pJx&YUC?Q?*^
zStGQ)L0ZJ`0zB*x<3pe?urE;^KpOB{po>2D46pxrz;0P1wLL*v3~+@*gcjfjz(C;Z
zl!+g}UxC&1*@pm2owjAbxU3P|ULXzPAL<cjyw)FtY|!Rbi3w&9Y7TdfVYW^&vDyp(
zd>;|>R(_sit}(!W07oKz0Iex9!E9g?ea_~HzQJw3o=!2bIt+lU@gF+Kej*97fprii
zPg;9}FM#cwzF+j({|5BV8qxI%l`z0v4w65jL_-a*yWW=u6D$EnYrnnd6cek<0KicW
za+d;I=ece$a4BN`y$6^Ij0xUI#NhLBN=&c<I9~gW6B9oKzMD0|>kY~w{vcqXgV<AI
zt{I|lVZP7&QpESKE3g^RoDvgQ?Kg0BixU%f%^K<T1f>$c3-FAC(CGoPoojXm<|ic9
zQ^0!4Fuwi25|{>b*YWsb;x}|!6U%0RiQe0^q1QeF(F2r1tY&3`tx8~=B=7{GA!%oF
z#l&;6Mt(g&Da7BJs0cUCYwtzwrfxCtEb#xp(*@r0JGGBvQe*%NycRGionm773;?VK
zyyYP7_Lyrf^N@Ra@CG{9bOlBMufz~*f5eaAg_N1#Q{emh{7x~kOa{2lL+H1?_9mi^
z9ytu+UB5;Qp{Hxx)}(JgSOARF{^P{Ne*pcnCPrN{0I-jTtUY6{8RN8n?7#VW`fWng
zxxsx4fd*}RI%Nj1$ntfh_TMQcCSd@eA5qWUYqh?=cb)6=e|h4Ei_yp>!eFgGy9x{t
zz$EASzL+?dRZL7QMj%()_ZG4j=#SXm*LJRZ$+_;l5*VO?sIh1dt>3MR3}As92>lHY
zK}5r#ZIu!e^M-~QV}6Qk*g!mW$073cEx-oA&z#Gx^Y@~Befq^pIQWxJ)o1#<X3{>&
zEI$G6HOBO|*4_&2fiNP7=kioz%sEvaLw%GyZ>F#9o22#UIdxwEJ+=OMr+#8dpCGu(
zxwo&@oj|&8d_GvY`6FIToQ&>EIx55w#Mk!CK*YD5$qm^$M(=Tb{^n4EYz_Qf@B55U
zh3oIqs|g<fo9lDq#KhZy#;gfdO9nX0nfzkJ6Spt%Mw>Sgd;eKp{h<kozX_po=@PA5
zH-^!w4POI0>GR{n#7F3$x&ogd>nqWNiJzhMe=dN$eUT6_x9+8c3~;Aj-v$iSx-)7_
z`~a2$2kRK(#KafSC8{HVPmo)k3BQAEh(;Ab-1B<x+g^P^aS*uDx%LLF>qhQ6TuW#J
zPIbmO(QAJb&;HTg!6nF!-emU!RwtR$#%Lr8*ssrV5sM-IbA*<=v~2<9!fy!oBgYaA
zOZy1jGjs$92-1Lf%><KtQ0sq}5Mi^lkN=Bln*p2&3<u5uUUk}L6Yj#hBOA!9i66jJ
zpqq|uEKyy-m%uhz6E95$aNoREL?jwU;V51ou2d$NL~&jIH^47YF;d5HO&t*3hx-ZL
z&qolAdRhdG$eMr^Gk_A!{mkE@4O7ZM*p-M>Fc7#9(GPsCj5HhB^qr5!`ss5F$-gvN
zz_Y0F3)lvE`&~vJn>7(D0i&G#5Mddqll~l0{gzthARak)0G}XE9!spXZN?Y_^hV<Q
zHbnLgV-VlKv`RDb=01d2F26?n5SAbcuFXBz6xsC`DsLdx#E*<In`__eYg-%Qi+Ej%
zbEs*#nUJGDLB0s%NcSyTfoK*>SyD=cmymsiDdi17d=l?W(ErNKAHuwEdhLmAAoT<Q
z?>dv1jl7|KVkTIx(1Pd=f_TAoffEsLpF0r0#hJ*L=`%$AdpB@8Fvvl~_Jmr=eDD=v
z3_@RWeHwmSDg$N>Af7nxB&KS^rc^JiD=qj6F)8;zHnP(x{VVezu%3gE1Bfcad{_+Z
zrPuaGw1jT^EvWR+9w3;szu`Md>-V7cYT2alCGb7Oa`;r9YgQ;zTm&4Ch@-a=O<WZ)
z(m@Ur>_JrQ^Pv^>iA0oTzNU1g^ib~*Ot=YI|APrE0fuPXk!8G9)rK#SWE2|$ujjeu
zdh$dAAuef?Vu*Ybnr#F)kiyL02Ar(dHUPi(+MgkTXH?eUB4rn%F5Pp00ory%9WlXj
zU<c&Qk26p;1N$eMyf~itd58Yyw2!B_PUAA?`is4`S^1c-Ucg7lzC@in-vidyw!`a$
z3C`8=#3_#Mrt}!aA>^vNf9|wjm0(Oa5_%Y&=rPUvXasXTLL5TIdW3!(SjTxIvSfnk
z$me!2xu55g%SM98^lnnh7GMi)>rXVYC?DKI=pZwWXbeR&>Y83}kPjh8dR+V(VKRoS
zm|zLITPJtteP+dokbQw`i<pTzf&kYh9OF}j(MbCc&7JTyb(rO}5JHakCN~pU)8X)1
zGr{ll*?W5RSEPmv*wthFASu;GBu{WT%VE^vL`CU&)R_^f7(&kUCieo+N81jgb|PXc
z;f8dYQ~w4jyK526cl4xF|Hl%>`vI_--ZvCcKm~2{f$g&<d?E(W3HUqPX9(l_4<+4{
zFZtkRectLsKdY(x@FQmFU_a0XY^3%3l{n@v(7XwVtz)*+wgA{6YvLzj0G+_q-sB!9
zG?R`Z*(RwH*jJx*xKsB;)sP}@ZSb5kwQj>Q#=Vd*)?poF8FkxsYA+065HA^ba!(R2
z2fLE1T}umA08RRwhn)K3s*0HK^pbx%b>*nWmjQ?9{e6hq8x{e()I9?@2sqE1+&>7V
zgJDE%<!Ql8=M8fA992C$f~ebC!03;cIfpjj1nr{-QLp30!0zpW0dxW<5Zx)i32dNk
zo0DG7p8&4YzQ;RtUnU%D4`l5=hZ2=BNOtnzd4sghUkXcwi?pBaNDjrIehIo%)I9^}
z1P=G!#t#WIdT&Iohj1luvG#kSQ#UK&IB#?ASwU%Wi@gX%ziqTG4VU%*MU+`Ri3ZfP
zpjO7ZX8=XU0Yo={&A^u0wl>iXPbF}c_USG^(-VxZA*QdnK#zp;Yb2C#_SU+~Q<~F_
zI=)^+EtyNv4R5WW>~jOHwSPfu2aC08EnvDaW(R9+Gh$qNy4?Pq67=84sare2_}Y-=
z$SqBX`+JhI1ribma@q;V9MdRAAWYDLEHy7^eRtpvW6W+TJ*Q}?=-^0e?IVa!;XJKs
z0v<BPjI`FyL+t7gR5nC<=<m0jx`FCnSgf2CQ#U8!bB8*A_tf8h3GYo(#v^X@ixEG}
znOffnOf$x8km9rQmsHjfL6)0H;u~O$wsj+_y(<+aYd?Od)_MuY=4$p{Ct<X&ci)a$
z=Le3a0k<GdseOsYOw2$7W~vG4btHkFA2<_O4*b+vk0+Ojpog^&KUGa)B?^+3_UEWo
zGvPf!`kFT2TUwV^YFi)vq)gDCXwuBzw;Kjf1g%f*nLZ~w?Y}GoIdk;hMxxFeXH*R-
zQMK=TS~s{##1CK^vgg>_tN%&6VE{!`KSV*~PU06%`)Oq$CvZ=5L(e{@3UT}TCc18B
zK@P)TRha=SBDQu#yo-an7GSG(!vKn`K8UK=o!m8q0hdQnnmPG=y>DNy{)j4!-49Sb
zTbbgM62@Bz{2B2!b{$kcK(&$Wf&mnfJ&`1g?&PKrx=xLuu;;A{uj)PBh;GDQB}G4c
zMZ9aeorm}yj;s;!SAKPnvld;;=c#GUvnCAS5bQQ@a(5AigYQA|!z4%OJsT6vUzA$T
zUvgEwfhF)yHD&+{{Dr6~{#~k&uc)dFpvY@LT(sTEJxb_Pusz8RmwMLe(+^#%_>d^X
zP2BDCW8^Eg38g2%P7CfQ>WP&4UZCm>;2`)4Z*nsTUCf3M{q*L8eVqQLI`zxYgC)xx
zoA3E#k$p-d)sg*^!UaUnU`|~ks2Kw&qR;gvIEyer#2}&vPsYLfguVf*6Fr@LDG~vc
zI3fqpGM*pvoJWw2->)+yej6~r8^bm2ngJB)#}hRtze|`PYF(n*usFEg>1zPFmd82B
zk#%|3OXSV|8Sy*&=a9|dUZkJ2x)cbqv|Q+pt=%(#PHG%cbMhyIe)ww=O(Go!Zs0~g
z;y=?15D%hBNSN2rNLG>?$)AemPQ;$E4)CuGiQhsPiay<`UrNe>r<pK-PHZ$$bMlvj
zPLy#`xBlnx7^kn*i(Fp}<`D+OHjzKrv{o=d$I_Erf6E_q2nNsz?oL#sTY&n=A*Rt{
zi5pIE`f5Z@CMgBcbAVF_b^Qa$A8cAHc!W@4wtGzb|8y7z&`EAbR19nZ_S3d56!*uU
zf}<rv@*Vj02p?VsevFgSR>zU%>1E}>JVN)n2ISl$|C(=5SM?6T06JM;3~U8{?6mu_
z32|@oUe5Imh<@RGBn8gx$l8A*UQh<Ihq#*LTFGj{Va~WtEpXip9f|>T!W$FK5*j35
z3fhmOxc%T|#9y(f9UVET?0lk2P?m7BGq%ALj<sk-Q`J-o!CF%n#Tc_5@G#<C9F$9~
zwP$JjfrtY|kC@xtG9Qr)UPKP4YDLu2-H`*YM|jW3y1apGfEOEM8WAaI%OdwQBhIQx
zJ)Gi8)^C2yo7oqU#a)h{LYTF4ILTDU?FAO&oK=J@RY~uCg$lEnXHM`uOt2afZ|_d_
zK|=e%7SvZ-*-Bu%Gw*WFO1g&%j6|6ey8sh(L44@l$-YFGtYUq_@U8X=*E{naOH}jN
zjMyUzWh@I|DrFvknK_{oFv28nvhNWFp)?UMDzyigiN+`Z+Y+@nE+^E73?u4rn-Bg<
z!kCA4#Q=(gqll`Gza&i9*c}n`vL<LLFdq$7Ln5hs{lh8V{0C56w_%Y;qmuRnnG?4J
zCJ2I1g2^r>R2Vf-pV`Lqf$K8w+dXc}GygS6_O)ASX75l8ph(yjNxTqDb~$jg(;jEn
zuQ#~b8Lw|{ew_kuF!Hs#HNi7pC7}y^=0q)n2{s|uZ{R|weLS_vT2c<oAWS^vXB=68
zrj;o&e*;{akO}&AI0jH8tWET^QcLtS(2>-ShA)7x2-D4Mp#Qt=2bPF~|E743rdKGk
z9Ar++3Yefbq8o50d>_zD+lP_8aVLN_!ZbHs$vqtVvNCb755>jA7f~;&4#fb9fNta_
zx_+K8Ysny@$(gc(OPw+MpYKP}RQF}#U^pUG6ng%1Xb$8K#Q=%`LvF~~JA_$1)*?5r
ze=Xtfgl8G-NmSYM5ee4m1UT55+$F__r_irshhhK+3C9z)7B-`qIgvyRevnEnpczdT
zjo3I`38sw{a|0nJ^<oO6={N^<btnc<BpgUoqqd0faEGqsrgX0+tZ)fTZg_j_nTi$8
ze^ZJ_Fh7K2F3+53RY1ayM6HFbz>!Y-1ZtDv^w-Wahj`C?%YPG7oc{o##{k8_RUMWA
z6bW(G!gHPWy(qqMss!G{iBCW_dO_QAVB0Fse>0+Sg+8oYeljOk6_KzW(Fj|M=n4Ww
z%oY?6L@5_WIO7=YwOv%B`A;Y^#yLQr%n4OxB=jNbS8tK9^*~JQOYxJ!N`;%8=Qk1+
zLtmyw2TCE*(PKr%dQ#>@ssSRp6OALZNW6WJbfS^cGJzL@R@AFk`##-iTN*sGhI8MD
z!Wz*TnG>jn$T)+jn79xa<+Pth<!2yFbNcH~bf0l?M)SV6z<58(oG>*;#{S+L(S|0X
z)b{;~yfMXKnA4Y=8Erl#m}pa;bD<1vH)Kwf3=lGesQbA^Vg~~6oS{Usoh5}^ooD!`
zn$%?D7c<w*D4c*}|I7)J5n}q0o5N@ZVW|3AMC0;{K?|X!uP3>3`1fi&zcqoADJ<%~
z3Yg4^ks%W_B4VM7l#g+;Z~zCB%pY%pbI&C)?Hkl+PCbzv2}v@V{K#5M=7h)^^i6R$
ze@lR|PJ0vLot!UMz)8-vLy13J>KUq>^^@F8qlMrN)RjDQ0@MSLs~K!VER2oLHN%NU
z4*Q{N8&f!y+>|Pgzlq%3jD_HUmG@?i{CWXIGwAyc%p$t8Zv=Ki&Q)}eo*ziEK$VKm
zH_S8kI6uL;#3#A9FLH0zh_5F=(!x*o5Vl;u2C<16k$i`xgsPpC@|bsydBz_RXPNE1
z`WE0joeWSIp<R(=R{mPP5II3~7v$LbQOH@vNeS;l;*(2?jI|57_6}FCaje%iF{h8L
z5niu=MCZOzCV`W{<tdEu1h3B<y>|DMwYP}bh-QxHdIn_8pGbMf#U+8slo{BG=qlXo
z>7U{_e**vIJu5bkV&+J04}c`0It@8Q+Z7oXAxfX8krcS)IH2B48G)VTW?voSwDl(H
z88j_#KUpKUy#W%sz8U#9g&QOOiLaHw1oxwfsuGT20MX!=ML1?=qFGtzqZ-am2B<Bg
zG$N7BNpla)LJ!DJ(6@j3$^%Z@D5CCX6AJc~HKIB?Ao_)85;8$EMNSq+Je_=|I#1h%
z6IBDhK#`b(icSsdEX9kp_H~3X7a&9_RDz@T4lQuaX~@^bEo&HKzKe*ZLH?vg$eG0}
ziVd(6YWFo5OJQeC7cRh)5ReqMard{9E2$((p`STYRy9Ck7Ly)7^DLS`3i0uKAmM#e
zla8mZ(!{MQ#Tc_LlG0^Zg3Fg7s%V28pIfZVM)C<SOf;5G2FRuuV|oHNA<IHqr4{&3
zYwe3kZ|K|vW>l=TE!NtDfs+uzrBTi<h4|3<1*nT+jM)asbUvVhZXQJ9AWI@>Cj-<;
zF~&3@OTwr!Zf^#LT5JDR>W!UCK%Eq8?L2GkXv9UWlqF#qBJY<>eCYfF)MYWoY>O-j
z8x^@UkoRvX_gS4^fI2MJ+8Ibz^Sg^&dS)fWhfW5l+hVPqYporHB)xdkZ$?t%{i@RE
ubS?qypcrGi07oD?gF(RQ*4jJM==<L>r{DY1Qsx){0000<MNUMnLSTXl3f+|e

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-xxhdpi/yubi_icon_24dp.png b/OpenKeychain/src/main/res/drawable-xxhdpi/yubi_icon_24dp.png
new file mode 100644
index 0000000000000000000000000000000000000000..9bae15a02619d982dae62e2787e242879abd590d
GIT binary patch
literal 2854
zcmV+>3)%FEP)<h;3K|Lk000e1NJLTq002k;002k`1^@s6RqeA!00004b3#c}2nYxW
zd<bNS00009a7bBm000m8000m80W#Imu>b%78FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H13ZqFxK~#90<(zx4RaG6wKZ}bX5A^~$kPP@h#CR0<q9dZ>C@H?M
z3z-3h;y|ESG)Oi$L8ue?%6v5lMFycViIM^a7DkTBhy?|KfI#vPQK1{$dwJapclF2b
zx7wS1&pzyZ&OT?~p*8cHIcq=G`mOK!t>5}R);`8sOFqRI(*&3R3<E}5YuDw~U}G!R
z+MEe6z-+)O9Rx<@(`I9%CVArfEO0we155+zfmz0w=Z!I~^K83Ol$-%F#ykX!1wIF^
z2Q~nGf%U+*fK|qrFDJodswKyzH56G=TY#H^ty+H*=nVWu>xY1`X)lw!)JP8Cd<8h5
z;9LTHjHiPv@Db1(7^%-$U@p)s?ZFltAfTNBPy<{Ad>8=7(E*jR9>~(Oz+ZqiX%Dzy
z00AYyG9BzUfj2_H@zbNg>A*a#e*m1F_Mi&|(BnGDhk&UOz;X0Ppe^uIt?vfP(;j%D
z00F~wa7%zbz>ydLSzTu50AqloKs9hf+JjF7AfOB}0Jk_D0<;9K0G^2f)^4C2F$t;_
zs4-~+kQYF}X~-5{4fM=#-vH+VFGmEaS^+8tKGAE_0FyQlxdQZS9mH_owcCKd1BZeA
zz<gx4dM+YJb--xgY{aOv!1FXxGawr{70UcPpS1iki)0MO+pVI|gFqW#xz_&-l%@?x
zB!GbSz#ha1bb4o?4x|Qn378Bl#WM!?1Lq^IM^unz1FckoEU*sfoHi&?0D2v9Jg@Ox
zTZ|~=K7nVu0NZtdKLe)30LYmEXQ(c+s+)SJ4NNFNz@5tIGeBD(2*-dKA%J$*cUB-a
zPfbja{sElD@n*olw83cr5O9GmnT^WuCS7jd(1AP<+7N65*68oeF#)o`4xlHV8Bj+f
zh%Nmu++mDqiaM3R2w=JbcDFK%f)-Y4ft|*fPKYjwTRH*nAiLw0hz^`(jG3H6Tgerl
z1WZC^@_t}E-puX+y6NwOK)VdmbBW#`g#^&zN{^q8AeOt|40tTnC59-;O5igjp0hu|
z^!I@G_4iz$i4UAoz4tF<M|w3+fGn~>OwzXB)@w8U{T3UbsmjC;kew*V@NUEy+@<x`
zfa{RR;aXs?-tVo0%NHO=Pa<y3BCXE@nidrxouz#$J>8HfU?yf?LxN?`A#tF3#0{AN
zoT>EB1i^9iBG3YuqxD6=sl@`wAQtTu;9do2G~s0j;&*+dKpsPuXHUfP{z8^_U8zQF
zpS8dm1@%-!0=ol4fM6{94d52w0pK3Q`o7s(TN9zbyvrtJW-5qp<i({A5h=V8cnXn@
zrNEz%;My&S9W?@(1pm7$kqMaOtG6x25*wr)Rs$C)qlExx38J(9?Yp)c_&x9fvdk^w
z-V8t@34aZ=u>sjcMk5C0TA)KQl(cg~KL@%Z`K~0vnTu@Qby}|kZVk*-b3B`?9+;>S
zvmwyd$H;OVjMz+@DPS1aG1pXQ(jtoYi#n(zz}br!oRwN%4s^^S(gT4im5@snjAMZ|
zD}jDU;-CuH33MwMK+0G%yg>YFBowhA0f5FLR=GtKa;pgI{xSt<E3(bMl%d@Nh%PHf
zB>yuC;N%7wYl&x=EdyF3N;Fq+R_QW1g6Np8F_hzj+Qx98S4jJHNC2-Z;tT!<=vOd+
zl(EzCl;b=FX-SR%Rj346VrE#8WxpC&sP)|;ebgfcZbu}ZRD&-}lQ=-iOeyfLGVr2G
z*6(rv=zO0<MwT8QANQ#AwdBNkxW^C^VFjYRD+&gXZ@D?979oCCSjaUK)v7es1C=3t
zj6(F&g(3Id(&~bjm&-=85#9M7qQgcM3?OB&8D7R>IbxeU5)q({$ZlwXw?me)dv<w9
z|84aCrN9#r`+XU4dsgY>j4K#G%47*%#^QY>KR+n~qbu;jBpWldYw(uwhLFCm)cXU8
zXLc;m$#K5n;DQ0<8_dtOvvu0}SQ^?Vema0eBkK^I&>&QyGd&X+8q)7XZR<SZ@20OJ
zLAb3*_$DViDc-~IW9@t^k}w>K=$bGlFUHejSH$eA1>zj<L-b)VMiqq?0{wN8)&s2z
z3Xn2B9$DMF5byhXB+{6P!3n?}`g>8#e(uxvUPpYmxZpTi4E#iY&nh@T%KYufF0mJJ
za4*MmHvRNB;1u931vOHp0@<~k#PmhH{agXED#croW#6LU0O=qq5ZzLRDAO{;+z&E$
zH=+wF_1UaPUl4D78=f8+6f)?z<Tiw_6$Kz2%vTZ1^$_A0U4WNFbhHoXp!bjHEKUZR
z2ihtDzU_N|6{5rTCIHSh;9C9ti=qLf1M92OQHv<;PKXWUXK)FkXa}eiSzSU)fv162
zkf6VNei337zm<^m+=}P&yjN6!6r^5=uXGH_jygll&*W+auRH^Qj#eVa`+6cLNRj}@
z9lmgpiCSXh{}Ta78R&u+CcPK2l!MCkQ^e>i0j@@Dpr?Qzp<XyJj__SEE`6es`1Qc`
zj4AYj0;GfMh#b_ki1XMC@62=%s9ym$DPZFeU+bNOfUzpg0}#Df6}VSNMC&?HfE1*5
zzJbn148Exe4m>JNLG)f&DykN^sptSHNX_xWBkv+Xv)jmSbtg$nk<TpLxuf;K!x^4C
z3|w1ufD|Ny=lO3&qJ9I&Y)~diJ9R?FX}t>d!+`JLB@P@N1g<JNKt7=E#Iw5lAv@HL
z0)bPDghu>Fm4^iQamQ=?@6`a8rvi{Nb%Qc>2svwX7P9Rp4bTK6)9XI2c_f6NavFwk
ztAM_#0HjQnA=_>}Vg|GZ{*WLz3y@{)?437(k}Uk3L&I-P_5l~A0+2G*8E;pajwth)
z34pUjCFlEE-vyi*fu9aYe9PZfB~X?MK+4n^cpt?qR!O>#+>gy1R_Q!fe_LXlZ$uP&
zaJlaVdZYr7GIa``0l5l^P!1#hHy{?6rftr5l9>ZPr5Pk?MQQ-~7@MlhY)4Ye{qa)N
zQRq`7k<ef3n~9LQ4dJDXhIZPJQ~^@PoB_EHv6C*O;n9~c8jTo)E`yO*RuyrN{Ozw#
z9Ux`wY6Ykk`INIg-kHcSTBG3HrS)YA@bSYy9}80l$H!a`ykOb=NTM>+p#?|RAiI#W
z%!lRCw?TAZ(15)$bzlOFcEF1x%|VoT1r0wOepH|Le>{^DK!`*8N`?v84m3#}lne~F
zLbiX4<n?<Yv8Bfm2Y9?Lt)~M6ss#qc?5iye1AC6{vNq*iEDPf$J^+p)X9C*my;8ix
zUYTs7>tggXL*LtjoLF-?yp?F8Gj%XdFo4VOLa)_$UnypzL%@ItZTCTfY6p@0UQ@&(
zKT4XGbPgc7ooWkW;npCo#3sU1-v@yHS=uzn2@nfR)N3xy{p4}arVT)z;I#w3i}z7q
z5TuO9Uy$^YRe(#8czQLm8Ju>~0OT8R54>1-kf!7N9u_a>?=0{3DxH=LNyXF$mmo;3
zIR3wk{InA2q|Z$bD0LU|cs66ZX%DObK#dGpa(j>y{F%OnTt`UG-e{vIRWZhNM^2i3
zDZ=B2fs1X(UyJ4Y4^)k^SZhB(^7=1Cczj|QIIgjinvhhu3#0{U&WYYXDVJEV7-Py1
zH>IoZ@^67VthM!7-~E382*4Oqf@D|5B7wFsCjtlHzqion(@<dJ%m4rY07*qoM6N<$
Ef>ov=3jhEB

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/drawable-xxxhdpi/yubi_icon_24dp.png b/OpenKeychain/src/main/res/drawable-xxxhdpi/yubi_icon_24dp.png
new file mode 100644
index 0000000000000000000000000000000000000000..cfa799e74eaa845ee1736c7232b6786f8666fae8
GIT binary patch
literal 4078
zcmV<K4-xQ*P)<h;3K|Lk000e1NJLTq003YB003YJ1^@s6;+S_h00004b3#c}2nYxW
zd<bNS00009a7bBm000$B000$B0keFlHvj+t8FWQhbW?9;ba!ELWdL_~cP?peYja~^
zaAhuUa%Y?FJQ@H14{J$8K~#90?VWkF6~z&Uzu^hU@{mnHb`V6tNJJnIV-Ocy2%;!1
zEQ;dpQ86ld6qR_?s6<Wl#E3?X8!93(h(<#qNDx<0TtWl^(T6NC1XOl-oj<C^?mOI>
zJ9m3?A2R3EIdAIDOjp%!rn{=Tx}Rr^p;(9Kd82@_z<6WK<f1iHjSsIF0C=8P20Q_r
z;jmu;E;hz2D|my|_$W94p6As79tVb}`FTAs!Wc8Xpp91JqedYg=6Rk6JcKp=9N<vk
zIX&MCnC5xjIK6iFVT>sl0rvq$={^MDgMl*O1fatCeJW7DknLATDx~qxcZ~Z-pe69M
zp3eZ9D9v!L`vmBev=OR306<@0iyCzjun(}<F|+}e0^Rj%xXa=H4>&GqLsVM;)YxCC
zG5-NH2IdEh@6!h0G`(*Guu=ItfXkCMMzsR~s0GYbBQ6J812aR6@6sJQKJ?K0eEvN^
zjiilIodB4qhTEjZoEXFSKD`1o0`>-GIsE5=I!PO*<N*i_x+8%zvoO9-p8*E~djJnR
z{JB8Wq>WRu00aiz-vK{z`txk*JK$t}?u`zAF+TtgDHr3rgYGQEwOo{=@qMZUuGHtB
z32asVe}Fzo8>wUfAa&6F0%!*83G@T51^$Ah8*&BWUSx1S(s|BC;H0DtRVo1ZgY0IY
zSI9MufeFaKoC^q3fjZi)eaSBFre<UOp^lNx4!NcVP)q-AjpTrG0b#CoZLNS09R4on
zrp7gXD`2e}VPfF7w#Y!dM&H!Uz{|kdh<7t7M-UbP9f5M-Rfj(X*fVLvRT%()ht1zC
z0_r-y{eo!kXF4)Y{5eMuRs+2h$VUQS$S&cg#sOfAD!m=}iNhZVY>Q#Ug+K!&O_2)-
z8-PLDrt79I0`^VXfJFrW36eIe!Z$nox`-F#56IJibAeNU-vj>&81Y7+eTJ_kinaq6
zYTIXF-PAQyb2l~0__crqs_47G9?oyqI>s3qa{sN)HJcE3^`;yF@aZ<BOFW8HH}%A%
z4Ot8TCO8W2ANcKU{q5NdUyuvJPZ1Y2PPY|BPwLANbW<-&+L#3c0O*fIrv|tbNtm6W
zzcq4xyC4Gq4Yd0(z$MC?l_vlO8Bg{?yt4%k|8A<8o0`sO4YB?E-w@yaW#A+Iy^W*r
zu#64BdwT6?J<oM84$?<RtkFQ_^!e4wO-*Mo-)~>5Z`f6iaz`OkjsE#1F#wpU*ACS4
zWd#DjAal$I0X2a~9sV4kVbaFU8UUn@$5-NXpf}dzFu+Sl|ND)ef0DuYZLz^wQ)EiA
zP{#LZJ#eJ9cay{a5ZEVa1IGpc=~LIJ@XsTz=8}N2l|UC@vco$j0)X*)%_Kd)i^2n7
z^d%XoZH#hWnx&L@O4~KoZ&m0`h|hj^h_X)sgPrr`qzQ<Sm|&ZJEe8Pgfv<}MfKS(H
z+s7gSoB>t=2PbXlNC1GYSoiQ2B>dkVqGTn~mE7X+Rv>AKIzV%z9&{Vh{rG+VbwxJ5
zPkud8Uu^zrJ<u;{V@Cnt=Xxp-uVO(4CEwIH`k?@SlLOpBUumGTV~nbxXOOX~o4y>r
zY=e_Fc$%JqzK-Bm0LR2sawam!c0~H!M-g}RPGA@|E!_t@gO&?bDtJqfa+l@UI3$W@
zAeq$m*crR+grw4wA`f@~xIl$#jf@4S6Yns<TZqT;4e%{ec+~)jC;BNsxg0YQmw37{
zW|jMc=XrI3{eb;}lYmo0o-q$N4oP3Uf|N-Dj5Wqg$Wg9>AAViVmq@<mdaACgNJp!I
z)Aj3V35-^m?n1t@r+{mKBY?g1y57L-kmoG|Iv_8_OoxAG(r>@t1-a!Ve^BNf2^oJO
z&;qHhex1x+O(l|vZLV?;Cw;EzD<ojs6L`VlKLV5`3V;gk7R;Wiy!#U{eoNpt0seL*
z?zj{<MBnCLB94F$&>C#6Y8c{u1)skT_&L%=x|2IEkYMV<2cRAD=^Lak?}_xAk5!TJ
zSF7<K3GkN!hemw9Cz3kHaJlj?2x(^%T48}W3qJpKv^z@#02SyUtgE;dTgg17$i}Zk
zJg*}H{D*<^7=378Y=E}~=&t-AnC=&Ko?bK7;lGb|Wr+Zw0`<n`dDb8SS}owOMFe1i
z0`0~gSq+egN96napCAEYC&GhC1B}yq&vC9>475oM02Qbo_Oo88%GIGTdHf))MSS(M
z9o{T*7#NXEtv@D=SKbpD+V`X86R}gTOMrHX0ic2(i>>|q5*hf)u`^+XqMNlnzuImE
zd2|Cv-H-v6=y|soGWb#R;n-=;Wk83-08rtFIG^S+WFn>!5_lED_&bmkbw`JHbY9Ac
zoB6RmtGDu2#gN61ntNa~!fBI?RR(|xe;PKmyF|Z)dZfCoxzaps!!I@2fHU!*2MFit
z^X}I3S7XZa9y0aX8TcIg^><DT09D|4?3hr249vBWIfHxvxJRG=sh-a+h(h*@dRx!4
z2`c@lxfSqlY`54YF#uGFpJV&SuaP(*7|>)(qmfA<|9nD3`+a~nkl<@T40)FU%k=LN
zS<2-{%`LGD4OapOBnE&g(gUg2H;Aj+4+++Co#i?W$)<jP9?|w|&ULHF&{ZKhpAGu=
zIXTF-R`qRzox@%YbSpFfu~*6)W99>gA>B|pl3hIB7;_~sF79)jV*`>P^N;!w*DiAY
zZiaX_QAbyxuIG96kO`t}k4C`XwXOchSkMf3&GWprIXo}?$f1vIht02V#bz!qCSIQ2
zr!l0?Mcf+EW^-(ywGF5jacwi_y4u*O)?8>Ul7H&twEqrJyUM$uGzRe_*Bxkq7Lo{y
zTlqE_`I7vF9M5EEvl(zZ8OjimqG1Cp(DP^V0Kgy%$$KJm4}O;5fkXjN#TsG*D1%IL
z_y&kmgu6nopQ`7}DU2KXratd6q^x~)3|ZoWFw)_TN)!N9wjQZ|_HD{{y{0H?hs?hD
z=V#<8&#BI{#sGr~V0;&ZUdV)y(U<JUi2|TX*CI7zdOzYFxlv^p4O0;PS-E+6%Hh{B
zZ9=A33!TYb2ON#{jAkSbfGS@`>O$)$k<Y&iw$3yiy|4HF44d}2I!75MIM1DcRAO(5
zXgePe?$y7yl4l8IK>$z#c%&9{O+#`sZLm>gI=VvdAFt<?$gW!1w0(WRK#hS1i(q{B
z#qnR5tYj@30FE(ka0Gn~@pSe^DiqQw^DWX{lmY*A-mGhYni<;KBVhbWWR81iNLz)X
za~)YDy|*d{Kn-&#HYRvS-^d2Y)L%M<rs{o-v0jWpmO2dq8V8<V6Nzx$+SN^J_;$#E
zSuErKS6?cBGpc1J2Y?!BBsM1a7}?^W4zhAGonn4nXFYbFfvZHiu{V%0B{<Wy8p#*c
z)@zFS_WS!Ct#o)fuh=Xa04n5QQfHbvAl=4OA<8|8j2kt{Jey^Z{{9Z6l%+A@wLyiV
zr&X`60sc8934jWF1k%qNB%JSx4A}RDDET&8*N>zD9>!KW`(MKnq>Qp$uj_(MYZr@F
z0FAW0$${UNl3~0`3;-3lH_~?+B%R$$`C%2)6-a4GJ-x0WvShY7sjD?xAaTdmkmnSN
zD$z7Jsf$=#x~OCUP{9wx7U_Nq9IO0Mgy)aeAzjfWNOau~7yw+2tP9I^Ly&CgR+Y6S
z;Z@!nfI~_a09Bv^wyW5N=2MUY+V85!nAy@y#6_+{=K1gyK&z4kK#korpom|e(~Hch
zi>juTNH^z^y7SAzh<oOfMRZ){0I0F+0xvp3KcH_}XLeqfmK1FV4p(`9?eOOyUfMN;
z&wqSC%<`H<08pjMNL^twO@V1nc+^~#<i{mv1-^)V939ReJm2&w(6(d&aFqC!BlKHH
z7gbK`;_IrWmyvGgK<wPcHsG){^7kWrVEzKwucQG`CC<l2xBf;=HIcxqs*V2zvRhX@
zQg?j`-7*bX1-dNcd0$0=kht+3B?dWf+bSdo^GGctFE(vOx4!}Y<nSlOkiP|XTZSN2
z03Ayj09B$7w$$8>6~>U=gnzCyM%z2f;eCj+OIQZ^qpAj%lcwl5aigbEqKor6Z$no#
zB6UQ?m|*c~inenAHubTNELYki3Beab+E@y-E@=Q%i5AGDhcEaI%I{Bp`;vyyVkBK&
zM(Qq&BXg9$CgIbei-DFU4S*_99{8Lms)4%dn^Y*{Z%4N>04{R)Q}dL+jBqDnA^P7#
z5;t^=H_1(1`>{e(?2J^t<gW~Eh%LQb12iju{54eObnQM^@&Kq39;p-V?;=UDTBPm~
zlnbo~_SSaX8rLBOl)t$HY>);dZs05wxg5LvbOq2;`D01HEHw`K#blkaDeWhUAp6N7
z?Z1?`VY5_ZAhtYkBX)XlFxh8Qm!dVESg&OrMcQc#ac6@vR3vWH92DtBYQpYj?WVdD
zU4s;)q58a&9Nzs!l>6N@GTfH9L332538||#ryzrK3sS2p!f1{@r<~OPZPud*vNlJu
zy+Ijv0PPbuW*&;wB(?ZzK2ii$23#4@C2jBxjjeDq!15x<INIqlgEZY3Q~F*|3?(na
zCh}Hcb2;tUxdi4LG^2^ED-I6cR~1O68tlC1MUV#W5&)>e1F*$dTaZ$f2Kw76NS)EE
z*kXXNJpK-JqwqZC$+UoR*7w&YZM*`4(1q0hWwQpjkie>YWZ&zk#NKy6|2*Uv?mTOo
zc86|+y%p%X%K@Ou*Vnh-EmQdzi6JgV)_ukCkT&^UM3(KBV=F&4qYKZG@=E{Nx2N2b
zw9$$L#Qx+zqqdcZm75{$x)J+0hd)z!pA$%JCvL1F12F{IJ;m>GHY2gZd&Hak-+}IV
z9iy!-&X@NQS}8~BKe#(#r~8sNQWXJFk3faB@;f1WV@Fj}SEA|g3~jiztXC_q3AWT`
zTH5=PHclxJQn{VUb9o%yiZjjq9Z9X&?v504`IXumfcCoq$PC0O*h1oTG#hA==Dy%R
zG3`p~tk`*>Z6>XBsS&bI#PSFb76S)4*LPs&n8K~*elD`Tq!lhjLh?6rBS6@S{6CvU
zL>G}QCqs7C(*}1Rfy48>+Q{03;SrZ@M3R8%jvdI}*>6O(6MM6cAKGDz*<y?tfvk7i
z5^`CX@j<p@i!?s4`wNJ3c%F9%@GP)z%v)w7>5R%u7w-N7VjRYpc}S(+lo*#+0K?-L
zA9e!}`!L3=H^vMlx=X4+-u#NV&)wYx<#2eO*8}nWdpd02_@8C<tla?Qc6grWA%WXv
gNS)H4Y>f}_e<I0m`-LDIMgRZ+07*qoM6N<$f^aI5?EnA(

literal 0
HcmV?d00001

diff --git a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
index ec2505706..2fb3737ba 100644
--- a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
@@ -19,26 +19,12 @@
             android:id="@+id/create_yubikey_animator"
             >
 
-            <LinearLayout
-                android:layout_width="match_parent"
+            <ProgressBar
+                android:layout_width="wrap_content"
                 android:layout_height="wrap_content"
-                android:orientation="vertical">
-
-                <TextView
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="16dp"
-                    android:layout_marginLeft="8dp"
-                    android:textAppearance="?android:attr/textAppearanceMedium"
-                    android:text="Hold Yubikey against device dawg"
-                    />
-
-                <ImageView
-                    android:layout_width="match_parent"
-                    android:layout_height="wrap_content"
-                    android:src="@drawable/yubikey_phone" />
-
-            </LinearLayout>
+                android:layout_gravity="center"
+                android:indeterminate="true"
+                />
 
             <LinearLayout
                 android:layout_width="match_parent"
diff --git a/OpenKeychain/src/main/res/layout/create_yubikey_wait_fragment.xml b/OpenKeychain/src/main/res/layout/create_yubikey_wait_fragment.xml
new file mode 100644
index 000000000..c7f9821eb
--- /dev/null
+++ b/OpenKeychain/src/main/res/layout/create_yubikey_wait_fragment.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent">
+
+    <ScrollView
+        android:layout_width="match_parent"
+        android:layout_height="match_parent"
+        android:fillViewport="true"
+        android:layout_above="@+id/create_key_buttons">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:paddingLeft="10dp"
+            android:paddingRight="10dp"
+            android:orientation="vertical">
+
+            <TextView
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_marginTop="16dp"
+                android:layout_marginLeft="8dp"
+                android:textAppearance="?android:attr/textAppearanceMedium"
+                android:text="Hold Yubikey against device dawg"
+                />
+
+            <ImageView
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:src="@drawable/yubikey_phone" />
+
+        </LinearLayout>
+
+    </ScrollView>
+
+    <LinearLayout
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="horizontal"
+        android:layout_alignParentBottom="true"
+        android:layout_alignParentLeft="true"
+        android:layout_alignParentStart="true"
+        android:background="@color/holo_gray_bright"
+        android:id="@+id/create_key_buttons">
+
+        <TextView
+            android:id="@+id/create_key_back_button"
+            android:paddingLeft="16dp"
+            android:paddingRight="16dp"
+            android:textAppearance="?android:attr/textAppearanceMedium"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_weight="1"
+            android:text="@string/btn_back"
+            android:textAllCaps="true"
+            android:minHeight="?android:attr/listPreferredItemHeight"
+            android:drawableLeft="@drawable/ic_chevron_left_grey_24dp"
+            android:drawablePadding="8dp"
+            android:gravity="left|center_vertical"
+            android:clickable="true"
+            style="?android:attr/borderlessButtonStyle" />
+
+        <TextView
+            android:id="@+id/create_key_next_button"
+            android:paddingLeft="16dp"
+            android:paddingRight="16dp"
+            android:textAppearance="?android:attr/textAppearanceMedium"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_weight="1"
+            android:text="@string/btn_next"
+            android:textAllCaps="true"
+            android:minHeight="?android:attr/listPreferredItemHeight"
+            android:drawableRight="@drawable/yubi_icon_24dp"
+            android:drawablePadding="16dp"
+            android:gravity="right|center_vertical"
+            android:clickable="false"
+            style="?android:attr/borderlessButtonStyle" />
+
+    </LinearLayout>
+
+</RelativeLayout>
\ No newline at end of file
diff --git a/glyph_authlite.png b/glyph_authlite.png
new file mode 100644
index 0000000000000000000000000000000000000000..1a40c4a2d5e57feb805a6e4ab2421447bce18d07
GIT binary patch
literal 3869
zcmWkx2RPJ!947vpJ;KS6E<#o^A|p9_bSQg|Gc&SRo$QROh*Cy&xFk8_vJy#`(aBy%
z_FhL;{J)-i?tag6&-eEopZEQ|@B2+OLTWS7^UzaJP%!E0Xxs%)E$~%^(12fCs%8v$
z&^YO9Yfzk?ee#;#y`Z3A?$gy!GYQR}%L+3x(Z(el^)R+ci;HFv?s53h5=-G+N&3Is
zJ!FlI#q{vg?9LkFB7d3m_1W3{5(Oo%C;f?!PuD8!EMUi6Mj&)dZb!!yQX3bXJ4ZT-
zd2^L+ERXSU8*RGq*77j-WPNS@_X3%-vBb&Q*<-9$f*-vPuk)D*pO~NINgO)ZnQluk
z7R`XbSrHDNo`jM+St4R$*lVYgnRXWpEG)SF@x12d=4okZ3IX$sd`iI@kXBm$hqsYP
z<fFrpsqiaOq=!39X@b+!)2(p~(8b9nCH_Zbwxy*dYHI3BFMfQishK<4XsPs#gc$_U
zoM&T;vXOL~`Vy6W>k$tF1H**Tr%#_QD=TO3EcDJyO+6OW?Rq1ZywLj=_BAA?9O;0}
zQH;A=*51|@Q(7uwBAUTW_<7^eVc@6g>Vy56XKaXH71r`Tq-O8ZTihDqF?jzudRJH1
zz_rng`g#R%2?=a$ft<X&d|zMRFg`%Iq@+aFv;RqFr;hqwv0X7VlS~d=U0d_`UBV>q
zGoGiJ%q52)zKM(b4;)7D$`xX*x3!?I)5-Ax2NVkXY+qSn)jB&jN33$zek1FFu(IN@
zkNhXs6!G_iR9(Moz<d{6UjCJFp%y&$3)t`K>T3KVNertcrKzb&UKwI3zN>3sU=X*V
zr>A#TO7Pww19D@s$rw98O-t*HLd8~8NT~iJzfe>9t60v~MPB;NhS*%IBQ4)*0Oz8l
zq})F|{Ny*Ib@$#qI%a0Ae4~E)cb3(z?ccu#9BjK-;oQ$kJJW&jb-8UJk-0WjClKoZ
zHcz1(d6I2->!9ean~U@XG#VY7kRb5lhi4pEQbR`v!oq(G1ptA-xn*1#PmgyDV}h*s
zP3eS$glGf=1ZbFeG<0?8D9#HbH6T$~tXRN8&$r&*XSpg7%ZiPtAM9oyY|8#N%Ak)!
zbCtus7HB3v7o;;cAFA`LG^H~zGvlhQtyNG`+WAY0q?&8fhD6oX)iI}=X+PyvD>HHO
z@-jf9Z{;Y348oAFByH=1R=5&a_&dhOvpX=bfaU(O_@yw3a*C4rdTtgL7EnGNJ-y3t
zIOXFj`Y$iVUb=Y`PtbZPX`93vJv?mDe7vpS)Cz&S_m{F68ygoD6-}+KrWgnbNJ(vC
zdX=QN(!fwrN!!nY(J?WaHa6MZ(x@k$y}eL89*=;)ySlqIO}EKp4g@6ML^Q6d$}gj(
z40&*H;IzLv{iick;13}~%xQC~)oJ9Di&KB8aY0^Q9@2XNi;G3?PtyXXbY))8R*5jH
zBfPh&Npku55+3U?R_krrH-YmwFPf30{p{jWEoG&XdOYJaXgYEGW?tR2#c})&Y)lXG
zczoRE%?<CQm>8<7SFg%?^c8(AyvWCgVLb<f!PY06tn;IAI9V@mZ_AGkl&@dE4wo2{
zvs@Xh!28Y6q^71?SXelCdv_n~ERYy8>COvXik)gtJWt*rwWL+cxb>hwDIxF&fq}E&
zUzD3$z~V3X`-+MSih&~EzI{u9$*<Ssxp#MUrEG3KK>yn{AH{jZAo4HC%HkYbL8n?l
z^}R+u73*mO0yPA$Ie~S_i$tmny*Rz%uM-nFRJ6=SR#pUnS*l=}-4_V_xnSbs#}pTp
zL%%$xq+&%#d5_8_B_;9Dq%<@%_<ZvK1;q3y-n@C;qfd}a+~W4_+Y}63;tqe>6LCHh
zR+T-93JM>?cReNTo4fuU{k<wKK08wFhH`cFKi>B%F?bz~$A@L?^sJ6l0|9tv$S=!-
znQjeS>iZ8)Eo_*J`u>z}H+;zcMr33p`glwG;iE@OgB36d>)Lh#fj$nQR_)r&ebZkM
zRBgN^(jIEySz+4{TvSrR&cziEw1!Abg~|JHb9HUBoIb6ok(-~Nw`qR(`dagTf!%cH
zoIgTceQS4j;L%{dI&H1bgr2{@bXi&1>SzrE6bg-HC9jP^Ypl9!y~jlN9X&jBO-wla
z{QQPTM)L2LDfrJmnf^jy(}L!+wzd`*7gq>b=RMk6YwPSRwfh28VC9?!kO?CrqvFL2
zgqWW|k(P2<F<Na&oMNKgK~Ygrpa^|6_ss#>z9n(e(9s0>8F+e%GBY!C!(ajAMdO}a
z73+7|`ldG=zfuFumXenKN+2ZF*VkL|jW&kKARzHfu#RNtwO`D;ue!&^U>L2Kx;l9T
zMC;i_+l{a}dh2MQiD&5BND7OKr?j_gypg-Vr)SjF)m0y|ana7st`j9KX;Yt9caH%o
z3A_L>?q=wwL&jPI9-o?<+XIFNawY>Zw>_pb!VZ9yFX^%az6i+3R1+G^vhKXSl>=st
zWi`lAtU)3<IXQ{=0Jp}brm#cuRiHVhc5NLU@r#S@Px)1!;_)|uj4kx!D8*A!Z7vc8
z8XFr~5mPHG`gV2~1+-F1&u0QLpU7zm-Ezv|19s8|4hsy0ehCwqbz}c`JZx`o&!#DS
zK*}NSp>)4i1K2-M@G3C8$^5<Q>G2D@rf_)d6tPe{WAv?*<2it}xb0^gVdY&>5zrSU
zCF{y8>7Zqk^>Ms9pp|i%iH4@;1)3By*bT4SX@ZJD%NpU~ibsDpD))%!k@bm&gu+4r
z#1m0rt+j104-d<^pqe%*2?<QTdcty$%;E0JcmBv@wccEn)Sq*JzTY1><TZx+dU_`1
z<nYna(FqC)_A6c$77{wc*mmKhqNqsF#>QrIYpZPg&FFw`A@Nt)J>jN=2cQXc3=B}9
zy8s+}8zf%^DGKmDV40(n6GB6SI`ZExbfa+xS;M?OQcVjwA(r*5gOSLl(5+~|%|4vR
zJy{+me|#fyCkv4L9Wn<rG9T!Uz(5?JC<=x8RjdyMJR2xC<>26u3MVg$=D?&;kP8<s
z0Itoft{ONx=1&e;wxCrI5ZA6uH60zD9CHmgA?8Pgb)A#1@3W>Rm9Vg|cq%Hu=Py7%
z*$`5m{UT>BaYpAm1b=+?>?{gsF|fH2x3^0JXrRfG3EA1%??VQvKXcw6{^$sSTQme$
zIJQ!xXJl0Q&*=&3e(mnYq@*x1^C`xbm3jR4{cvwh9~ji{k~`{8wugmORa-`b3kwPY
z<+h$bXPxiKIU*S0=4WPNii@v2IwW6L=B{{pQ6&lJ*5KevU>fLyIVdkLuc*Qe-$`X)
z&4J&P?%%&}R%v%9Fc9cUd{>vjQ$D4VhHCn_=)Am3d+QTNqgj@KYJI<d`}zBS?dp1u
zl-n6PM>U7l$C_1uhWmr9Z2mLZ6p?XGT2)mQOgY>b7J$+Jm!}p}kN&5apPyfubD0yt
z%EqSV>RRHn{S<@o2Jo?5RL=7yHACQ;a`(BO@vFKX?{9HtuMS|LiHV8hO%bm^y6OXI
z2b5=%Oh)}ky8;aEd1|Wh8p_T*OU8}a#l_{bu<?`aHtNIm_Lct_)3pge`TM&iz$xxz
z-7u}+0V!>1N!Q(7WNT{+=$-%WvT5+fWOu#a%(BD)u_ZDxDLL7)&d0WRW3bYm^w9w~
z3PMvyM+eTG7>zZrWCwOsQQ_SbXu-eoE1wEr`|$5Xi0NS86<sGFVoWSFgcvniT3TS!
z!%Y$LAsdqw*SX(ctFEe=-dh{vRYmj0A@aoz_7;hS?AbN<hXxhiGoGWlBrL2Q5<LIg
zP<3u==KKEsJ~v}hVj>;%n%(R;J^)b7*~{zwPfAWMu4P30EAR1oKjnzM_l~W%4;l-*
z*CRqh^USb-`em;;7f6P;Lqionxh$-#F6*+>GV_+s_JXDq`)0M#eB_himc~S{g$2RO
z2{g&hd^bLDiT(QZ>!51}V4&)QU?z{r#;}U>UQSMzE39hDH&0(mSo?#K^ey*Ur6`6z
z*cJj?7s=2IUL965Gczl$Iu!-nQa3hE^%?HTyk2N#4>%)fUL+?bCWbyaaGUVuVPs7I
zt~AQNnSS*i$QqSKW@Xs0@bJ4PCPi4u#?zCd#?URqHTzuE$e!UUXR%hI>nRThWBNOe
z`R=TDFp{OE<tnMArH7La7)HOR9M~@Cc))=`+8nZ}rR9aUktbns!CCUYAdn;5Vu+&3
z%DljrF&L(^2vl4=JwIO}p9#V<z}AD*tO5)$q_gaUsDy+Ih%%g`7iC<#vZ$yw$9!9s
zMA=VHPL$Ed7EqNT)W5@Bs$a#j<v(F7Sbz%sn!NWYxjULNbZ_;wWCy^Iw$7I%bop|@
zsK7y*AR7#pY*o<#3|2`=iJqR`?%=SvxcIYP*`RAr_Q8Csd(h^T8VKZ7INa>7e07wI
zi)lHtPFg#V#H*5$C5CTrLEwuc)eB-7?)v)rXLtsFZ3B4(r06<Y#xFoo&TbY6h>&5f
zfsc<Qumoq2%IZIV{^U!#MbE$>#^;u$6ylRJmHzUj87z*LhUT2FgK7DlxVX6eqa%S=
zKS7|PQ&Uq@ez?ynLW(hk9)UA0=9n`xGHN{8F0w?S1c57RL88tA3O;h>i+j-8sN7`4
zhROtM`I_7%IDupy3XXtT1DA*bBM~V%xjBFk2PfzBpFh#BUt7jW_gXV(VS%C?A0Klo
z1&dd^^}6mZ4^Y$4NISJZ5#5mo_<)Wz8OyB=g>rCE=S5hZ*!~GyY3(msE>8!y7E?2L
z%{#+5*4f$F2ivo{v;H@MTV>3bp8j^gDF&}{V_@<hsNMUDbd?_+a^&?*KmL{sbq3Z^
zSm>PLc6f5$fkIkFM$DTrjuqtXfJ3s!4X<INC8Z2K(>2THQ$}u)-cxsb-w)meF9j3Z
z5?IW~1|#WH%!ou{#<KNk?cC2-L&F`B?2PFxG*V&Pv!cntFN6(Ca5!AY>8V?*J10MX
zB{q!CIJdK$iT*Kl7sn|}Ah<Q0g4>HLNCL<A-jYtQMOmfZ<u7Rmw_6GdT}`CM2ZTfP
E|M${?I{*Lx

literal 0
HcmV?d00001


From a7c52a1c9f8bca83b2981347a0eceeec68a92790 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 22 Mar 2015 02:36:10 +0100
Subject: [PATCH 16/80] move yubikey import into viewkeyfragment

---
 .../keychain/ui/CreateKeyActivity.java        |  34 +++-
 .../keychain/ui/CreateKeyYubiFragment.java    | 149 +-----------------
 .../keychain/ui/ViewKeyActivity.java          |  83 +++++++++-
 .../keychain/ui/ViewKeyYubikeyFragment.java   | 129 +++++++++++++++
 .../keychain/ui/base/BaseNfcActivity.java     |  11 +-
 .../keychain/ui/util/KeyFormattingUtils.java  |  11 +-
 .../res/layout/create_yubikey_fragment.xml    |  89 +++--------
 .../src/main/res/layout/view_key_yubikey.xml  |  98 ++++++++++++
 OpenKeychain/src/main/res/values/strings.xml  |   2 +
 9 files changed, 377 insertions(+), 229 deletions(-)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
 create mode 100644 OpenKeychain/src/main/res/layout/view_key_yubikey.xml

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
index 5c2fcde82..b73d6f545 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
@@ -17,12 +17,21 @@
 
 package org.sufficientlysecure.keychain.ui;
 
+import android.content.Intent;
 import android.os.Bundle;
 import android.support.v4.app.Fragment;
 import android.support.v4.app.FragmentTransaction;
 
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
+import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
+import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
+import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.ui.util.Notify;
+import org.sufficientlysecure.keychain.ui.util.Notify.ActionListener;
+import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.io.IOException;
@@ -87,9 +96,28 @@ public class CreateKeyActivity extends BaseNfcActivity {
             return;
         }
 
-        byte[] scannedFingerprint = nfcGetFingerprint(0);
-        Fragment frag = CreateKeyYubiFragment.createInstance(scannedFingerprint);
-        loadFragment(frag, FragAction.TO_RIGHT);
+        byte[] scannedFingerprints = nfcGetFingerprints();
+
+        try {
+            long masterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(scannedFingerprints);
+            CachedPublicKeyRing ring = new ProviderHelper(this).getCachedPublicKeyRing(masterKeyId);
+            ring.getMasterKeyId();
+
+            String userId = nfcGetUserId();
+            byte[] nfcAid = nfcGetAid();
+
+            Intent intent = new Intent(this, ViewKeyActivity.class);
+            intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
+            intent.putExtra(ViewKeyActivity.EXTRA_NFC_AID, nfcAid);
+            intent.putExtra(ViewKeyActivity.EXTRA_NFC_USER_ID, userId);
+            intent.putExtra(ViewKeyActivity.EXTRA_NFC_FINGERPRINTS, scannedFingerprints);
+            startActivity(intent);
+            finish();
+
+        } catch (PgpKeyNotFoundException e) {
+            Fragment frag = CreateKeyYubiFragment.createInstance(scannedFingerprints);
+            loadFragment(frag, FragAction.TO_RIGHT);
+        }
 
     }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
index 63549c3d6..a1668d22e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
@@ -17,48 +17,33 @@
 
 package org.sufficientlysecure.keychain.ui;
 
-import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
-import java.util.Arrays;
 
 import android.app.Activity;
 import android.content.Intent;
 import android.database.Cursor;
-import android.net.Uri;
 import android.os.Bundle;
 import android.os.Message;
 import android.os.Messenger;
 import android.support.v4.app.Fragment;
 import android.support.v4.app.LoaderManager;
-import android.support.v4.content.CursorLoader;
-import android.support.v4.content.Loader;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
 import android.widget.TextView;
-import android.widget.ViewAnimator;
 
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
-import org.sufficientlysecure.keychain.operations.results.PromoteKeyResult;
-import org.sufficientlysecure.keychain.provider.KeychainContract;
-import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
-import org.sufficientlysecure.keychain.ui.CreateKeyActivity.NfcListenerFragment;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
-import org.sufficientlysecure.keychain.ui.util.Notify;
-import org.sufficientlysecure.keychain.ui.util.Notify.Style;
-import org.sufficientlysecure.keychain.ui.widget.NameEditText;
 import org.sufficientlysecure.keychain.util.Preferences;
 
-
-public class CreateKeyYubiFragment extends Fragment
-        implements LoaderManager.LoaderCallbacks<Cursor> {
+public class CreateKeyYubiFragment extends Fragment {
 
     private static final String ARG_FINGERPRINT = "fingerprint";
 
@@ -67,12 +52,7 @@ public class CreateKeyYubiFragment extends Fragment
     private byte[] mScannedFingerprint;
     private long mScannedMasterKeyId;
 
-    private ViewAnimator mAnimator;
     private TextView mUnknownFingerprint;
-    private TextView mFingerprint;
-    private TextView mUserId;
-
-    private YubiImportState mState;
 
     public static Fragment createInstance(byte[] scannedFingerprint) {
         Bundle args = new Bundle();
@@ -91,26 +71,14 @@ public class CreateKeyYubiFragment extends Fragment
         mScannedFingerprint = getArguments().getByteArray(ARG_FINGERPRINT);
         mScannedMasterKeyId = getKeyIdFromFingerprint(mScannedFingerprint);
 
-        getLoaderManager().initLoader(0, null, this);
-    }
-
-    enum YubiImportState {
-        UNKNOWN, // scanned unknown key (ready to import)
-        BAD_FINGERPRINT, // scanned key, bad fingerprint
-        IMPORTED, // imported key (ready to promote)
     }
 
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.create_yubikey_fragment, container, false);
 
-        mAnimator = (ViewAnimator) view.findViewById(R.id.create_yubikey_animator);
-
         mUnknownFingerprint = (TextView) view.findViewById(R.id.create_yubikey_unknown_fp);
 
-        mFingerprint = (TextView) view.findViewById(R.id.create_yubikey_fingerprint);
-        mUserId = (TextView) view.findViewById(R.id.create_yubikey_user_id);
-
         View mBackButton = view.findViewById(R.id.create_key_back_button);
         View mNextButton = view.findViewById(R.id.create_key_next_button);
 
@@ -136,115 +104,8 @@ public class CreateKeyYubiFragment extends Fragment
         mCreateKeyActivity = (CreateKeyActivity) getActivity();
     }
 
-    // These are the rows that we will retrieve.
-    static final String[] UNIFIED_PROJECTION = new String[]{
-            KeychainContract.KeyRings._ID,
-            KeychainContract.KeyRings.MASTER_KEY_ID,
-            KeychainContract.KeyRings.USER_ID,
-            KeychainContract.KeyRings.IS_REVOKED,
-            KeychainContract.KeyRings.IS_EXPIRED,
-            KeychainContract.KeyRings.HAS_ANY_SECRET,
-            KeychainContract.KeyRings.FINGERPRINT,
-    };
-
-    static final int INDEX_MASTER_KEY_ID = 1;
-    static final int INDEX_USER_ID = 2;
-    static final int INDEX_IS_REVOKED = 3;
-    static final int INDEX_IS_EXPIRED = 4;
-    static final int INDEX_HAS_ANY_SECRET = 5;
-    static final int INDEX_FINGERPRINT = 6;
-
-    @Override
-    public Loader<Cursor> onCreateLoader(int id, Bundle args) {
-        Uri baseUri = KeychainContract.KeyRings.buildUnifiedKeyRingUri(
-                KeyRings.buildUnifiedKeyRingUri(mScannedMasterKeyId)
-        );
-        return new CursorLoader(getActivity(), baseUri, UNIFIED_PROJECTION, null, null, null);
-    }
-
-    @Override
-    public void onLoadFinished(Loader<Cursor> loader, Cursor data) {
-        if (data.moveToFirst()) {
-
-            byte[] fingerprint = data.getBlob(INDEX_FINGERPRINT);
-            if (!Arrays.equals(fingerprint, mScannedFingerprint)) {
-                mState = YubiImportState.BAD_FINGERPRINT;
-                Notify.create(getActivity(), "Fingerprint mismatch!", Style.ERROR);
-                return;
-            }
-
-            String userId = data.getString(INDEX_USER_ID);
-            boolean hasSecret = data.getInt(INDEX_HAS_ANY_SECRET) != 0;
-
-            String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
-            mFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
-
-            mUserId.setText(userId);
-
-            mAnimator.setDisplayedChild(2);
-            mState = YubiImportState.IMPORTED;
-
-        } else {
-            String fp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
-            mUnknownFingerprint.setText(KeyFormattingUtils.colorizeFingerprint(fp));
-
-            mAnimator.setDisplayedChild(1);
-            mState = YubiImportState.UNKNOWN;
-        }
-    }
-
     private void nextClicked() {
-
-        switch (mState) {
-            case UNKNOWN:
-                importKey();
-                break;
-            case IMPORTED:
-                promoteKey();
-                break;
-        }
-
-    }
-
-    public void promoteKey() {
-
-        // Message is received after decrypting is done in KeychainIntentService
-        KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity()) {
-            public void handleMessage(Message message) {
-                // handle messages by standard KeychainIntentServiceHandler first
-                super.handleMessage(message);
-
-                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
-                    // get returned data bundle
-                    Bundle returnData = message.getData();
-
-                    PromoteKeyResult result =
-                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
-
-                    result.createNotify(getActivity()).show();
-                }
-
-            }
-        };
-
-        // Send all information needed to service to decrypt in other thread
-        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
-
-        // fill values for this action
-
-        intent.setAction(KeychainIntentService.ACTION_PROMOTE_KEYRING);
-
-        Bundle data = new Bundle();
-        data.putLong(KeychainIntentService.PROMOTE_MASTER_KEY_ID, mScannedMasterKeyId);
-        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
-
-        // Create a new Messenger for the communication back
-        Messenger messenger = new Messenger(saveHandler);
-        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
-
-        // start service with intent
-        getActivity().startService(intent);
-
+        importKey();
     }
 
     public void importKey() {
@@ -299,12 +160,6 @@ public class CreateKeyYubiFragment extends Fragment
 
     }
 
-
-    @Override
-    public void onLoaderReset(Loader<Cursor> loader) {
-
-    }
-
     static long getKeyIdFromFingerprint(byte[] fingerprint) {
         ByteBuffer buf = ByteBuffer.wrap(fingerprint);
         // skip first 12 bytes of the fingerprint
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
index fc30eafcc..159b98e0e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
@@ -35,6 +35,7 @@ import android.os.Message;
 import android.os.Messenger;
 import android.provider.ContactsContract;
 import android.support.v4.app.ActivityCompat;
+import android.support.v4.app.FragmentManager;
 import android.support.v4.app.LoaderManager;
 import android.support.v4.content.CursorLoader;
 import android.support.v4.content.Loader;
@@ -60,18 +61,22 @@ import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
+import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
+import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler.MessageStatus;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
-import org.sufficientlysecure.keychain.ui.base.BaseActivity;
+import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
 import org.sufficientlysecure.keychain.ui.dialog.DeleteKeyDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.FormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils.State;
 import org.sufficientlysecure.keychain.ui.util.Notify;
+import org.sufficientlysecure.keychain.ui.util.Notify.ActionListener;
+import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.ui.util.QrCodeUtils;
 import org.sufficientlysecure.keychain.util.ContactHelper;
 import org.sufficientlysecure.keychain.util.ExportHelper;
@@ -79,12 +84,17 @@ import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.NfcHelper;
 import org.sufficientlysecure.keychain.util.Preferences;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 
-public class ViewKeyActivity extends BaseActivity implements
+public class ViewKeyActivity extends BaseNfcActivity implements
         LoaderManager.LoaderCallbacks<Cursor> {
 
+    public static final String EXTRA_NFC_USER_ID = "nfc_user_id";
+    public static final String EXTRA_NFC_AID = "nfc_aid";
+    public static final String EXTRA_NFC_FINGERPRINTS = "nfc_fingerprints";
+
     static final int REQUEST_QR_FINGERPRINT = 1;
     static final int REQUEST_DELETE = 2;
     static final int REQUEST_EXPORT = 3;
@@ -107,6 +117,8 @@ public class ViewKeyActivity extends BaseActivity implements
     private ImageView mQrCode;
     private CardView mQrCodeLayout;
 
+    private String mQrCodeLoaded;
+
     // NFC
     private NfcHelper mNfcHelper;
 
@@ -257,6 +269,15 @@ public class ViewKeyActivity extends BaseActivity implements
         mNfcHelper.initNfc(mDataUri);
 
         startFragment(savedInstanceState, mDataUri);
+
+        if (savedInstanceState == null && getIntent().hasExtra(EXTRA_NFC_AID)) {
+            Intent intent = getIntent();
+            byte[] nfcFingerprints = intent.getByteArrayExtra(EXTRA_NFC_FINGERPRINTS);
+            String nfcUserId = intent.getStringExtra(EXTRA_NFC_USER_ID);
+            byte[] nfcAid = intent.getByteArrayExtra(EXTRA_NFC_AID);
+            showYubikeyFragment(nfcFingerprints, nfcUserId, nfcAid);
+        }
+
     }
 
     @Override
@@ -517,6 +538,60 @@ public class ViewKeyActivity extends BaseActivity implements
         }
     }
 
+    @Override
+    protected void onNfcPerform() throws IOException {
+
+        final byte[] nfcFingerprints = nfcGetFingerprints();
+        final String nfcUserId = nfcGetUserId();
+        final byte[] nfcAid = nfcGetAid();
+
+        String fp = KeyFormattingUtils.convertFingerprintToHex(nfcFingerprints);
+        final long masterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(nfcFingerprints);
+
+        if (!mFingerprint.equals(fp)) {
+            try {
+                CachedPublicKeyRing ring = mProviderHelper.getCachedPublicKeyRing(masterKeyId);
+                ring.getMasterKeyId();
+
+                Notify.create(this, "Different key stored on Yubikey!", Notify.LENGTH_LONG,
+                        Style.WARN, new ActionListener() {
+                            @Override
+                            public void onAction() {
+                                Intent intent = new Intent(
+                                        ViewKeyActivity.this, ViewKeyActivity.class);
+                                intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
+                                intent.putExtra(ViewKeyActivity.EXTRA_NFC_AID, nfcAid);
+                                intent.putExtra(ViewKeyActivity.EXTRA_NFC_USER_ID, nfcUserId);
+                                intent.putExtra(ViewKeyActivity.EXTRA_NFC_FINGERPRINTS, nfcFingerprints);
+                                startActivity(intent);
+                                finish();
+                            }
+                        }, R.string.snack_yubikey_view).show();
+                return;
+
+            } catch (PgpKeyNotFoundException e) {
+                Notify.create(this, "Different key stored on Yubikey!", Style.ERROR).show();
+                return;
+            }
+        }
+
+        showYubikeyFragment(nfcFingerprints, nfcUserId, nfcAid);
+
+    }
+
+    public void showYubikeyFragment(byte[] nfcFingerprints, String nfcUserId, byte[] nfcAid) {
+        ViewKeyYubikeyFragment frag = ViewKeyYubikeyFragment.newInstance(
+                nfcFingerprints, nfcUserId, nfcAid);
+
+        FragmentManager manager = getSupportFragmentManager();
+
+        manager.popBackStack("yubikey", FragmentManager.POP_BACK_STACK_INCLUSIVE);
+        manager.beginTransaction()
+                .addToBackStack("yubikey")
+                .replace(R.id.view_key_fragment, frag)
+                .commit();
+    }
+
     private void encrypt(Uri dataUri, boolean text) {
         // If there is no encryption key, don't bother.
         if (!mHasEncrypt) {
@@ -648,6 +723,7 @@ public class ViewKeyActivity extends BaseActivity implements
                     }
 
                     protected void onPostExecute(Bitmap qrCode) {
+                        mQrCodeLoaded = fingerprint;
                         // scale the image up to our actual size. we do this in code rather
                         // than let the ImageView do this because we don't require filtering.
                         Bitmap scaled = Bitmap.createScaledBitmap(qrCode,
@@ -725,7 +801,6 @@ public class ViewKeyActivity extends BaseActivity implements
                         mName.setText(R.string.user_id_no_name);
                     }
 
-                    String oldFingerprint = mFingerprint;
                     mMasterKeyId = data.getLong(INDEX_MASTER_KEY_ID);
                     mFingerprint = KeyFormattingUtils.convertFingerprintToHex(data.getBlob(INDEX_FINGERPRINT));
 
@@ -789,7 +864,7 @@ public class ViewKeyActivity extends BaseActivity implements
                         mStatusImage.setVisibility(View.GONE);
                         color = getResources().getColor(R.color.primary);
                         // reload qr code only if the fingerprint changed
-                        if (!mFingerprint.equals(oldFingerprint)) {
+                        if (!mFingerprint.equals(mQrCodeLoaded)) {
                             loadQrCode(mFingerprint);
                         }
                         photoTask.execute(mMasterKeyId);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
new file mode 100644
index 000000000..7df791fbf
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
@@ -0,0 +1,129 @@
+package org.sufficientlysecure.keychain.ui;
+
+
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.Message;
+import android.os.Messenger;
+import android.support.v4.app.Fragment;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.View.OnClickListener;
+import android.view.ViewGroup;
+import android.widget.TextView;
+
+import org.spongycastle.util.encoders.Hex;
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
+import org.sufficientlysecure.keychain.operations.results.PromoteKeyResult;
+import org.sufficientlysecure.keychain.service.KeychainIntentService;
+import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+
+
+public class ViewKeyYubikeyFragment extends Fragment {
+
+
+    public static final String ARG_FINGERPRINT = "fingerprint";
+    public static final String ARG_USER_ID = "user_id";
+    public static final String ARG_AID = "aid";
+    private byte[] mFingerprints;
+    private String mUserId;
+    private byte[] mAid;
+
+    public static ViewKeyYubikeyFragment newInstance(byte[] fingerprints, String userId, byte[] aid) {
+
+        ViewKeyYubikeyFragment frag = new ViewKeyYubikeyFragment();
+
+        Bundle args = new Bundle();
+        args.putByteArray(ARG_FINGERPRINT, fingerprints);
+        args.putString(ARG_USER_ID, userId);
+        args.putByteArray(ARG_AID, aid);
+        frag.setArguments(args);
+
+        return frag;
+
+    }
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        Bundle args = getArguments();
+        mFingerprints = args.getByteArray(ARG_FINGERPRINT);
+        mUserId = args.getString(ARG_USER_ID);
+        mAid = args.getByteArray(ARG_AID);
+
+    }
+
+    @Override
+    public View onCreateView(LayoutInflater inflater, ViewGroup superContainer, Bundle savedInstanceState) {
+        View view = inflater.inflate(R.layout.view_key_yubikey, null);
+
+        TextView vSerNo = (TextView) view.findViewById(R.id.yubikey_serno);
+        TextView vUserId = (TextView) view.findViewById(R.id.yubikey_userid);
+
+        String serno = Hex.toHexString(mAid, 10, 4);
+        vSerNo.setText("Serial N° " + serno);
+
+        if (!mUserId.isEmpty()) {
+            vUserId.setText("Key holder: " + mUserId);
+        } else {
+            vUserId.setText("Key holder: " + "<unset>");
+        }
+
+        view.findViewById(R.id.button_import).setOnClickListener(new OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                promoteToSecretKey();
+            }
+        });
+
+
+        return view;
+    }
+
+    public void promoteToSecretKey() {
+
+        // Message is received after decrypting is done in KeychainIntentService
+        KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity()) {
+            public void handleMessage(Message message) {
+                // handle messages by standard KeychainIntentServiceHandler first
+                super.handleMessage(message);
+
+                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+                    // get returned data bundle
+                    Bundle returnData = message.getData();
+
+                    PromoteKeyResult result =
+                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
+
+                    result.createNotify(getActivity()).show();
+                }
+
+            }
+        };
+
+        // Send all information needed to service to decrypt in other thread
+        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+
+        // fill values for this action
+
+        intent.setAction(KeychainIntentService.ACTION_PROMOTE_KEYRING);
+
+        long masterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mFingerprints);
+
+        Bundle data = new Bundle();
+        data.putLong(KeychainIntentService.PROMOTE_MASTER_KEY_ID, masterKeyId);
+        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+        // Create a new Messenger for the communication back
+        Messenger messenger = new Messenger(saveHandler);
+        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+        // start service with intent
+        getActivity().startService(intent);
+
+    }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index ca1d79155..2fd88fd66 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -248,12 +248,17 @@ public abstract class BaseNfcActivity extends BaseActivity {
         return fp;
     }
 
+    public byte[] nfcGetAid() throws IOException {
+
+        String info = "00CA004F00";
+        return mIsoDep.transceive(Hex.decode(info));
+
+    }
 
     public String nfcGetUserId() throws IOException {
+
         String info = "00CA006500";
-        String data = "00CA005E00";
-        return nfcGetHolderName(nfcCommunicate(info)) + " <" + (new String(Hex.decode(nfcGetDataField(
-                nfcCommunicate(data))))) + ">";
+        return nfcGetHolderName(nfcCommunicate(info));
     }
 
     /**
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
index c5403e054..ae66b59d4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
@@ -38,6 +38,7 @@ import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Curve;
 import org.sufficientlysecure.keychain.util.Log;
 
+import java.nio.ByteBuffer;
 import java.security.DigestException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -215,7 +216,15 @@ public class KeyFormattingUtils {
      * @return
      */
     public static String convertFingerprintToHex(byte[] fingerprint) {
-        return Hex.toHexString(fingerprint).toLowerCase(Locale.ENGLISH);
+        return Hex.toHexString(fingerprint, 0, 20).toLowerCase(Locale.ENGLISH);
+    }
+
+    public static long getKeyIdFromFingerprint(byte[] fingerprint) {
+        ByteBuffer buf = ByteBuffer.wrap(fingerprint);
+        // skip first 12 bytes of the fingerprint
+        buf.position(12);
+        // the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
+        return buf.getLong();
     }
 
     /**
diff --git a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
index 2fb3737ba..0f5e50d42 100644
--- a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
@@ -9,83 +9,30 @@
         android:fillViewport="true"
         android:layout_above="@+id/create_key_buttons">
 
-        <ViewAnimator
-            android:layout_width="fill_parent"
+        <LinearLayout
+            android:layout_width="match_parent"
             android:layout_height="wrap_content"
-            android:inAnimation="@anim/abc_fade_in"
-            android:outAnimation="@anim/abc_fade_out"
-            android:paddingLeft="16dp"
-            android:paddingRight="16dp"
-            android:id="@+id/create_yubikey_animator"
-            >
+            android:orientation="vertical">
 
-            <ProgressBar
+            <TextView
                 android:layout_width="wrap_content"
                 android:layout_height="wrap_content"
-                android:layout_gravity="center"
-                android:indeterminate="true"
+                android:layout_marginTop="16dp"
+                android:layout_marginLeft="8dp"
+                android:textAppearance="?android:attr/textAppearanceMedium"
+                android:id="@+id/create_yubikey_unknown_fp"
+                android:text="(yubikey fingerprint)" />
+
+            <TextView
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_marginTop="16dp"
+                android:layout_marginLeft="8dp"
+                android:textAppearance="?android:attr/textAppearanceMedium"
+                android:text="Hit next to import this key"
                 />
 
-            <LinearLayout
-                android:layout_width="match_parent"
-                android:layout_height="wrap_content"
-                android:orientation="vertical">
-
-                <TextView
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="16dp"
-                    android:layout_marginLeft="8dp"
-                    android:textAppearance="?android:attr/textAppearanceMedium"
-                    android:id="@+id/create_yubikey_unknown_fp"
-                    android:text="(yubikey fingerprint)" />
-
-                <TextView
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="16dp"
-                    android:layout_marginLeft="8dp"
-                    android:textAppearance="?android:attr/textAppearanceMedium"
-                    android:text="Hit next to import this key"
-                    />
-
-            </LinearLayout>
-
-            <LinearLayout
-                android:layout_width="match_parent"
-                android:layout_height="wrap_content"
-                android:orientation="vertical">
-
-                <TextView
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="16dp"
-                    android:layout_marginLeft="8dp"
-                    android:textAppearance="?android:attr/textAppearanceMedium"
-                    android:id="@+id/create_yubikey_fingerprint"
-                    android:text="(yubikey fingerprint)" />
-
-                <TextView
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="16dp"
-                    android:layout_marginLeft="8dp"
-                    android:textAppearance="?android:attr/textAppearanceMedium"
-                    android:id="@+id/create_yubikey_user_id"
-                    android:text="(yubikey fingerprint)" />
-
-                <TextView
-                    android:layout_width="wrap_content"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="16dp"
-                    android:layout_marginLeft="8dp"
-                    android:textAppearance="?android:attr/textAppearanceMedium"
-                    android:text="Hit next to add this Yubikey to your own!"
-                    />
-
-            </LinearLayout>
-
-        </ViewAnimator>
+        </LinearLayout>
 
     </ScrollView>
 
diff --git a/OpenKeychain/src/main/res/layout/view_key_yubikey.xml b/OpenKeychain/src/main/res/layout/view_key_yubikey.xml
new file mode 100644
index 000000000..7da1fc5c4
--- /dev/null
+++ b/OpenKeychain/src/main/res/layout/view_key_yubikey.xml
@@ -0,0 +1,98 @@
+<ScrollView xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:card_view="http://schemas.android.com/apk/res-auto"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent">
+
+    <LinearLayout
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="vertical"
+        android:paddingTop="16dp"
+        android:paddingBottom="16dp"
+        android:paddingLeft="16dp"
+        android:paddingRight="16dp">
+
+        <android.support.v7.widget.CardView
+            android:id="@+id/card_view"
+            android:layout_gravity="center"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:transitionName="card"
+            card_view:cardBackgroundColor="@android:color/white"
+            card_view:cardElevation="2dp"
+            card_view:cardUseCompatPadding="true"
+            card_view:cardCornerRadius="4dp">
+
+            <LinearLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:orientation="vertical">
+
+                <TextView
+                    style="@style/CardViewHeader"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:text="@string/section_yubikey"/>
+
+                <LinearLayout
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:orientation="horizontal">
+
+                    <ImageView
+                        android:layout_margin="14dp"
+                        android:layout_width="32dp"
+                        android:layout_height="32dp"
+                        android:scaleType="centerCrop"
+                        android:src="@drawable/yubi_icon"/>
+
+                    <LinearLayout
+                        android:layout_width="match_parent"
+                        android:layout_height="wrap_content"
+                        android:layout_gravity="center_vertical"
+                        android:orientation="vertical">
+
+                        <TextView
+                            android:id="@+id/yubikey_serno"
+                            android:layout_width="wrap_content"
+                            android:layout_height="wrap_content"
+                            android:layout_gravity="center_vertical"
+                            android:text="Yubikey #"
+                            />
+
+                        <TextView
+                            android:id="@+id/yubikey_userid"
+                            android:layout_width="wrap_content"
+                            android:layout_height="wrap_content"
+                            android:layout_gravity="center_vertical"
+                            android:text="User ID"
+                            />
+
+                        <TextView
+                            android:layout_width="wrap_content"
+                            android:layout_height="wrap_content"
+                            android:layout_gravity="center_vertical"
+                            android:text="Key matches!"
+                            />
+
+                    </LinearLayout>
+
+                </LinearLayout>
+
+                <Button
+                    android:id="@+id/button_import"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_gravity="right|end"
+                    android:text="Import"
+                    android:textColor="@color/link_text_material_light"
+                    style="?android:attr/borderlessButtonStyle"
+                    />
+
+            </LinearLayout>
+
+        </android.support.v7.widget.CardView>
+
+    </LinearLayout>
+
+</ScrollView>
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 6c8ccd340..bcee267fd 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -48,6 +48,7 @@
 
     <!-- section -->
     <string name="section_user_ids">"Identities"</string>
+    <string name="section_yubikey">"Yubikey"</string>
     <string name="section_linked_system_contact">"Linked System Contact"</string>
     <string name="section_should_you_trust">"Should you trust this key?"</string>
     <string name="section_proof_details">Proof verification</string>
@@ -1267,5 +1268,6 @@
     <string name="nfc_write_succesful">Successfully written on NFC tag</string>
     <string name="unlocked">Unlocked</string>
     <string name="nfc_settings">Settings</string>
+    <string name="snack_yubikey_view">View</string>
 
 </resources>

From 22063cdd6eca32e83e7937a849e70185a1faee2a Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 22 Mar 2015 03:34:34 +0100
Subject: [PATCH 17/80] improve status reporting in yubikey dialogue

---
 .../keychain/ui/ViewKeyYubikeyFragment.java   | 113 ++++++++++++++++--
 .../src/main/res/layout/view_key_yubikey.xml  |  11 +-
 OpenKeychain/src/main/res/values/strings.xml  |   4 +
 3 files changed, 114 insertions(+), 14 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
index 7df791fbf..f60b6f299 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
@@ -1,35 +1,48 @@
 package org.sufficientlysecure.keychain.ui;
 
 
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+
 import android.content.Intent;
+import android.database.Cursor;
 import android.os.Bundle;
 import android.os.Message;
 import android.os.Messenger;
 import android.support.v4.app.Fragment;
+import android.support.v4.app.LoaderManager.LoaderCallbacks;
+import android.support.v4.content.CursorLoader;
+import android.support.v4.content.Loader;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.View.OnClickListener;
 import android.view.ViewGroup;
+import android.widget.Button;
 import android.widget.TextView;
 
 import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.PromoteKeyResult;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
+import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 
 
-public class ViewKeyYubikeyFragment extends Fragment {
-
+public class ViewKeyYubikeyFragment extends Fragment
+        implements LoaderCallbacks<Cursor> {
 
     public static final String ARG_FINGERPRINT = "fingerprint";
     public static final String ARG_USER_ID = "user_id";
     public static final String ARG_AID = "aid";
-    private byte[] mFingerprints;
+    private byte[][] mFingerprints;
     private String mUserId;
     private byte[] mAid;
+    private long mMasterKeyId;
+    private Button vButton;
+    private TextView vStatus;
 
     public static ViewKeyYubikeyFragment newInstance(byte[] fingerprints, String userId, byte[] aid) {
 
@@ -50,10 +63,19 @@ public class ViewKeyYubikeyFragment extends Fragment {
         super.onCreate(savedInstanceState);
 
         Bundle args = getArguments();
-        mFingerprints = args.getByteArray(ARG_FINGERPRINT);
+        ByteBuffer buf = ByteBuffer.wrap(args.getByteArray(ARG_FINGERPRINT));
+        mFingerprints = new byte[buf.remaining()/40][];
+        for (int i = 0; i < mFingerprints.length; i++) {
+            mFingerprints[i] = new byte[20];
+            buf.get(mFingerprints[i]);
+        }
         mUserId = args.getString(ARG_USER_ID);
         mAid = args.getByteArray(ARG_AID);
 
+        mMasterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mFingerprints[0]);
+
+        getLoaderManager().initLoader(0, null, this);
+
     }
 
     @Override
@@ -64,21 +86,23 @@ public class ViewKeyYubikeyFragment extends Fragment {
         TextView vUserId = (TextView) view.findViewById(R.id.yubikey_userid);
 
         String serno = Hex.toHexString(mAid, 10, 4);
-        vSerNo.setText("Serial N° " + serno);
+        vSerNo.setText(getString(R.string.yubikey_serno, serno));
 
         if (!mUserId.isEmpty()) {
-            vUserId.setText("Key holder: " + mUserId);
+            vUserId.setText(getString(R.string.yubikey_key_holder, mUserId));
         } else {
-            vUserId.setText("Key holder: " + "<unset>");
+            vUserId.setText(getString(R.string.yubikey_key_holder_unset));
         }
 
-        view.findViewById(R.id.button_import).setOnClickListener(new OnClickListener() {
+        vButton = (Button) view.findViewById(R.id.button_bind);
+        vButton.setOnClickListener(new OnClickListener() {
             @Override
             public void onClick(View v) {
                 promoteToSecretKey();
             }
         });
 
+        vStatus = (TextView) view.findViewById(R.id.yubikey_status);
 
         return view;
     }
@@ -111,10 +135,8 @@ public class ViewKeyYubikeyFragment extends Fragment {
 
         intent.setAction(KeychainIntentService.ACTION_PROMOTE_KEYRING);
 
-        long masterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mFingerprints);
-
         Bundle data = new Bundle();
-        data.putLong(KeychainIntentService.PROMOTE_MASTER_KEY_ID, masterKeyId);
+        data.putLong(KeychainIntentService.PROMOTE_MASTER_KEY_ID, mMasterKeyId);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
         // Create a new Messenger for the communication back
@@ -126,4 +148,73 @@ public class ViewKeyYubikeyFragment extends Fragment {
 
     }
 
+    public static final String[] PROJECTION = new String[]{
+            Keys._ID,
+            Keys.KEY_ID,
+            Keys.RANK,
+            Keys.HAS_SECRET,
+            Keys.FINGERPRINT
+    };
+    private static final int INDEX_KEY_ID = 1;
+    private static final int INDEX_RANK = 2;
+    private static final int INDEX_HAS_SECRET = 3;
+    private static final int INDEX_FINGERPRINT = 4;
+
+    @Override
+    public Loader<Cursor> onCreateLoader(int id, Bundle args) {
+        return new CursorLoader(getActivity(), Keys.buildKeysUri(mMasterKeyId),
+                PROJECTION, null, null, null);
+    }
+
+    @Override
+    public void onLoadFinished(Loader<Cursor> loader, Cursor data) {
+        if (!data.moveToFirst()) {
+            // wut?
+            return;
+        }
+
+        boolean allBound = true;
+        boolean noneBound = true;
+
+        do {
+            SecretKeyType keyType = SecretKeyType.fromNum(data.getInt(INDEX_HAS_SECRET));
+            byte[] fingerprint = data.getBlob(INDEX_FINGERPRINT);
+            Integer index = naiveIndexOf(mFingerprints, fingerprint);
+            if (index == null) {
+                continue;
+            }
+            if (keyType == SecretKeyType.DIVERT_TO_CARD) {
+                noneBound = false;
+            } else {
+                allBound = false;
+            }
+        } while (data.moveToNext());
+
+        if (allBound) {
+            vButton.setVisibility(View.GONE);
+            vStatus.setText("Key matches, fully bound");
+        } else {
+            vButton.setVisibility(View.VISIBLE);
+            if (noneBound) {
+                vStatus.setText("Key matches, can be bound");
+            } else {
+                vStatus.setText("Key matches, partly bound");
+            }
+        }
+
+    }
+
+    public Integer naiveIndexOf(byte[][] haystack, byte[] needle) {
+        for (int i = 0; i < haystack.length; i++) {
+            if (Arrays.equals(needle, haystack[i])) {
+                return i;
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public void onLoaderReset(Loader<Cursor> loader) {
+
+    }
 }
diff --git a/OpenKeychain/src/main/res/layout/view_key_yubikey.xml b/OpenKeychain/src/main/res/layout/view_key_yubikey.xml
index 7da1fc5c4..83272ef4e 100644
--- a/OpenKeychain/src/main/res/layout/view_key_yubikey.xml
+++ b/OpenKeychain/src/main/res/layout/view_key_yubikey.xml
@@ -21,7 +21,8 @@
             card_view:cardBackgroundColor="@android:color/white"
             card_view:cardElevation="2dp"
             card_view:cardUseCompatPadding="true"
-            card_view:cardCornerRadius="4dp">
+            card_view:cardCornerRadius="4dp"
+            android:animateLayoutChanges="true">
 
             <LinearLayout
                 android:layout_width="match_parent"
@@ -37,6 +38,8 @@
                 <LinearLayout
                     android:layout_width="match_parent"
                     android:layout_height="wrap_content"
+                    android:paddingTop="4dp"
+                    android:paddingBottom="4dp"
                     android:orientation="horizontal">
 
                     <ImageView
@@ -69,6 +72,7 @@
                             />
 
                         <TextView
+                            android:id="@+id/yubikey_status"
                             android:layout_width="wrap_content"
                             android:layout_height="wrap_content"
                             android:layout_gravity="center_vertical"
@@ -80,13 +84,14 @@
                 </LinearLayout>
 
                 <Button
-                    android:id="@+id/button_import"
+                    android:id="@+id/button_bind"
                     android:layout_width="wrap_content"
                     android:layout_height="wrap_content"
                     android:layout_gravity="right|end"
-                    android:text="Import"
+                    android:text="@string/button_bind_key"
                     android:textColor="@color/link_text_material_light"
                     style="?android:attr/borderlessButtonStyle"
+                    android:visibility="gone"
                     />
 
             </LinearLayout>
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index bcee267fd..f7a9a671e 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1269,5 +1269,9 @@
     <string name="unlocked">Unlocked</string>
     <string name="nfc_settings">Settings</string>
     <string name="snack_yubikey_view">View</string>
+    <string name="button_bind_key">Bind Key</string>
+    <string name="yubikey_serno">"Serial No: %s"</string>
+    <string name="yubikey_key_holder">"Key holder: "</string>
+    <string name="yubikey_key_holder_unset">"Key holder: &lt;unset&gt;"</string>
 
 </resources>

From 2151411219b4e5d609d25fcbb574ccf399f54d6f Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 22 Mar 2015 03:56:58 +0100
Subject: [PATCH 18/80] actually promote to divert, pass yubikey's AID

---
 .../operations/PromoteKeyOperation.java         | 15 ++-------------
 .../operations/results/OperationResult.java     |  1 -
 .../pgp/CanonicalizedPublicKeyRing.java         | 13 +++++++------
 .../keychain/service/KeychainIntentService.java |  5 +++--
 .../keychain/ui/ViewKeyYubikeyFragment.java     | 17 +++++++++--------
 OpenKeychain/src/main/res/values/strings.xml    |  4 +++-
 6 files changed, 24 insertions(+), 31 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java
index 46db30ad0..ef08b0b77 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperation.java
@@ -50,7 +50,7 @@ public class PromoteKeyOperation extends BaseOperation {
         super(context, providerHelper, progressable, cancelled);
     }
 
-    public PromoteKeyResult execute(long masterKeyId) {
+    public PromoteKeyResult execute(long masterKeyId, byte[] cardAid) {
 
         OperationLog log = new OperationLog();
         log.add(LogType.MSG_PR, 0);
@@ -58,27 +58,16 @@ public class PromoteKeyOperation extends BaseOperation {
         // Perform actual type change
         UncachedKeyRing promotedRing;
         {
-
             try {
 
-                // This operation is only allowed for pure public keys
-                // TODO delete secret keys if they are stripped, or have been moved to the card?
-                if (mProviderHelper.getCachedPublicKeyRing(masterKeyId).hasAnySecret()) {
-                    log.add(LogType.MSG_PR_ERROR_ALREADY_SECRET, 2);
-                    return new PromoteKeyResult(PromoteKeyResult.RESULT_ERROR, log, null);
-                }
-
                 log.add(LogType.MSG_PR_FETCHING, 1,
                         KeyFormattingUtils.convertKeyIdToHex(masterKeyId));
                 CanonicalizedPublicKeyRing pubRing =
                         mProviderHelper.getCanonicalizedPublicKeyRing(masterKeyId);
 
                 // create divert-to-card secret key from public key
-                promotedRing = pubRing.createDummySecretRing(true);
+                promotedRing = pubRing.createDivertSecretRing(cardAid);
 
-            } catch (PgpKeyNotFoundException e) {
-                log.add(LogType.MSG_PR_ERROR_KEY_NOT_FOUND, 2);
-                return new PromoteKeyResult(PromoteKeyResult.RESULT_ERROR, log, null);
             } catch (NotFoundException e) {
                 log.add(LogType.MSG_PR_ERROR_KEY_NOT_FOUND, 2);
                 return new PromoteKeyResult(PromoteKeyResult.RESULT_ERROR, log, null);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 561b8f907..47f9271e1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -603,7 +603,6 @@ public abstract class OperationResult implements Parcelable {
 
         // promote key
         MSG_PR (LogLevel.START, R.string.msg_pr),
-        MSG_PR_ERROR_ALREADY_SECRET (LogLevel.ERROR, R.string.msg_pr_error_already_secret),
         MSG_PR_ERROR_KEY_NOT_FOUND (LogLevel.ERROR, R.string.msg_pr_error_key_not_found),
         MSG_PR_FETCHING (LogLevel.DEBUG, R.string.msg_pr_fetching),
         MSG_PR_SUCCESS (LogLevel.OK, R.string.msg_pr_success),
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
index fa5b0785e..8432b8f9f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
@@ -97,14 +97,15 @@ public class CanonicalizedPublicKeyRing extends CanonicalizedKeyRing {
     }
 
     /** Create a dummy secret ring from this key */
-    public UncachedKeyRing createDummySecretRing (boolean divertToCard) {
-
-        PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(),
-                divertToCard
-                        ? S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD
-                        : S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY);
+    public UncachedKeyRing createDummySecretRing () {
+        PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(), null);
         return new UncachedKeyRing(secRing);
+    }
 
+    /** Create a dummy secret ring from this key */
+    public UncachedKeyRing createDivertSecretRing (byte[] cardAid) {
+        PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(), cardAid);
+        return new UncachedKeyRing(secRing);
     }
 
 }
\ No newline at end of file
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index 5a9c146f7..a400066ab 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -187,7 +187,7 @@ public class KeychainIntentService extends IntentService implements Progressable
 
     // promote key
     public static final String PROMOTE_MASTER_KEY_ID = "promote_master_key_id";
-    public static final String PROMOTE_TYPE = "promote_type";
+    public static final String PROMOTE_CARD_AID = "promote_card_aid";
 
     // consolidate
     public static final String CONSOLIDATE_RECOVERY = "consolidate_recovery";
@@ -488,10 +488,11 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 // Input
                 long keyRingId = data.getLong(PROMOTE_MASTER_KEY_ID);
+                byte[] cardAid = data.getByteArray(PROMOTE_CARD_AID);
 
                 // Operation
                 PromoteKeyOperation op = new PromoteKeyOperation(this, providerHelper, this, mActionCanceled);
-                PromoteKeyResult result = op.execute(keyRingId);
+                PromoteKeyResult result = op.execute(keyRingId, cardAid);
 
                 // Result
                 sendMessageToHandler(MessageStatus.OKAY, result);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
index f60b6f299..192d85d58 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
@@ -36,10 +36,10 @@ public class ViewKeyYubikeyFragment extends Fragment
 
     public static final String ARG_FINGERPRINT = "fingerprint";
     public static final String ARG_USER_ID = "user_id";
-    public static final String ARG_AID = "aid";
+    public static final String ARG_CARD_AID = "aid";
     private byte[][] mFingerprints;
     private String mUserId;
-    private byte[] mAid;
+    private byte[] mCardAid;
     private long mMasterKeyId;
     private Button vButton;
     private TextView vStatus;
@@ -51,7 +51,7 @@ public class ViewKeyYubikeyFragment extends Fragment
         Bundle args = new Bundle();
         args.putByteArray(ARG_FINGERPRINT, fingerprints);
         args.putString(ARG_USER_ID, userId);
-        args.putByteArray(ARG_AID, aid);
+        args.putByteArray(ARG_CARD_AID, aid);
         frag.setArguments(args);
 
         return frag;
@@ -70,7 +70,7 @@ public class ViewKeyYubikeyFragment extends Fragment
             buf.get(mFingerprints[i]);
         }
         mUserId = args.getString(ARG_USER_ID);
-        mAid = args.getByteArray(ARG_AID);
+        mCardAid = args.getByteArray(ARG_CARD_AID);
 
         mMasterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mFingerprints[0]);
 
@@ -85,7 +85,7 @@ public class ViewKeyYubikeyFragment extends Fragment
         TextView vSerNo = (TextView) view.findViewById(R.id.yubikey_serno);
         TextView vUserId = (TextView) view.findViewById(R.id.yubikey_userid);
 
-        String serno = Hex.toHexString(mAid, 10, 4);
+        String serno = Hex.toHexString(mCardAid, 10, 4);
         vSerNo.setText(getString(R.string.yubikey_serno, serno));
 
         if (!mUserId.isEmpty()) {
@@ -137,6 +137,7 @@ public class ViewKeyYubikeyFragment extends Fragment
 
         Bundle data = new Bundle();
         data.putLong(KeychainIntentService.PROMOTE_MASTER_KEY_ID, mMasterKeyId);
+        data.putByteArray(KeychainIntentService.PROMOTE_CARD_AID, mCardAid);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
         // Create a new Messenger for the communication back
@@ -192,13 +193,13 @@ public class ViewKeyYubikeyFragment extends Fragment
 
         if (allBound) {
             vButton.setVisibility(View.GONE);
-            vStatus.setText("Key matches, fully bound");
+            vStatus.setText(R.string.yubikey_status_bound);
         } else {
             vButton.setVisibility(View.VISIBLE);
             if (noneBound) {
-                vStatus.setText("Key matches, can be bound");
+                vStatus.setText(R.string.yubikey_status_unbound);
             } else {
-                vStatus.setText("Key matches, partly bound");
+                vStatus.setText(R.string.yubikey_status_partly);
             }
         }
 
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index f7a9a671e..6dfdb8997 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -988,7 +988,6 @@
 
     <!-- Promote key -->
     <string name="msg_pr">"Promoting public key to secret key"</string>
-    <string name="msg_pr_error_already_secret">"Key is already a secret key!"</string>
     <string name="msg_pr_error_key_not_found">"Key not found!"</string>
     <string name="msg_pr_fetching">"Fetching key to modify (%s)"</string>
     <string name="msg_pr_success">"Key successfully promoted"</string>
@@ -1273,5 +1272,8 @@
     <string name="yubikey_serno">"Serial No: %s"</string>
     <string name="yubikey_key_holder">"Key holder: "</string>
     <string name="yubikey_key_holder_unset">"Key holder: &lt;unset&gt;"</string>
+    <string name="yubikey_status_bound">Yubikey matches, bound to key</string>
+    <string name="yubikey_status_unbound">Yubikey matches, can be bound to key</string>
+    <string name="yubikey_status_partly">Yubikey matches, partly bound to key</string>
 
 </resources>

From 212bba18693ebfce2dfa62afde8b11e8f0c2da0d Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 22 Mar 2015 06:36:27 +0100
Subject: [PATCH 19/80] finish ui flow for yubikey import

---
 .../operations/ImportExportOperation.java     |   2 +-
 .../keychain/ui/CreateKeyActivity.java        |  47 +++-
 .../keychain/ui/CreateKeyYubiFragment.java    | 171 ------------
 .../ui/CreateKeyYubiImportFragment.java       | 256 ++++++++++++++++++
 .../keychain/ui/ImportKeysListFragment.java   |  26 +-
 .../keychain/ui/ViewKeyActivity.java          |  20 +-
 .../keychain/ui/ViewKeyYubikeyFragment.java   |   8 +-
 ...xml => create_yubikey_import_fragment.xml} |  75 +++--
 OpenKeychain/src/main/res/values/strings.xml  |  14 +-
 9 files changed, 397 insertions(+), 222 deletions(-)
 delete mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiImportFragment.java
 rename OpenKeychain/src/main/res/layout/{create_yubikey_fragment.xml => create_yubikey_import_fragment.xml} (52%)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportExportOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportExportOperation.java
index 20dba95e9..85538a520 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportExportOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportExportOperation.java
@@ -230,7 +230,7 @@ public class ImportExportOperation extends BaseOperation {
                             }
                         } catch (Keyserver.QueryFailedException e) {
                             Log.e(Constants.TAG, "query failed", e);
-                            log.add(LogType.MSG_IMPORT_FETCH_KEYSERVER_ERROR, 3);
+                            log.add(LogType.MSG_IMPORT_FETCH_KEYSERVER_ERROR, 3, e.getMessage());
                         }
                     }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
index b73d6f545..0b203614b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
@@ -20,6 +20,7 @@ package org.sufficientlysecure.keychain.ui;
 import android.content.Intent;
 import android.os.Bundle;
 import android.support.v4.app.Fragment;
+import android.support.v4.app.FragmentManager;
 import android.support.v4.app.FragmentTransaction;
 
 import org.sufficientlysecure.keychain.R;
@@ -29,9 +30,6 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
-import org.sufficientlysecure.keychain.ui.util.Notify;
-import org.sufficientlysecure.keychain.ui.util.Notify.ActionListener;
-import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.io.IOException;
@@ -45,6 +43,10 @@ public class CreateKeyActivity extends BaseNfcActivity {
     public static final String EXTRA_ADDITIONAL_EMAILS = "additional_emails";
     public static final String EXTRA_PASSPHRASE = "passphrase";
 
+    public static final String EXTRA_NFC_USER_ID = "nfc_user_id";
+    public static final String EXTRA_NFC_AID = "nfc_aid";
+    public static final String EXTRA_NFC_FINGERPRINTS = "nfc_fingerprints";
+
     public static final String FRAGMENT_TAG = "currentFragment";
 
     String mName;
@@ -70,14 +72,29 @@ public class CreateKeyActivity extends BaseNfcActivity {
 
             mCurrentFragment = getSupportFragmentManager().findFragmentByTag(FRAGMENT_TAG);
         } else {
-            // Initialize members with default values for a new instance
-            mName = getIntent().getStringExtra(EXTRA_NAME);
-            mEmail = getIntent().getStringExtra(EXTRA_EMAIL);
-            mFirstTime = getIntent().getBooleanExtra(EXTRA_FIRST_TIME, false);
 
-            // Start with first fragment of wizard
-            CreateKeyStartFragment frag = CreateKeyStartFragment.newInstance();
-            loadFragment(frag, FragAction.START);
+            Intent intent = getIntent();
+            // Initialize members with default values for a new instance
+            mName = intent.getStringExtra(EXTRA_NAME);
+            mEmail = intent.getStringExtra(EXTRA_EMAIL);
+            mFirstTime = intent.getBooleanExtra(EXTRA_FIRST_TIME, false);
+
+            if (intent.hasExtra(EXTRA_NFC_FINGERPRINTS)) {
+                byte[] nfcFingerprints = intent.getByteArrayExtra(EXTRA_NFC_FINGERPRINTS);
+                String nfcUserId = intent.getStringExtra(EXTRA_NFC_USER_ID);
+                byte[] nfcAid = intent.getByteArrayExtra(EXTRA_NFC_AID);
+
+                Fragment frag2 = CreateKeyYubiImportFragment.createInstance(
+                        nfcFingerprints, nfcAid, nfcUserId);
+                loadFragment(frag2, FragAction.START);
+
+                setTitle(R.string.title_import_keys);
+                return;
+            } else {
+                CreateKeyStartFragment frag = CreateKeyStartFragment.newInstance();
+                loadFragment(frag, FragAction.START);
+            }
+
         }
 
         if (mFirstTime) {
@@ -97,15 +114,14 @@ public class CreateKeyActivity extends BaseNfcActivity {
         }
 
         byte[] scannedFingerprints = nfcGetFingerprints();
+        byte[] nfcAid = nfcGetAid();
+        String userId = nfcGetUserId();
 
         try {
             long masterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(scannedFingerprints);
             CachedPublicKeyRing ring = new ProviderHelper(this).getCachedPublicKeyRing(masterKeyId);
             ring.getMasterKeyId();
 
-            String userId = nfcGetUserId();
-            byte[] nfcAid = nfcGetAid();
-
             Intent intent = new Intent(this, ViewKeyActivity.class);
             intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
             intent.putExtra(ViewKeyActivity.EXTRA_NFC_AID, nfcAid);
@@ -115,7 +131,8 @@ public class CreateKeyActivity extends BaseNfcActivity {
             finish();
 
         } catch (PgpKeyNotFoundException e) {
-            Fragment frag = CreateKeyYubiFragment.createInstance(scannedFingerprints);
+            Fragment frag = CreateKeyYubiImportFragment.createInstance(
+                    scannedFingerprints, nfcAid, userId);
             loadFragment(frag, FragAction.TO_RIGHT);
         }
 
@@ -167,8 +184,10 @@ public class CreateKeyActivity extends BaseNfcActivity {
                 break;
 
         }
+
         // do it immediately!
         getSupportFragmentManager().executePendingTransactions();
+
     }
 
     interface NfcListenerFragment {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
deleted file mode 100644
index a1668d22e..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiFragment.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package org.sufficientlysecure.keychain.ui;
-
-import java.nio.ByteBuffer;
-import java.util.ArrayList;
-
-import android.app.Activity;
-import android.content.Intent;
-import android.database.Cursor;
-import android.os.Bundle;
-import android.os.Message;
-import android.os.Messenger;
-import android.support.v4.app.Fragment;
-import android.support.v4.app.LoaderManager;
-import android.view.LayoutInflater;
-import android.view.View;
-import android.view.ViewGroup;
-import android.widget.TextView;
-
-import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
-import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
-import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
-import org.sufficientlysecure.keychain.service.KeychainIntentService;
-import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
-import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
-import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
-import org.sufficientlysecure.keychain.util.Preferences;
-
-public class CreateKeyYubiFragment extends Fragment {
-
-    private static final String ARG_FINGERPRINT = "fingerprint";
-
-    CreateKeyActivity mCreateKeyActivity;
-
-    private byte[] mScannedFingerprint;
-    private long mScannedMasterKeyId;
-
-    private TextView mUnknownFingerprint;
-
-    public static Fragment createInstance(byte[] scannedFingerprint) {
-        Bundle args = new Bundle();
-        args.putByteArray(ARG_FINGERPRINT, scannedFingerprint);
-
-        CreateKeyYubiFragment frag = new CreateKeyYubiFragment();
-        frag.setArguments(args);
-
-        return frag;
-    }
-
-    @Override
-    public void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-
-        mScannedFingerprint = getArguments().getByteArray(ARG_FINGERPRINT);
-        mScannedMasterKeyId = getKeyIdFromFingerprint(mScannedFingerprint);
-
-    }
-
-    @Override
-    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
-        View view = inflater.inflate(R.layout.create_yubikey_fragment, container, false);
-
-        mUnknownFingerprint = (TextView) view.findViewById(R.id.create_yubikey_unknown_fp);
-
-        View mBackButton = view.findViewById(R.id.create_key_back_button);
-        View mNextButton = view.findViewById(R.id.create_key_next_button);
-
-        mBackButton.setOnClickListener(new View.OnClickListener() {
-            @Override
-            public void onClick(View v) {
-                mCreateKeyActivity.loadFragment(null, FragAction.TO_LEFT);
-            }
-        });
-        mNextButton.setOnClickListener(new View.OnClickListener() {
-            @Override
-            public void onClick(View v) {
-                nextClicked();
-            }
-        });
-
-        return view;
-    }
-
-    @Override
-    public void onAttach(Activity activity) {
-        super.onAttach(activity);
-        mCreateKeyActivity = (CreateKeyActivity) getActivity();
-    }
-
-    private void nextClicked() {
-        importKey();
-    }
-
-    public void importKey() {
-
-        // Message is received after decrypting is done in KeychainIntentService
-        KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity()) {
-            public void handleMessage(Message message) {
-                // handle messages by standard KeychainIntentServiceHandler first
-                super.handleMessage(message);
-
-                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
-                    // get returned data bundle
-                    Bundle returnData = message.getData();
-
-                    ImportKeyResult result =
-                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
-
-                    result.createNotify(getActivity()).show();
-                }
-
-            }
-        };
-
-        // Send all information needed to service to decrypt in other thread
-        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
-
-        // fill values for this action
-        Bundle data = new Bundle();
-
-        intent.setAction(KeychainIntentService.ACTION_IMPORT_KEYRING);
-
-        String hexFp = KeyFormattingUtils.convertFingerprintToHex(mScannedFingerprint);
-        ArrayList<ParcelableKeyRing> keyList = new ArrayList<>();
-        keyList.add(new ParcelableKeyRing(hexFp, null, null));
-        data.putParcelableArrayList(KeychainIntentService.IMPORT_KEY_LIST, keyList);
-
-        {
-            Preferences prefs = Preferences.getPreferences(getActivity());
-            Preferences.CloudSearchPrefs cloudPrefs =
-                    new Preferences.CloudSearchPrefs(true, true, prefs.getPreferredKeyserver());
-            data.putString(KeychainIntentService.IMPORT_KEY_SERVER, cloudPrefs.keyserver);
-        }
-
-        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
-
-        // Create a new Messenger for the communication back
-        Messenger messenger = new Messenger(saveHandler);
-        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
-
-        // start service with intent
-        getActivity().startService(intent);
-
-    }
-
-    static long getKeyIdFromFingerprint(byte[] fingerprint) {
-        ByteBuffer buf = ByteBuffer.wrap(fingerprint);
-        // skip first 12 bytes of the fingerprint
-        buf.position(12);
-        // the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
-        return buf.getLong();
-    }
-
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiImportFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiImportFragment.java
new file mode 100644
index 000000000..bb26a4ede
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyYubiImportFragment.java
@@ -0,0 +1,256 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+import java.io.IOException;
+import java.util.ArrayList;
+
+import android.app.Activity;
+import android.app.ProgressDialog;
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.Message;
+import android.os.Messenger;
+import android.support.v4.app.Fragment;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.View.OnClickListener;
+import android.view.ViewGroup;
+import android.widget.TextView;
+
+import org.spongycastle.util.encoders.Hex;
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
+import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
+import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
+import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
+import org.sufficientlysecure.keychain.service.KeychainIntentService;
+import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity.NfcListenerFragment;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.util.Preferences;
+
+
+public class CreateKeyYubiImportFragment extends Fragment implements NfcListenerFragment {
+
+    private static final String ARG_FINGERPRINT = "fingerprint";
+    public static final String ARG_AID = "aid";
+    public static final String ARG_USER_ID = "user_ids";
+
+    CreateKeyActivity mCreateKeyActivity;
+
+    private byte[] mNfcFingerprints;
+    private long mNfcMasterKeyId;
+    private byte[] mNfcAid;
+    private String mNfcUserId;
+    private String mNfcFingerprint;
+    private ImportKeysListFragment mListFragment;
+    private TextView vSerNo;
+    private TextView vUserId;
+
+    public static Fragment createInstance(byte[] scannedFingerprints, byte[] nfcAid, String userId) {
+
+        CreateKeyYubiImportFragment frag = new CreateKeyYubiImportFragment();
+
+        Bundle args = new Bundle();
+        args.putByteArray(ARG_FINGERPRINT, scannedFingerprints);
+        args.putByteArray(ARG_AID, nfcAid);
+        args.putString(ARG_USER_ID, userId);
+        frag.setArguments(args);
+
+        return frag;
+    }
+
+    @Override
+    public void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        Bundle args = savedInstanceState != null ? savedInstanceState : getArguments();
+
+        mNfcFingerprints = args.getByteArray(ARG_FINGERPRINT);
+        mNfcAid = args.getByteArray(ARG_AID);
+        mNfcUserId = args.getString(ARG_USER_ID);
+
+        mNfcMasterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mNfcFingerprints);
+        mNfcFingerprint = KeyFormattingUtils.convertFingerprintToHex(mNfcFingerprints);
+
+    }
+
+    @Override
+    public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
+        View view = inflater.inflate(R.layout.create_yubikey_import_fragment, container, false);
+
+        vSerNo = (TextView) view.findViewById(R.id.yubikey_serno);
+        vUserId = (TextView) view.findViewById(R.id.yubikey_userid);
+
+        {
+            View mBackButton = view.findViewById(R.id.create_key_back_button);
+            mBackButton.setOnClickListener(new View.OnClickListener() {
+                @Override
+                public void onClick(View v) {
+                    if (getFragmentManager().getBackStackEntryCount() == 0) {
+                        getActivity().setResult(Activity.RESULT_CANCELED);
+                        getActivity().finish();
+                    } else {
+                        mCreateKeyActivity.loadFragment(null, FragAction.TO_LEFT);
+                    }
+                }
+            });
+
+            View mNextButton = view.findViewById(R.id.create_key_next_button);
+            mNextButton.setOnClickListener(new View.OnClickListener() {
+                @Override
+                public void onClick(View v) {
+                    importKey();
+                }
+            });
+        }
+
+        mListFragment = ImportKeysListFragment.newInstance(null, null, "0x" + mNfcFingerprint, true);
+
+        view.findViewById(R.id.button_search).setOnClickListener(new OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                refreshSearch();
+            }
+        });
+
+        setData();
+
+        getFragmentManager().beginTransaction()
+                .replace(R.id.yubikey_import_fragment, mListFragment, "yubikey_import")
+                .commit();
+
+        return view;
+    }
+
+    @Override
+    public void onSaveInstanceState(Bundle args) {
+        super.onSaveInstanceState(args);
+
+        args.putByteArray(ARG_FINGERPRINT, mNfcFingerprints);
+        args.putByteArray(ARG_AID, mNfcAid);
+        args.putString(ARG_USER_ID, mNfcUserId);
+    }
+
+    @Override
+    public void onAttach(Activity activity) {
+        super.onAttach(activity);
+        mCreateKeyActivity = (CreateKeyActivity) getActivity();
+    }
+
+    public void setData() {
+        String serno = Hex.toHexString(mNfcAid, 10, 4);
+        vSerNo.setText(getString(R.string.yubikey_serno, serno));
+
+        if (!mNfcUserId.isEmpty()) {
+            vUserId.setText(getString(R.string.yubikey_key_holder, mNfcUserId));
+        } else {
+            vUserId.setText(getString(R.string.yubikey_key_holder_unset));
+        }
+    }
+
+    public void refreshSearch() {
+        mListFragment.loadNew(new ImportKeysListFragment.CloudLoaderState("0x" + mNfcFingerprint,
+                Preferences.getPreferences(getActivity()).getCloudSearchPrefs()));
+    }
+
+    public void importKey() {
+
+        // Message is received after decrypting is done in KeychainIntentService
+        KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity(),
+                getString(R.string.progress_importing), ProgressDialog.STYLE_HORIZONTAL) {
+            public void handleMessage(Message message) {
+                // handle messages by standard KeychainIntentServiceHandler first
+                super.handleMessage(message);
+
+                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+                    // get returned data bundle
+                    Bundle returnData = message.getData();
+
+                    ImportKeyResult result =
+                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
+
+                    if (!result.success()) {
+                        result.createNotify(getActivity()).show();
+                        return;
+                    }
+
+                    Intent intent = new Intent(getActivity(), ViewKeyActivity.class);
+                    intent.setData(KeyRings.buildGenericKeyRingUri(mNfcMasterKeyId));
+                    intent.putExtra(ViewKeyActivity.EXTRA_DISPLAY_RESULT, result);
+                    intent.putExtra(ViewKeyActivity.EXTRA_NFC_AID, mNfcAid);
+                    intent.putExtra(ViewKeyActivity.EXTRA_NFC_USER_ID, mNfcUserId);
+                    intent.putExtra(ViewKeyActivity.EXTRA_NFC_FINGERPRINTS, mNfcFingerprints);
+                    startActivity(intent);
+                    getActivity().finish();
+
+                }
+
+            }
+        };
+
+        // Send all information needed to service to decrypt in other thread
+        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+
+        // fill values for this action
+        Bundle data = new Bundle();
+
+        intent.setAction(KeychainIntentService.ACTION_IMPORT_KEYRING);
+
+        String hexFp = KeyFormattingUtils.convertFingerprintToHex(mNfcFingerprints);
+        ArrayList<ParcelableKeyRing> keyList = new ArrayList<>();
+        keyList.add(new ParcelableKeyRing(hexFp, null, null));
+        data.putParcelableArrayList(KeychainIntentService.IMPORT_KEY_LIST, keyList);
+
+        {
+            Preferences prefs = Preferences.getPreferences(getActivity());
+            Preferences.CloudSearchPrefs cloudPrefs =
+                    new Preferences.CloudSearchPrefs(true, true, prefs.getPreferredKeyserver());
+            data.putString(KeychainIntentService.IMPORT_KEY_SERVER, cloudPrefs.keyserver);
+        }
+
+        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+        // Create a new Messenger for the communication back
+        Messenger messenger = new Messenger(saveHandler);
+        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+        saveHandler.showProgressDialog(getActivity());
+
+        // start service with intent
+        getActivity().startService(intent);
+
+    }
+
+    @Override
+    public void onNfcPerform() throws IOException {
+
+        mNfcFingerprints = mCreateKeyActivity.nfcGetFingerprints();
+        mNfcAid = mCreateKeyActivity.nfcGetAid();
+        mNfcUserId = mCreateKeyActivity.nfcGetUserId();
+
+        mNfcMasterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mNfcFingerprints);
+        mNfcFingerprint = KeyFormattingUtils.convertFingerprintToHex(mNfcFingerprints);
+
+        setData();
+        refreshSearch();
+
+    }
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java
index 6a6140892..b9fdbea5c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java
@@ -53,9 +53,11 @@ import java.util.List;
 
 public class ImportKeysListFragment extends ListFragment implements
         LoaderManager.LoaderCallbacks<AsyncTaskResultWrapper<ArrayList<ImportKeysListEntry>>> {
+
     private static final String ARG_DATA_URI = "uri";
     private static final String ARG_BYTES = "bytes";
-    private static final String ARG_SERVER_QUERY = "query";
+    public static final String ARG_SERVER_QUERY = "query";
+    public static final String ARG_NON_INTERACTIVE = "non_interactive";
 
     private Activity mActivity;
     private ImportKeysAdapter mAdapter;
@@ -66,6 +68,7 @@ public class ImportKeysListFragment extends ListFragment implements
     private static final int LOADER_ID_CLOUD = 1;
 
     private LongSparseArray<ParcelableKeyRing> mCachedKeyData;
+    private boolean mNonInteractive;
 
     public LoaderState getLoaderState() {
         return mLoaderState;
@@ -118,16 +121,19 @@ public class ImportKeysListFragment extends ListFragment implements
 
     }
 
-    /**
-     * Creates new instance of this fragment
-     */
     public static ImportKeysListFragment newInstance(byte[] bytes, Uri dataUri, String serverQuery) {
+        return newInstance(bytes, dataUri, serverQuery, false);
+    }
+
+    public static ImportKeysListFragment newInstance(byte[] bytes, Uri dataUri,
+            String serverQuery, boolean nonInteractive) {
         ImportKeysListFragment frag = new ImportKeysListFragment();
 
         Bundle args = new Bundle();
         args.putByteArray(ARG_BYTES, bytes);
         args.putParcelable(ARG_DATA_URI, dataUri);
         args.putString(ARG_SERVER_QUERY, serverQuery);
+        args.putBoolean(ARG_NON_INTERACTIVE, nonInteractive);
 
         frag.setArguments(args);
 
@@ -173,9 +179,11 @@ public class ImportKeysListFragment extends ListFragment implements
         mAdapter = new ImportKeysAdapter(mActivity);
         setListAdapter(mAdapter);
 
-        Uri dataUri = getArguments().getParcelable(ARG_DATA_URI);
-        byte[] bytes = getArguments().getByteArray(ARG_BYTES);
-        String query = getArguments().getString(ARG_SERVER_QUERY);
+        Bundle args = getArguments();
+        Uri dataUri = args.containsKey(ARG_DATA_URI) ? args.<Uri>getParcelable(ARG_DATA_URI) : null;
+        byte[] bytes = args.containsKey(ARG_BYTES) ? args.getByteArray(ARG_BYTES) : null;
+        String query = args.containsKey(ARG_SERVER_QUERY) ? args.getString(ARG_SERVER_QUERY) : null;
+        mNonInteractive = args.containsKey(ARG_NON_INTERACTIVE) ? args.getBoolean(ARG_NON_INTERACTIVE) : false;
 
         if (dataUri != null || bytes != null) {
             mLoaderState = new BytesLoaderState(bytes, dataUri);
@@ -203,6 +211,10 @@ public class ImportKeysListFragment extends ListFragment implements
     public void onListItemClick(ListView l, View v, int position, long id) {
         super.onListItemClick(l, v, position, id);
 
+        if (mNonInteractive) {
+            return;
+        }
+
         // Select checkbox!
         // Update underlying data and notify adapter of change. The adapter will
         // update the view automatically.
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
index 159b98e0e..3d298ea6c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
@@ -98,6 +98,7 @@ public class ViewKeyActivity extends BaseNfcActivity implements
     static final int REQUEST_QR_FINGERPRINT = 1;
     static final int REQUEST_DELETE = 2;
     static final int REQUEST_EXPORT = 3;
+    public static final String EXTRA_DISPLAY_RESULT = "display_result";
 
     ExportHelper mExportHelper;
     ProviderHelper mProviderHelper;
@@ -268,6 +269,11 @@ public class ViewKeyActivity extends BaseNfcActivity implements
         mNfcHelper = new NfcHelper(this, mProviderHelper);
         mNfcHelper.initNfc(mDataUri);
 
+        if (savedInstanceState == null && getIntent().hasExtra(EXTRA_DISPLAY_RESULT)) {
+            OperationResult result = getIntent().getParcelableExtra(EXTRA_DISPLAY_RESULT);
+            result.createNotify(this).show();
+        }
+
         startFragment(savedInstanceState, mDataUri);
 
         if (savedInstanceState == null && getIntent().hasExtra(EXTRA_NFC_AID)) {
@@ -570,7 +576,19 @@ public class ViewKeyActivity extends BaseNfcActivity implements
                 return;
 
             } catch (PgpKeyNotFoundException e) {
-                Notify.create(this, "Different key stored on Yubikey!", Style.ERROR).show();
+                Notify.create(this, "Different key stored on Yubikey!", Notify.LENGTH_LONG,
+                        Style.WARN, new ActionListener() {
+                            @Override
+                            public void onAction() {
+                                Intent intent = new Intent(
+                                        ViewKeyActivity.this, CreateKeyActivity.class);
+                                intent.putExtra(ViewKeyActivity.EXTRA_NFC_AID, nfcAid);
+                                intent.putExtra(ViewKeyActivity.EXTRA_NFC_USER_ID, nfcUserId);
+                                intent.putExtra(ViewKeyActivity.EXTRA_NFC_FINGERPRINTS, nfcFingerprints);
+                                startActivity(intent);
+                                finish();
+                            }
+                        }, R.string.snack_yubikey_import).show();
                 return;
             }
         }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
index 192d85d58..1d87bef3e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
@@ -196,11 +196,9 @@ public class ViewKeyYubikeyFragment extends Fragment
             vStatus.setText(R.string.yubikey_status_bound);
         } else {
             vButton.setVisibility(View.VISIBLE);
-            if (noneBound) {
-                vStatus.setText(R.string.yubikey_status_unbound);
-            } else {
-                vStatus.setText(R.string.yubikey_status_partly);
-            }
+            vStatus.setText(noneBound
+                    ? R.string.yubikey_status_unbound
+                    : R.string.yubikey_status_partly);
         }
 
     }
diff --git a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml b/OpenKeychain/src/main/res/layout/create_yubikey_import_fragment.xml
similarity index 52%
rename from OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
rename to OpenKeychain/src/main/res/layout/create_yubikey_import_fragment.xml
index 0f5e50d42..e70188e49 100644
--- a/OpenKeychain/src/main/res/layout/create_yubikey_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/create_yubikey_import_fragment.xml
@@ -3,38 +3,79 @@
     android:layout_width="match_parent"
     android:layout_height="match_parent">
 
-    <ScrollView
+    <LinearLayout
         android:layout_width="match_parent"
-        android:layout_height="match_parent"
-        android:fillViewport="true"
-        android:layout_above="@+id/create_key_buttons">
+        android:layout_height="wrap_content"
+        android:padding="4dp"
+        android:orientation="horizontal"
+        android:id="@+id/yubikey_status_layout" >
+
+        <ImageView
+            android:layout_margin="14dp"
+            android:layout_width="32dp"
+            android:layout_height="32dp"
+            android:scaleType="centerCrop"
+            android:src="@drawable/yubi_icon"/>
 
         <LinearLayout
-            android:layout_width="match_parent"
+            android:layout_width="wrap_content"
             android:layout_height="wrap_content"
+            android:layout_gravity="center_vertical"
+            android:layout_weight="1"
             android:orientation="vertical">
 
             <TextView
+                android:id="@+id/yubikey_serno"
                 android:layout_width="wrap_content"
                 android:layout_height="wrap_content"
-                android:layout_marginTop="16dp"
-                android:layout_marginLeft="8dp"
-                android:textAppearance="?android:attr/textAppearanceMedium"
-                android:id="@+id/create_yubikey_unknown_fp"
-                android:text="(yubikey fingerprint)" />
+                android:layout_gravity="center_vertical"
+                android:text="Yubikey #"
+                />
 
             <TextView
+                android:id="@+id/yubikey_userid"
                 android:layout_width="wrap_content"
                 android:layout_height="wrap_content"
-                android:layout_marginTop="16dp"
-                android:layout_marginLeft="8dp"
-                android:textAppearance="?android:attr/textAppearanceMedium"
-                android:text="Hit next to import this key"
+                android:layout_gravity="center_vertical"
+                android:text="User ID"
+                />
+
+            <TextView
+                android:id="@+id/yubikey_status"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:layout_gravity="center_vertical"
+                android:text="Unknown key, hit next to import"
                 />
 
         </LinearLayout>
 
-    </ScrollView>
+        <ImageButton
+            android:id="@+id/button_search"
+            android:layout_width="wrap_content"
+            android:layout_height="match_parent"
+            android:padding="8dp"
+            android:src="@drawable/ic_search_grey_24dp"
+            android:layout_gravity="center_vertical"
+            android:background="?android:selectableItemBackground" />
+
+    </LinearLayout>
+
+    <View
+        android:layout_width="match_parent"
+        android:layout_marginTop="4dp"
+        android:layout_height="1dip"
+        android:layout_below="@id/yubikey_status_layout"
+        android:background="?android:attr/listDivider" />
+
+    <FrameLayout
+        android:id="@+id/yubikey_import_fragment"
+        android:layout_marginTop="8dp"
+        android:layout_width="fill_parent"
+        android:layout_height="wrap_content"
+        android:layout_below="@id/yubikey_status_layout"
+        android:layout_above="@id/create_key_buttons"
+        />
 
     <LinearLayout
         android:layout_width="match_parent"
@@ -71,10 +112,10 @@
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:layout_weight="1"
-            android:text="@string/btn_next"
+            android:text="@string/btn_import"
             android:textAllCaps="true"
             android:minHeight="?android:attr/listPreferredItemHeight"
-            android:drawableRight="@drawable/ic_chevron_right_grey_24dp"
+            android:drawableRight="@drawable/ic_key_plus_grey600_24dp"
             android:drawablePadding="8dp"
             android:gravity="right|center_vertical"
             android:clickable="true"
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 6dfdb8997..27eda28a0 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1124,7 +1124,7 @@
     <string name="msg_import_fetch_error_decode">"Error decoding retrieved keyring!"</string>
     <string name="msg_import_fetch_error">"Key could not be retrieved! (Network problems?)"</string>
     <string name="msg_import_fetch_keybase">"Retrieving from keybase.io: %s"</string>
-    <string name="msg_import_fetch_keyserver_error">"Could not retrieve key from keybase!"</string>
+    <string name="msg_import_fetch_keyserver_error">"Could not retrieve key from keyservers: %s"</string>
     <string name="msg_import_fetch_keyserver">"Retrieving from keyserver: %s"</string>
     <string name="msg_import_fetch_keyserver_ok">"Key retrieval successful"</string>
     <string name="msg_import_keyserver">"Using keyserver %s"</string>
@@ -1267,13 +1267,15 @@
     <string name="nfc_write_succesful">Successfully written on NFC tag</string>
     <string name="unlocked">Unlocked</string>
     <string name="nfc_settings">Settings</string>
-    <string name="snack_yubikey_view">View</string>
-    <string name="button_bind_key">Bind Key</string>
+    <string name="snack_yubikey_view">"View"</string>
+    <string name="snack_yubikey_import">"Import"</string>
+    <string name="button_bind_key">"Bind Key"</string>
     <string name="yubikey_serno">"Serial No: %s"</string>
     <string name="yubikey_key_holder">"Key holder: "</string>
     <string name="yubikey_key_holder_unset">"Key holder: &lt;unset&gt;"</string>
-    <string name="yubikey_status_bound">Yubikey matches, bound to key</string>
-    <string name="yubikey_status_unbound">Yubikey matches, can be bound to key</string>
-    <string name="yubikey_status_partly">Yubikey matches, partly bound to key</string>
+    <string name="yubikey_status_bound">"Yubikey matches, bound to key"</string>
+    <string name="yubikey_status_unbound">"Yubikey matches, can be bound to key"</string>
+    <string name="yubikey_status_partly">"Yubikey matches, partly bound to key"</string>
+    <string name="btn_import">"Import"</string>
 
 </resources>

From 2e838e4cce32a5926466b6069a58c6a3579c12bf Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 22 Mar 2015 06:48:33 +0100
Subject: [PATCH 20/80] enable nfc in import dialog as well

---
 .../keychain/ui/ImportKeysActivity.java       |  4 +-
 .../keychain/ui/ViewKeyActivity.java          |  4 +-
 .../keychain/ui/base/BaseNfcActivity.java     | 46 ++++++++++++++++++-
 OpenKeychain/src/main/res/values/strings.xml  |  3 +-
 4 files changed, 51 insertions(+), 6 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java
index 9a7c405d0..72ae1c73a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java
@@ -38,6 +38,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.ui.base.BaseActivity;
+import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
@@ -47,7 +48,8 @@ import org.sufficientlysecure.keychain.util.ParcelableFileCache.IteratorWithSize
 import java.io.IOException;
 import java.util.ArrayList;
 
-public class ImportKeysActivity extends BaseActivity {
+public class ImportKeysActivity extends BaseNfcActivity {
+
     public static final String ACTION_IMPORT_KEY = OpenKeychainIntents.IMPORT_KEY;
     public static final String ACTION_IMPORT_KEY_FROM_KEYSERVER = OpenKeychainIntents.IMPORT_KEY_FROM_KEYSERVER;
     public static final String ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_RESULT =
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
index 3d298ea6c..fad477de3 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
@@ -559,7 +559,7 @@ public class ViewKeyActivity extends BaseNfcActivity implements
                 CachedPublicKeyRing ring = mProviderHelper.getCachedPublicKeyRing(masterKeyId);
                 ring.getMasterKeyId();
 
-                Notify.create(this, "Different key stored on Yubikey!", Notify.LENGTH_LONG,
+                Notify.create(this, R.string.snack_yubi_other, Notify.LENGTH_LONG,
                         Style.WARN, new ActionListener() {
                             @Override
                             public void onAction() {
@@ -576,7 +576,7 @@ public class ViewKeyActivity extends BaseNfcActivity implements
                 return;
 
             } catch (PgpKeyNotFoundException e) {
-                Notify.create(this, "Different key stored on Yubikey!", Notify.LENGTH_LONG,
+                Notify.create(this, R.string.snack_yubi_other, Notify.LENGTH_LONG,
                         Style.WARN, new ActionListener() {
                             @Override
                             public void onAction() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index 2fd88fd66..2c2cb6067 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -16,9 +16,20 @@ import android.widget.Toast;
 import org.spongycastle.bcpg.HashAlgorithmTags;
 import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
+import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
+import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
+import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
 import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
+import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.ui.util.Notify;
+import org.sufficientlysecure.keychain.ui.util.Notify.ActionListener;
+import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.util.Iso7816TLV;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
@@ -190,7 +201,38 @@ public abstract class BaseNfcActivity extends BaseActivity {
 
     }
 
-    protected abstract void onNfcPerform() throws IOException;
+    protected void onNfcPerform() throws IOException {
+
+        final byte[] nfcFingerprints = nfcGetFingerprints();
+        final String nfcUserId = nfcGetUserId();
+        final byte[] nfcAid = nfcGetAid();
+
+        String fp = KeyFormattingUtils.convertFingerprintToHex(nfcFingerprints);
+        final long masterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(nfcFingerprints);
+
+        try {
+            CachedPublicKeyRing ring = new ProviderHelper(this).getCachedPublicKeyRing(masterKeyId);
+            ring.getMasterKeyId();
+
+            Intent intent = new Intent(
+                    BaseNfcActivity.this, ViewKeyActivity.class);
+            intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
+            intent.putExtra(ViewKeyActivity.EXTRA_NFC_AID, nfcAid);
+            intent.putExtra(ViewKeyActivity.EXTRA_NFC_USER_ID, nfcUserId);
+            intent.putExtra(ViewKeyActivity.EXTRA_NFC_FINGERPRINTS, nfcFingerprints);
+            startActivity(intent);
+            finish();
+        } catch (PgpKeyNotFoundException e) {
+            Intent intent = new Intent(
+                    BaseNfcActivity.this, CreateKeyActivity.class);
+            intent.putExtra(CreateKeyActivity.EXTRA_NFC_AID, nfcAid);
+            intent.putExtra(CreateKeyActivity.EXTRA_NFC_USER_ID, nfcUserId);
+            intent.putExtra(CreateKeyActivity.EXTRA_NFC_FINGERPRINTS, nfcFingerprints);
+            startActivity(intent);
+            finish();
+        }
+
+    }
 
     /** Return the key id from application specific data stored on tag, or null
      * if it doesn't exist.
@@ -242,7 +284,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
         // return the master key fingerprint
         ByteBuffer fpbuf = ByteBuffer.wrap(data);
         byte[] fp = new byte[20];
-        fpbuf.position(idx*20);
+        fpbuf.position(idx * 20);
         fpbuf.get(fp, 0, 20);
 
         return fp;
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 27eda28a0..6aefbc7f5 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1273,9 +1273,10 @@
     <string name="yubikey_serno">"Serial No: %s"</string>
     <string name="yubikey_key_holder">"Key holder: "</string>
     <string name="yubikey_key_holder_unset">"Key holder: &lt;unset&gt;"</string>
-    <string name="yubikey_status_bound">"Yubikey matches, bound to key"</string>
+    <string name="yubikey_status_bound">"Yubikey matches and is bound to key"</string>
     <string name="yubikey_status_unbound">"Yubikey matches, can be bound to key"</string>
     <string name="yubikey_status_partly">"Yubikey matches, partly bound to key"</string>
     <string name="btn_import">"Import"</string>
+    <string name="snack_yubi_other">Different key stored on Yubikey!</string>
 
 </resources>

From 5d5e06cabdd6400530f6dcef940ed8a72ab94fac Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 22 Mar 2015 07:21:27 +0100
Subject: [PATCH 21/80] fix unit test and add new for divert-to-card promotion

---
 .../operations/PromoteKeyOperationTest.java   | 35 +++++++++++++++----
 .../keychain/pgp/CanonicalizedSecretKey.java  |  4 +++
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java
index 34a4bed25..617b5762c 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java
@@ -27,9 +27,12 @@ import org.robolectric.RobolectricTestRunner;
 import org.robolectric.shadows.ShadowLog;
 import org.spongycastle.bcpg.sig.KeyFlags;
 import org.spongycastle.jce.provider.BouncyCastleProvider;
+import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
 import org.sufficientlysecure.keychain.operations.results.PromoteKeyResult;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
@@ -101,7 +104,7 @@ public class PromoteKeyOperationTest {
         PromoteKeyOperation op = new PromoteKeyOperation(Robolectric.application,
                 new ProviderHelper(Robolectric.application), null, null);
 
-        PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId());
+        PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId(), null);
 
         Assert.assertTrue("promotion must succeed", result.success());
 
@@ -113,15 +116,35 @@ public class PromoteKeyOperationTest {
             Iterator<UncachedPublicKey> it = mStaticRing.getPublicKeys();
             while (it.hasNext()) {
                 long keyId = it.next().getKeyId();
-                Assert.assertEquals("all subkeys must be divert-to-card",
+                Assert.assertEquals("all subkeys must be gnu dummy",
                         SecretKeyType.GNU_DUMMY, ring.getSecretKeyType(keyId));
             }
         }
 
-        // second attempt should fail
-        result = op.execute(mStaticRing.getMasterKeyId());
-        Assert.assertFalse("promotion of secret key must fail", result.success());
-
     }
 
+    @Test
+    public void testPromoteDivert() throws Exception {
+        PromoteKeyOperation op = new PromoteKeyOperation(Robolectric.application,
+                new ProviderHelper(Robolectric.application), null, null);
+
+        byte[] aid = Hex.decode("D2760001240102000000012345670000");
+
+        PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId(), aid);
+
+        Assert.assertTrue("promotion must succeed", result.success());
+
+        {
+            CanonicalizedSecretKeyRing ring = new ProviderHelper(Robolectric.application)
+                    .getCanonicalizedSecretKeyRing(mStaticRing.getMasterKeyId());
+
+            for (CanonicalizedSecretKey key : ring.secretKeyIterator()) {
+                Assert.assertEquals("all subkeys must be divert-to-card",
+                        SecretKeyType.DIVERT_TO_CARD, key.getSecretKeyType());
+                Assert.assertArrayEquals("all subkeys must have correct iv",
+                        aid, key.getIv());
+            }
+
+        }
+    }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index 21b6e551b..30be72dd5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -278,6 +278,10 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         }
     }
 
+    public byte[] getIv() {
+        return mSecretKey.getIV();
+    }
+
     static class PrivateKeyNotUnlockedException extends RuntimeException {
         // this exception is a programming error which happens when an operation which requires
         // the private key is called without a previous call to unlock()

From b2365fcb97f5dd271df1b8da1a770131201fc2e8 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Sun, 22 Mar 2015 07:33:41 +0100
Subject: [PATCH 22/80] forgot spongycastle update

---
 extern/spongycastle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extern/spongycastle b/extern/spongycastle
index 4bb0180fa..2c744ebad 160000
--- a/extern/spongycastle
+++ b/extern/spongycastle
@@ -1 +1 @@
-Subproject commit 4bb0180faa920f4e8cf3d482976a34e4df982a8d
+Subproject commit 2c744ebade816d2e4f65f3734db373e4c19c2e4f

From 3bb194fc080e5945dc8bdbeea9b91cf801406c32 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Mon, 23 Mar 2015 01:09:39 +0100
Subject: [PATCH 23/80] nicer handling of nfc errors

---
 .../keychain/ui/base/BaseNfcActivity.java           | 13 ++++++++-----
 OpenKeychain/src/main/res/values/strings.xml        |  1 +
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index 2c2cb6067..365d32918 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -28,7 +28,6 @@ import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
 import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.Notify;
-import org.sufficientlysecure.keychain.ui.util.Notify.ActionListener;
 import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.util.Iso7816TLV;
 import org.sufficientlysecure.keychain.util.Log;
@@ -68,14 +67,18 @@ public abstract class BaseNfcActivity extends BaseActivity {
             try {
                 handleNdefDiscoveredIntent(intent);
             } catch (IOException e) {
-                Log.e(Constants.TAG, "Connection error!", e);
-                toast("Connection Error: " + e.getMessage());
-                setResult(RESULT_CANCELED);
-                finish();
+                handleNfcError(e);
             }
         }
     }
 
+    public void handleNfcError(IOException e) {
+
+        Log.e(Constants.TAG, "nfc error", e);
+        Notify.create(this, getString(R.string.error_nfc, e.getMessage()), Style.WARN).show();
+
+    }
+
     /**
      * Called when the system is about to start resuming a previous activity,
      * disables NFC Foreground Dispatch
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 6aefbc7f5..402dcdf7c 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1278,5 +1278,6 @@
     <string name="yubikey_status_partly">"Yubikey matches, partly bound to key"</string>
     <string name="btn_import">"Import"</string>
     <string name="snack_yubi_other">Different key stored on Yubikey!</string>
+    <string name="error_nfc">"NFC Error: %s"</string>
 
 </resources>

From c694d73cab1edf91cb94d53cc8352ca93f0eb6ce Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Mon, 23 Mar 2015 01:44:14 +0100
Subject: [PATCH 24/80] further improve yubikey error handling

---
 .../service/PassphraseCacheService.java       | 40 ++++++++++++++++---
 .../service/input/RequiredInputParcel.java    |  4 ++
 .../keychain/ui/NfcOperationActivity.java     | 22 ++++++++++
 .../keychain/ui/base/BaseNfcActivity.java     | 35 ++++++++--------
 OpenKeychain/src/main/res/values/strings.xml  |  1 +
 5 files changed, 78 insertions(+), 24 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index ee481ad31..5e8ad96cd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -124,7 +124,7 @@ public class PassphraseCacheService extends Service {
     public static void addCachedPassphrase(Context context, long masterKeyId, long subKeyId,
                                            Passphrase passphrase,
                                            String primaryUserId) {
-        Log.d(Constants.TAG, "PassphraseCacheService.cacheNewPassphrase() for " + masterKeyId);
+        Log.d(Constants.TAG, "PassphraseCacheService.addCachedPassphrase() for " + masterKeyId);
 
         Intent intent = new Intent(context, PassphraseCacheService.class);
         intent.setAction(ACTION_PASSPHRASE_CACHE_ADD);
@@ -138,6 +138,19 @@ public class PassphraseCacheService extends Service {
         context.startService(intent);
     }
 
+    public static void clearCachedPassphrase(Context context, long masterKeyId, long subKeyId) {
+        Log.d(Constants.TAG, "PassphraseCacheService.clearCachedPassphrase() for " + masterKeyId);
+
+        Intent intent = new Intent(context, PassphraseCacheService.class);
+        intent.setAction(ACTION_PASSPHRASE_CACHE_CLEAR);
+
+        intent.putExtra(EXTRA_KEY_ID, masterKeyId);
+        intent.putExtra(EXTRA_SUBKEY_ID, subKeyId);
+
+        context.startService(intent);
+    }
+
+
     /**
      * Gets a cached passphrase from memory by sending an intent to the service. This method is
      * designed to wait until the service returns the passphrase.
@@ -395,12 +408,27 @@ public class PassphraseCacheService extends Service {
             } else if (ACTION_PASSPHRASE_CACHE_CLEAR.equals(intent.getAction())) {
                 AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
 
-                // Stop all ttl alarms
-                for (int i = 0; i < mPassphraseCache.size(); i++) {
-                    am.cancel(buildIntent(this, mPassphraseCache.keyAt(i)));
-                }
+                if (intent.hasExtra(EXTRA_SUBKEY_ID) && intent.hasExtra(EXTRA_KEY_ID)) {
 
-                mPassphraseCache.clear();
+                    long keyId;
+                    if (Preferences.getPreferences(mContext).getPassphraseCacheSubs()) {
+                        keyId = intent.getLongExtra(EXTRA_KEY_ID, 0L);
+                    } else {
+                        keyId = intent.getLongExtra(EXTRA_SUBKEY_ID, 0L);
+                    }
+                    // Stop specific ttl alarm and
+                    am.cancel(buildIntent(this, keyId));
+                    mPassphraseCache.delete(keyId);
+
+                } else {
+
+                    // Stop all ttl alarms
+                    for (int i = 0; i < mPassphraseCache.size(); i++) {
+                        am.cancel(buildIntent(this, mPassphraseCache.keyAt(i)));
+                    }
+                    mPassphraseCache.clear();
+
+                }
 
                 updateService();
             } else {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
index d8d87114e..471fc0ec9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
@@ -56,6 +56,10 @@ public class RequiredInputParcel implements Parcelable {
 
     }
 
+    public long getMasterKeyId() {
+        return mMasterKeyId;
+    }
+
     public long getSubKeyId() {
         return mSubKeyId;
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index 549d9ece7..511183b04 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -14,10 +14,12 @@ import android.view.WindowManager;
 
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Preferences;
 
 import java.io.IOException;
 
@@ -89,4 +91,24 @@ public class NfcOperationActivity extends BaseNfcActivity {
         finish();
 
     }
+
+    @Override
+    public void handlePinError() {
+
+        // avoid a loop
+        Preferences prefs = Preferences.getPreferences(this);
+        if (prefs.useDefaultYubikeyPin()) {
+            toast(getString(R.string.error_pin_nodefault));
+            setResult(RESULT_CANCELED);
+            finish();
+            return;
+        }
+
+        // clear (invalid) passphrase
+        PassphraseCacheService.clearCachedPassphrase(
+                this, mRequiredInput.getMasterKeyId(), mRequiredInput.getSubKeyId());
+
+        obtainYubikeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
+
+    }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index 365d32918..a8a5a1f28 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -79,6 +79,12 @@ public abstract class BaseNfcActivity extends BaseActivity {
 
     }
 
+    public void handlePinError() {
+        toast("Wrong PIN!");
+        setResult(RESULT_CANCELED);
+        finish();
+    }
+
     /**
      * Called when the system is about to start resuming a previous activity,
      * disables NFC Foreground Dispatch
@@ -170,10 +176,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
                         + "D27600012401" // Data (6 bytes)
                         + "00"; // Le
         if ( ! nfcCommunicate(opening).equals(accepted)) { // activate connection
-            toast("Opening Error!");
-            setResult(RESULT_CANCELED);
-            finish();
-            return;
+            throw new IOException("Initialization failed!");
         }
 
         if (mPin != null) {
@@ -189,9 +192,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
                             + String.format("%02x", pin.length) // Lc
                             + Hex.toHexString(pin);
             if (!nfcCommunicate(login).equals(accepted)) { // login
-                toast("Wrong PIN!");
-                setResult(RESULT_CANCELED);
-                finish();
+                handlePinError();
                 return;
             }
 
@@ -321,7 +322,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
         switch (hashAlgo) {
             case HashAlgorithmTags.SHA1:
                 if (hash.length != 20) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 10!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 10!");
                 }
                 dsi = "23" // Lc
                         + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
@@ -332,36 +333,36 @@ public abstract class BaseNfcActivity extends BaseActivity {
                 break;
             case HashAlgorithmTags.RIPEMD160:
                 if (hash.length != 20) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 20!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 20!");
                 }
                 dsi = "233021300906052B2403020105000414" + getHex(hash);
                 break;
             case HashAlgorithmTags.SHA224:
                 if (hash.length != 28) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 28!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 28!");
                 }
                 dsi = "2F302D300D06096086480165030402040500041C" + getHex(hash);
                 break;
             case HashAlgorithmTags.SHA256:
                 if (hash.length != 32) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 32!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 32!");
                 }
                 dsi = "333031300D060960864801650304020105000420" + getHex(hash);
                 break;
             case HashAlgorithmTags.SHA384:
                 if (hash.length != 48) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 48!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 48!");
                 }
                 dsi = "433041300D060960864801650304020205000430" + getHex(hash);
                 break;
             case HashAlgorithmTags.SHA512:
                 if (hash.length != 64) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 64!");
+                    throw new IOException("Bad hash length (" + hash.length + ", expected 64!");
                 }
                 dsi = "533051300D060960864801650304020305000440" + getHex(hash);
                 break;
             default:
-                throw new RuntimeException("Not supported hash algo!");
+                throw new IOException("Not supported hash algo!");
         }
 
         // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
@@ -388,14 +389,12 @@ public abstract class BaseNfcActivity extends BaseActivity {
         Log.d(Constants.TAG, "final response:" + status);
 
         if ( ! "9000".equals(status)) {
-            toast("Bad NFC response code: " + status);
-            return null;
+            throw new IOException("Bad NFC response code: " + status);
         }
 
         // Make sure the signature we received is actually the expected number of bytes long!
         if (signature.length() != 256 && signature.length() != 512) {
-            toast("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2);
-            return null;
+            throw new IOException("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2);
         }
 
         return Hex.decode(signature);
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 402dcdf7c..c8e5ea7ca 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1279,5 +1279,6 @@
     <string name="btn_import">"Import"</string>
     <string name="snack_yubi_other">Different key stored on Yubikey!</string>
     <string name="error_nfc">"NFC Error: %s"</string>
+    <string name="error_pin_nodefault">Default PIN was rejected!</string>
 
 </resources>

From 5e024bba2e7b5a0d91735488f9d31850cbf81d8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 25 Mar 2015 10:50:55 +0100
Subject: [PATCH 25/80] Remove backward compat in CertifyKeyFragment

---
 .../keychain/ui/CertifyKeyFragment.java        | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
index a669fcc8c..44773e501 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
@@ -25,8 +25,6 @@ import android.database.Cursor;
 import android.database.MatrixCursor;
 import android.graphics.PorterDuff;
 import android.net.Uri;
-import android.os.Build.VERSION;
-import android.os.Build.VERSION_CODES;
 import android.os.Bundle;
 import android.os.Message;
 import android.os.Messenger;
@@ -55,19 +53,16 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
 import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
-import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
-import org.sufficientlysecure.keychain.service.PassphraseCacheService;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.adapter.MultiUserIdsAdapter;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.ui.widget.CertifyKeySpinner;
 import org.sufficientlysecure.keychain.ui.widget.KeySpinner;
 import org.sufficientlysecure.keychain.util.Log;
-import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.Preferences;
 
-import java.lang.reflect.Method;
 import java.util.ArrayList;
 
 
@@ -218,17 +213,6 @@ public class CertifyKeyFragment extends CryptoOperationFragment
         }) {
             @Override
             public byte[] getBlob(int column) {
-                // For some reason, getBlob was not implemented before ICS
-                if (VERSION.SDK_INT < VERSION_CODES.ICE_CREAM_SANDWICH) {
-                    try {
-                        // haha, yes there is int.class
-                        Method m = MatrixCursor.class.getDeclaredMethod("get", new Class[]{int.class});
-                        m.setAccessible(true);
-                        return (byte[]) m.invoke(this, 1);
-                    } catch (Exception e) {
-                        throw new UnsupportedOperationException(e);
-                    }
-                }
                 return super.getBlob(column);
             }
         };

From 1ef63f31879f599851058c0d36918df4fb671fc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 25 Mar 2015 11:12:52 +0100
Subject: [PATCH 26/80] Fix certify with CryptoInputParcel

---
 .../keychain/ui/CertifyKeyFragment.java              |  2 +-
 .../keychain/ui/EditKeyFragment.java                 |  2 +-
 .../keychain/ui/EncryptDecryptOverviewFragment.java  | 12 ++++--------
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
index 44773e501..20a280a54 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
@@ -164,7 +164,7 @@ public class CertifyKeyFragment extends CryptoOperationFragment
                     Notify.create(getActivity(), getString(R.string.select_key_to_certify),
                             Notify.Style.ERROR).show();
                 } else {
-                    cryptoOperation(null);
+                    cryptoOperation(new CryptoInputParcel());
                 }
             }
         });
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
index 2375c1d30..bf17c2991 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
@@ -151,7 +151,7 @@ public class EditKeyFragment extends CryptoOperationFragment implements
                         if (mDataUri == null) {
                             returnKeyringParcel();
                         } else {
-                            cryptoOperation(new CryptoInputParcel(new Date()));
+                            cryptoOperation(new CryptoInputParcel());
                         }
                     }
                 }, new OnClickListener() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptDecryptOverviewFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptDecryptOverviewFragment.java
index a498d0763..a6fad8881 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptDecryptOverviewFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptDecryptOverviewFragment.java
@@ -37,10 +37,6 @@ import java.util.regex.Matcher;
 
 public class EncryptDecryptOverviewFragment extends Fragment {
 
-    View mEncryptFile;
-    View mEncryptText;
-    View mDecryptFile;
-    View mDecryptFromClipboard;
     View mClipboardIcon;
 
     @Override
@@ -53,10 +49,10 @@ public class EncryptDecryptOverviewFragment extends Fragment {
     public View onCreateView(LayoutInflater inflater, @Nullable ViewGroup container, @Nullable Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.encrypt_decrypt_overview_fragment, container, false);
 
-        mEncryptFile = view.findViewById(R.id.encrypt_files);
-        mEncryptText = view.findViewById(R.id.encrypt_text);
-        mDecryptFile = view.findViewById(R.id.decrypt_files);
-        mDecryptFromClipboard = view.findViewById(R.id.decrypt_from_clipboard);
+        View mEncryptFile = view.findViewById(R.id.encrypt_files);
+        View mEncryptText = view.findViewById(R.id.encrypt_text);
+        View mDecryptFile = view.findViewById(R.id.decrypt_files);
+        View mDecryptFromClipboard = view.findViewById(R.id.decrypt_from_clipboard);
         mClipboardIcon = view.findViewById(R.id.clipboard_icon);
 
         mEncryptFile.setOnClickListener(new View.OnClickListener() {

From 76db0b3b8e8c474a50e17b165657c1a24f8e6be0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Thu, 26 Mar 2015 11:04:20 +0100
Subject: [PATCH 27/80] Start refactoring encrypt ui, EncryptFileActivity no
 longer crashing

---
 .../keychain/ui/CryptoOperationFragment.java  |   3 +-
 .../ui/EncryptAsymmetricFragment.java         |  84 ++--
 .../keychain/ui/EncryptFilesActivity.java     | 432 +++--------------
 .../keychain/ui/EncryptFilesFragment.java     | 436 ++++++++++++++++--
 .../keychain/ui/EncryptSymmetricFragment.java |  35 +-
 .../keychain/ui/EncryptTextActivity.java      |  47 +-
 .../res/layout/encrypt_files_activity.xml     |  10 +-
 .../res/layout/encrypt_files_fragment.xml     |   6 +-
 .../main/res/layout/encrypt_text_activity.xml |   2 +-
 9 files changed, 539 insertions(+), 516 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
index 592c7db22..076c628b4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -51,8 +51,9 @@ public abstract class CryptoOperationFragment extends Fragment {
                     CryptoInputParcel cryptoInput =
                             data.getParcelableExtra(PassphraseDialogActivity.RESULT_DATA);
                     cryptoOperation(cryptoInput);
+                    return;
                 }
-                return;
+                break;
             }
 
             case REQUEST_CODE_NFC: {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java
index c5404094a..06c711b92 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2014-2015 Dominik Schürmann <dominik@dominikschuermann.de>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -40,7 +40,17 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
-public class EncryptAsymmetricFragment extends Fragment implements EncryptActivityInterface.UpdateListener {
+public class EncryptAsymmetricFragment extends Fragment {
+
+    public interface IAsymmetric {
+
+        public void onSignatureKeyIdChanged(long signatureKeyId);
+
+        public void onEncryptionKeyIdsChanged(long[] encryptionKeyIds);
+
+        public void onEncryptionUserIdsChanged(String[] encryptionUserIds);
+    }
+
     ProviderHelper mProviderHelper;
 
     // view
@@ -48,37 +58,43 @@ public class EncryptAsymmetricFragment extends Fragment implements EncryptActivi
     private EncryptKeyCompletionView mEncryptKeyView;
 
     // model
-    private EncryptActivityInterface mEncryptInterface;
+    private IAsymmetric mEncryptInterface;
 
-    @Override
-    public void onNotifyUpdate() {
-        if (mSign != null) {
-            mSign.setSelectedKeyId(mEncryptInterface.getSignatureKey());
-        }
+//    @Override
+//    public void onNotifyUpdate() {
+//        if (mSign != null) {
+//            mSign.setSelectedKeyId(mEncryptInterface.getSignatureKey());
+//        }
+//    }
+
+    public static final String ARG_SINGATURE_KEY_ID = "signature_key_id";
+    public static final String ARG_ENCRYPTION_KEY_IDS = "encryption_key_ids";
+
+
+    /**
+     * Creates new instance of this fragment
+     */
+    public static EncryptAsymmetricFragment newInstance(long signatureKey, long[] encryptionKeyIds) {
+        EncryptAsymmetricFragment frag = new EncryptAsymmetricFragment();
+
+        Bundle args = new Bundle();
+        args.putLong(ARG_SINGATURE_KEY_ID, signatureKey);
+        args.putLongArray(ARG_ENCRYPTION_KEY_IDS, encryptionKeyIds);
+        frag.setArguments(args);
+
+        return frag;
     }
 
     @Override
     public void onAttach(Activity activity) {
         super.onAttach(activity);
         try {
-            mEncryptInterface = (EncryptActivityInterface) activity;
+            mEncryptInterface = (IAsymmetric) activity;
         } catch (ClassCastException e) {
-            throw new ClassCastException(activity.toString() + " must implement EncryptActivityInterface");
+            throw new ClassCastException(activity.toString() + " must implement IAsymmetric");
         }
     }
 
-    private void setSignatureKeyId(long signatureKeyId) {
-        mEncryptInterface.setSignatureKey(signatureKeyId);
-    }
-
-    private void setEncryptionKeyIds(long[] encryptionKeyIds) {
-        mEncryptInterface.setEncryptionKeys(encryptionKeyIds);
-    }
-
-    private void setEncryptionUserIds(String[] encryptionUserIds) {
-        mEncryptInterface.setEncryptionUsers(encryptionUserIds);
-    }
-
     /**
      * Inflate the layout for this fragment
      */
@@ -90,7 +106,7 @@ public class EncryptAsymmetricFragment extends Fragment implements EncryptActivi
         mSign.setOnKeyChangedListener(new KeySpinner.OnKeyChangedListener() {
             @Override
             public void onKeyChanged(long masterKeyId) {
-                setSignatureKeyId(masterKeyId);
+                mEncryptInterface.onSignatureKeyIdChanged(masterKeyId);
             }
         });
         mEncryptKeyView = (EncryptKeyCompletionView) view.findViewById(R.id.recipient_list);
@@ -105,7 +121,9 @@ public class EncryptAsymmetricFragment extends Fragment implements EncryptActivi
         mProviderHelper = new ProviderHelper(getActivity());
 
         // preselect keys given
-        preselectKeys();
+        long signatureKeyId = getArguments().getLong(ARG_SINGATURE_KEY_ID);
+        long[] encryptionKeyIds = getArguments().getLongArray(ARG_ENCRYPTION_KEY_IDS);
+        preselectKeys(signatureKeyId, encryptionKeyIds);
 
         mEncryptKeyView.setTokenListener(new TokenCompleteTextView.TokenListener() {
             @Override
@@ -127,24 +145,20 @@ public class EncryptAsymmetricFragment extends Fragment implements EncryptActivi
     /**
      * If an Intent gives a signatureMasterKeyId and/or encryptionMasterKeyIds, preselect those!
      */
-    private void preselectKeys() {
-        // TODO all of this works under the assumption that the first suitable subkey is always used!
-        // not sure if we need to distinguish between different subkeys here?
-        long signatureKey = mEncryptInterface.getSignatureKey();
-        if (signatureKey != Constants.key.none) {
+    private void preselectKeys(long signatureKeyId, long[] encryptionKeyIds) {
+        if (signatureKeyId != Constants.key.none) {
             try {
                 CachedPublicKeyRing keyring = mProviderHelper.getCachedPublicKeyRing(
-                        KeyRings.buildUnifiedKeyRingUri(signatureKey));
+                        KeyRings.buildUnifiedKeyRingUri(signatureKeyId));
                 if (keyring.hasAnySecret()) {
-                    setSignatureKeyId(keyring.getMasterKeyId());
-                    mSign.setSelectedKeyId(mEncryptInterface.getSignatureKey());
+                    mEncryptInterface.onSignatureKeyIdChanged(keyring.getMasterKeyId());
+                    mSign.setSelectedKeyId(signatureKeyId);
                 }
             } catch (PgpKeyNotFoundException e) {
                 Log.e(Constants.TAG, "key not found!", e);
             }
         }
 
-        long[] encryptionKeyIds = mEncryptInterface.getEncryptionKeys();
         if (encryptionKeyIds != null) {
             for (long preselectedId : encryptionKeyIds) {
                 try {
@@ -176,7 +190,7 @@ public class EncryptAsymmetricFragment extends Fragment implements EncryptActivi
         for (int i = 0; i < keyIds.size(); i++) {
             keyIdsArr[i] = iterator.next();
         }
-        setEncryptionKeyIds(keyIdsArr);
-        setEncryptionUserIds(userIds.toArray(new String[userIds.size()]));
+        mEncryptInterface.onEncryptionKeyIdsChanged(keyIdsArr);
+        mEncryptInterface.onEncryptionUserIdsChanged(userIds.toArray(new String[userIds.size()]));
     }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
index ac54ebff6..269fdde8e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2012-2015 Dominik Schürmann <dominik@dominikschuermann.de>
  * Copyright (C) 2010-2014 Thialfihar <thi@thialfihar.org>
  *
  * This program is free software: you can redistribute it and/or modify
@@ -22,28 +22,19 @@ import android.content.Intent;
 import android.net.Uri;
 import android.os.Bundle;
 import android.support.v4.app.Fragment;
-import android.view.Menu;
-import android.view.MenuItem;
+import android.support.v4.app.FragmentTransaction;
 
-import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.api.OpenKeychainIntents;
-import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
-import org.sufficientlysecure.keychain.pgp.KeyRing;
-import org.sufficientlysecure.keychain.pgp.PgpConstants;
-import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
-import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
-import org.sufficientlysecure.keychain.ui.util.Notify;
-import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Passphrase;
-import org.sufficientlysecure.keychain.util.ShareHelper;
 
 import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Set;
 
-public class EncryptFilesActivity extends EncryptActivity implements EncryptActivityInterface {
+public class EncryptFilesActivity extends BaseActivity implements
+        EncryptAsymmetricFragment.IAsymmetric, EncryptSymmetricFragment.ISymmetric,
+        EncryptFilesFragment.IMode {
 
     /* Intents */
     public static final String ACTION_ENCRYPT_DATA = OpenKeychainIntents.ENCRYPT_DATA;
@@ -55,301 +46,15 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
     public static final String EXTRA_SIGNATURE_KEY_ID = Constants.EXTRA_PREFIX + "EXTRA_SIGNATURE_KEY_ID";
     public static final String EXTRA_ENCRYPTION_KEY_IDS = Constants.EXTRA_PREFIX + "EXTRA_ENCRYPTION_IDS";
 
-    // view
-    private int mCurrentMode = MODE_ASYMMETRIC;
-
-    // tabs
-    private static final int MODE_ASYMMETRIC = 0;
-    private static final int MODE_SYMMETRIC = 1;
-
-    // model used by fragments
-    private boolean mUseArmor = false;
-    private boolean mUseCompression = true;
-    private boolean mDeleteAfterEncrypt = false;
-    private boolean mShareAfterEncrypt = false;
-    private boolean mEncryptFilenames = true;
-    private boolean mHiddenRecipients = false;
-
-    private long mEncryptionKeyIds[] = null;
-    private String mEncryptionUserIds[] = null;
-    private long mSigningKeyId = Constants.key.none;
-    private Passphrase mPassphrase = new Passphrase();
-
-    private ArrayList<Uri> mInputUris;
-    private ArrayList<Uri> mOutputUris;
-    private String mMessage = "";
-
-    public boolean isModeSymmetric() {
-        return MODE_SYMMETRIC == mCurrentMode;
-    }
-
-    @Override
-    public boolean isUseArmor() {
-        return mUseArmor;
-    }
-
-    @Override
-    public boolean isUseCompression() {
-        return mUseCompression;
-    }
-
-    @Override
-    public boolean isEncryptFilenames() {
-        return mEncryptFilenames;
-    }
-
-    @Override
-    public boolean isHiddenRecipients() {
-        return mHiddenRecipients;
-    }
-
-    @Override
-    public long getSignatureKey() {
-        return mSigningKeyId;
-    }
-
-    @Override
-    public long[] getEncryptionKeys() {
-        return mEncryptionKeyIds;
-    }
-
-    @Override
-    public String[] getEncryptionUsers() {
-        return mEncryptionUserIds;
-    }
-
-    @Override
-    public void setSignatureKey(long signatureKey) {
-        mSigningKeyId = signatureKey;
-        notifyUpdate();
-    }
-
-    @Override
-    public void setEncryptionKeys(long[] encryptionKeys) {
-        mEncryptionKeyIds = encryptionKeys;
-        notifyUpdate();
-    }
-
-    @Override
-    public void setEncryptionUsers(String[] encryptionUsers) {
-        mEncryptionUserIds = encryptionUsers;
-        notifyUpdate();
-    }
-
-    @Override
-    public void setPassphrase(Passphrase passphrase) {
-        mPassphrase = passphrase;
-    }
-
-    @Override
-    public ArrayList<Uri> getInputUris() {
-        if (mInputUris == null) mInputUris = new ArrayList<>();
-        return mInputUris;
-    }
-
-    @Override
-    public ArrayList<Uri> getOutputUris() {
-        if (mOutputUris == null) mOutputUris = new ArrayList<>();
-        return mOutputUris;
-    }
-
-    @Override
-    public void setInputUris(ArrayList<Uri> uris) {
-        mInputUris = uris;
-        notifyUpdate();
-    }
-
-    @Override
-    public void setOutputUris(ArrayList<Uri> uris) {
-        mOutputUris = uris;
-        notifyUpdate();
-    }
-
-    @Override
-    public String getMessage() {
-        return mMessage;
-    }
-
-    @Override
-    public void setMessage(String message) {
-        mMessage = message;
-    }
-
-    @Override
-    public void notifyUpdate() {
-        for (Fragment fragment : getSupportFragmentManager().getFragments()) {
-            if (fragment instanceof EncryptActivityInterface.UpdateListener) {
-                ((UpdateListener) fragment).onNotifyUpdate();
-            }
-        }
-    }
-
-    @Override
-    public void startEncrypt(boolean share) {
-        mShareAfterEncrypt = share;
-        startEncrypt();
-    }
-
-    @Override
-    public void onEncryptSuccess(final SignEncryptResult result) {
-        if (mDeleteAfterEncrypt) {
-            final Uri[] inputUris = mInputUris.toArray(new Uri[mInputUris.size()]);
-            DeleteFileDialogFragment deleteFileDialog = DeleteFileDialogFragment.newInstance(inputUris);
-            deleteFileDialog.setOnDeletedListener(new DeleteFileDialogFragment.OnDeletedListener() {
-
-                @Override
-                public void onDeleted() {
-                    if (mShareAfterEncrypt) {
-                        // Share encrypted message/file
-                        startActivity(sendWithChooserExcludingEncrypt());
-                    } else {
-                        // Save encrypted file
-                        result.createNotify(EncryptFilesActivity.this).show();
-                    }
-                }
-
-            });
-            deleteFileDialog.show(getSupportFragmentManager(), "deleteDialog");
-
-            mInputUris.clear();
-            notifyUpdate();
-        } else {
-            if (mShareAfterEncrypt) {
-                // Share encrypted message/file
-                startActivity(sendWithChooserExcludingEncrypt());
-            } else {
-                // Save encrypted file
-                result.createNotify(EncryptFilesActivity.this).show();
-            }
-        }
-    }
-
-    @Override
-    protected SignEncryptParcel createEncryptBundle() {
-        // fill values for this action
-        SignEncryptParcel data = new SignEncryptParcel();
-
-        data.addInputUris(mInputUris);
-        data.addOutputUris(mOutputUris);
-
-        if (mUseCompression) {
-            data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.get(0));
-        } else {
-            data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
-        }
-        data.setHiddenRecipients(mHiddenRecipients);
-        data.setEnableAsciiArmorOutput(mUseArmor);
-        data.setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
-        data.setSignatureHashAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
-
-        if (isModeSymmetric()) {
-            Log.d(Constants.TAG, "Symmetric encryption enabled!");
-            Passphrase passphrase = mPassphrase;
-            if (passphrase.isEmpty()) {
-                passphrase = null;
-            }
-            data.setSymmetricPassphrase(passphrase);
-        } else {
-            data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
-            data.setSignatureMasterKeyId(mSigningKeyId);
-            data.setSignaturePassphrase(mSigningKeyPassphrase);
-        }
-        return data;
-    }
-
-    /**
-     * Create Intent Chooser but exclude OK's EncryptActivity.
-     */
-    private Intent sendWithChooserExcludingEncrypt() {
-        Intent prototype = createSendIntent();
-        String title = getString(R.string.title_share_file);
-
-        // we don't want to encrypt the encrypted, no inception ;)
-        String[] blacklist = new String[]{
-                Constants.PACKAGE_NAME + ".ui.EncryptFileActivity",
-                "org.thialfihar.android.apg.ui.EncryptActivity"
-        };
-
-        return new ShareHelper(this).createChooserExcluding(prototype, title, blacklist);
-    }
-
-    private Intent createSendIntent() {
-        Intent sendIntent;
-        // file
-        if (mOutputUris.size() == 1) {
-            sendIntent = new Intent(Intent.ACTION_SEND);
-            sendIntent.putExtra(Intent.EXTRA_STREAM, mOutputUris.get(0));
-        } else {
-            sendIntent = new Intent(Intent.ACTION_SEND_MULTIPLE);
-            sendIntent.putExtra(Intent.EXTRA_STREAM, mOutputUris);
-        }
-        sendIntent.setType(Constants.ENCRYPTED_FILES_MIME);
-
-        if (!isModeSymmetric() && mEncryptionUserIds != null) {
-            Set<String> users = new HashSet<>();
-            for (String user : mEncryptionUserIds) {
-                KeyRing.UserId userId = KeyRing.splitUserId(user);
-                if (userId.email != null) {
-                    users.add(userId.email);
-                }
-            }
-            sendIntent.putExtra(Intent.EXTRA_EMAIL, users.toArray(new String[users.size()]));
-        }
-        return sendIntent;
-    }
-
-    protected boolean inputIsValid() {
-        // file checks
-
-        if (mInputUris.isEmpty()) {
-            Notify.create(this, R.string.no_file_selected, Notify.Style.ERROR)
-                    .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_file_fragment));
-            return false;
-        } else if (mInputUris.size() > 1 && !mShareAfterEncrypt) {
-            // This should be impossible...
-            return false;
-        } else if (mInputUris.size() != mOutputUris.size()) {
-            // This as well
-            return false;
-        }
-
-        if (isModeSymmetric()) {
-            // symmetric encryption checks
-
-            if (mPassphrase == null) {
-                Notify.create(this, R.string.passphrases_do_not_match, Notify.Style.ERROR)
-                        .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_file_fragment));
-                return false;
-            }
-            if (mPassphrase.isEmpty()) {
-                Notify.create(this, R.string.passphrase_must_not_be_empty, Notify.Style.ERROR)
-                        .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_file_fragment));
-                return false;
-            }
-
-        } else {
-            // asymmetric encryption checks
-
-            boolean gotEncryptionKeys = (mEncryptionKeyIds != null
-                    && mEncryptionKeyIds.length > 0);
-
-            // Files must be encrypted, only text can be signed-only right now
-            if (!gotEncryptionKeys) {
-                Notify.create(this, R.string.select_encryption_key, Notify.Style.ERROR)
-                        .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_file_fragment));
-                return false;
-            }
-        }
-        return true;
-    }
+    Fragment mModeFragment;
+    EncryptFilesFragment mEncryptFragment;
 
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
 
         // Handle intent actions
-        handleActions(getIntent());
-        updateModeFragment();
+        handleActions(getIntent(), savedInstanceState);
     }
 
     @Override
@@ -357,73 +62,10 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
         setContentView(R.layout.encrypt_files_activity);
     }
 
-    @Override
-    public boolean onCreateOptionsMenu(Menu menu) {
-        getMenuInflater().inflate(R.menu.encrypt_file_activity, menu);
-        return super.onCreateOptionsMenu(menu);
-    }
-
-    @Override
-    public boolean onOptionsItemSelected(MenuItem item) {
-        if (item.isCheckable()) {
-            item.setChecked(!item.isChecked());
-        }
-        switch (item.getItemId()) {
-            case R.id.check_use_symmetric: {
-                mCurrentMode = item.isChecked() ? MODE_SYMMETRIC : MODE_ASYMMETRIC;
-                updateModeFragment();
-                notifyUpdate();
-                break;
-            }
-            case R.id.check_use_armor: {
-                mUseArmor = item.isChecked();
-                notifyUpdate();
-                break;
-            }
-            case R.id.check_delete_after_encrypt: {
-                mDeleteAfterEncrypt = item.isChecked();
-                notifyUpdate();
-                break;
-            }
-            case R.id.check_enable_compression: {
-                mUseCompression = item.isChecked();
-                notifyUpdate();
-                break;
-            }
-            case R.id.check_encrypt_filenames: {
-                mEncryptFilenames = item.isChecked();
-                notifyUpdate();
-                break;
-            }
-//            case R.id.check_hidden_recipients: {
-//                mHiddenRecipients = item.isChecked();
-//                notifyUpdate();
-//                break;
-//            }
-            default: {
-                return super.onOptionsItemSelected(item);
-            }
-        }
-        return true;
-    }
-
-    private void updateModeFragment() {
-        getSupportFragmentManager().beginTransaction()
-                .replace(R.id.encrypt_pager_mode,
-                        mCurrentMode == MODE_SYMMETRIC
-                                ? new EncryptSymmetricFragment()
-                                : new EncryptAsymmetricFragment()
-                )
-                .commitAllowingStateLoss();
-        getSupportFragmentManager().executePendingTransactions();
-    }
-
     /**
      * Handles all actions with this intent
-     *
-     * @param intent
      */
-    private void handleActions(Intent intent) {
+    private void handleActions(Intent intent, Bundle savedInstanceState) {
         String action = intent.getAction();
         Bundle extras = intent.getExtras();
         String type = intent.getType();
@@ -452,14 +94,56 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi
             uris = intent.getParcelableArrayListExtra(Intent.EXTRA_STREAM);
         }
 
-        mUseArmor = extras.getBoolean(EXTRA_ASCII_ARMOR, false);
+        long mSigningKeyId = extras.getLong(EXTRA_SIGNATURE_KEY_ID);
+        long[] mEncryptionKeyIds = extras.getLongArray(EXTRA_ENCRYPTION_KEY_IDS);
+        boolean useArmor = extras.getBoolean(EXTRA_ASCII_ARMOR, false);
 
-        // preselect keys given by intent
-        mSigningKeyId = extras.getLong(EXTRA_SIGNATURE_KEY_ID);
-        mEncryptionKeyIds = extras.getLongArray(EXTRA_ENCRYPTION_KEY_IDS);
+        if (savedInstanceState == null) {
+            FragmentTransaction transaction = getSupportFragmentManager().beginTransaction();
 
-        // Save uris
-        mInputUris = uris;
+            mModeFragment = EncryptAsymmetricFragment.newInstance(mSigningKeyId, mEncryptionKeyIds);
+            transaction.replace(R.id.encrypt_mode_container, mModeFragment, "mode");
+
+            mEncryptFragment = EncryptFilesFragment.newInstance(uris, useArmor);
+            transaction.replace(R.id.encrypt_file_container, mEncryptFragment, "files");
+
+            transaction.commit();
+
+            getSupportFragmentManager().executePendingTransactions();
+        }
+    }
+
+    @Override
+    public void onModeChanged(boolean symmetric) {
+        // switch fragments
+        getSupportFragmentManager().beginTransaction()
+                .replace(R.id.encrypt_mode_container,
+                        symmetric
+                                ? EncryptSymmetricFragment.newInstance()
+                                : EncryptAsymmetricFragment.newInstance(0, null)
+                )
+                .commitAllowingStateLoss();
+        getSupportFragmentManager().executePendingTransactions();
+    }
+
+    @Override
+    public void onSignatureKeyIdChanged(long signatureKeyId) {
+        mEncryptFragment.setSigningKeyId(signatureKeyId);
+    }
+
+    @Override
+    public void onEncryptionKeyIdsChanged(long[] encryptionKeyIds) {
+        mEncryptFragment.setEncryptionKeyIds(encryptionKeyIds);
+    }
+
+    @Override
+    public void onEncryptionUserIdsChanged(String[] encryptionUserIds) {
+        mEncryptFragment.setEncryptionUserIds(encryptionUserIds);
+    }
+
+    @Override
+    public void onPassphraseChanged(Passphrase passphrase) {
+        mEncryptFragment.setPassphrase(passphrase);
     }
 
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 4ba76d8ea..771800245 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -19,14 +19,18 @@ package org.sufficientlysecure.keychain.ui;
 
 import android.annotation.TargetApi;
 import android.app.Activity;
+import android.app.ProgressDialog;
 import android.content.Intent;
 import android.graphics.Bitmap;
 import android.graphics.Point;
 import android.net.Uri;
 import android.os.Build;
 import android.os.Bundle;
-import android.support.v4.app.Fragment;
+import android.os.Message;
+import android.os.Messenger;
 import android.view.LayoutInflater;
+import android.view.Menu;
+import android.view.MenuInflater;
 import android.view.MenuItem;
 import android.view.View;
 import android.view.ViewGroup;
@@ -35,39 +39,108 @@ import android.widget.ImageView;
 import android.widget.ListView;
 import android.widget.TextView;
 
+import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
+import org.sufficientlysecure.keychain.pgp.KeyRing;
+import org.sufficientlysecure.keychain.pgp.PgpConstants;
+import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
 import org.sufficientlysecure.keychain.provider.TemporaryStorageProvider;
+import org.sufficientlysecure.keychain.service.KeychainIntentService;
+import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
+import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.FormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.FileHelper;
+import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;
+import org.sufficientlysecure.keychain.util.ShareHelper;
 
 import java.io.File;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
+import java.util.Set;
 
-public class EncryptFilesFragment extends Fragment implements EncryptActivityInterface.UpdateListener {
-    public static final String ARG_URIS = "uris";
+public class EncryptFilesFragment extends CryptoOperationFragment {
 
     private static final int REQUEST_CODE_INPUT = 0x00007003;
     private static final int REQUEST_CODE_OUTPUT = 0x00007007;
 
-    private EncryptActivityInterface mEncryptInterface;
+    public interface IMode {
+
+        public void onModeChanged(boolean symmetric);
+    }
+
+    private IMode mModeInterface;
+
+    // model used by fragments
+    private boolean mSymmetricMode = true;
+    private boolean mUseArmor = false;
+    private boolean mUseCompression = true;
+    private boolean mDeleteAfterEncrypt = false;
+    private boolean mShareAfterEncrypt = false;
+    private boolean mEncryptFilenames = true;
+    private boolean mHiddenRecipients = false;
+
+    private long mEncryptionKeyIds[] = null;
+    private String mEncryptionUserIds[] = null;
+    private long mSigningKeyId = Constants.key.none;
+    private Passphrase mPassphrase = new Passphrase();
+
+    private ArrayList<Uri> mInputUris = new ArrayList<Uri>();
+    private ArrayList<Uri> mOutputUris = new ArrayList<Uri>();
 
-    // view
-    private View mAddView;
     private ListView mSelectedFiles;
     private SelectedFilesAdapter mAdapter = new SelectedFilesAdapter();
     private final Map<Uri, Bitmap> thumbnailCache = new HashMap<>();
 
+
+    public static final String ARG_USE_ASCII_ARMOR = "use_ascii_armor";
+    public static final String ARG_URIS = "uris";
+
+
+    /**
+     * Creates new instance of this fragment
+     */
+    public static EncryptFilesFragment newInstance(ArrayList<Uri> uris, boolean useArmor) {
+        EncryptFilesFragment frag = new EncryptFilesFragment();
+
+        Bundle args = new Bundle();
+        args.putBoolean(ARG_USE_ASCII_ARMOR, useArmor);
+        args.putParcelableArrayList(ARG_URIS, uris);
+        frag.setArguments(args);
+
+        return frag;
+    }
+
+    public void setEncryptionKeyIds(long[] encryptionKeyIds) {
+        mEncryptionKeyIds = encryptionKeyIds;
+    }
+
+    public void setEncryptionUserIds(String[] encryptionUserIds) {
+        mEncryptionUserIds = encryptionUserIds;
+    }
+
+    public void setSigningKeyId(long signingKeyId) {
+        mSigningKeyId = signingKeyId;
+    }
+
+    public void setPassphrase(Passphrase passphrase) {
+        mPassphrase = passphrase;
+    }
+
     @Override
     public void onAttach(Activity activity) {
         super.onAttach(activity);
         try {
-            mEncryptInterface = (EncryptActivityInterface) activity;
+            mModeInterface = (IMode) activity;
         } catch (ClassCastException e) {
-            throw new ClassCastException(activity.toString() + " must implement EncryptActivityInterface");
+            throw new ClassCastException(activity.toString() + " must be IMode");
         }
     }
 
@@ -78,15 +151,15 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.encrypt_files_fragment, container, false);
 
-        mAddView = inflater.inflate(R.layout.file_list_entry_add, null);
-        mAddView.setOnClickListener(new View.OnClickListener() {
+        View addView = inflater.inflate(R.layout.file_list_entry_add, null);
+        addView.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
                 addInputUri();
             }
         });
         mSelectedFiles = (ListView) view.findViewById(R.id.selected_files_list);
-        mSelectedFiles.addFooterView(mAddView);
+        mSelectedFiles.addFooterView(addView);
         mSelectedFiles.setAdapter(mAdapter);
 
         return view;
@@ -95,16 +168,18 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
-
         setHasOptionsMenu(true);
+
+        mInputUris = getArguments().getParcelableArrayList(ARG_URIS);
+        mUseArmor = getArguments().getBoolean(ARG_USE_ASCII_ARMOR);
     }
 
     private void addInputUri() {
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
             FileHelper.openDocument(EncryptFilesFragment.this, "*/*", true, REQUEST_CODE_INPUT);
         } else {
-            FileHelper.openFile(EncryptFilesFragment.this, mEncryptInterface.getInputUris().isEmpty() ?
-                            null : mEncryptInterface.getInputUris().get(mEncryptInterface.getInputUris().size() - 1),
+            FileHelper.openFile(EncryptFilesFragment.this, mInputUris.isEmpty() ?
+                            null : mInputUris.get(mInputUris.size() - 1),
                     "*/*", REQUEST_CODE_INPUT);
         }
     }
@@ -114,32 +189,30 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
             return;
         }
 
-        if (mEncryptInterface.getInputUris().contains(inputUri)) {
+        if (mInputUris.contains(inputUri)) {
             Notify.create(getActivity(),
                     getActivity().getString(R.string.error_file_added_already, FileHelper.getFilename(getActivity(), inputUri)),
                     Notify.Style.ERROR).show(this);
             return;
         }
 
-        mEncryptInterface.getInputUris().add(inputUri);
-        mEncryptInterface.notifyUpdate();
+        mInputUris.add(inputUri);
         mSelectedFiles.requestFocus();
     }
 
     private void delInputUri(int position) {
-        mEncryptInterface.getInputUris().remove(position);
-        mEncryptInterface.notifyUpdate();
+        mInputUris.remove(position);
         mSelectedFiles.requestFocus();
     }
 
     private void showOutputFileDialog() {
-        if (mEncryptInterface.getInputUris().size() > 1 || mEncryptInterface.getInputUris().isEmpty()) {
+        if (mInputUris.size() > 1 || mInputUris.isEmpty()) {
             throw new IllegalStateException();
         }
-        Uri inputUri = mEncryptInterface.getInputUris().get(0);
+        Uri inputUri = mInputUris.get(0);
         String targetName =
-                (mEncryptInterface.isEncryptFilenames() ? "1" : FileHelper.getFilename(getActivity(), inputUri))
-                        + (mEncryptInterface.isUseArmor() ? Constants.FILE_EXTENSION_ASC : Constants.FILE_EXTENSION_PGP_MAIN);
+                (mEncryptFilenames ? "1" : FileHelper.getFilename(getActivity(), inputUri))
+                        + (mUseArmor ? Constants.FILE_EXTENSION_ASC : Constants.FILE_EXTENSION_PGP_MAIN);
         if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
             File file = new File(inputUri.getPath());
             File parentDir = file.exists() ? file.getParentFile() : Constants.Path.APP_DIR;
@@ -152,23 +225,23 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
     }
 
     private void encryptClicked(boolean share) {
-        if (mEncryptInterface.getInputUris().isEmpty()) {
+        if (mInputUris.isEmpty()) {
             Notify.create(getActivity(), R.string.error_no_file_selected, Notify.Style.ERROR).show(this);
             return;
         }
         if (share) {
-            mEncryptInterface.getOutputUris().clear();
+            mOutputUris.clear();
             int filenameCounter = 1;
-            for (Uri uri : mEncryptInterface.getInputUris()) {
+            for (Uri uri : mInputUris) {
                 String targetName =
-                        (mEncryptInterface.isEncryptFilenames() ? String.valueOf(filenameCounter) : FileHelper.getFilename(getActivity(), uri))
-                                + (mEncryptInterface.isUseArmor() ? Constants.FILE_EXTENSION_ASC : Constants.FILE_EXTENSION_PGP_MAIN);
-                mEncryptInterface.getOutputUris().add(TemporaryStorageProvider.createFile(getActivity(), targetName));
+                        (mEncryptFilenames ? String.valueOf(filenameCounter) : FileHelper.getFilename(getActivity(), uri))
+                                + (mUseArmor ? Constants.FILE_EXTENSION_ASC : Constants.FILE_EXTENSION_PGP_MAIN);
+                mOutputUris.add(TemporaryStorageProvider.createFile(getActivity(), targetName));
                 filenameCounter++;
             }
-            mEncryptInterface.startEncrypt(true);
+            startEncrypt(true);
         } else {
-            if (mEncryptInterface.getInputUris().size() > 1) {
+            if (mInputUris.size() > 1) {
                 Notify.create(getActivity(), R.string.error_multi_not_supported, Notify.Style.ERROR).show(this);
                 return;
             }
@@ -188,8 +261,17 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
         return false;
     }
 
+    @Override
+    public void onCreateOptionsMenu(Menu menu, MenuInflater inflater) {
+        super.onCreateOptionsMenu(menu, inflater);
+        inflater.inflate(R.menu.encrypt_file_activity, menu);
+    }
+
     @Override
     public boolean onOptionsItemSelected(MenuItem item) {
+        if (item.isCheckable()) {
+            item.setChecked(!item.isChecked());
+        }
         switch (item.getItemId()) {
             case R.id.encrypt_save: {
                 encryptClicked(false);
@@ -199,6 +281,36 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
                 encryptClicked(true);
                 break;
             }
+            case R.id.check_use_symmetric: {
+                mSymmetricMode = item.isChecked();
+                mModeInterface.onModeChanged(mSymmetricMode);
+                break;
+            }
+            case R.id.check_use_armor: {
+                mUseArmor = item.isChecked();
+//                notifyUpdate();
+                break;
+            }
+            case R.id.check_delete_after_encrypt: {
+                mDeleteAfterEncrypt = item.isChecked();
+//                notifyUpdate();
+                break;
+            }
+            case R.id.check_enable_compression: {
+                mUseCompression = item.isChecked();
+//                onNotifyUpdate();
+                break;
+            }
+            case R.id.check_encrypt_filenames: {
+                mEncryptFilenames = item.isChecked();
+//                onNotifyUpdate();
+                break;
+            }
+//            case R.id.check_hidden_recipients: {
+//                mHiddenRecipients = item.isChecked();
+//                notifyUpdate();
+//                break;
+//            }
             default: {
                 return super.onOptionsItemSelected(item);
             }
@@ -206,6 +318,251 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
         return true;
     }
 
+    protected boolean inputIsValid() {
+        // file checks
+
+        if (mInputUris.isEmpty()) {
+            Notify.create(getActivity(), R.string.no_file_selected, Notify.Style.ERROR)
+                    .show(this);
+            return false;
+        } else if (mInputUris.size() > 1 && !mShareAfterEncrypt) {
+            // This should be impossible...
+            return false;
+        } else if (mInputUris.size() != mOutputUris.size()) {
+            // This as well
+            return false;
+        }
+
+        if (mSymmetricMode) {
+            // symmetric encryption checks
+
+            if (mPassphrase == null) {
+                Notify.create(getActivity(), R.string.passphrases_do_not_match, Notify.Style.ERROR)
+                        .show(this);
+                return false;
+            }
+            if (mPassphrase.isEmpty()) {
+                Notify.create(getActivity(), R.string.passphrase_must_not_be_empty, Notify.Style.ERROR)
+                        .show(this);
+                return false;
+            }
+
+        } else {
+            // asymmetric encryption checks
+
+            boolean gotEncryptionKeys = (mEncryptionKeyIds != null
+                    && mEncryptionKeyIds.length > 0);
+
+            // Files must be encrypted, only text can be signed-only right now
+            if (!gotEncryptionKeys) {
+                Notify.create(getActivity(), R.string.select_encryption_key, Notify.Style.ERROR)
+                        .show(this);
+                return false;
+            }
+        }
+        return true;
+    }
+
+    public void startEncrypt(boolean share) {
+        mShareAfterEncrypt = share;
+        startEncrypt();
+    }
+
+    public void onEncryptSuccess(final SignEncryptResult result) {
+        if (mDeleteAfterEncrypt) {
+            final Uri[] inputUris = mInputUris.toArray(new Uri[mInputUris.size()]);
+            DeleteFileDialogFragment deleteFileDialog = DeleteFileDialogFragment.newInstance(inputUris);
+            deleteFileDialog.setOnDeletedListener(new DeleteFileDialogFragment.OnDeletedListener() {
+
+                @Override
+                public void onDeleted() {
+                    if (mShareAfterEncrypt) {
+                        // Share encrypted message/file
+                        startActivity(sendWithChooserExcludingEncrypt());
+                    } else {
+                        // Save encrypted file
+                        result.createNotify(getActivity()).show();
+                    }
+                }
+
+            });
+            deleteFileDialog.show(getActivity().getSupportFragmentManager(), "deleteDialog");
+
+            mInputUris.clear();
+            onNotifyUpdate();
+        } else {
+            if (mShareAfterEncrypt) {
+                // Share encrypted message/file
+                startActivity(sendWithChooserExcludingEncrypt());
+            } else {
+                // Save encrypted file
+                result.createNotify(getActivity()).show();
+            }
+        }
+    }
+
+    protected SignEncryptParcel createEncryptBundle() {
+        // fill values for this action
+        SignEncryptParcel data = new SignEncryptParcel();
+
+        data.addInputUris(mInputUris);
+        data.addOutputUris(mOutputUris);
+
+        if (mUseCompression) {
+            data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.get(0));
+        } else {
+            data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
+        }
+        data.setHiddenRecipients(mHiddenRecipients);
+        data.setEnableAsciiArmorOutput(mUseArmor);
+        data.setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+        data.setSignatureHashAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+
+        if (mSymmetricMode) {
+            Log.d(Constants.TAG, "Symmetric encryption enabled!");
+            Passphrase passphrase = mPassphrase;
+            if (passphrase.isEmpty()) {
+                passphrase = null;
+            }
+            data.setSymmetricPassphrase(passphrase);
+        } else {
+            data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
+            data.setSignatureMasterKeyId(mSigningKeyId);
+//            data.setSignaturePassphrase(mSigningKeyPassphrase);
+        }
+        return data;
+    }
+
+    /**
+     * Create Intent Chooser but exclude OK's EncryptActivity.
+     */
+    private Intent sendWithChooserExcludingEncrypt() {
+        Intent prototype = createSendIntent();
+        String title = getString(R.string.title_share_file);
+
+        // we don't want to encrypt the encrypted, no inception ;)
+        String[] blacklist = new String[]{
+                Constants.PACKAGE_NAME + ".ui.EncryptFileActivity",
+                "org.thialfihar.android.apg.ui.EncryptActivity"
+        };
+
+        return new ShareHelper(getActivity()).createChooserExcluding(prototype, title, blacklist);
+    }
+
+    private Intent createSendIntent() {
+        Intent sendIntent;
+        // file
+        if (mOutputUris.size() == 1) {
+            sendIntent = new Intent(Intent.ACTION_SEND);
+            sendIntent.putExtra(Intent.EXTRA_STREAM, mOutputUris.get(0));
+        } else {
+            sendIntent = new Intent(Intent.ACTION_SEND_MULTIPLE);
+            sendIntent.putExtra(Intent.EXTRA_STREAM, mOutputUris);
+        }
+        sendIntent.setType(Constants.ENCRYPTED_FILES_MIME);
+
+        if (!mSymmetricMode && mEncryptionUserIds != null) {
+            Set<String> users = new HashSet<>();
+            for (String user : mEncryptionUserIds) {
+                KeyRing.UserId userId = KeyRing.splitUserId(user);
+                if (userId.email != null) {
+                    users.add(userId.email);
+                }
+            }
+            sendIntent.putExtra(Intent.EXTRA_EMAIL, users.toArray(new String[users.size()]));
+        }
+        return sendIntent;
+    }
+
+    public void startEncrypt() {
+        cryptoOperation(new CryptoInputParcel());
+    }
+
+    //    public void startEncrypt(CryptoInputParcel cryptoInput) {
+    @Override
+    protected void cryptoOperation(CryptoInputParcel cryptoInput) {
+
+        if (!inputIsValid()) {
+            // Notify was created by inputIsValid.
+            return;
+        }
+
+        // Send all information needed to service to edit key in other thread
+        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+        intent.setAction(KeychainIntentService.ACTION_SIGN_ENCRYPT);
+
+        final SignEncryptParcel input = createEncryptBundle();
+        if (cryptoInput != null) {
+            input.setCryptoInput(cryptoInput);
+        }
+
+        Bundle data = new Bundle();
+        data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
+        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+        // Message is received after encrypting is done in KeychainIntentService
+        ServiceProgressHandler serviceHandler = new ServiceProgressHandler(
+                getActivity(),
+                getString(R.string.progress_encrypting),
+                ProgressDialog.STYLE_HORIZONTAL,
+                true,
+                ProgressDialogFragment.ServiceType.KEYCHAIN_INTENT) {
+            public void handleMessage(Message message) {
+                // handle messages by standard KeychainIntentServiceHandler first
+                super.handleMessage(message);
+
+                // handle pending messages
+                if (handlePendingMessage(message)) {
+                    return;
+                }
+
+                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+                    SignEncryptResult result =
+                            message.getData().getParcelable(SignEncryptResult.EXTRA_RESULT);
+
+//                    PgpSignEncryptResult pgpResult = result.getPending();
+//
+//                    if (pgpResult != null && pgpResult.isPending()) {
+//                        if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
+//                                PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) {
+//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
+//                        } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
+//                                PgpSignEncryptResult.RESULT_PENDING_NFC) {
+//
+//                            RequiredInputParcel parcel = RequiredInputParcel.createNfcSignOperation(
+//                                    pgpResult.getNfcHash(),
+//                                    pgpResult.getNfcAlgo(),
+//                                    input.getSignatureTime());
+//                            startNfcSign(pgpResult.getNfcKeyId(), parcel);
+//
+//                        } else {
+//                            throw new RuntimeException("Unhandled pending result!");
+//                        }
+//                        return;
+//                    }
+
+                    if (result.success()) {
+                        onEncryptSuccess(result);
+                    } else {
+                        result.createNotify(getActivity()).show();
+                    }
+
+                    // no matter the result, reset parameters
+//                    mSigningKeyPassphrase = null;
+                }
+            }
+        };
+        // Create a new Messenger for the communication back
+        Messenger messenger = new Messenger(serviceHandler);
+        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+        // show progress dialog
+        serviceHandler.showProgressDialog(getActivity());
+
+        // start service with intent
+        getActivity().startService(intent);
+    }
+
     @Override
     public void onActivityResult(int requestCode, int resultCode, Intent data) {
         switch (requestCode) {
@@ -220,10 +577,10 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
             case REQUEST_CODE_OUTPUT: {
                 // This happens after output file was selected, so start our operation
                 if (resultCode == Activity.RESULT_OK && data != null) {
-                    mEncryptInterface.getOutputUris().clear();
-                    mEncryptInterface.getOutputUris().add(data.getData());
-                    mEncryptInterface.notifyUpdate();
-                    mEncryptInterface.startEncrypt(false);
+                    mOutputUris.clear();
+                    mOutputUris.add(data.getData());
+                    onNotifyUpdate();
+                    startEncrypt(false);
                 }
                 return;
             }
@@ -236,11 +593,10 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
         }
     }
 
-    @Override
     public void onNotifyUpdate() {
         // Clear cache if needed
         for (Uri uri : new HashSet<>(thumbnailCache.keySet())) {
-            if (!mEncryptInterface.getInputUris().contains(uri)) {
+            if (!mInputUris.contains(uri)) {
                 thumbnailCache.remove(uri);
             }
         }
@@ -251,12 +607,12 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
     private class SelectedFilesAdapter extends BaseAdapter {
         @Override
         public int getCount() {
-            return mEncryptInterface.getInputUris().size();
+            return mInputUris.size();
         }
 
         @Override
         public Object getItem(int position) {
-            return mEncryptInterface.getInputUris().get(position);
+            return mInputUris.get(position);
         }
 
         @Override
@@ -266,7 +622,7 @@ public class EncryptFilesFragment extends Fragment implements EncryptActivityInt
 
         @Override
         public View getView(final int position, View convertView, ViewGroup parent) {
-            Uri inputUri = mEncryptInterface.getInputUris().get(position);
+            Uri inputUri = mInputUris.get(position);
             View view;
             if (convertView == null) {
                 view = getActivity().getLayoutInflater().inflate(R.layout.file_list_entry, null);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptSymmetricFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptSymmetricFragment.java
index 36b3c08f9..22e116a42 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptSymmetricFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptSymmetricFragment.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2014-2015 Dominik Schürmann <dominik@dominikschuermann.de>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,20 +30,37 @@ import android.widget.EditText;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
-public class EncryptSymmetricFragment extends Fragment implements EncryptActivityInterface.UpdateListener {
+public class EncryptSymmetricFragment extends Fragment {
 
-    EncryptActivityInterface mEncryptInterface;
+    public interface ISymmetric {
+
+        public void onPassphraseChanged(Passphrase passphrase);
+    }
+
+    private ISymmetric mEncryptInterface;
 
     private EditText mPassphrase;
     private EditText mPassphraseAgain;
 
+    /**
+     * Creates new instance of this fragment
+     */
+    public static EncryptSymmetricFragment newInstance() {
+        EncryptSymmetricFragment frag = new EncryptSymmetricFragment();
+
+        Bundle args = new Bundle();
+        frag.setArguments(args);
+
+        return frag;
+    }
+
     @Override
     public void onAttach(Activity activity) {
         super.onAttach(activity);
         try {
-            mEncryptInterface = (EncryptActivityInterface) activity;
+            mEncryptInterface = (ISymmetric) activity;
         } catch (ClassCastException e) {
-            throw new ClassCastException(activity.toString() + " must implement EncryptActivityInterface");
+            throw new ClassCastException(activity.toString() + " must implement ISymmetric");
         }
     }
 
@@ -74,9 +91,9 @@ public class EncryptSymmetricFragment extends Fragment implements EncryptActivit
                 p1.removeFromMemory();
                 p2.removeFromMemory();
                 if (passesEquals) {
-                    mEncryptInterface.setPassphrase(new Passphrase(mPassphrase.getText()));
+                    mEncryptInterface.onPassphraseChanged(new Passphrase(mPassphrase.getText()));
                 } else {
-                    mEncryptInterface.setPassphrase(null);
+                    mEncryptInterface.onPassphraseChanged(null);
                 }
             }
         };
@@ -86,8 +103,4 @@ public class EncryptSymmetricFragment extends Fragment implements EncryptActivit
         return view;
     }
 
-    @Override
-    public void onNotifyUpdate() {
-
-    }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
index 6d472abb4..56f0b198e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
@@ -21,7 +21,6 @@ package org.sufficientlysecure.keychain.ui;
 import android.content.Intent;
 import android.net.Uri;
 import android.os.Bundle;
-import android.support.v4.app.Fragment;
 import android.view.Menu;
 import android.view.MenuItem;
 
@@ -43,7 +42,7 @@ import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.Set;
 
-public class EncryptTextActivity extends EncryptActivity implements EncryptActivityInterface {
+public class EncryptTextActivity extends EncryptActivity {
 
     /* Intents */
     public static final String ACTION_ENCRYPT_TEXT = OpenKeychainIntents.ENCRYPT_TEXT;
@@ -81,60 +80,38 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
         return MODE_SYMMETRIC == mCurrentMode;
     }
 
-    @Override
-    public boolean isUseArmor() {
-        return true;
-    }
-
-    @Override
-    public boolean isEncryptFilenames() {
-        return false;
-    }
-
-    @Override
     public boolean isUseCompression() {
         return mUseCompression;
     }
 
-    @Override
     public boolean isHiddenRecipients() {
         return mHiddenRecipients;
     }
 
-    @Override
     public long getSignatureKey() {
         return mSigningKeyId;
     }
 
-    @Override
     public long[] getEncryptionKeys() {
         return mEncryptionKeyIds;
     }
 
-    @Override
     public String[] getEncryptionUsers() {
         return mEncryptionUserIds;
     }
 
-    @Override
     public void setSignatureKey(long signatureKey) {
         mSigningKeyId = signatureKey;
-        notifyUpdate();
     }
 
-    @Override
     public void setEncryptionKeys(long[] encryptionKeys) {
         mEncryptionKeyIds = encryptionKeys;
-        notifyUpdate();
     }
 
-    @Override
     public void setEncryptionUsers(String[] encryptionUsers) {
         mEncryptionUserIds = encryptionUsers;
-        notifyUpdate();
     }
 
-    @Override
     public void setPassphrase(Passphrase passphrase) {
         if (mPassphrase != null) {
             mPassphrase.removeFromMemory();
@@ -142,50 +119,32 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
         mPassphrase = passphrase;
     }
 
-    @Override
     public ArrayList<Uri> getInputUris() {
         if (mInputUris == null) mInputUris = new ArrayList<>();
         return mInputUris;
     }
 
-    @Override
     public ArrayList<Uri> getOutputUris() {
         if (mOutputUris == null) mOutputUris = new ArrayList<>();
         return mOutputUris;
     }
 
-    @Override
     public void setInputUris(ArrayList<Uri> uris) {
         mInputUris = uris;
-        notifyUpdate();
     }
 
-    @Override
     public void setOutputUris(ArrayList<Uri> uris) {
         mOutputUris = uris;
-        notifyUpdate();
     }
 
-    @Override
     public String getMessage() {
         return mMessage;
     }
 
-    @Override
     public void setMessage(String message) {
         mMessage = message;
     }
 
-    @Override
-    public void notifyUpdate() {
-        for (Fragment fragment : getSupportFragmentManager().getFragments()) {
-            if (fragment instanceof UpdateListener) {
-                ((UpdateListener) fragment).onNotifyUpdate();
-            }
-        }
-    }
-
-    @Override
     public void startEncrypt(boolean share) {
         mShareAfterEncrypt = share;
         startEncrypt();
@@ -348,7 +307,7 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
 
     private void updateModeFragment() {
         getSupportFragmentManager().beginTransaction()
-                .replace(R.id.encrypt_pager_mode,
+                .replace(R.id.encrypt_mode,
                         mCurrentMode == MODE_SYMMETRIC
                                 ? new EncryptSymmetricFragment()
                                 : new EncryptAsymmetricFragment()
@@ -366,12 +325,10 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
             case R.id.check_use_symmetric: {
                 mCurrentMode = item.isChecked() ? MODE_SYMMETRIC : MODE_ASYMMETRIC;
                 updateModeFragment();
-                notifyUpdate();
                 break;
             }
             case R.id.check_enable_compression: {
                 mUseCompression = item.isChecked();
-                notifyUpdate();
                 break;
             }
 //            case R.id.check_hidden_recipients: {
diff --git a/OpenKeychain/src/main/res/layout/encrypt_files_activity.xml b/OpenKeychain/src/main/res/layout/encrypt_files_activity.xml
index ce8b1302c..435ea96df 100644
--- a/OpenKeychain/src/main/res/layout/encrypt_files_activity.xml
+++ b/OpenKeychain/src/main/res/layout/encrypt_files_activity.xml
@@ -23,14 +23,12 @@
         <include layout="@layout/notify_area" />
 
         <FrameLayout
-            android:id="@+id/encrypt_pager_mode"
+            android:id="@+id/encrypt_mode_container"
             android:layout_width="match_parent"
-            android:layout_height="wrap_content"
-            android:orientation="vertical" />
+            android:layout_height="wrap_content" />
 
-        <fragment
-            android:id="@+id/encrypt_file_fragment"
-            android:name="org.sufficientlysecure.keychain.ui.EncryptFilesFragment"
+        <FrameLayout
+            android:id="@+id/encrypt_file_container"
             android:layout_width="match_parent"
             android:layout_height="match_parent" />
 
diff --git a/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml b/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
index 029e735b3..5831d52e1 100644
--- a/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
@@ -1,9 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
     android:layout_width="match_parent"
-    android:layout_height="wrap_content"
-    android:paddingLeft="16dp"
-    android:paddingRight="16dp"
+    android:layout_height="match_parent"
     android:orientation="vertical">
 
     <ListView
@@ -12,6 +10,8 @@
         android:divider="@android:color/transparent"
         android:focusable="true"
         android:focusableInTouchMode="true"
+        android:paddingLeft="16dp"
+        android:paddingRight="16dp"
         android:layout_marginTop="8dp"
         android:layout_width="match_parent"
         android:layout_height="match_parent" />
diff --git a/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml b/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
index 809e64f02..dcf5bd041 100644
--- a/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
+++ b/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
@@ -23,7 +23,7 @@
         <include layout="@layout/notify_area" />
 
         <FrameLayout
-            android:id="@+id/encrypt_pager_mode"
+            android:id="@+id/encrypt_mode"
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:orientation="vertical" />

From adbe5ab63ff76a112d1a5fbd3ef9700ec59484e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Thu, 26 Mar 2015 22:56:28 +0100
Subject: [PATCH 28/80] Update gradle plugin, update gradle test plugin

---
 OpenKeychain-Test/build.gradle | 2 +-
 build.gradle                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/OpenKeychain-Test/build.gradle b/OpenKeychain-Test/build.gradle
index cfafc433c..1c87fcb4d 100644
--- a/OpenKeychain-Test/build.gradle
+++ b/OpenKeychain-Test/build.gradle
@@ -5,7 +5,7 @@ buildscript {
 
     dependencies {
         // NOTE: Always use fixed version codes not dynamic ones, e.g. 0.7.3 instead of 0.7.+, see README for more information
-        classpath 'com.novoda:gradle-android-test-plugin:0.10.1'
+        classpath 'com.novoda:gradle-android-test-plugin:0.10.4'
     }
 }
 
diff --git a/build.gradle b/build.gradle
index f76289d49..0b06e229b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -5,7 +5,7 @@ buildscript {
 
     dependencies {
         // NOTE: Always use fixed version codes not dynamic ones, e.g. 0.7.3 instead of 0.7.+, see README for more information
-        classpath 'com.android.tools.build:gradle:1.0.0'
+        classpath 'com.android.tools.build:gradle:1.1.3'
         classpath files('gradle-witness.jar')
     }
 }

From 13f4cc4ad32eb412e2ecdb649dcdd0788d30d5b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 27 Mar 2015 00:40:37 +0100
Subject: [PATCH 29/80] Refactoring of EncryptTextActivity

---
 .../keychain/ui/EncryptActivity.java          |   1 -
 .../keychain/ui/EncryptActivityInterface.java |  62 ---
 .../keychain/ui/EncryptFilesActivity.java     |  17 +-
 .../keychain/ui/EncryptFilesFragment.java     |  16 +-
 ...ava => EncryptModeAsymmetricFragment.java} |   6 +-
 ...java => EncryptModeSymmetricFragment.java} |   6 +-
 .../keychain/ui/EncryptTextActivity.java      | 370 ++++--------------
 .../keychain/ui/EncryptTextFragment.java      | 337 +++++++++++++++-
 .../main/res/layout/encrypt_text_activity.xml |   7 +-
 9 files changed, 418 insertions(+), 404 deletions(-)
 delete mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivityInterface.java
 rename OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/{EncryptAsymmetricFragment.java => EncryptModeAsymmetricFragment.java} (96%)
 rename OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/{EncryptSymmetricFragment.java => EncryptModeSymmetricFragment.java} (94%)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
index 949a595d3..a1edf808c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
@@ -37,7 +37,6 @@ import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
-
 public abstract class EncryptActivity extends BaseActivity {
 
     public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivityInterface.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivityInterface.java
deleted file mode 100644
index 2a102c6c4..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivityInterface.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package org.sufficientlysecure.keychain.ui;
-
-import android.net.Uri;
-
-import org.sufficientlysecure.keychain.util.Passphrase;
-
-import java.util.ArrayList;
-
-public interface EncryptActivityInterface {
-
-    public interface UpdateListener {
-        void onNotifyUpdate();
-    }
-
-    public boolean isUseArmor();
-    public boolean isUseCompression();
-    public boolean isEncryptFilenames();
-    public boolean isHiddenRecipients();
-
-    public long getSignatureKey();
-    public long[] getEncryptionKeys();
-    public String[] getEncryptionUsers();
-    public void setSignatureKey(long signatureKey);
-    public void setEncryptionKeys(long[] encryptionKeys);
-    public void setEncryptionUsers(String[] encryptionUsers);
-
-    public void setPassphrase(Passphrase passphrase);
-
-    // ArrayList on purpose as only those are parcelable
-    public ArrayList<Uri> getInputUris();
-    public ArrayList<Uri> getOutputUris();
-    public void setInputUris(ArrayList<Uri> uris);
-    public void setOutputUris(ArrayList<Uri> uris);
-
-    public String getMessage();
-    public void setMessage(String message);
-
-    /**
-     * Call this to notify the UI for changes done on the array lists or arrays,
-     * automatically called if setter is used
-     */
-    public void notifyUpdate();
-
-    public void startEncrypt(boolean share);
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
index 269fdde8e..64e908b1a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java
@@ -18,11 +18,13 @@
 
 package org.sufficientlysecure.keychain.ui;
 
+import android.app.Activity;
 import android.content.Intent;
 import android.net.Uri;
 import android.os.Bundle;
 import android.support.v4.app.Fragment;
 import android.support.v4.app.FragmentTransaction;
+import android.view.View;
 
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
@@ -33,7 +35,7 @@ import org.sufficientlysecure.keychain.util.Passphrase;
 import java.util.ArrayList;
 
 public class EncryptFilesActivity extends BaseActivity implements
-        EncryptAsymmetricFragment.IAsymmetric, EncryptSymmetricFragment.ISymmetric,
+        EncryptModeAsymmetricFragment.IAsymmetric, EncryptModeSymmetricFragment.ISymmetric,
         EncryptFilesFragment.IMode {
 
     /* Intents */
@@ -53,6 +55,13 @@ public class EncryptFilesActivity extends BaseActivity implements
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
 
+        setFullScreenDialogClose(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                finish();
+            }
+        }, false);
+
         // Handle intent actions
         handleActions(getIntent(), savedInstanceState);
     }
@@ -101,7 +110,7 @@ public class EncryptFilesActivity extends BaseActivity implements
         if (savedInstanceState == null) {
             FragmentTransaction transaction = getSupportFragmentManager().beginTransaction();
 
-            mModeFragment = EncryptAsymmetricFragment.newInstance(mSigningKeyId, mEncryptionKeyIds);
+            mModeFragment = EncryptModeAsymmetricFragment.newInstance(mSigningKeyId, mEncryptionKeyIds);
             transaction.replace(R.id.encrypt_mode_container, mModeFragment, "mode");
 
             mEncryptFragment = EncryptFilesFragment.newInstance(uris, useArmor);
@@ -119,8 +128,8 @@ public class EncryptFilesActivity extends BaseActivity implements
         getSupportFragmentManager().beginTransaction()
                 .replace(R.id.encrypt_mode_container,
                         symmetric
-                                ? EncryptSymmetricFragment.newInstance()
-                                : EncryptAsymmetricFragment.newInstance(0, null)
+                                ? EncryptModeSymmetricFragment.newInstance()
+                                : EncryptModeAsymmetricFragment.newInstance(0, null)
                 )
                 .commitAllowingStateLoss();
         getSupportFragmentManager().executePendingTransactions();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 771800245..fb9a86b07 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -68,17 +68,18 @@ import java.util.Set;
 
 public class EncryptFilesFragment extends CryptoOperationFragment {
 
-    private static final int REQUEST_CODE_INPUT = 0x00007003;
-    private static final int REQUEST_CODE_OUTPUT = 0x00007007;
-
     public interface IMode {
-
         public void onModeChanged(boolean symmetric);
     }
 
+    public static final String ARG_USE_ASCII_ARMOR = "use_ascii_armor";
+    public static final String ARG_URIS = "uris";
+
+    private static final int REQUEST_CODE_INPUT = 0x00007003;
+    private static final int REQUEST_CODE_OUTPUT = 0x00007007;
+
     private IMode mModeInterface;
 
-    // model used by fragments
     private boolean mSymmetricMode = true;
     private boolean mUseArmor = false;
     private boolean mUseCompression = true;
@@ -99,11 +100,6 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     private SelectedFilesAdapter mAdapter = new SelectedFilesAdapter();
     private final Map<Uri, Bitmap> thumbnailCache = new HashMap<>();
 
-
-    public static final String ARG_USE_ASCII_ARMOR = "use_ascii_armor";
-    public static final String ARG_URIS = "uris";
-
-
     /**
      * Creates new instance of this fragment
      */
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeAsymmetricFragment.java
similarity index 96%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeAsymmetricFragment.java
index 06c711b92..8c117deca 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeAsymmetricFragment.java
@@ -40,7 +40,7 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
-public class EncryptAsymmetricFragment extends Fragment {
+public class EncryptModeAsymmetricFragment extends Fragment {
 
     public interface IAsymmetric {
 
@@ -74,8 +74,8 @@ public class EncryptAsymmetricFragment extends Fragment {
     /**
      * Creates new instance of this fragment
      */
-    public static EncryptAsymmetricFragment newInstance(long signatureKey, long[] encryptionKeyIds) {
-        EncryptAsymmetricFragment frag = new EncryptAsymmetricFragment();
+    public static EncryptModeAsymmetricFragment newInstance(long signatureKey, long[] encryptionKeyIds) {
+        EncryptModeAsymmetricFragment frag = new EncryptModeAsymmetricFragment();
 
         Bundle args = new Bundle();
         args.putLong(ARG_SINGATURE_KEY_ID, signatureKey);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptSymmetricFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeSymmetricFragment.java
similarity index 94%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptSymmetricFragment.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeSymmetricFragment.java
index 22e116a42..48b1f4983 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptSymmetricFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeSymmetricFragment.java
@@ -30,7 +30,7 @@ import android.widget.EditText;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
-public class EncryptSymmetricFragment extends Fragment {
+public class EncryptModeSymmetricFragment extends Fragment {
 
     public interface ISymmetric {
 
@@ -45,8 +45,8 @@ public class EncryptSymmetricFragment extends Fragment {
     /**
      * Creates new instance of this fragment
      */
-    public static EncryptSymmetricFragment newInstance() {
-        EncryptSymmetricFragment frag = new EncryptSymmetricFragment();
+    public static EncryptModeSymmetricFragment newInstance() {
+        EncryptModeSymmetricFragment frag = new EncryptModeSymmetricFragment();
 
         Bundle args = new Bundle();
         frag.setArguments(args);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
index 56f0b198e..2ffb29b09 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2012-2015 Dominik Schürmann <dominik@dominikschuermann.de>
  * Copyright (C) 2010-2014 Thialfihar <thi@thialfihar.org>
  *
  * This program is free software: you can redistribute it and/or modify
@@ -19,30 +19,21 @@
 package org.sufficientlysecure.keychain.ui;
 
 import android.content.Intent;
-import android.net.Uri;
 import android.os.Bundle;
-import android.view.Menu;
-import android.view.MenuItem;
+import android.support.v4.app.Fragment;
+import android.support.v4.app.FragmentTransaction;
+import android.view.View;
 
-import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.api.OpenKeychainIntents;
-import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
-import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
-import org.sufficientlysecure.keychain.pgp.KeyRing;
-import org.sufficientlysecure.keychain.pgp.PgpConstants;
-import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
-import org.sufficientlysecure.keychain.ui.util.Notify;
+import org.sufficientlysecure.keychain.ui.base.BaseActivity;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
-import org.sufficientlysecure.keychain.util.ShareHelper;
 
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Set;
-
-public class EncryptTextActivity extends EncryptActivity {
+public class EncryptTextActivity extends BaseActivity implements
+        EncryptModeAsymmetricFragment.IAsymmetric, EncryptModeSymmetricFragment.ISymmetric,
+        EncryptTextFragment.IMode {
 
     /* Intents */
     public static final String ACTION_ENCRYPT_TEXT = OpenKeychainIntents.ENCRYPT_TEXT;
@@ -54,244 +45,22 @@ public class EncryptTextActivity extends EncryptActivity {
     public static final String EXTRA_SIGNATURE_KEY_ID = Constants.EXTRA_PREFIX + "EXTRA_SIGNATURE_KEY_ID";
     public static final String EXTRA_ENCRYPTION_KEY_IDS = Constants.EXTRA_PREFIX + "EXTRA_SIGNATURE_KEY_IDS";
 
-    // view
-    private int mCurrentMode = MODE_ASYMMETRIC;
-
-    // tabs
-    private static final int MODE_ASYMMETRIC = 0;
-    private static final int MODE_SYMMETRIC = 1;
-
-    // model used by fragments
-    private boolean mShareAfterEncrypt = false;
-    private boolean mUseCompression = true;
-    private boolean mHiddenRecipients = false;
-
-    private long mEncryptionKeyIds[] = null;
-    private String mEncryptionUserIds[] = null;
-    // TODO Constants.key.none? What's wrong with a null value?
-    private long mSigningKeyId = Constants.key.none;
-    private Passphrase mPassphrase = new Passphrase();
-
-    private ArrayList<Uri> mInputUris;
-    private ArrayList<Uri> mOutputUris;
-    private String mMessage = "";
-
-    public boolean isModeSymmetric() {
-        return MODE_SYMMETRIC == mCurrentMode;
-    }
-
-    public boolean isUseCompression() {
-        return mUseCompression;
-    }
-
-    public boolean isHiddenRecipients() {
-        return mHiddenRecipients;
-    }
-
-    public long getSignatureKey() {
-        return mSigningKeyId;
-    }
-
-    public long[] getEncryptionKeys() {
-        return mEncryptionKeyIds;
-    }
-
-    public String[] getEncryptionUsers() {
-        return mEncryptionUserIds;
-    }
-
-    public void setSignatureKey(long signatureKey) {
-        mSigningKeyId = signatureKey;
-    }
-
-    public void setEncryptionKeys(long[] encryptionKeys) {
-        mEncryptionKeyIds = encryptionKeys;
-    }
-
-    public void setEncryptionUsers(String[] encryptionUsers) {
-        mEncryptionUserIds = encryptionUsers;
-    }
-
-    public void setPassphrase(Passphrase passphrase) {
-        if (mPassphrase != null) {
-            mPassphrase.removeFromMemory();
-        }
-        mPassphrase = passphrase;
-    }
-
-    public ArrayList<Uri> getInputUris() {
-        if (mInputUris == null) mInputUris = new ArrayList<>();
-        return mInputUris;
-    }
-
-    public ArrayList<Uri> getOutputUris() {
-        if (mOutputUris == null) mOutputUris = new ArrayList<>();
-        return mOutputUris;
-    }
-
-    public void setInputUris(ArrayList<Uri> uris) {
-        mInputUris = uris;
-    }
-
-    public void setOutputUris(ArrayList<Uri> uris) {
-        mOutputUris = uris;
-    }
-
-    public String getMessage() {
-        return mMessage;
-    }
-
-    public void setMessage(String message) {
-        mMessage = message;
-    }
-
-    public void startEncrypt(boolean share) {
-        mShareAfterEncrypt = share;
-        startEncrypt();
-    }
-
-    @Override
-    protected void onEncryptSuccess(SignEncryptResult result) {
-        if (mShareAfterEncrypt) {
-            // Share encrypted message/file
-            startActivity(sendWithChooserExcludingEncrypt(result.getResultBytes()));
-        } else {
-            // Copy to clipboard
-            copyToClipboard(result.getResultBytes());
-            result.createNotify(EncryptTextActivity.this).show();
-            // Notify.create(EncryptTextActivity.this,
-            // R.string.encrypt_sign_clipboard_successful, Notify.Style.OK)
-            // .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_text_fragment));
-        }
-    }
-
-    @Override
-    protected SignEncryptParcel createEncryptBundle() {
-        // fill values for this action
-        SignEncryptParcel data = new SignEncryptParcel();
-
-        data.setBytes(mMessage.getBytes());
-        data.setCleartextSignature(true);
-
-        if (mUseCompression) {
-            data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.get(0));
-        } else {
-            data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
-        }
-        data.setHiddenRecipients(mHiddenRecipients);
-        data.setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
-        data.setSignatureHashAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
-
-        // Always use armor for messages
-        data.setEnableAsciiArmorOutput(true);
-
-        if (isModeSymmetric()) {
-            Log.d(Constants.TAG, "Symmetric encryption enabled!");
-            Passphrase passphrase = mPassphrase;
-            if (passphrase.isEmpty()) {
-                passphrase = null;
-            }
-            data.setSymmetricPassphrase(passphrase);
-        } else {
-            data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
-            data.setSignatureMasterKeyId(mSigningKeyId);
-            data.setSignaturePassphrase(mSigningKeyPassphrase);
-        }
-        return data;
-    }
-
-    private void copyToClipboard(byte[] resultBytes) {
-        ClipboardReflection.copyToClipboard(this, new String(resultBytes));
-    }
-
-    /**
-     * Create Intent Chooser but exclude OK's EncryptActivity.
-     */
-    private Intent sendWithChooserExcludingEncrypt(byte[] resultBytes) {
-        Intent prototype = createSendIntent(resultBytes);
-        String title = getString(R.string.title_share_message);
-
-        // we don't want to encrypt the encrypted, no inception ;)
-        String[] blacklist = new String[]{
-                Constants.PACKAGE_NAME + ".ui.EncryptTextActivity",
-                "org.thialfihar.android.apg.ui.EncryptActivity"
-        };
-
-        return new ShareHelper(this).createChooserExcluding(prototype, title, blacklist);
-    }
-
-    private Intent createSendIntent(byte[] resultBytes) {
-        Intent sendIntent;
-        sendIntent = new Intent(Intent.ACTION_SEND);
-        sendIntent.setType(Constants.ENCRYPTED_TEXT_MIME);
-        sendIntent.putExtra(Intent.EXTRA_TEXT, new String(resultBytes));
-
-        if (!isModeSymmetric() && mEncryptionUserIds != null) {
-            Set<String> users = new HashSet<>();
-            for (String user : mEncryptionUserIds) {
-                KeyRing.UserId userId = KeyRing.splitUserId(user);
-                if (userId.email != null) {
-                    users.add(userId.email);
-                }
-            }
-            // pass trough email addresses as extra for email applications
-            sendIntent.putExtra(Intent.EXTRA_EMAIL, users.toArray(new String[users.size()]));
-        }
-        return sendIntent;
-    }
-
-    protected boolean inputIsValid() {
-        if (mMessage == null) {
-            Notify.create(this, R.string.error_message, Notify.Style.ERROR)
-                    .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_text_fragment));
-            return false;
-        }
-
-        if (isModeSymmetric()) {
-            // symmetric encryption checks
-
-            if (mPassphrase == null) {
-                Notify.create(this, R.string.passphrases_do_not_match, Notify.Style.ERROR)
-                        .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_text_fragment));
-                return false;
-            }
-            if (mPassphrase.isEmpty()) {
-                Notify.create(this, R.string.passphrase_must_not_be_empty, Notify.Style.ERROR)
-                        .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_text_fragment));
-                return false;
-            }
-
-        } else {
-            // asymmetric encryption checks
-
-            boolean gotEncryptionKeys = (mEncryptionKeyIds != null
-                    && mEncryptionKeyIds.length > 0);
-
-            if (!gotEncryptionKeys && mSigningKeyId == 0) {
-                Notify.create(this, R.string.select_encryption_or_signature_key, Notify.Style.ERROR)
-                        .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_text_fragment));
-                return false;
-            }
-        }
-        return true;
-    }
+    Fragment mModeFragment;
+    EncryptTextFragment mEncryptFragment;
 
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
 
-        // if called with an intent action, do not init drawer navigation
-        if (ACTION_ENCRYPT_TEXT.equals(getIntent().getAction())) {
-            // lock drawer
-//            deactivateDrawerNavigation();
-            // TODO: back button to key?
-        } else {
-//            activateDrawerNavigation(savedInstanceState);
-        }
+        setFullScreenDialogClose(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                finish();
+            }
+        }, false);
 
         // Handle intent actions
-        handleActions(getIntent());
-        updateModeFragment();
+        handleActions(getIntent(), savedInstanceState);
     }
 
     @Override
@@ -299,56 +68,13 @@ public class EncryptTextActivity extends EncryptActivity {
         setContentView(R.layout.encrypt_text_activity);
     }
 
-    @Override
-    public boolean onCreateOptionsMenu(Menu menu) {
-        getMenuInflater().inflate(R.menu.encrypt_text_activity, menu);
-        return super.onCreateOptionsMenu(menu);
-    }
-
-    private void updateModeFragment() {
-        getSupportFragmentManager().beginTransaction()
-                .replace(R.id.encrypt_mode,
-                        mCurrentMode == MODE_SYMMETRIC
-                                ? new EncryptSymmetricFragment()
-                                : new EncryptAsymmetricFragment()
-                )
-                .commitAllowingStateLoss();
-        getSupportFragmentManager().executePendingTransactions();
-    }
-
-    @Override
-    public boolean onOptionsItemSelected(MenuItem item) {
-        if (item.isCheckable()) {
-            item.setChecked(!item.isChecked());
-        }
-        switch (item.getItemId()) {
-            case R.id.check_use_symmetric: {
-                mCurrentMode = item.isChecked() ? MODE_SYMMETRIC : MODE_ASYMMETRIC;
-                updateModeFragment();
-                break;
-            }
-            case R.id.check_enable_compression: {
-                mUseCompression = item.isChecked();
-                break;
-            }
-//            case R.id.check_hidden_recipients: {
-//                mHiddenRecipients = item.isChecked();
-//                notifyUpdate();
-//                break;
-//            }
-            default: {
-                return super.onOptionsItemSelected(item);
-            }
-        }
-        return true;
-    }
 
     /**
      * Handles all actions with this intent
      *
      * @param intent
      */
-    private void handleActions(Intent intent) {
+    private void handleActions(Intent intent, Bundle savedInstanceState) {
         String action = intent.getAction();
         Bundle extras = intent.getExtras();
         String type = intent.getType();
@@ -379,19 +105,61 @@ public class EncryptTextActivity extends EncryptActivity {
         }
 
         String textData = extras.getString(EXTRA_TEXT);
+        if (ACTION_ENCRYPT_TEXT.equals(action) && textData == null) {
+            Log.e(Constants.TAG, "Include the extra 'text' in your Intent!");
+            return;
+        }
 
         // preselect keys given by intent
-        mSigningKeyId = extras.getLong(EXTRA_SIGNATURE_KEY_ID);
-        mEncryptionKeyIds = extras.getLongArray(EXTRA_ENCRYPTION_KEY_IDS);
+        long mSigningKeyId = extras.getLong(EXTRA_SIGNATURE_KEY_ID);
+        long[] mEncryptionKeyIds = extras.getLongArray(EXTRA_ENCRYPTION_KEY_IDS);
 
-        /**
-         * Main Actions
-         */
-        if (ACTION_ENCRYPT_TEXT.equals(action) && textData != null) {
-            mMessage = textData;
-        } else if (ACTION_ENCRYPT_TEXT.equals(action)) {
-            Log.e(Constants.TAG, "Include the extra 'text' in your Intent!");
+
+        if (savedInstanceState == null) {
+            FragmentTransaction transaction = getSupportFragmentManager().beginTransaction();
+
+            mModeFragment = EncryptModeAsymmetricFragment.newInstance(mSigningKeyId, mEncryptionKeyIds);
+            transaction.replace(R.id.encrypt_mode_container, mModeFragment, "mode");
+
+            mEncryptFragment = EncryptTextFragment.newInstance(textData);
+            transaction.replace(R.id.encrypt_text_container, mEncryptFragment, "text");
+
+            transaction.commit();
+
+            getSupportFragmentManager().executePendingTransactions();
         }
     }
 
+    @Override
+    public void onModeChanged(boolean symmetric) {
+        // switch fragments
+        getSupportFragmentManager().beginTransaction()
+                .replace(R.id.encrypt_mode_container,
+                        symmetric
+                                ? EncryptModeSymmetricFragment.newInstance()
+                                : EncryptModeAsymmetricFragment.newInstance(0, null)
+                )
+                .commitAllowingStateLoss();
+        getSupportFragmentManager().executePendingTransactions();
+    }
+
+    @Override
+    public void onSignatureKeyIdChanged(long signatureKeyId) {
+        mEncryptFragment.setSigningKeyId(signatureKeyId);
+    }
+
+    @Override
+    public void onEncryptionKeyIdsChanged(long[] encryptionKeyIds) {
+        mEncryptFragment.setEncryptionKeyIds(encryptionKeyIds);
+    }
+
+    @Override
+    public void onEncryptionUserIdsChanged(String[] encryptionUserIds) {
+        mEncryptFragment.setEncryptionUserIds(encryptionUserIds);
+    }
+
+    @Override
+    public void onPassphraseChanged(Passphrase passphrase) {
+        mEncryptFragment.setPassphrase(passphrase);
+    }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
index 5d9994c5c..c71edcd22 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2014-2015 Dominik Schürmann <dominik@dominikschuermann.de>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -18,32 +18,102 @@
 package org.sufficientlysecure.keychain.ui;
 
 import android.app.Activity;
+import android.app.ProgressDialog;
+import android.content.Intent;
 import android.os.Bundle;
-import android.support.v4.app.Fragment;
+import android.os.Message;
+import android.os.Messenger;
 import android.text.Editable;
 import android.text.TextWatcher;
 import android.view.LayoutInflater;
+import android.view.Menu;
+import android.view.MenuInflater;
 import android.view.MenuItem;
 import android.view.View;
 import android.view.ViewGroup;
 import android.widget.TextView;
 
+import org.spongycastle.bcpg.CompressionAlgorithmTags;
+import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
+import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
+import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
+import org.sufficientlysecure.keychain.pgp.KeyRing;
+import org.sufficientlysecure.keychain.pgp.PgpConstants;
+import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
+import org.sufficientlysecure.keychain.service.KeychainIntentService;
+import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
+import org.sufficientlysecure.keychain.ui.util.Notify;
+import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;
+import org.sufficientlysecure.keychain.util.ShareHelper;
+
+import java.util.HashSet;
+import java.util.Set;
+
+public class EncryptTextFragment extends CryptoOperationFragment {
+
+    public interface IMode {
+        public void onModeChanged(boolean symmetric);
+    }
 
-public class EncryptTextFragment extends Fragment {
     public static final String ARG_TEXT = "text";
 
+    private IMode mModeInterface;
+
+    private boolean mSymmetricMode = true;
+    private boolean mShareAfterEncrypt = false;
+    private boolean mUseCompression = true;
+    private boolean mHiddenRecipients = false;
+
+    private long mEncryptionKeyIds[] = null;
+    private String mEncryptionUserIds[] = null;
+    // TODO Constants.key.none? What's wrong with a null value?
+    private long mSigningKeyId = Constants.key.none;
+    private Passphrase mPassphrase = new Passphrase();
+    private String mMessage = "";
+
     private TextView mText;
 
-    private EncryptActivityInterface mEncryptInterface;
+    public void setEncryptionKeyIds(long[] encryptionKeyIds) {
+        mEncryptionKeyIds = encryptionKeyIds;
+    }
+
+    public void setEncryptionUserIds(String[] encryptionUserIds) {
+        mEncryptionUserIds = encryptionUserIds;
+    }
+
+    public void setSigningKeyId(long signingKeyId) {
+        mSigningKeyId = signingKeyId;
+    }
+
+    public void setPassphrase(Passphrase passphrase) {
+        mPassphrase = passphrase;
+    }
+
+    /**
+     * Creates new instance of this fragment
+     */
+    public static EncryptTextFragment newInstance(String text) {
+        EncryptTextFragment frag = new EncryptTextFragment();
+
+        Bundle args = new Bundle();
+        args.putString(ARG_TEXT, text);
+        frag.setArguments(args);
+
+        return frag;
+    }
 
     @Override
     public void onAttach(Activity activity) {
         super.onAttach(activity);
         try {
-            mEncryptInterface = (EncryptActivityInterface) activity;
+            mModeInterface = (IMode) activity;
         } catch (ClassCastException e) {
-            throw new ClassCastException(activity.toString() + " must implement EncryptActivityInterface");
+            throw new ClassCastException(activity.toString() + " must implement IMode");
         }
     }
 
@@ -54,6 +124,9 @@ public class EncryptTextFragment extends Fragment {
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.encrypt_text_fragment, container, false);
 
+        if (mMessage != null) {
+            mText.setText(mMessage);
+        }
         mText = (TextView) view.findViewById(R.id.encrypt_text_text);
         mText.addTextChangedListener(new TextWatcher() {
             @Override
@@ -68,7 +141,7 @@ public class EncryptTextFragment extends Fragment {
 
             @Override
             public void afterTextChanged(Editable s) {
-                mEncryptInterface.setMessage(s.toString());
+                mMessage = s.toString();
             }
         });
 
@@ -78,29 +151,43 @@ public class EncryptTextFragment extends Fragment {
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
+        mMessage = getArguments().getString(ARG_TEXT);
 
         setHasOptionsMenu(true);
     }
 
     @Override
-    public void onActivityCreated(Bundle savedInstanceState) {
-        super.onActivityCreated(savedInstanceState);
-
-        String text = mEncryptInterface.getMessage();
-        if (text != null) {
-            mText.setText(text);
-        }
+    public void onCreateOptionsMenu(Menu menu, MenuInflater inflater) {
+        super.onCreateOptionsMenu(menu, inflater);
+        inflater.inflate(R.menu.encrypt_text_activity, menu);
     }
 
     @Override
     public boolean onOptionsItemSelected(MenuItem item) {
+        if (item.isCheckable()) {
+            item.setChecked(!item.isChecked());
+        }
         switch (item.getItemId()) {
+            case R.id.check_use_symmetric: {
+                mSymmetricMode = item.isChecked();
+                mModeInterface.onModeChanged(mSymmetricMode);
+                break;
+            }
+            case R.id.check_enable_compression: {
+                mUseCompression = item.isChecked();
+                break;
+            }
+//            case R.id.check_hidden_recipients: {
+//                mHiddenRecipients = item.isChecked();
+//                notifyUpdate();
+//                break;
+//            }
             case R.id.encrypt_copy: {
-                mEncryptInterface.startEncrypt(false);
+                startEncrypt(false);
                 break;
             }
             case R.id.encrypt_share: {
-                mEncryptInterface.startEncrypt(true);
+                startEncrypt(true);
                 break;
             }
             default: {
@@ -109,4 +196,222 @@ public class EncryptTextFragment extends Fragment {
         }
         return true;
     }
+
+
+    protected void onEncryptSuccess(SignEncryptResult result) {
+        if (mShareAfterEncrypt) {
+            // Share encrypted message/file
+            startActivity(sendWithChooserExcludingEncrypt(result.getResultBytes()));
+        } else {
+            // Copy to clipboard
+            copyToClipboard(result.getResultBytes());
+            result.createNotify(getActivity()).show();
+            // Notify.create(EncryptTextActivity.this,
+            // R.string.encrypt_sign_clipboard_successful, Notify.Style.OK)
+            // .show(getSupportFragmentManager().findFragmentById(R.id.encrypt_text_fragment));
+        }
+    }
+
+    protected SignEncryptParcel createEncryptBundle() {
+        // fill values for this action
+        SignEncryptParcel data = new SignEncryptParcel();
+
+        data.setBytes(mMessage.getBytes());
+        data.setCleartextSignature(true);
+
+        if (mUseCompression) {
+            data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.get(0));
+        } else {
+            data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
+        }
+        data.setHiddenRecipients(mHiddenRecipients);
+        data.setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+        data.setSignatureHashAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+
+        // Always use armor for messages
+        data.setEnableAsciiArmorOutput(true);
+
+        if (mSymmetricMode) {
+            Log.d(Constants.TAG, "Symmetric encryption enabled!");
+            Passphrase passphrase = mPassphrase;
+            if (passphrase.isEmpty()) {
+                passphrase = null;
+            }
+            data.setSymmetricPassphrase(passphrase);
+        } else {
+            data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
+            data.setSignatureMasterKeyId(mSigningKeyId);
+//            data.setSignaturePassphrase(mSigningKeyPassphrase);
+        }
+        return data;
+    }
+
+    private void copyToClipboard(byte[] resultBytes) {
+        ClipboardReflection.copyToClipboard(getActivity(), new String(resultBytes));
+    }
+
+    /**
+     * Create Intent Chooser but exclude OK's EncryptActivity.
+     */
+    private Intent sendWithChooserExcludingEncrypt(byte[] resultBytes) {
+        Intent prototype = createSendIntent(resultBytes);
+        String title = getString(R.string.title_share_message);
+
+        // we don't want to encrypt the encrypted, no inception ;)
+        String[] blacklist = new String[]{
+                Constants.PACKAGE_NAME + ".ui.EncryptTextActivity",
+                "org.thialfihar.android.apg.ui.EncryptActivity"
+        };
+
+        return new ShareHelper(getActivity()).createChooserExcluding(prototype, title, blacklist);
+    }
+
+    private Intent createSendIntent(byte[] resultBytes) {
+        Intent sendIntent;
+        sendIntent = new Intent(Intent.ACTION_SEND);
+        sendIntent.setType(Constants.ENCRYPTED_TEXT_MIME);
+        sendIntent.putExtra(Intent.EXTRA_TEXT, new String(resultBytes));
+
+        if (!mSymmetricMode && mEncryptionUserIds != null) {
+            Set<String> users = new HashSet<>();
+            for (String user : mEncryptionUserIds) {
+                KeyRing.UserId userId = KeyRing.splitUserId(user);
+                if (userId.email != null) {
+                    users.add(userId.email);
+                }
+            }
+            // pass trough email addresses as extra for email applications
+            sendIntent.putExtra(Intent.EXTRA_EMAIL, users.toArray(new String[users.size()]));
+        }
+        return sendIntent;
+    }
+
+    protected boolean inputIsValid() {
+        if (mMessage == null) {
+            Notify.create(getActivity(), R.string.error_message, Notify.Style.ERROR)
+                    .show(this);
+            return false;
+        }
+
+        if (mSymmetricMode) {
+            // symmetric encryption checks
+
+            if (mPassphrase == null) {
+                Notify.create(getActivity(), R.string.passphrases_do_not_match, Notify.Style.ERROR)
+                        .show(this);
+                return false;
+            }
+            if (mPassphrase.isEmpty()) {
+                Notify.create(getActivity(), R.string.passphrase_must_not_be_empty, Notify.Style.ERROR)
+                        .show(this);
+                return false;
+            }
+
+        } else {
+            // asymmetric encryption checks
+
+            boolean gotEncryptionKeys = (mEncryptionKeyIds != null
+                    && mEncryptionKeyIds.length > 0);
+
+            if (!gotEncryptionKeys && mSigningKeyId == 0) {
+                Notify.create(getActivity(), R.string.select_encryption_or_signature_key, Notify.Style.ERROR)
+                        .show(this);
+                return false;
+            }
+        }
+        return true;
+    }
+
+
+    public void startEncrypt(boolean share) {
+        mShareAfterEncrypt = share;
+        startEncrypt();
+    }
+
+    public void startEncrypt() {
+        cryptoOperation(null);
+    }
+
+    @Override
+    protected void cryptoOperation(CryptoInputParcel cryptoInput) {
+        if (!inputIsValid()) {
+            // Notify was created by inputIsValid.
+            return;
+        }
+
+        // Send all information needed to service to edit key in other thread
+        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+        intent.setAction(KeychainIntentService.ACTION_SIGN_ENCRYPT);
+
+        final SignEncryptParcel input = createEncryptBundle();
+        if (cryptoInput != null) {
+            input.setCryptoInput(cryptoInput);
+        }
+
+        Bundle data = new Bundle();
+        data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
+        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+        // Message is received after encrypting is done in KeychainIntentService
+        ServiceProgressHandler serviceHandler = new ServiceProgressHandler(
+                getActivity(),
+                getString(R.string.progress_encrypting),
+                ProgressDialog.STYLE_HORIZONTAL,
+                ProgressDialogFragment.ServiceType.KEYCHAIN_INTENT) {
+            public void handleMessage(Message message) {
+                // handle messages by standard KeychainIntentServiceHandler first
+                super.handleMessage(message);
+
+                // handle pending messages
+                if (handlePendingMessage(message)) {
+                    return;
+                }
+
+                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+                    SignEncryptResult result =
+                            message.getData().getParcelable(SignEncryptResult.EXTRA_RESULT);
+
+                    PgpSignEncryptResult pgpResult = result.getPending();
+
+//                    if (pgpResult != null && pgpResult.isPending()) {
+//                        if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
+//                                PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) {
+//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
+//                        } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
+//                                PgpSignEncryptResult.RESULT_PENDING_NFC) {
+//
+//                            RequiredInputParcel parcel = RequiredInputParcel.createNfcSignOperation(
+//                                    pgpResult.getNfcHash(),
+//                                    pgpResult.getNfcAlgo(),
+//                                    input.getSignatureTime());
+//                            startNfcSign(pgpResult.getNfcKeyId(), parcel);
+//
+//                        } else {
+//                            throw new RuntimeException("Unhandled pending result!");
+//                        }
+//                        return;
+//                    }
+
+                    if (result.success()) {
+                        onEncryptSuccess(result);
+                    } else {
+                        result.createNotify(getActivity()).show();
+                    }
+
+                    // no matter the result, reset parameters
+//                    mSigningKeyPassphrase = null;
+                }
+            }
+        };
+        // Create a new Messenger for the communication back
+        Messenger messenger = new Messenger(serviceHandler);
+        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+        // show progress dialog
+        serviceHandler.showProgressDialog(getActivity());
+
+        // start service with intent
+        getActivity().startService(intent);
+    }
+
 }
diff --git a/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml b/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
index dcf5bd041..a5082010e 100644
--- a/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
+++ b/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
@@ -23,14 +23,13 @@
         <include layout="@layout/notify_area" />
 
         <FrameLayout
-            android:id="@+id/encrypt_mode"
+            android:id="@+id/encrypt_mode_container"
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:orientation="vertical" />
 
-        <fragment
-            android:id="@+id/encrypt_text_fragment"
-            android:name="org.sufficientlysecure.keychain.ui.EncryptTextFragment"
+        <FrameLayout
+            android:id="@+id/encrypt_text_container"
             android:layout_width="match_parent"
             android:layout_height="match_parent" />
 

From b82f273284b90d8ab41c806cc2858865d33b2390 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 27 Mar 2015 00:55:55 +0100
Subject: [PATCH 30/80] Start reworking decrypt ui classes

---
 .../keychain/ui/DecryptFilesFragment.java     | 221 ++++++++++--------
 .../keychain/ui/DecryptFragment.java          |  47 ++--
 .../keychain/ui/DecryptTextFragment.java      |  99 ++++----
 3 files changed, 196 insertions(+), 171 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
index c75e28145..ecc99b348 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
@@ -39,6 +39,7 @@ import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentService.IOType;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
@@ -144,7 +145,7 @@ public class DecryptFilesFragment extends DecryptFragment {
             return;
         }
 
-        decryptOriginalFilename();
+//        decryptOriginalFilename();
     }
 
     private String removeEncryptedAppend(String name) {
@@ -174,82 +175,93 @@ public class DecryptFilesFragment extends DecryptFragment {
         }
     }
 
-    private void decryptOriginalFilename() {
-        Log.d(Constants.TAG, "decryptOriginalFilename");
 
-        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+    // TODO: also needs to use cryptoOperation!!! (switch between this and normal decrypt
+//    private void decryptOriginalFilename() {
+//        Log.d(Constants.TAG, "decryptOriginalFilename");
+//
+//        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+//
+//        // fill values for this action
+//        Bundle data = new Bundle();
+//        intent.setAction(KeychainIntentService.ACTION_DECRYPT_METADATA);
+//
+//        // data
+//        Log.d(Constants.TAG, "mInputUri=" + mInputUri + ", mOutputUri=" + mOutputUri);
+//
+//        data.putInt(KeychainIntentService.SOURCE, IOType.URI.ordinal());
+//        data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_INPUT_URI, mInputUri);
+//
+//        data.putInt(KeychainIntentService.TARGET, IOType.URI.ordinal());
+//        data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_OUTPUT_URI, mOutputUri);
+//
+//        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
+//        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
+//
+//        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+//
+//        // Message is received after decrypting is done in KeychainIntentService
+//        ServiceProgressHandler saveHandler = new ServiceProgressHandler(
+//                getActivity(),
+//                getString(R.string.progress_decrypting),
+//                ProgressDialog.STYLE_HORIZONTAL,
+//                ProgressDialogFragment.ServiceType.KEYCHAIN_INTENT) {
+//            public void handleMessage(Message message) {
+//                // handle messages by standard KeychainIntentServiceHandler first
+//                super.handleMessage(message);
+//
+//    // handle pending messages
+//    if (handlePendingMessage(message)) {
+//        return;
+//    }
+//
+//                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
+//                    // get returned data bundle
+//                    Bundle returnData = message.getData();
+//
+//                    DecryptVerifyResult pgpResult =
+//                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
+//
+//                    if (pgpResult.isPending()) {
+//                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
+//                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
+//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
+//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
+//                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
+//                            startPassphraseDialog(Constants.key.symmetric);
+//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
+//                                DecryptVerifyResult.RESULT_PENDING_NFC) {
+//                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+//                        } else {
+//                            throw new RuntimeException("Unhandled pending result!");
+//                        }
+//                    } else if (pgpResult.success()) {
+//                        // go on...
+//                        askForOutputFilename(pgpResult.getDecryptMetadata().getFilename());
+//                    } else {
+//                        pgpResult.createNotify(getActivity()).show();
+//                    }
+//                }
+//            }
+//        };
+//
+//        // Create a new Messenger for the communication back
+//        Messenger messenger = new Messenger(saveHandler);
+//        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+//
+//        // show progress dialog
+//        saveHandler.showProgressDialog(getActivity());
+//
+//        // start service with intent
+//        getActivity().startService(intent);
+//    }
 
-        // fill values for this action
-        Bundle data = new Bundle();
-        intent.setAction(KeychainIntentService.ACTION_DECRYPT_METADATA);
-
-        // data
-        Log.d(Constants.TAG, "mInputUri=" + mInputUri + ", mOutputUri=" + mOutputUri);
-
-        data.putInt(KeychainIntentService.SOURCE, IOType.URI.ordinal());
-        data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_INPUT_URI, mInputUri);
-
-        data.putInt(KeychainIntentService.TARGET, IOType.URI.ordinal());
-        data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_OUTPUT_URI, mOutputUri);
-
-        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
-        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
-
-        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
-
-        // Message is received after decrypting is done in KeychainIntentService
-        ServiceProgressHandler saveHandler = new ServiceProgressHandler(
-                getActivity(),
-                getString(R.string.progress_decrypting),
-                ProgressDialog.STYLE_HORIZONTAL,
-                ProgressDialogFragment.ServiceType.KEYCHAIN_INTENT) {
-            public void handleMessage(Message message) {
-                // handle messages by standard KeychainIntentServiceHandler first
-                super.handleMessage(message);
-
-                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
-                    // get returned data bundle
-                    Bundle returnData = message.getData();
-
-                    DecryptVerifyResult pgpResult =
-                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
-
-                    if (pgpResult.isPending()) {
-                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
-                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
-                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
-                            startPassphraseDialog(Constants.key.symmetric);
-                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
-                                DecryptVerifyResult.RESULT_PENDING_NFC) {
-                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
-                        } else {
-                            throw new RuntimeException("Unhandled pending result!");
-                        }
-                    } else if (pgpResult.success()) {
-                        // go on...
-                        askForOutputFilename(pgpResult.getDecryptMetadata().getFilename());
-                    } else {
-                        pgpResult.createNotify(getActivity()).show();
-                    }
-                }
-            }
-        };
-
-        // Create a new Messenger for the communication back
-        Messenger messenger = new Messenger(saveHandler);
-        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
-
-        // show progress dialog
-        saveHandler.showProgressDialog(getActivity());
-
-        // start service with intent
-        getActivity().startService(intent);
+    private void decryptStart() {
+        cryptoOperation(new CryptoInputParcel());
     }
 
     @Override
-    protected void decryptStart() {
+    protected void cryptoOperation(CryptoInputParcel cryptoInput) {
         Log.d(Constants.TAG, "decryptStart");
 
         // Send all information needed to service to decrypt in other thread
@@ -284,6 +296,11 @@ public class DecryptFilesFragment extends DecryptFragment {
                 // handle messages by standard KeychainIntentServiceHandler first
                 super.handleMessage(message);
 
+                // handle pending messages
+                if (handlePendingMessage(message)) {
+                    return;
+                }
+
                 if (message.arg1 == MessageStatus.OKAY.ordinal()) {
                     // get returned data bundle
                     Bundle returnData = message.getData();
@@ -291,20 +308,21 @@ public class DecryptFilesFragment extends DecryptFragment {
                     DecryptVerifyResult pgpResult =
                             returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
 
-                    if (pgpResult.isPending()) {
-                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
-                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
-                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
-                            startPassphraseDialog(Constants.key.symmetric);
-                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
-                                DecryptVerifyResult.RESULT_PENDING_NFC) {
-                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
-                        } else {
-                            throw new RuntimeException("Unhandled pending result!");
-                        }
-                    } else if (pgpResult.success()) {
+//                    if (pgpResult.isPending()) {
+//                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
+//                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
+//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
+//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
+//                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
+//                            startPassphraseDialog(Constants.key.symmetric);
+//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
+//                                DecryptVerifyResult.RESULT_PENDING_NFC) {
+//                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+//                        } else {
+//                            throw new RuntimeException("Unhandled pending result!");
+//                        }
+
+                    if (pgpResult.success()) {
 
                         // display signature result in activity
                         onResult(pgpResult);
@@ -346,21 +364,21 @@ public class DecryptFilesFragment extends DecryptFragment {
     @Override
     public void onActivityResult(int requestCode, int resultCode, Intent data) {
         switch (requestCode) {
-            case REQUEST_CODE_PASSPHRASE: {
-                if (resultCode == Activity.RESULT_OK && data != null) {
-                    mPassphrase = data.getParcelableExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-                    decryptOriginalFilename();
-                }
-                return;
-            }
-
-            case REQUEST_CODE_NFC_DECRYPT: {
-                if (resultCode == Activity.RESULT_OK && data != null) {
-                    mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
-                    decryptOriginalFilename();
-                }
-                return;
-            }
+//            case REQUEST_CODE_PASSPHRASE: {
+//                if (resultCode == Activity.RESULT_OK && data != null) {
+//                    mPassphrase = data.getParcelableExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
+////                    decryptOriginalFilename();
+//                }
+//                return;
+//            }
+//
+//            case REQUEST_CODE_NFC_DECRYPT: {
+//                if (resultCode == Activity.RESULT_OK && data != null) {
+//                    mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
+////                    decryptOriginalFilename();
+//                }
+//                return;
+//            }
 
             case REQUEST_CODE_INPUT: {
                 if (resultCode == Activity.RESULT_OK && data != null) {
@@ -383,4 +401,5 @@ public class DecryptFilesFragment extends DecryptFragment {
             }
         }
     }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index 63508e530..f00136d5b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -34,11 +34,11 @@ import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils.State;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
-public abstract class DecryptFragment extends Fragment {
+public abstract class DecryptFragment extends CryptoOperationFragment {
     private static final int RESULT_CODE_LOOKUP_KEY = 0x00007006;
 
-    public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
-    public static final int REQUEST_CODE_NFC_DECRYPT = 0x00008002;
+//    public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
+//    public static final int REQUEST_CODE_NFC_DECRYPT = 0x00008002;
 
     protected long mSignatureKeyId = 0;
 
@@ -95,24 +95,24 @@ public abstract class DecryptFragment extends Fragment {
         startActivity(viewKeyIntent);
     }
 
-    protected void startPassphraseDialog(long subkeyId) {
-        Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
-        intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, subkeyId);
-        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
-    }
-
-    protected void startNfcDecrypt(long subKeyId, Passphrase pin, byte[] encryptedSessionKey) {
-        // build PendingIntent for Yubikey NFC operations
-        Intent intent = new Intent(getActivity(), NfcActivity.class);
-        intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
-        intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
-        intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId);
-        intent.putExtra(NfcActivity.EXTRA_PIN, pin);
-
-        intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey);
-
-        startActivityForResult(intent, REQUEST_CODE_NFC_DECRYPT);
-    }
+//    protected void startPassphraseDialog(long subkeyId) {
+//        Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
+//        intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, subkeyId);
+//        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
+//    }
+//
+//    protected void startNfcDecrypt(long subKeyId, Passphrase pin, byte[] encryptedSessionKey) {
+//        // build PendingIntent for Yubikey NFC operations
+//        Intent intent = new Intent(getActivity(), NfcActivity.class);
+//        intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
+//        intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
+//        intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId);
+//        intent.putExtra(NfcActivity.EXTRA_PIN, pin);
+//
+//        intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey);
+//
+//        startActivityForResult(intent, REQUEST_CODE_NFC_DECRYPT);
+//    }
 
     /**
      *
@@ -253,9 +253,4 @@ public abstract class DecryptFragment extends Fragment {
         });
     }
 
-    /**
-     * Should be overridden by MessageFragment and FileFragment to start actual decryption
-     */
-    protected abstract void decryptStart();
-
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
index f6e21937d..523b24fd7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
@@ -38,6 +38,7 @@ import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentService.IOType;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
@@ -147,8 +148,13 @@ public class DecryptTextFragment extends DecryptFragment {
         }
     }
 
+    private void decryptStart() {
+        cryptoOperation(new CryptoInputParcel());
+    }
+
     @Override
-    protected void decryptStart() {
+    protected void cryptoOperation(CryptoInputParcel cryptoInput) {
+
         Log.d(Constants.TAG, "decryptStart");
 
         // Send all information needed to service to decrypt in other thread
@@ -177,6 +183,11 @@ public class DecryptTextFragment extends DecryptFragment {
                 // handle messages by standard KeychainIntentServiceHandler first
                 super.handleMessage(message);
 
+                // handle pending messages
+                if (handlePendingMessage(message)) {
+                    return;
+                }
+
                 if (message.arg1 == MessageStatus.OKAY.ordinal()) {
                     // get returned data bundle
                     Bundle returnData = message.getData();
@@ -184,20 +195,20 @@ public class DecryptTextFragment extends DecryptFragment {
                     DecryptVerifyResult pgpResult =
                             returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
 
-                    if (pgpResult.isPending()) {
-                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
-                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
-                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
-                            startPassphraseDialog(Constants.key.symmetric);
-                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
-                                DecryptVerifyResult.RESULT_PENDING_NFC) {
-                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
-                        } else {
-                            throw new RuntimeException("Unhandled pending result!");
-                        }
-                    } else if (pgpResult.success()) {
+//                    if (pgpResult.isPending()) {
+//                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
+//                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
+//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
+//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
+//                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
+//                            startPassphraseDialog(Constants.key.symmetric);
+//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
+//                                DecryptVerifyResult.RESULT_PENDING_NFC) {
+//                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+//                        } else {
+//                            throw new RuntimeException("Unhandled pending result!");
+//                        }
+                    if (pgpResult.success()) {
 
                         byte[] decryptedMessage = returnData
                                 .getByteArray(KeychainIntentService.RESULT_DECRYPTED_BYTES);
@@ -245,34 +256,34 @@ public class DecryptTextFragment extends DecryptFragment {
         getActivity().startService(intent);
     }
 
-    @Override
-    public void onActivityResult(int requestCode, int resultCode, Intent data) {
-        switch (requestCode) {
-
-            case REQUEST_CODE_PASSPHRASE: {
-                if (resultCode == Activity.RESULT_OK && data != null) {
-                    mPassphrase = data.getParcelableExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-                    decryptStart();
-                } else {
-                    getActivity().finish();
-                }
-                return;
-            }
-
-            case REQUEST_CODE_NFC_DECRYPT: {
-                if (resultCode == Activity.RESULT_OK && data != null) {
-                    mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
-                    decryptStart();
-                } else {
-                    getActivity().finish();
-                }
-                return;
-            }
-
-            default: {
-                super.onActivityResult(requestCode, resultCode, data);
-            }
-        }
-    }
+//    @Override
+//    public void onActivityResult(int requestCode, int resultCode, Intent data) {
+//        switch (requestCode) {
+//
+//            case REQUEST_CODE_PASSPHRASE: {
+//                if (resultCode == Activity.RESULT_OK && data != null) {
+//                    mPassphrase = data.getParcelableExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
+//                    decryptStart();
+//                } else {
+//                    getActivity().finish();
+//                }
+//                return;
+//            }
+//
+//            case REQUEST_CODE_NFC_DECRYPT: {
+//                if (resultCode == Activity.RESULT_OK && data != null) {
+//                    mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
+//                    decryptStart();
+//                } else {
+//                    getActivity().finish();
+//                }
+//                return;
+//            }
+//
+//            default: {
+//                super.onActivityResult(requestCode, resultCode, data);
+//            }
+//        }
+//    }
 
 }

From 95f1527afe81c59a116cadc2ed37c065da1819ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 29 Mar 2015 20:37:54 +0200
Subject: [PATCH 31/80] Fixing crashes with new encrypt ui

---
 .../results/InputPendingResult.java           | 20 +++++++++++--
 .../keychain/ui/CryptoOperationFragment.java  | 29 +++++++++++++++----
 .../keychain/ui/EncryptFilesFragment.java     | 29 +++++++++----------
 .../keychain/ui/EncryptTextFragment.java      | 23 ++++++++-------
 .../keychain/util/NfcHelper.java              |  9 ++----
 .../main/res/layout/encrypt_text_activity.xml |  3 +-
 ...activity.xml => encrypt_file_fragment.xml} |  0
 ...activity.xml => encrypt_text_fragment.xml} |  0
 8 files changed, 70 insertions(+), 43 deletions(-)
 rename OpenKeychain/src/main/res/menu/{encrypt_file_activity.xml => encrypt_file_fragment.xml} (100%)
 rename OpenKeychain/src/main/res/menu/{encrypt_text_activity.xml => encrypt_text_fragment.xml} (100%)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
index e0ba28fbe..45a6b98b8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
@@ -1,11 +1,27 @@
-package org.sufficientlysecure.keychain.operations.results;
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2015 Vincent Breitmoser <v.breitmoser@mugenguild.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
+package org.sufficientlysecure.keychain.operations.results;
 
 import android.os.Parcel;
 
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
-
 public class InputPendingResult extends OperationResult {
 
     // the fourth bit indicates a "data pending" result! (it's also a form of non-success)
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
index 076c628b4..5227c1477 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -1,5 +1,22 @@
-package org.sufficientlysecure.keychain.ui;
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2015 Vincent Breitmoser <v.breitmoser@mugenguild.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
+package org.sufficientlysecure.keychain.ui;
 
 import android.app.Activity;
 import android.content.Intent;
@@ -7,14 +24,15 @@ import android.os.Bundle;
 import android.os.Message;
 import android.support.v4.app.Fragment;
 
-import org.sufficientlysecure.keychain.operations.results.CertifyResult;
 import org.sufficientlysecure.keychain.operations.results.InputPendingResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
-
+/**
+ * All fragments executing crypto operations need to extend this class.
+ */
 public abstract class CryptoOperationFragment extends Fragment {
 
     public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
@@ -40,7 +58,6 @@ public abstract class CryptoOperationFragment extends Fragment {
         }
 
         throw new RuntimeException("Unhandled pending result!");
-
     }
 
     @Override
@@ -77,8 +94,8 @@ public abstract class CryptoOperationFragment extends Fragment {
         if (message.arg1 == ServiceProgressHandler.MessageStatus.OKAY.ordinal()) {
             Bundle data = message.getData();
 
-            OperationResult result = data.getParcelable(CertifyResult.EXTRA_RESULT);
-            if (result == null || ! (result instanceof InputPendingResult)) {
+            OperationResult result = data.getParcelable(OperationResult.EXTRA_RESULT);
+            if (result == null || !(result instanceof InputPendingResult)) {
                 return false;
             }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index fb9a86b07..5af353524 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -80,7 +80,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
     private IMode mModeInterface;
 
-    private boolean mSymmetricMode = true;
+    private boolean mSymmetricMode = false;
     private boolean mUseArmor = false;
     private boolean mUseCompression = true;
     private boolean mDeleteAfterEncrypt = false;
@@ -188,7 +188,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         if (mInputUris.contains(inputUri)) {
             Notify.create(getActivity(),
                     getActivity().getString(R.string.error_file_added_already, FileHelper.getFilename(getActivity(), inputUri)),
-                    Notify.Style.ERROR).show(this);
+                    Notify.Style.ERROR).show();
             return;
         }
 
@@ -222,7 +222,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
     private void encryptClicked(boolean share) {
         if (mInputUris.isEmpty()) {
-            Notify.create(getActivity(), R.string.error_no_file_selected, Notify.Style.ERROR).show(this);
+            Notify.create(getActivity(), R.string.error_no_file_selected, Notify.Style.ERROR).show();
             return;
         }
         if (share) {
@@ -238,7 +238,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             startEncrypt(true);
         } else {
             if (mInputUris.size() > 1) {
-                Notify.create(getActivity(), R.string.error_multi_not_supported, Notify.Style.ERROR).show(this);
+                Notify.create(getActivity(), R.string.error_multi_not_supported, Notify.Style.ERROR).show();
                 return;
             }
             showOutputFileDialog();
@@ -260,7 +260,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     @Override
     public void onCreateOptionsMenu(Menu menu, MenuInflater inflater) {
         super.onCreateOptionsMenu(menu, inflater);
-        inflater.inflate(R.menu.encrypt_file_activity, menu);
+        inflater.inflate(R.menu.encrypt_file_fragment, menu);
     }
 
     @Override
@@ -319,12 +319,14 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
         if (mInputUris.isEmpty()) {
             Notify.create(getActivity(), R.string.no_file_selected, Notify.Style.ERROR)
-                    .show(this);
+                    .show();
             return false;
         } else if (mInputUris.size() > 1 && !mShareAfterEncrypt) {
+            Log.e(Constants.TAG, "Aborting: mInputUris.size() > 1 && !mShareAfterEncrypt");
             // This should be impossible...
             return false;
         } else if (mInputUris.size() != mOutputUris.size()) {
+            Log.e(Constants.TAG, "Aborting: mInputUris.size() != mOutputUris.size()");
             // This as well
             return false;
         }
@@ -334,12 +336,12 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
             if (mPassphrase == null) {
                 Notify.create(getActivity(), R.string.passphrases_do_not_match, Notify.Style.ERROR)
-                        .show(this);
+                        .show();
                 return false;
             }
             if (mPassphrase.isEmpty()) {
                 Notify.create(getActivity(), R.string.passphrase_must_not_be_empty, Notify.Style.ERROR)
-                        .show(this);
+                        .show();
                 return false;
             }
 
@@ -352,7 +354,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             // Files must be encrypted, only text can be signed-only right now
             if (!gotEncryptionKeys) {
                 Notify.create(getActivity(), R.string.select_encryption_key, Notify.Style.ERROR)
-                        .show(this);
+                        .show();
                 return false;
             }
         }
@@ -361,7 +363,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
     public void startEncrypt(boolean share) {
         mShareAfterEncrypt = share;
-        startEncrypt();
+        cryptoOperation(new CryptoInputParcel());
     }
 
     public void onEncryptSuccess(final SignEncryptResult result) {
@@ -470,18 +472,15 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         return sendIntent;
     }
 
-    public void startEncrypt() {
-        cryptoOperation(new CryptoInputParcel());
-    }
-
-    //    public void startEncrypt(CryptoInputParcel cryptoInput) {
     @Override
     protected void cryptoOperation(CryptoInputParcel cryptoInput) {
 
         if (!inputIsValid()) {
             // Notify was created by inputIsValid.
+            Log.d(Constants.TAG, "Input not valid!");
             return;
         }
+        Log.d(Constants.TAG, "Input valid!");
 
         // Send all information needed to service to edit key in other thread
         Intent intent = new Intent(getActivity(), KeychainIntentService.class);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
index c71edcd22..3303b2c65 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
@@ -64,7 +64,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
 
     private IMode mModeInterface;
 
-    private boolean mSymmetricMode = true;
+    private boolean mSymmetricMode = false;
     private boolean mShareAfterEncrypt = false;
     private boolean mUseCompression = true;
     private boolean mHiddenRecipients = false;
@@ -159,7 +159,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
     @Override
     public void onCreateOptionsMenu(Menu menu, MenuInflater inflater) {
         super.onCreateOptionsMenu(menu, inflater);
-        inflater.inflate(R.menu.encrypt_text_activity, menu);
+        inflater.inflate(R.menu.encrypt_text_fragment, menu);
     }
 
     @Override
@@ -289,7 +289,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
     protected boolean inputIsValid() {
         if (mMessage == null) {
             Notify.create(getActivity(), R.string.error_message, Notify.Style.ERROR)
-                    .show(this);
+                    .show();
             return false;
         }
 
@@ -298,12 +298,12 @@ public class EncryptTextFragment extends CryptoOperationFragment {
 
             if (mPassphrase == null) {
                 Notify.create(getActivity(), R.string.passphrases_do_not_match, Notify.Style.ERROR)
-                        .show(this);
+                        .show();
                 return false;
             }
             if (mPassphrase.isEmpty()) {
                 Notify.create(getActivity(), R.string.passphrase_must_not_be_empty, Notify.Style.ERROR)
-                        .show(this);
+                        .show();
                 return false;
             }
 
@@ -315,7 +315,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
 
             if (!gotEncryptionKeys && mSigningKeyId == 0) {
                 Notify.create(getActivity(), R.string.select_encryption_or_signature_key, Notify.Style.ERROR)
-                        .show(this);
+                        .show();
                 return false;
             }
         }
@@ -348,7 +348,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
             input.setCryptoInput(cryptoInput);
         }
 
-        Bundle data = new Bundle();
+        final Bundle data = new Bundle();
         data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
@@ -362,10 +362,11 @@ public class EncryptTextFragment extends CryptoOperationFragment {
                 // handle messages by standard KeychainIntentServiceHandler first
                 super.handleMessage(message);
 
-                // handle pending messages
-                if (handlePendingMessage(message)) {
-                    return;
-                }
+                // TODO: We need a InputPendingResult!
+//                // handle pending messages
+//                if (handlePendingMessage(message)) {
+//                    return;
+//                }
 
                 if (message.arg1 == MessageStatus.OKAY.ordinal()) {
                     SignEncryptResult result =
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java
index e4e4e4d05..2b47fd623 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java
@@ -191,9 +191,6 @@ public class NfcHelper {
         mNfcAdapter.invokeBeam(mActivity);
     }
 
-    /**
-     * A static subclass of {@link Handler} with a {@link WeakReference} to an {@link Activity} to avoid memory leaks.
-     */
     private static class NfcHandler extends Handler {
         private final WeakReference<Activity> mActivityReference;
 
@@ -203,12 +200,10 @@ public class NfcHelper {
 
         @Override
         public void handleMessage(Message msg) {
-            Activity activity = mActivityReference.get();
-
-            if (activity != null) {
+            if (mActivityReference.get() != null) {
                 switch (msg.what) {
                     case NFC_SENT:
-                        Notify.create(activity, R.string.nfc_successful, Notify.Style.OK).show();
+                        Notify.create(mActivityReference.get(), R.string.nfc_successful, Notify.Style.OK).show();
                         break;
                 }
             }
diff --git a/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml b/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
index a5082010e..64ce50b74 100644
--- a/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
+++ b/OpenKeychain/src/main/res/layout/encrypt_text_activity.xml
@@ -25,8 +25,7 @@
         <FrameLayout
             android:id="@+id/encrypt_mode_container"
             android:layout_width="match_parent"
-            android:layout_height="wrap_content"
-            android:orientation="vertical" />
+            android:layout_height="wrap_content" />
 
         <FrameLayout
             android:id="@+id/encrypt_text_container"
diff --git a/OpenKeychain/src/main/res/menu/encrypt_file_activity.xml b/OpenKeychain/src/main/res/menu/encrypt_file_fragment.xml
similarity index 100%
rename from OpenKeychain/src/main/res/menu/encrypt_file_activity.xml
rename to OpenKeychain/src/main/res/menu/encrypt_file_fragment.xml
diff --git a/OpenKeychain/src/main/res/menu/encrypt_text_activity.xml b/OpenKeychain/src/main/res/menu/encrypt_text_fragment.xml
similarity index 100%
rename from OpenKeychain/src/main/res/menu/encrypt_text_activity.xml
rename to OpenKeychain/src/main/res/menu/encrypt_text_fragment.xml

From 726ff0b501644e0cef6d5d4a086e73c258b2361c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 29 Mar 2015 21:00:36 +0200
Subject: [PATCH 32/80] Fix strings with email address

---
 OpenKeychain/src/main/res/values/strings.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 274504315..78940aa9e 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -262,7 +262,7 @@
     <string name="error_external_storage_not_ready">"external storage not ready"</string>
     <string name="error_key_size_minimum512bit">"key size must be at least 512bit"</string>
     <string name="error_unknown_algorithm_choice">"unknown algorithm choice"</string>
-    <string name="error_user_id_no_email">"no email found"</string>
+    <string name="error_user_id_no_email">"no email address found"</string>
     <string name="error_key_needs_a_user_id">"need at least one identity"</string>
     <string name="error_no_signature_passphrase">"no passphrase given"</string>
     <string name="error_no_signature_key">"no signature key given"</string>
@@ -630,7 +630,7 @@
     <string name="create_key_edit">"Change key configuration"</string>
     <string name="create_key_add_email">"Add email address"</string>
     <string name="create_key_add_email_text">"Additional email addresses are also associated to this key and can be used for secure communication."</string>
-    <string name="create_key_email_already_exists_text">"Email has already been added"</string>
+    <string name="create_key_email_already_exists_text">"Email address has already been added"</string>
 
     <!-- View key -->
     <string name="view_key_revoked">"Revoked: Key must not be used anymore!"</string>

From 2050be3995bde67541ceb78050b3c9143907444f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 30 Mar 2015 16:08:25 +0200
Subject: [PATCH 33/80] Add TokenAutoComplete and StickyListHeaders as maven
 dependencies instead of git submodules

---
 .gitmodules               | 8 --------
 OpenKeychain/build.gradle | 8 ++++----
 extern/StickyListHeaders  | 1 -
 extern/TokenAutoComplete  | 1 -
 4 files changed, 4 insertions(+), 14 deletions(-)
 delete mode 160000 extern/StickyListHeaders
 delete mode 160000 extern/TokenAutoComplete

diff --git a/.gitmodules b/.gitmodules
index e946dca3c..09cf5e785 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,7 +1,3 @@
-[submodule "extern/StickyListHeaders"]
-	path = extern/StickyListHeaders
-	url = https://github.com/open-keychain/StickyListHeaders.git
-	ignore = dirty
 [submodule "extern/spongycastle"]
 	path = extern/spongycastle
 	url = https://github.com/open-keychain/spongycastle.git
@@ -26,10 +22,6 @@
 	path = extern/minidns
 	url = https://github.com/open-keychain/minidns.git
 	ignore = dirty
-[submodule "extern/TokenAutoComplete"]
-	path = extern/TokenAutoComplete
-	url = https://github.com/open-keychain/TokenAutoComplete
-        ignore = dirty
 [submodule "extern/safeslinger-exchange"]
 	path = extern/safeslinger-exchange
 	url = https://github.com/open-keychain/exchange-android
diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle
index 7f92d3811..bfbc19893 100644
--- a/OpenKeychain/build.gradle
+++ b/OpenKeychain/build.gradle
@@ -20,19 +20,19 @@ dependencies {
     compile 'it.neokree:MaterialNavigationDrawer:1.3.2'
     compile 'com.getbase:floatingactionbutton:1.9.0'
     compile 'org.commonjava.googlecode.markdown4j:markdown4j:2.2-cj-1.0'
+    compile "com.splitwise:tokenautocomplete:1.3.3@aar"
+    compile 'se.emilsjolander:stickylistheaders:2.5.2'
 
     // libs as submodules
     compile project(':extern:openpgp-api-lib')
     compile project(':extern:openkeychain-api-lib')
     compile project(':extern:html-textview')
-    compile project(':extern:StickyListHeaders:library')
     compile project(':extern:spongycastle:core')
     compile project(':extern:spongycastle:pg')
     compile project(':extern:spongycastle:pkix')
     compile project(':extern:spongycastle:prov')
     compile project(':extern:minidns')
     compile project(':extern:KeybaseLib:Lib')
-    compile project(':extern:TokenAutoComplete:library')
     compile project(':extern:safeslinger-exchange')
     compile project(':extern:snackbar:lib')
 }
@@ -53,17 +53,17 @@ dependencyVerification {
             'it.neokree:MaterialNavigationDrawer:a1221a410c5f71bf078c5c4768fdf06b402d6006c74f8e7b61199e4edc2aea57',
             'com.getbase:floatingactionbutton:052aa2a94e49e5dccc97cb99f2add87e8698b84859f0e3ac181100c0bc7640ca',
             'org.commonjava.googlecode.markdown4j:markdown4j:e952e825d29e1317d96f79f346bfb6786c7c5eef50bd26e54a80823704b62e13',
+            'com.splitwise:tokenautocomplete:20bee71cc59b3828eb000b684d46ddf738efd56b8fee453a509cd16fda42c8cb',
+            'se.emilsjolander:stickylistheaders:bc158f51be842a5f92c6e2adc5782f6329b69796d76ebb8f39c77f611cdef573',
 //            'OpenKeychain.extern:openpgp-api-lib:f05a9215cdad3a6597e4c5ece6fcec92b178d218195a3e88d2c0937c48dd9580',
 //            'OpenKeychain.extern:openkeychain-api-lib:50f6ebb5452d3fdc7be137ccf857a0ff44d55539fcb7b91baef495766ed7f429',
 //            'OpenKeychain.extern:html-textview:536822e8fdcd3e4628d0a1cd6c252285ba5f8e5bfb20d71ff80fdbdb6cc8be8c',
-//            'OpenKeychain.extern.StickyListHeaders:library:d9937cf9d9992863e32cee1f18ffec12df7b97dd83939bb75ee6cf747c54bed1',
 //            'com.madgag.spongycastle:core:df8fcc028a95ac5ffab3b78c9163f5cfa672e41cd50128ca55d458b6cfbacf4b',
 //            'com.madgag.spongycastle:pg:160b345b10a2c92dc731453eec87037377f66a8e14a0648d404d7b193c4e380d',
 //            'com.madgag.spongycastle:pkix:0b4f3301ea12dd9f25d71770e6ea9f75e0611bf53062543e47be5bc15340a7e4',
 //            'com.madgag.spongycastle:prov:7325942e0b39f5fb35d6380818eed4b826e7dfc7570ad35b696d778049d8c36a',
 //            'OpenKeychain.extern:minidns:77b1786d29469e3b21f9404827cab811edc857cd68bc732cd57f11307c332eae',
 //            'OpenKeychain.extern.KeybaseLib:Lib:c91cda4a75692d8664644cd17d8ac962ce5bc0e266ea26673a639805f1eccbdf',
-//            'OpenKeychain.extern.TokenAutoComplete:library:9333f1c269996812baa18c0494e42f931309ab00a3cdb65a6e4d70f82d4c7107',
 //            'OpenKeychain.extern:safeslinger-exchange:d222721bb35408daaab9f46449364b2657112705ee571d7532f81cbeb9c4a73f',
 //            'OpenKeychain.extern.snackbar:lib:52357426e5275412e2063bdf6f0e6b957a3ea74da45e0aef35d22d9afc542e23',
             'com.android.support:support-annotations:ab6b131ab0e1edd165d21fb4c3edadeacbee9539aa166f7f7cbae05b60dc207a',
diff --git a/extern/StickyListHeaders b/extern/StickyListHeaders
deleted file mode 160000
index 70a2ed806..000000000
--- a/extern/StickyListHeaders
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 70a2ed80632938540bf07b81270384f4e5a96f9e
diff --git a/extern/TokenAutoComplete b/extern/TokenAutoComplete
deleted file mode 160000
index 1d6d3882e..000000000
--- a/extern/TokenAutoComplete
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 1d6d3882e711c14c93abf73cbcbd28b9e0e2b498

From d7b79e55fba170a0fe691f00dbc943d8ecfff33e Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Mon, 30 Mar 2015 16:40:41 +0200
Subject: [PATCH 34/80] pass CryptoInputParcel independently for
 SignEncryptOperation

---
 .../operations/SignEncryptOperation.java      |  5 +--
 .../results/PgpSignEncryptResult.java         |  2 --
 .../pgp/PgpSignEncryptInputParcel.java        | 30 -----------------
 .../keychain/pgp/PgpSignEncryptOperation.java | 33 ++++++-------------
 .../keychain/pgp/SignEncryptParcel.java       |  3 --
 .../keychain/remote/OpenPgpService.java       | 20 +++++------
 .../service/KeychainIntentService.java        |  9 +++--
 .../keychain/ui/EncryptActivity.java          |  8 ++---
 .../keychain/ui/EncryptFilesFragment.java     | 10 +++---
 .../keychain/ui/EncryptTextFragment.java      |  5 +--
 10 files changed, 35 insertions(+), 90 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
index b5552a40d..db44546b6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
@@ -28,6 +28,7 @@ import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
 import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.util.FileHelper;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
@@ -55,7 +56,7 @@ public class SignEncryptOperation extends BaseOperation {
         super(context, providerHelper, progressable, cancelled);
     }
 
-    public SignEncryptResult execute(SignEncryptParcel input) {
+    public SignEncryptResult execute(SignEncryptParcel input, CryptoInputParcel cryptoInput) {
 
         OperationLog log = new OperationLog();
         log.add(LogType.MSG_SE, 0);
@@ -123,7 +124,7 @@ public class SignEncryptOperation extends BaseOperation {
 
             PgpSignEncryptOperation op = new PgpSignEncryptOperation(mContext, mProviderHelper,
                     new ProgressScaler(mProgressable, 100 * count / total, 100 * ++count / total, 100), mCancelled);
-            PgpSignEncryptResult result = op.execute(input, inputData, outStream);
+            PgpSignEncryptResult result = op.execute(input, cryptoInput, inputData, outStream);
             results.add(result);
             log.add(result, 2);
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
index bda9893dd..b6259e2d1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
@@ -21,8 +21,6 @@ import android.os.Parcel;
 
 import org.sufficientlysecure.keychain.util.Passphrase;
 
-import java.util.Date;
-
 public class PgpSignEncryptResult extends OperationResult {
 
     // the fourth bit indicates a "data pending" result! (it's also a form of non-success)
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
index d5f3cf964..fd3c4910c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
@@ -42,14 +42,12 @@ public class PgpSignEncryptInputParcel implements Parcelable {
     protected long mSignatureMasterKeyId = Constants.key.none;
     protected Long mSignatureSubKeyId = null;
     protected int mSignatureHashAlgorithm = PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED;
-    protected Passphrase mSignaturePassphrase = null;
     protected long mAdditionalEncryptId = Constants.key.none;
     protected boolean mFailOnMissingEncryptionKeyIds = false;
     protected String mCharset;
     protected boolean mCleartextSignature;
     protected boolean mDetachedSignature = false;
     protected boolean mHiddenRecipients = false;
-    protected CryptoInputParcel mCryptoInput = new CryptoInputParcel();
 
     public PgpSignEncryptInputParcel() {
 
@@ -69,15 +67,12 @@ public class PgpSignEncryptInputParcel implements Parcelable {
         mSignatureMasterKeyId = source.readLong();
         mSignatureSubKeyId = source.readInt() == 1 ? source.readLong() : null;
         mSignatureHashAlgorithm = source.readInt();
-        mSignaturePassphrase = source.readParcelable(loader);
         mAdditionalEncryptId = source.readLong();
         mFailOnMissingEncryptionKeyIds = source.readInt() == 1;
         mCharset = source.readString();
         mCleartextSignature = source.readInt() == 1;
         mDetachedSignature = source.readInt() == 1;
         mHiddenRecipients = source.readInt() == 1;
-
-        mCryptoInput = source.readParcelable(loader);
     }
 
     @Override
@@ -101,15 +96,12 @@ public class PgpSignEncryptInputParcel implements Parcelable {
             dest.writeInt(0);
         }
         dest.writeInt(mSignatureHashAlgorithm);
-        dest.writeParcelable(mSignaturePassphrase, 0);
         dest.writeLong(mAdditionalEncryptId);
         dest.writeInt(mFailOnMissingEncryptionKeyIds ? 1 : 0);
         dest.writeString(mCharset);
         dest.writeInt(mCleartextSignature ? 1 : 0);
         dest.writeInt(mDetachedSignature ? 1 : 0);
         dest.writeInt(mHiddenRecipients ? 1 : 0);
-
-        dest.writeParcelable(mCryptoInput, 0);
     }
 
     public String getCharset() {
@@ -133,15 +125,6 @@ public class PgpSignEncryptInputParcel implements Parcelable {
         return this;
     }
 
-    public Passphrase getSignaturePassphrase() {
-        return mSignaturePassphrase;
-    }
-
-    public PgpSignEncryptInputParcel  setSignaturePassphrase(Passphrase signaturePassphrase) {
-        mSignaturePassphrase = signaturePassphrase;
-        return this;
-    }
-
     public int getSignatureHashAlgorithm() {
         return mSignatureHashAlgorithm;
     }
@@ -255,19 +238,6 @@ public class PgpSignEncryptInputParcel implements Parcelable {
         return mHiddenRecipients;
     }
 
-    public PgpSignEncryptInputParcel setCryptoInput(CryptoInputParcel cryptoInput) {
-        mCryptoInput = cryptoInput;
-        return this;
-    }
-
-    public Map<ByteBuffer, byte[]> getCryptoData() {
-        return mCryptoInput.getCryptoData();
-    }
-
-    public Date getSignatureTime() {
-        return mCryptoInput.getSignatureTime();
-    }
-
     public static final Creator<PgpSignEncryptInputParcel> CREATOR = new Creator<PgpSignEncryptInputParcel>() {
         public PgpSignEncryptInputParcel createFromParcel(final Parcel source) {
             return new PgpSignEncryptInputParcel(source);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index ef19e3fa1..f22b56ea6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -44,6 +44,7 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
@@ -99,7 +100,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
     /**
      * Signs and/or encrypts data based on parameters of class
      */
-    public PgpSignEncryptResult execute(PgpSignEncryptInputParcel input,
+    public PgpSignEncryptResult execute(PgpSignEncryptInputParcel input, CryptoInputParcel cryptoInput,
                                      InputData inputData, OutputStream outputStream) {
 
         int indent = 0;
@@ -173,31 +174,17 @@ public class PgpSignEncryptOperation extends BaseOperation {
             }
 
             // if no passphrase was explicitly set try to get it from the cache service
-            if (input.getSignaturePassphrase() == null) {
-                try {
-                    // returns "" if key has no passphrase
-                    input.setSignaturePassphrase(getCachedPassphrase(signingKey.getKeyId()));
-                    // TODO
-//                    log.add(LogType.MSG_DC_PASS_CACHED, indent + 1);
-                } catch (PassphraseCacheInterface.NoSecretKeyException e) {
-                    // TODO
-//                    log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1);
-                    return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
-                }
-
-                // if passphrase was not cached, return here indicating that a passphrase is missing!
-                if (input.getSignaturePassphrase() == null) {
-                    log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
-                    PgpSignEncryptResult result = new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE, log);
-                    result.setKeyIdPassphraseNeeded(signingKey.getKeyId());
-                    return result;
-                }
+            if (cryptoInput.getPassphrase() == null) {
+                log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
+                PgpSignEncryptResult result = new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE, log);
+                result.setKeyIdPassphraseNeeded(signingKey.getKeyId());
+                return result;
             }
 
             updateProgress(R.string.progress_extracting_signature_key, 0, 100);
 
             try {
-                if (!signingKey.unlock(input.getSignaturePassphrase())) {
+                if (!signingKey.unlock(cryptoInput.getPassphrase())) {
                     log.add(LogType.MSG_PSE_ERROR_BAD_PASSPHRASE, indent);
                     return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
                 }
@@ -283,7 +270,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
                 boolean cleartext = input.isCleartextSignature() && input.isEnableAsciiArmorOutput() && !enableEncryption;
                 signatureGenerator = signingKey.getDataSignatureGenerator(
                         input.getSignatureHashAlgorithm(), cleartext,
-                        input.getCryptoData(), input.getSignatureTime());
+                        cryptoInput.getCryptoData(), cryptoInput.getSignatureTime());
             } catch (PgpGeneralException e) {
                 log.add(LogType.MSG_PSE_ERROR_NFC, indent);
                 return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
@@ -497,7 +484,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
                     // Note that the checked key here is the master key, not the signing key
                     // (although these are always the same on Yubikeys)
                     result.setNfcData(signingKey.getKeyId(), e.hashToSign, e.hashAlgo,
-                            input.getSignaturePassphrase());
+                            cryptoInput.getPassphrase());
                     Log.d(Constants.TAG, "e.hashToSign" + Hex.toHexString(e.hashToSign));
                     return result;
                 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java
index b178e9515..464de37f5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SignEncryptParcel.java
@@ -21,12 +21,9 @@ package org.sufficientlysecure.keychain.pgp;
 import android.net.Uri;
 import android.os.Parcel;
 
-import org.sufficientlysecure.keychain.util.Passphrase;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.Date;
 import java.util.List;
 
 /** This parcel stores the input of one or more PgpSignEncrypt operations.
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 204af1b67..3575c3c18 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -284,23 +284,21 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength);
 
-            CryptoInputParcel cryptoInput = new CryptoInputParcel(nfcCreationDate);
+            CryptoInputParcel cryptoInput = new CryptoInputParcel(nfcCreationDate, passphrase);
             cryptoInput.addCryptoData(null, nfcSignedHash); // TODO fix
 
             // sign-only
             PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
-                    .setSignaturePassphrase(passphrase)
                     .setEnableAsciiArmorOutput(asciiArmor)
                     .setCleartextSignature(cleartextSign)
                     .setDetachedSignature(!cleartextSign)
                     .setVersionHeader(null)
                     .setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
-                    .setSignatureMasterKeyId(signKeyId)
-                    .setCryptoInput(cryptoInput);
+                    .setSignatureMasterKeyId(signKeyId);
 
             // execute PGP operation!
             PgpSignEncryptOperation pse = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
-            PgpSignEncryptResult pgpResult = pse.execute(pseInput, inputData, os);
+            PgpSignEncryptResult pgpResult = pse.execute(pseInput, cryptoInput, inputData, os);
 
             if (pgpResult.isPending()) {
                 if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
@@ -407,9 +405,10 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength, originalFilename);
 
+            CryptoInputParcel cryptoInput;
+
             PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel();
-            pseInput.setSignaturePassphrase(passphrase)
-                    .setEnableAsciiArmorOutput(asciiArmor)
+            pseInput.setEnableAsciiArmorOutput(asciiArmor)
                     .setVersionHeader(null)
                     .setCompressionId(compressionId)
                     .setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED)
@@ -439,20 +438,21 @@ public class OpenPgpService extends RemoteService {
                     nfcCreationDate = new Date();
                 }
 
-                CryptoInputParcel cryptoInput = new CryptoInputParcel(nfcCreationDate);
+                cryptoInput = new CryptoInputParcel(nfcCreationDate, passphrase);
                 cryptoInput.addCryptoData(null, nfcSignedHash); // TODO fix!
 
                 // sign and encrypt
                 pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
                         .setSignatureMasterKeyId(signKeyId)
-                        .setCryptoInput(cryptoInput)
                         .setAdditionalEncryptId(signKeyId); // add sign key for encryption
+            } else {
+                cryptoInput = new CryptoInputParcel();
             }
 
             PgpSignEncryptOperation op = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
 
             // execute PGP operation!
-            PgpSignEncryptResult pgpResult = op.execute(pseInput, inputData, os);
+            PgpSignEncryptResult pgpResult = op.execute(pseInput, cryptoInput, inputData, os);
 
             if (pgpResult.isPending()) {
                 if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index 1a94d70b7..c7d9d5e38 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -46,7 +46,6 @@ import org.sufficientlysecure.keychain.operations.results.CertifyResult;
 import org.sufficientlysecure.keychain.operations.results.ConsolidateResult;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.DeleteResult;
-import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
 import org.sufficientlysecure.keychain.operations.results.ExportResult;
 import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
@@ -284,14 +283,13 @@ public class KeychainIntentService extends IntentService implements Progressable
             case ACTION_DECRYPT_METADATA: {
 
                 try {
-                /* Input */
+                    /* Input */
                     Passphrase passphrase = data.getParcelable(DECRYPT_PASSPHRASE);
                     byte[] nfcDecryptedSessionKey = data.getByteArray(DECRYPT_NFC_DECRYPTED_SESSION_KEY);
 
                     InputData inputData = createDecryptInputData(data);
 
-                /* Operation */
-
+                    /* Operation */
                     Bundle resultData = new Bundle();
 
                     // verifyText and decrypt returning additional resultData values for the
@@ -549,11 +547,12 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 // Input
                 SignEncryptParcel inputParcel = data.getParcelable(SIGN_ENCRYPT_PARCEL);
+                CryptoInputParcel cryptoInput = data.getParcelable(EXTRA_CRYPTO_INPUT);
 
                 // Operation
                 SignEncryptOperation op = new SignEncryptOperation(
                         this, new ProviderHelper(this), this, mActionCanceled);
-                SignEncryptResult result = op.execute(inputParcel);
+                SignEncryptResult result = op.execute(inputParcel, cryptoInput);
 
                 // Result
                 sendMessageToHandler(MessageStatus.OKAY, result);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
index a1edf808c..bd52d74cf 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
@@ -106,7 +106,7 @@ public abstract class EncryptActivity extends BaseActivity {
         startEncrypt(null);
     }
 
-    public void startEncrypt(CryptoInputParcel cryptoInput) {
+    public void startEncrypt(final CryptoInputParcel cryptoInput) {
         if (!inputIsValid()) {
             // Notify was created by inputIsValid.
             return;
@@ -117,12 +117,10 @@ public abstract class EncryptActivity extends BaseActivity {
         intent.setAction(KeychainIntentService.ACTION_SIGN_ENCRYPT);
 
         final SignEncryptParcel input = createEncryptBundle();
-        if (cryptoInput != null) {
-            input.setCryptoInput(cryptoInput);
-        }
 
         Bundle data = new Bundle();
         data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
         // Message is received after encrypting is done in KeychainIntentService
@@ -151,7 +149,7 @@ public abstract class EncryptActivity extends BaseActivity {
                             RequiredInputParcel parcel = RequiredInputParcel.createNfcSignOperation(
                                     pgpResult.getNfcHash(),
                                     pgpResult.getNfcAlgo(),
-                                    input.getSignatureTime());
+                                    cryptoInput.getSignatureTime());
                             startNfcSign(pgpResult.getNfcKeyId(), parcel);
 
                         } else {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 5af353524..7e4c48e10 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -93,8 +93,8 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     private long mSigningKeyId = Constants.key.none;
     private Passphrase mPassphrase = new Passphrase();
 
-    private ArrayList<Uri> mInputUris = new ArrayList<Uri>();
-    private ArrayList<Uri> mOutputUris = new ArrayList<Uri>();
+    private ArrayList<Uri> mInputUris = new ArrayList<>();
+    private ArrayList<Uri> mOutputUris = new ArrayList<>();
 
     private ListView mSelectedFiles;
     private SelectedFilesAdapter mAdapter = new SelectedFilesAdapter();
@@ -136,7 +136,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         try {
             mModeInterface = (IMode) activity;
         } catch (ClassCastException e) {
-            throw new ClassCastException(activity.toString() + " must be IMode");
+            throw new ClassCastException(activity + " must be IMode");
         }
     }
 
@@ -487,12 +487,10 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         intent.setAction(KeychainIntentService.ACTION_SIGN_ENCRYPT);
 
         final SignEncryptParcel input = createEncryptBundle();
-        if (cryptoInput != null) {
-            input.setCryptoInput(cryptoInput);
-        }
 
         Bundle data = new Bundle();
         data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
         // Message is received after encrypting is done in KeychainIntentService
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
index 3303b2c65..7197cf88d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
@@ -344,12 +344,9 @@ public class EncryptTextFragment extends CryptoOperationFragment {
         intent.setAction(KeychainIntentService.ACTION_SIGN_ENCRYPT);
 
         final SignEncryptParcel input = createEncryptBundle();
-        if (cryptoInput != null) {
-            input.setCryptoInput(cryptoInput);
-        }
-
         final Bundle data = new Bundle();
         data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
         // Message is received after encrypting is done in KeychainIntentService

From a3276a448528cee3ed392bf01e36835bbe8246ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 30 Mar 2015 20:41:29 +0200
Subject: [PATCH 35/80] Use RecyclerView in EncryptFilesFragment

---
 .../keychain/ui/CreateKeyEmailFragment.java   |  25 +-
 .../keychain/ui/EncryptFilesFragment.java     | 319 ++++++++++++------
 .../ui/EncryptModeAsymmetricFragment.java     |   2 +-
 .../ui/adapter/SpacesItemDecoration.java      |  93 +++++
 .../ui/dialog/DeleteFileDialogFragment.java   |  21 +-
 .../res/layout/encrypt_files_fragment.xml     |   7 +-
 .../src/main/res/layout/file_list_entry.xml   |  90 +++--
 .../main/res/layout/file_list_entry_add.xml   |  25 +-
 8 files changed, 394 insertions(+), 188 deletions(-)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/SpacesItemDecoration.java

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyEmailFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyEmailFragment.java
index 7e2e1c31c..85e2f8e9d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyEmailFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyEmailFragment.java
@@ -126,7 +126,7 @@ public class CreateKeyEmailFragment extends Fragment {
         if (mAdditionalEmailModels == null) {
             mAdditionalEmailModels = new ArrayList<>();
             if (mCreateKeyActivity.mAdditionalEmails != null) {
-                setAdditionalEmails(mCreateKeyActivity.mAdditionalEmails);
+                mEmailAdapter.addAll(mCreateKeyActivity.mAdditionalEmails);
             }
         }
 
@@ -209,12 +209,6 @@ public class CreateKeyEmailFragment extends Fragment {
         return emails;
     }
 
-    private void setAdditionalEmails(ArrayList<String> emails) {
-        for (String email : emails) {
-            mAdditionalEmailModels.add(new EmailAdapter.ViewModel(email));
-        }
-    }
-
     @Override
     public void onSaveInstanceState(Bundle outState) {
         super.onSaveInstanceState(outState);
@@ -244,8 +238,7 @@ public class CreateKeyEmailFragment extends Fragment {
         // Provide a reference to the views for each data item
         // Complex data items may need more than one view per item, and
         // you provide access to all the views for a data item in a view holder
-        public static class ViewHolder extends RecyclerView.ViewHolder {
-            // each data item is just a string in this case
+        class ViewHolder extends RecyclerView.ViewHolder {
             public TextView mTextView;
             public ImageButton mDeleteButton;
 
@@ -289,7 +282,10 @@ public class CreateKeyEmailFragment extends Fragment {
         // Replace the contents of a view (invoked by the layout manager)
         @Override
         public void onBindViewHolder(RecyclerView.ViewHolder holder, final int position) {
-            if (holder instanceof ViewHolder) {
+            if (holder instanceof FooterHolder) {
+                FooterHolder thisHolder = (FooterHolder) holder;
+                thisHolder.mAddButton.setOnClickListener(mFooterOnClickListener);
+            } else if (holder instanceof ViewHolder) {
                 ViewHolder thisHolder = (ViewHolder) holder;
                 // - get element from your dataset at this position
                 // - replace the contents of the view with that element
@@ -302,9 +298,6 @@ public class CreateKeyEmailFragment extends Fragment {
                         remove(model);
                     }
                 });
-            } else if (holder instanceof FooterHolder) {
-                FooterHolder thisHolder = (FooterHolder) holder;
-                thisHolder.mAddButton.setOnClickListener(mFooterOnClickListener);
             }
         }
 
@@ -332,6 +325,12 @@ public class CreateKeyEmailFragment extends Fragment {
             notifyItemInserted(mDataset.size() - 1);
         }
 
+        private void addAll(ArrayList<String> emails) {
+            for (String email : emails) {
+                mDataset.add(new EmailAdapter.ViewModel(email));
+            }
+        }
+
         public void remove(ViewModel model) {
             int position = mDataset.indexOf(model);
             mDataset.remove(position);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 5af353524..dad8704fb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2014-2015 Dominik Schürmann <dominik@dominikschuermann.de>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -17,7 +17,6 @@
 
 package org.sufficientlysecure.keychain.ui;
 
-import android.annotation.TargetApi;
 import android.app.Activity;
 import android.app.ProgressDialog;
 import android.content.Intent;
@@ -28,15 +27,17 @@ import android.os.Build;
 import android.os.Bundle;
 import android.os.Message;
 import android.os.Messenger;
+import android.support.v7.widget.DefaultItemAnimator;
+import android.support.v7.widget.LinearLayoutManager;
+import android.support.v7.widget.RecyclerView;
 import android.view.LayoutInflater;
 import android.view.Menu;
 import android.view.MenuInflater;
 import android.view.MenuItem;
 import android.view.View;
 import android.view.ViewGroup;
-import android.widget.BaseAdapter;
+import android.widget.Button;
 import android.widget.ImageView;
-import android.widget.ListView;
 import android.widget.TextView;
 
 import org.spongycastle.bcpg.CompressionAlgorithmTags;
@@ -50,6 +51,7 @@ import org.sufficientlysecure.keychain.provider.TemporaryStorageProvider;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.ui.adapter.SpacesItemDecoration;
 import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.FormattingUtils;
@@ -61,9 +63,8 @@ import org.sufficientlysecure.keychain.util.ShareHelper;
 
 import java.io.File;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Map;
+import java.util.List;
 import java.util.Set;
 
 public class EncryptFilesFragment extends CryptoOperationFragment {
@@ -93,12 +94,12 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     private long mSigningKeyId = Constants.key.none;
     private Passphrase mPassphrase = new Passphrase();
 
-    private ArrayList<Uri> mInputUris = new ArrayList<Uri>();
-    private ArrayList<Uri> mOutputUris = new ArrayList<Uri>();
+    private ArrayList<Uri> mOutputUris = new ArrayList<>();
 
-    private ListView mSelectedFiles;
-    private SelectedFilesAdapter mAdapter = new SelectedFilesAdapter();
-    private final Map<Uri, Bitmap> thumbnailCache = new HashMap<>();
+    private RecyclerView mSelectedFiles;
+
+    ArrayList<FilesAdapter.ViewModel> mFilesModels;
+    FilesAdapter mFilesAdapter;
 
     /**
      * Creates new instance of this fragment
@@ -146,17 +147,28 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     @Override
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.encrypt_files_fragment, container, false);
+        mSelectedFiles = (RecyclerView) view.findViewById(R.id.selected_files_list);
 
-        View addView = inflater.inflate(R.layout.file_list_entry_add, null);
-        addView.setOnClickListener(new View.OnClickListener() {
+        mSelectedFiles.addItemDecoration(new SpacesItemDecoration(
+                FormattingUtils.dpToPx(getActivity(), 4)));
+        mSelectedFiles.setHasFixedSize(true);
+        mSelectedFiles.setLayoutManager(new LinearLayoutManager(getActivity()));
+        mSelectedFiles.setItemAnimator(new DefaultItemAnimator());
+
+        mFilesModels = new ArrayList<>();
+        mFilesAdapter = new FilesAdapter(getActivity(), mFilesModels, new View.OnClickListener() {
             @Override
             public void onClick(View v) {
                 addInputUri();
             }
         });
-        mSelectedFiles = (ListView) view.findViewById(R.id.selected_files_list);
-        mSelectedFiles.addFooterView(addView);
-        mSelectedFiles.setAdapter(mAdapter);
+
+        ArrayList<Uri> inputUris = getArguments().getParcelableArrayList(ARG_URIS);
+        if (inputUris != null) {
+            mFilesAdapter.addAll(inputUris);
+        }
+        mUseArmor = getArguments().getBoolean(ARG_USE_ASCII_ARMOR);
+        mSelectedFiles.setAdapter(mFilesAdapter);
 
         return view;
     }
@@ -165,17 +177,14 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
         setHasOptionsMenu(true);
-
-        mInputUris = getArguments().getParcelableArrayList(ARG_URIS);
-        mUseArmor = getArguments().getBoolean(ARG_USE_ASCII_ARMOR);
     }
 
     private void addInputUri() {
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
             FileHelper.openDocument(EncryptFilesFragment.this, "*/*", true, REQUEST_CODE_INPUT);
         } else {
-            FileHelper.openFile(EncryptFilesFragment.this, mInputUris.isEmpty() ?
-                            null : mInputUris.get(mInputUris.size() - 1),
+            FileHelper.openFile(EncryptFilesFragment.this, mFilesModels.isEmpty() ?
+                            null : mFilesModels.get(mFilesModels.size() - 1).inputUri,
                     "*/*", REQUEST_CODE_INPUT);
         }
     }
@@ -185,32 +194,27 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             return;
         }
 
-        if (mInputUris.contains(inputUri)) {
+        if (mFilesAdapter.getAsArrayList().contains(inputUri)) {
             Notify.create(getActivity(),
                     getActivity().getString(R.string.error_file_added_already, FileHelper.getFilename(getActivity(), inputUri)),
                     Notify.Style.ERROR).show();
             return;
         }
 
-        mInputUris.add(inputUri);
-        mSelectedFiles.requestFocus();
-    }
-
-    private void delInputUri(int position) {
-        mInputUris.remove(position);
+        mFilesAdapter.add(inputUri);
         mSelectedFiles.requestFocus();
     }
 
     private void showOutputFileDialog() {
-        if (mInputUris.size() > 1 || mInputUris.isEmpty()) {
+        if (mFilesModels.size() > 1 || mFilesModels.isEmpty()) {
             throw new IllegalStateException();
         }
-        Uri inputUri = mInputUris.get(0);
+        FilesAdapter.ViewModel model = mFilesModels.get(0);
         String targetName =
-                (mEncryptFilenames ? "1" : FileHelper.getFilename(getActivity(), inputUri))
+                (mEncryptFilenames ? "1" : FileHelper.getFilename(getActivity(), model.inputUri))
                         + (mUseArmor ? Constants.FILE_EXTENSION_ASC : Constants.FILE_EXTENSION_PGP_MAIN);
         if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
-            File file = new File(inputUri.getPath());
+            File file = new File(model.inputUri.getPath());
             File parentDir = file.exists() ? file.getParentFile() : Constants.Path.APP_DIR;
             File targetFile = new File(parentDir, targetName);
             FileHelper.saveFile(this, getString(R.string.title_encrypt_to_file),
@@ -221,40 +225,48 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     }
 
     private void encryptClicked(boolean share) {
-        if (mInputUris.isEmpty()) {
-            Notify.create(getActivity(), R.string.error_no_file_selected, Notify.Style.ERROR).show();
+        if (mFilesModels.isEmpty()) {
+            Notify.create(getActivity(), R.string.error_no_file_selected,
+                    Notify.Style.ERROR).show();
             return;
         }
         if (share) {
             mOutputUris.clear();
             int filenameCounter = 1;
-            for (Uri uri : mInputUris) {
+            for (FilesAdapter.ViewModel model : mFilesModels) {
                 String targetName =
-                        (mEncryptFilenames ? String.valueOf(filenameCounter) : FileHelper.getFilename(getActivity(), uri))
+                        (mEncryptFilenames ? String.valueOf(filenameCounter) : FileHelper.getFilename(getActivity(), model.inputUri))
                                 + (mUseArmor ? Constants.FILE_EXTENSION_ASC : Constants.FILE_EXTENSION_PGP_MAIN);
                 mOutputUris.add(TemporaryStorageProvider.createFile(getActivity(), targetName));
                 filenameCounter++;
             }
             startEncrypt(true);
         } else {
-            if (mInputUris.size() > 1) {
-                Notify.create(getActivity(), R.string.error_multi_not_supported, Notify.Style.ERROR).show();
+            if (mFilesModels.size() > 1) {
+                Notify.create(getActivity(), R.string.error_multi_not_supported,
+                        Notify.Style.ERROR).show();
                 return;
             }
             showOutputFileDialog();
         }
     }
 
-    @TargetApi(Build.VERSION_CODES.KITKAT)
-    public boolean handleClipData(Intent data) {
-        if (data.getClipData() != null && data.getClipData().getItemCount() > 0) {
-            for (int i = 0; i < data.getClipData().getItemCount(); i++) {
-                Uri uri = data.getClipData().getItemAt(i).getUri();
-                if (uri != null) addInputUri(uri);
+    public void addFile(Intent data) {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
+            addInputUri(data.getData());
+        } else {
+            if (data.getClipData() != null && data.getClipData().getItemCount() > 0) {
+                for (int i = 0; i < data.getClipData().getItemCount(); i++) {
+                    Uri uri = data.getClipData().getItemAt(i).getUri();
+                    if (uri != null) {
+                        addInputUri(uri);
+                    }
+                }
+            } else {
+                // fallback, try old method to get single uri
+                addInputUri(data.getData());
             }
-            return true;
         }
-        return false;
     }
 
     @Override
@@ -284,22 +296,18 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             }
             case R.id.check_use_armor: {
                 mUseArmor = item.isChecked();
-//                notifyUpdate();
                 break;
             }
             case R.id.check_delete_after_encrypt: {
                 mDeleteAfterEncrypt = item.isChecked();
-//                notifyUpdate();
                 break;
             }
             case R.id.check_enable_compression: {
                 mUseCompression = item.isChecked();
-//                onNotifyUpdate();
                 break;
             }
             case R.id.check_encrypt_filenames: {
                 mEncryptFilenames = item.isChecked();
-//                onNotifyUpdate();
                 break;
             }
 //            case R.id.check_hidden_recipients: {
@@ -317,15 +325,15 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
     protected boolean inputIsValid() {
         // file checks
 
-        if (mInputUris.isEmpty()) {
+        if (mFilesModels.isEmpty()) {
             Notify.create(getActivity(), R.string.no_file_selected, Notify.Style.ERROR)
                     .show();
             return false;
-        } else if (mInputUris.size() > 1 && !mShareAfterEncrypt) {
+        } else if (mFilesModels.size() > 1 && !mShareAfterEncrypt) {
             Log.e(Constants.TAG, "Aborting: mInputUris.size() > 1 && !mShareAfterEncrypt");
             // This should be impossible...
             return false;
-        } else if (mInputUris.size() != mOutputUris.size()) {
+        } else if (mFilesModels.size() != mOutputUris.size()) {
             Log.e(Constants.TAG, "Aborting: mInputUris.size() != mOutputUris.size()");
             // This as well
             return false;
@@ -368,8 +376,8 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
     public void onEncryptSuccess(final SignEncryptResult result) {
         if (mDeleteAfterEncrypt) {
-            final Uri[] inputUris = mInputUris.toArray(new Uri[mInputUris.size()]);
-            DeleteFileDialogFragment deleteFileDialog = DeleteFileDialogFragment.newInstance(inputUris);
+            DeleteFileDialogFragment deleteFileDialog =
+                    DeleteFileDialogFragment.newInstance(mFilesAdapter.getAsArrayList());
             deleteFileDialog.setOnDeletedListener(new DeleteFileDialogFragment.OnDeletedListener() {
 
                 @Override
@@ -386,8 +394,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             });
             deleteFileDialog.show(getActivity().getSupportFragmentManager(), "deleteDialog");
 
-            mInputUris.clear();
-            onNotifyUpdate();
+            mFilesModels.clear();
         } else {
             if (mShareAfterEncrypt) {
                 // Share encrypted message/file
@@ -403,7 +410,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         // fill values for this action
         SignEncryptParcel data = new SignEncryptParcel();
 
-        data.addInputUris(mInputUris);
+        data.addInputUris(mFilesAdapter.getAsArrayList());
         data.addOutputUris(mOutputUris);
 
         if (mUseCompression) {
@@ -563,9 +570,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         switch (requestCode) {
             case REQUEST_CODE_INPUT: {
                 if (resultCode == Activity.RESULT_OK && data != null) {
-                    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT || !handleClipData(data)) {
-                        addInputUri(data.getData());
-                    }
+                    addFile(data);
                 }
                 return;
             }
@@ -574,7 +579,6 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
                 if (resultCode == Activity.RESULT_OK && data != null) {
                     mOutputUris.clear();
                     mOutputUris.add(data.getData());
-                    onNotifyUpdate();
                     startEncrypt(false);
                 }
                 return;
@@ -588,66 +592,167 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         }
     }
 
-    public void onNotifyUpdate() {
-        // Clear cache if needed
-        for (Uri uri : new HashSet<>(thumbnailCache.keySet())) {
-            if (!mInputUris.contains(uri)) {
-                thumbnailCache.remove(uri);
+    public static class FilesAdapter extends RecyclerView.Adapter<RecyclerView.ViewHolder> {
+        private Activity mActivity;
+        private List<ViewModel> mDataset;
+        private View.OnClickListener mFooterOnClickListener;
+        private static final int TYPE_FOOTER = 0;
+        private static final int TYPE_ITEM = 1;
+
+        public static class ViewModel {
+            Uri inputUri;
+            Bitmap thumbnail;
+            String filename;
+            long fileSize;
+
+            ViewModel(Uri inputUri, Bitmap thumbnail, String filename, long fileSize) {
+                this.inputUri = inputUri;
+                this.thumbnail = thumbnail;
+                this.filename = filename;
+                this.fileSize = fileSize;
+            }
+
+            @Override
+            public String toString() {
+                return inputUri.toString();
             }
         }
 
-        mAdapter.notifyDataSetChanged();
-    }
+        // Provide a reference to the views for each data item
+        // Complex data items may need more than one view per item, and
+        // you provide access to all the views for a data item in a view holder
+        class ViewHolder extends RecyclerView.ViewHolder {
+            public TextView filename;
+            public TextView fileSize;
+            public View removeButton;
+            public ImageView thumbnail;
 
-    private class SelectedFilesAdapter extends BaseAdapter {
-        @Override
-        public int getCount() {
-            return mInputUris.size();
+            public ViewHolder(View itemView) {
+                super(itemView);
+                filename = (TextView) itemView.findViewById(R.id.filename);
+                fileSize = (TextView) itemView.findViewById(R.id.filesize);
+                removeButton = itemView.findViewById(R.id.action_remove_file_from_list);
+                thumbnail = (ImageView) itemView.findViewById(R.id.thumbnail);
+            }
         }
 
-        @Override
-        public Object getItem(int position) {
-            return mInputUris.get(position);
+        class FooterHolder extends RecyclerView.ViewHolder {
+            public Button mAddButton;
+
+            public FooterHolder(View itemView) {
+                super(itemView);
+                mAddButton = (Button) itemView.findViewById(R.id.file_list_entry_add);
+            }
         }
 
-        @Override
-        public long getItemId(int position) {
-            return getItem(position).hashCode();
+        // Provide a suitable constructor (depends on the kind of dataset)
+        public FilesAdapter(Activity activity, List<ViewModel> myDataset, View.OnClickListener onFooterClickListener) {
+            mActivity = activity;
+            mDataset = myDataset;
+            mFooterOnClickListener = onFooterClickListener;
         }
 
+        // Create new views (invoked by the layout manager)
         @Override
-        public View getView(final int position, View convertView, ViewGroup parent) {
-            Uri inputUri = mInputUris.get(position);
-            View view;
-            if (convertView == null) {
-                view = getActivity().getLayoutInflater().inflate(R.layout.file_list_entry, null);
+        public RecyclerView.ViewHolder onCreateViewHolder(ViewGroup parent, int viewType) {
+            if (viewType == TYPE_FOOTER) {
+                View v = LayoutInflater.from(parent.getContext())
+                        .inflate(R.layout.file_list_entry_add, parent, false);
+                return new FooterHolder(v);
             } else {
-                view = convertView;
+                //inflate your layout and pass it to view holder
+                View v = LayoutInflater.from(parent.getContext())
+                        .inflate(R.layout.file_list_entry, parent, false);
+                return new ViewHolder(v);
             }
-            ((TextView) view.findViewById(R.id.filename)).setText(FileHelper.getFilename(getActivity(), inputUri));
-            long size = FileHelper.getFileSize(getActivity(), inputUri);
-            if (size == -1) {
-                ((TextView) view.findViewById(R.id.filesize)).setText("");
-            } else {
-                ((TextView) view.findViewById(R.id.filesize)).setText(FileHelper.readableFileSize(size));
-            }
-            view.findViewById(R.id.action_remove_file_from_list).setOnClickListener(new View.OnClickListener() {
-                @Override
-                public void onClick(View v) {
-                    delInputUri(position);
+        }
+
+        // Replace the contents of a view (invoked by the layout manager)
+        @Override
+        public void onBindViewHolder(RecyclerView.ViewHolder holder, final int position) {
+            if (holder instanceof FooterHolder) {
+                FooterHolder thisHolder = (FooterHolder) holder;
+                thisHolder.mAddButton.setOnClickListener(mFooterOnClickListener);
+            } else if (holder instanceof ViewHolder) {
+                ViewHolder thisHolder = (ViewHolder) holder;
+                // - get element from your dataset at this position
+                // - replace the contents of the view with that element
+                final ViewModel model = mDataset.get(position);
+
+                thisHolder.filename.setText(model.filename);
+                if (model.fileSize == -1) {
+                    thisHolder.fileSize.setText("");
+                } else {
+                    thisHolder.fileSize.setText(FileHelper.readableFileSize(model.fileSize));
+                }
+                thisHolder.removeButton.setOnClickListener(new View.OnClickListener() {
+                    @Override
+                    public void onClick(View v) {
+                        remove(model);
+                    }
+                });
+                if (model.thumbnail != null) {
+                    thisHolder.thumbnail.setImageBitmap(model.thumbnail);
+                } else {
+                    thisHolder.thumbnail.setImageResource(R.drawable.ic_doc_generic_am);
                 }
-            });
-            int px = FormattingUtils.dpToPx(getActivity(), 48);
-            if (!thumbnailCache.containsKey(inputUri)) {
-                thumbnailCache.put(inputUri, FileHelper.getThumbnail(getActivity(), inputUri, new Point(px, px)));
             }
-            Bitmap bitmap = thumbnailCache.get(inputUri);
-            if (bitmap != null) {
-                ((ImageView) view.findViewById(R.id.thumbnail)).setImageBitmap(bitmap);
-            } else {
-                ((ImageView) view.findViewById(R.id.thumbnail)).setImageResource(R.drawable.ic_doc_generic_am);
-            }
-            return view;
         }
+
+        // Return the size of your dataset (invoked by the layout manager)
+        @Override
+        public int getItemCount() {
+            return mDataset.size() + 1;
+        }
+
+        @Override
+        public int getItemViewType(int position) {
+            if (isPositionFooter(position)) {
+                return TYPE_FOOTER;
+            } else {
+                return TYPE_ITEM;
+            }
+        }
+
+        private boolean isPositionFooter(int position) {
+            return position == mDataset.size();
+        }
+
+        public void add(Uri inputUri) {
+            mDataset.add(createModel(inputUri));
+            notifyItemInserted(mDataset.size() - 1);
+        }
+
+        public void addAll(ArrayList<Uri> inputUris) {
+            if (inputUris != null) {
+                for (Uri inputUri : inputUris) {
+                    mDataset.add(createModel(inputUri));
+                }
+            }
+            // TODO: notifyItemInserted?
+        }
+
+        private ViewModel createModel(Uri inputUri) {
+            int px = FormattingUtils.dpToPx(mActivity, 48);
+            Bitmap thumbnail = FileHelper.getThumbnail(mActivity, inputUri, new Point(px, px));
+            String filename = FileHelper.getFilename(mActivity, inputUri);
+            long size = FileHelper.getFileSize(mActivity, inputUri);
+            return new ViewModel(inputUri, thumbnail, filename, size);
+        }
+
+        public void remove(ViewModel model) {
+            int position = mDataset.indexOf(model);
+            mDataset.remove(position);
+            notifyItemRemoved(position);
+        }
+
+        public ArrayList<Uri> getAsArrayList() {
+            ArrayList<Uri> uris = new ArrayList<>();
+            for (ViewModel model : mDataset) {
+                uris.add(model.inputUri);
+            }
+            return uris;
+        }
+
     }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeAsymmetricFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeAsymmetricFragment.java
index 87c6c477c..6f56f2dc4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeAsymmetricFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptModeAsymmetricFragment.java
@@ -65,7 +65,7 @@ public class EncryptModeAsymmetricFragment extends Fragment {
     private IAsymmetric mEncryptInterface;
 
 //    @Override
-//    public void onNotifyUpdate() {
+//    public void updateUi() {
 //        if (mSign != null) {
 //            mSign.setSelectedKeyId(mEncryptInterface.getSignatureKey());
 //        }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/SpacesItemDecoration.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/SpacesItemDecoration.java
new file mode 100644
index 000000000..bc595803b
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/SpacesItemDecoration.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ui.adapter;
+
+import android.graphics.Rect;
+import android.support.v7.widget.GridLayoutManager;
+import android.support.v7.widget.RecyclerView;
+import android.view.View;
+
+/**
+ * https://gist.github.com/yrom/3b4bcbc2370ca2290434
+ */
+public class SpacesItemDecoration extends RecyclerView.ItemDecoration {
+    private int space;
+    private int spanCount;
+    private int lastItemInFirstLane = -1;
+
+    public SpacesItemDecoration(int space) {
+        this(space, 1);
+    }
+
+    /**
+     * @param space
+     * @param spanCount spans count of one lane
+     */
+    public SpacesItemDecoration(int space, int spanCount) {
+        this.space = space;
+        this.spanCount = spanCount;
+    }
+
+    @Override
+    public void getItemOffsets(Rect outRect, View view, RecyclerView parent, RecyclerView.State state) {
+        RecyclerView.LayoutParams params = (RecyclerView.LayoutParams) view.getLayoutParams();
+        final int position = params.getViewPosition();
+        final int spanSize;
+        final int index;
+        if (params instanceof GridLayoutManager.LayoutParams) {
+            GridLayoutManager.LayoutParams gridParams = (GridLayoutManager.LayoutParams) params;
+            spanSize = gridParams.getSpanSize();
+            index = gridParams.getSpanIndex();
+        } else {
+            spanSize = 1;
+            index = position % spanCount;
+        }
+        // invalid value
+        if (spanSize < 1 || index < 0) return;
+
+        if (spanSize == spanCount) { // full span
+            outRect.left = space;
+            outRect.right = space;
+        } else {
+            if (index == 0) { // left one
+                outRect.left = space;
+            }
+            // spanCount >= 1
+            if (index == spanCount - 1) { // right one
+                outRect.right = space;
+            }
+            if (outRect.left == 0) {
+                outRect.left = space / 2;
+            }
+            if (outRect.right == 0) {
+                outRect.right = space / 2;
+            }
+        }
+        // set top to all in first lane
+        if (position < spanCount && spanSize <= spanCount) {
+            if (lastItemInFirstLane < 0) { // lay out at first time
+                lastItemInFirstLane = position + spanSize == spanCount ? position : lastItemInFirstLane;
+                outRect.top = space;
+            } else if (position <= lastItemInFirstLane) { // scroll to first lane again
+                outRect.top = space;
+            }
+        }
+        outRect.bottom = space;
+
+    }
+} 
\ No newline at end of file
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/DeleteFileDialogFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/DeleteFileDialogFragment.java
index bd4e5577b..956171349 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/DeleteFileDialogFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/DeleteFileDialogFragment.java
@@ -44,11 +44,24 @@ public class DeleteFileDialogFragment extends DialogFragment {
     /**
      * Creates new instance of this delete file dialog fragment
      */
-    public static DeleteFileDialogFragment newInstance(Uri... deleteUris) {
+    public static DeleteFileDialogFragment newInstance(ArrayList<Uri> deleteUris) {
         DeleteFileDialogFragment frag = new DeleteFileDialogFragment();
         Bundle args = new Bundle();
 
-        args.putParcelableArray(ARG_DELETE_URIS, deleteUris);
+        args.putParcelableArrayList(ARG_DELETE_URIS, deleteUris);
+
+        frag.setArguments(args);
+
+        return frag;
+    }
+
+    public static DeleteFileDialogFragment newInstance(Uri deleteUri) {
+        DeleteFileDialogFragment frag = new DeleteFileDialogFragment();
+        Bundle args = new Bundle();
+
+        ArrayList<Uri> list = new ArrayList<>();
+        list.add(deleteUri);
+        args.putParcelableArrayList(ARG_DELETE_URIS, list);
 
         frag.setArguments(args);
 
@@ -62,7 +75,7 @@ public class DeleteFileDialogFragment extends DialogFragment {
     public Dialog onCreateDialog(Bundle savedInstanceState) {
         final FragmentActivity activity = getActivity();
 
-        final Uri[] deleteUris = (Uri[]) getArguments().getParcelableArray(ARG_DELETE_URIS);
+        final ArrayList<Uri> deleteUris = getArguments().getParcelableArrayList(ARG_DELETE_URIS);
 
         final StringBuilder deleteFileNames = new StringBuilder();
         //Retrieving file names after deletion gives unexpected results
@@ -127,7 +140,7 @@ public class DeleteFileDialogFragment extends DialogFragment {
                 // NOTE: Use Toasts, not Snackbars. When sharing to another application snackbars
                 // would not show up!
                 Toast.makeText(getActivity(), getActivity().getString(R.string.file_delete_successful,
-                                deleteUris.length - failedFileNameList.size(), deleteUris.length, failedFileNames.toString()),
+                                deleteUris.size() - failedFileNameList.size(), deleteUris.size(), failedFileNames.toString()),
                         Toast.LENGTH_LONG).show();
 
                 if (onDeletedListener != null) {
diff --git a/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml b/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
index 5831d52e1..cb9391b6d 100644
--- a/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
@@ -4,15 +4,10 @@
     android:layout_height="match_parent"
     android:orientation="vertical">
 
-    <ListView
+    <android.support.v7.widget.RecyclerView
         android:id="@+id/selected_files_list"
-        android:dividerHeight="4dip"
-        android:divider="@android:color/transparent"
-        android:focusable="true"
-        android:focusableInTouchMode="true"
         android:paddingLeft="16dp"
         android:paddingRight="16dp"
-        android:layout_marginTop="8dp"
         android:layout_width="match_parent"
         android:layout_height="match_parent" />
 
diff --git a/OpenKeychain/src/main/res/layout/file_list_entry.xml b/OpenKeychain/src/main/res/layout/file_list_entry.xml
index ca78ad161..7f0e1e89e 100644
--- a/OpenKeychain/src/main/res/layout/file_list_entry.xml
+++ b/OpenKeychain/src/main/res/layout/file_list_entry.xml
@@ -1,60 +1,58 @@
 <?xml version="1.0" encoding="utf-8"?>
-
-<RelativeLayout
-        xmlns:android="http://schemas.android.com/apk/res/android"
-        android:layout_width="match_parent"
-        android:layout_height="48dip"
-        android:background="@drawable/attachment_bg_holo">
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="48dip"
+    android:background="@drawable/attachment_bg_holo">
 
     <ImageView
-            android:id="@+id/thumbnail"
-            android:layout_alignParentLeft="true"
-            android:layout_centerVertical="true"
-            android:scaleType="center"
-            android:layout_width="48dip"
-            android:layout_height="48dip"/>
+        android:id="@+id/thumbnail"
+        android:layout_alignParentLeft="true"
+        android:layout_centerVertical="true"
+        android:scaleType="center"
+        android:layout_width="48dip"
+        android:layout_height="48dip" />
 
     <LinearLayout
-            android:orientation="vertical"
+        android:orientation="vertical"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:layout_toRightOf="@+id/thumbnail"
+        android:layout_centerVertical="true">
+
+        <TextView
+            android:id="@+id/filename"
+            android:layout_marginLeft="8dip"
+            android:layout_marginRight="32dip"
+            android:maxLines="1"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
-            android:layout_toRightOf="@+id/thumbnail"
-            android:layout_centerVertical="true">
+            android:textColor="?android:attr/textColorSecondary"
+            android:textAppearance="?android:attr/textAppearanceSmall"
+            android:ellipsize="end" />
 
         <TextView
-                android:id="@+id/filename"
-                android:layout_marginLeft="8dip"
-                android:layout_marginRight="32dip"
-                android:maxLines="1"
-                android:layout_width="wrap_content"
-                android:layout_height="wrap_content"
-                android:textColor="?android:attr/textColorSecondary"
-                android:textAppearance="?android:attr/textAppearanceSmall"
-                android:ellipsize="end"/>
-
-        <TextView
-                android:id="@+id/filesize"
-                android:layout_marginLeft="8dip"
-                android:layout_marginRight="32dip"
-                android:maxLines="1"
-                android:layout_width="wrap_content"
-                android:layout_height="wrap_content"
-                android:textColor="?android:attr/textColorTertiary"
-                android:textAppearance="?android:attr/textAppearanceSmall"
-                android:textSize="12sp"
-                android:ellipsize="end"/>
+            android:id="@+id/filesize"
+            android:layout_marginLeft="8dip"
+            android:layout_marginRight="32dip"
+            android:maxLines="1"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:textColor="?android:attr/textColorTertiary"
+            android:textAppearance="?android:attr/textAppearanceSmall"
+            android:textSize="12sp"
+            android:ellipsize="end" />
 
     </LinearLayout>
 
     <ImageButton
-            android:id="@+id/action_remove_file_from_list"
-            android:layout_width="48dip"
-            android:layout_height="48dip"
-            android:layout_alignParentRight="true"
-            android:paddingRight="16dip"
-            android:paddingLeft="16dip"
-            android:src="@drawable/ic_close_grey_24dp"
-            android:clickable="true"
-            android:layout_centerVertical="true"
-        android:background="?android:selectableItemBackground"/>
+        android:id="@+id/action_remove_file_from_list"
+        android:layout_width="48dip"
+        android:layout_height="48dip"
+        android:layout_alignParentRight="true"
+        android:paddingRight="16dip"
+        android:paddingLeft="16dip"
+        android:src="@drawable/ic_close_grey_24dp"
+        android:clickable="true"
+        android:layout_centerVertical="true"
+        android:background="?android:selectableItemBackground" />
 </RelativeLayout>
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/layout/file_list_entry_add.xml b/OpenKeychain/src/main/res/layout/file_list_entry_add.xml
index d7f4513d9..e5eb4c44f 100644
--- a/OpenKeychain/src/main/res/layout/file_list_entry_add.xml
+++ b/OpenKeychain/src/main/res/layout/file_list_entry_add.xml
@@ -1,21 +1,24 @@
 <?xml version="1.0" encoding="utf-8"?>
-<FrameLayout xmlns:android="http://schemas.android.com/apk/res/android"
-    android:padding="4dp"
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
     android:layout_width="match_parent"
     android:layout_height="wrap_content"
-    android:clickable="true"
-    android:minHeight="?android:attr/listPreferredItemHeight"
-    style="?android:attr/borderlessButtonStyle">
+    android:minHeight="16dp"
+    android:orientation="horizontal"
+    android:singleLine="true">
 
-    <TextView
+    <Button
+        android:id="@+id/file_list_entry_add"
         android:paddingLeft="8dp"
         android:paddingRight="8dp"
         android:textAppearance="?android:attr/textAppearanceMedium"
-        android:layout_width="wrap_content"
-        android:layout_height="match_parent"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:minHeight="?android:attr/listPreferredItemHeight"
         android:layout_gravity="center"
         android:text="@string/btn_add_files"
+        style="?android:attr/borderlessButtonStyle"
         android:drawableLeft="@drawable/ic_folder_grey_24dp"
-        android:drawablePadding="8dp"
-        android:gravity="center" />
-</FrameLayout>
\ No newline at end of file
+        android:drawablePadding="16dp"
+        android:gravity="left|center_vertical" />
+
+</LinearLayout>
\ No newline at end of file

From 5052d44b7bf67dc9f5f9a6c98ce555bbb9a41edd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 30 Mar 2015 20:48:18 +0200
Subject: [PATCH 36/80] Fix scrollbar

---
 OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml b/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
index cb9391b6d..b75ec5022 100644
--- a/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/encrypt_files_fragment.xml
@@ -8,6 +8,7 @@
         android:id="@+id/selected_files_list"
         android:paddingLeft="16dp"
         android:paddingRight="16dp"
+        android:scrollbars="vertical"
         android:layout_width="match_parent"
         android:layout_height="match_parent" />
 

From d67b546ec52c94faf71733b063856de98d66ef01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 30 Mar 2015 23:23:54 +0200
Subject: [PATCH 37/80] Dont show slinger button in spinner

---
 .../org/sufficientlysecure/keychain/ui/adapter/KeyAdapter.java  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/KeyAdapter.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/KeyAdapter.java
index 9304b14f1..6f19fc6ed 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/KeyAdapter.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/KeyAdapter.java
@@ -147,6 +147,8 @@ public class KeyAdapter extends CursorAdapter {
                     mStatus.setVisibility(View.GONE);
                     if (mSlingerButton.hasOnClickListeners()) {
                         mSlinger.setVisibility(View.VISIBLE);
+                    } else {
+                        mSlinger.setVisibility(View.GONE);
                     }
                     mMainUserId.setTextColor(context.getResources().getColor(R.color.black));
                     mMainUserIdRest.setTextColor(context.getResources().getColor(R.color.black));

From 39b131c7e58c358adf93bb64fe297884664a4ae1 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Mon, 30 Mar 2015 23:35:32 +0200
Subject: [PATCH 38/80] fix Encrypt* with RequiredInputParcel

---
 .../operations/SignEncryptOperation.java      |  42 +++-
 .../results/InputPendingResult.java           |   2 +
 .../operations/results/OperationResult.java   |   1 -
 .../results/PgpSignEncryptResult.java         |  64 +-----
 .../operations/results/SignEncryptResult.java |  17 +-
 .../keychain/pgp/PgpSignEncryptOperation.java |  69 +++---
 .../keychain/remote/OpenPgpService.java       | 204 +++++-------------
 .../service/input/RequiredInputParcel.java    |  12 +-
 .../keychain/ui/CryptoOperationFragment.java  |   6 +-
 .../keychain/ui/DecryptFilesFragment.java     |   2 +-
 .../keychain/ui/DecryptFragment.java          |   2 +-
 .../keychain/ui/EncryptActivity.java          | 189 ----------------
 .../keychain/ui/EncryptFilesFragment.java     |  27 +--
 .../keychain/ui/EncryptTextActivity.java      |   2 +-
 .../keychain/ui/EncryptTextFragment.java      |  52 +----
 .../keychain/ui/NfcActivity.java              |   4 +-
 .../keychain/ui/NfcOperationActivity.java     |  22 +-
 .../keychain/ui/PassphraseDialogActivity.java |  21 +-
 .../keychain/ui/base/BaseNfcActivity.java     |   2 +-
 .../keychain/util/KeyUpdateHelper.java        |   2 +-
 OpenKeychain/src/main/res/values/strings.xml  |   1 -
 21 files changed, 184 insertions(+), 559 deletions(-)
 delete mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
index db44546b6..d718d231e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
@@ -20,15 +20,21 @@ package org.sufficientlysecure.keychain.operations;
 import android.content.Context;
 import android.net.Uri;
 
+import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
 import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
 import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
+import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.NfcSignOperationsBuilder;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
 import org.sufficientlysecure.keychain.util.FileHelper;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
@@ -69,6 +75,20 @@ public class SignEncryptOperation extends BaseOperation {
         int total = inputBytes != null ? 1 : inputUris.size(), count = 0;
         ArrayList<PgpSignEncryptResult> results = new ArrayList<>();
 
+        NfcSignOperationsBuilder pendingInputBuilder = null;
+
+        if (input.getSignatureMasterKeyId() != Constants.key.none
+                && input.getSignatureSubKeyId() == null) {
+            try {
+                long signKeyId = mProviderHelper.getCachedPublicKeyRing(
+                        input.getSignatureMasterKeyId()).getSecretSignId();
+                input.setSignatureSubKeyId(signKeyId);
+            } catch (PgpKeyNotFoundException e) {
+                e.printStackTrace();
+                return new SignEncryptResult(SignEncryptResult.RESULT_ERROR, log, results);
+            }
+        }
+
         do {
 
             if (checkCancelled()) {
@@ -129,10 +149,17 @@ public class SignEncryptOperation extends BaseOperation {
             log.add(result, 2);
 
             if (result.isPending()) {
-                return new SignEncryptResult(SignEncryptResult.RESULT_PENDING, log, results);
-            }
-
-            if (!result.success()) {
+                RequiredInputParcel requiredInput = result.getRequiredInputParcel();
+                // Passphrase returns immediately, nfc are aggregated
+                if (requiredInput.mType == RequiredInputType.PASSPHRASE) {
+                    return new SignEncryptResult(log, requiredInput, results);
+                }
+                if (pendingInputBuilder == null) {
+                    pendingInputBuilder = new NfcSignOperationsBuilder(requiredInput.mSignatureTime,
+                            input.getSignatureMasterKeyId(), input.getSignatureSubKeyId());
+                }
+                pendingInputBuilder.addAll(requiredInput);
+            } else if (!result.success()) {
                 return new SignEncryptResult(SignEncryptResult.RESULT_ERROR, log, results);
             }
 
@@ -142,9 +169,12 @@ public class SignEncryptOperation extends BaseOperation {
 
         } while (!inputUris.isEmpty());
 
+        if (pendingInputBuilder != null && !pendingInputBuilder.isEmpty()) {
+            return new SignEncryptResult(log, pendingInputBuilder.build(), results);
+        }
+
         if (!outputUris.isEmpty()) {
-            // Any output URIs left are indicative of a programming error
-            log.add(LogType.MSG_SE_WARN_OUTPUT_LEFT, 1);
+            throw new AssertionError("Got outputs left but no inputs. This is a programming error, please report!");
         }
 
         log.add(LogType.MSG_SE_SUCCESS, 1);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
index 45a6b98b8..0b7aa6d03 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java
@@ -18,6 +18,8 @@
 
 package org.sufficientlysecure.keychain.operations.results;
 
+import java.util.ArrayList;
+
 import android.os.Parcel;
 
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 47f9271e1..55d5d974a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -671,7 +671,6 @@ public abstract class OperationResult implements Parcelable {
         MSG_SE_ERROR_INPUT_URI_NOT_FOUND (LogLevel.ERROR, R.string.msg_se_error_input_uri_not_found),
         MSG_SE_ERROR_OUTPUT_URI_NOT_FOUND (LogLevel.ERROR, R.string.msg_se_error_output_uri_not_found),
         MSG_SE_ERROR_TOO_MANY_INPUTS (LogLevel.ERROR, R.string.msg_se_error_too_many_inputs),
-        MSG_SE_WARN_OUTPUT_LEFT (LogLevel.WARN, R.string.msg_se_warn_output_left),
         MSG_SE_SUCCESS (LogLevel.OK, R.string.msg_se_success),
 
         // pgpsignencrypt
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
index b6259e2d1..acb265462 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
@@ -19,76 +19,31 @@ package org.sufficientlysecure.keychain.operations.results;
 
 import android.os.Parcel;
 
-import org.sufficientlysecure.keychain.util.Passphrase;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
-public class PgpSignEncryptResult extends OperationResult {
 
-    // the fourth bit indicates a "data pending" result! (it's also a form of non-success)
-    public static final int RESULT_PENDING = RESULT_ERROR + 8;
+public class PgpSignEncryptResult extends InputPendingResult {
 
-    // fifth to sixth bit in addition indicate specific type of pending
-    public static final int RESULT_PENDING_PASSPHRASE = RESULT_PENDING + 16;
-    public static final int RESULT_PENDING_NFC = RESULT_PENDING + 32;
-
-    long mKeyIdPassphraseNeeded;
-
-    long mNfcKeyId;
-    byte[] mNfcHash;
-    int mNfcAlgo;
-    Passphrase mNfcPassphrase;
     byte[] mDetachedSignature;
 
-    public long getKeyIdPassphraseNeeded() {
-        return mKeyIdPassphraseNeeded;
-    }
-
-    public void setKeyIdPassphraseNeeded(long keyIdPassphraseNeeded) {
-        mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
-    }
-
-    public void setNfcData(long nfcKeyId, byte[] nfcHash, int nfcAlgo, Passphrase passphrase) {
-        mNfcKeyId = nfcKeyId;
-        mNfcHash = nfcHash;
-        mNfcAlgo = nfcAlgo;
-        mNfcPassphrase = passphrase;
-    }
-
     public void setDetachedSignature(byte[] detachedSignature) {
         mDetachedSignature = detachedSignature;
     }
 
-    public long getNfcKeyId() {
-        return mNfcKeyId;
-    }
-
-    public byte[] getNfcHash() {
-        return mNfcHash;
-    }
-
-    public int getNfcAlgo() {
-        return mNfcAlgo;
-    }
-
-    public Passphrase getNfcPassphrase() {
-        return mNfcPassphrase;
-    }
-
     public byte[] getDetachedSignature() {
         return mDetachedSignature;
     }
 
-    public boolean isPending() {
-        return (mResult & RESULT_PENDING) == RESULT_PENDING;
-    }
-
     public PgpSignEncryptResult(int result, OperationLog log) {
         super(result, log);
     }
 
+    public PgpSignEncryptResult(OperationLog log, RequiredInputParcel requiredInput) {
+        super(log, requiredInput);
+    }
+
     public PgpSignEncryptResult(Parcel source) {
         super(source);
-        mNfcHash = source.readInt() != 0 ? source.createByteArray() : null;
-        mNfcAlgo = source.readInt();
         mDetachedSignature = source.readInt() != 0 ? source.createByteArray() : null;
     }
 
@@ -98,13 +53,6 @@ public class PgpSignEncryptResult extends OperationResult {
 
     public void writeToParcel(Parcel dest, int flags) {
         super.writeToParcel(dest, flags);
-        if (mNfcHash != null) {
-            dest.writeInt(1);
-            dest.writeByteArray(mNfcHash);
-        } else {
-            dest.writeInt(0);
-        }
-        dest.writeInt(mNfcAlgo);
         if (mDetachedSignature != null) {
             dest.writeInt(1);
             dest.writeByteArray(mDetachedSignature);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
index 87483ade9..b05921b0d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/SignEncryptResult.java
@@ -21,22 +21,17 @@ import android.os.Parcel;
 
 import java.util.ArrayList;
 
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 
-public class SignEncryptResult extends OperationResult {
+
+public class SignEncryptResult extends InputPendingResult {
 
     ArrayList<PgpSignEncryptResult> mResults;
     byte[] mResultBytes;
 
-    public static final int RESULT_PENDING = RESULT_ERROR + 8;
-
-
-    public PgpSignEncryptResult getPending() {
-        for (PgpSignEncryptResult sub : mResults) {
-            if (sub.isPending()) {
-                return sub;
-            }
-        }
-        return null;
+    public SignEncryptResult(OperationLog log, RequiredInputParcel requiredInput, ArrayList<PgpSignEncryptResult> results) {
+        super(log, requiredInput);
+        mResults = results;
     }
 
     public SignEncryptResult(int result, OperationLog log, ArrayList<PgpSignEncryptResult> results) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index f22b56ea6..0b22df790 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -40,11 +40,13 @@ import org.sufficientlysecure.keychain.operations.BaseOperation;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
@@ -146,48 +148,39 @@ public class PgpSignEncryptOperation extends BaseOperation {
         CanonicalizedSecretKey signingKey = null;
         if (enableSignature) {
 
+            updateProgress(R.string.progress_extracting_signature_key, 0, 100);
+
             try {
                 // fetch the indicated master key id (the one whose name we sign in)
                 CanonicalizedSecretKeyRing signingKeyRing =
                         mProviderHelper.getCanonicalizedSecretKeyRing(input.getSignatureMasterKeyId());
 
-                long signKeyId;
-                // use specified signing subkey, or find the one to use
-                if (input.getSignatureSubKeyId() == null) {
-                    signKeyId = signingKeyRing.getSecretSignId();
-                } else {
-                    signKeyId = input.getSignatureSubKeyId();
+                // fetch the specific subkey to sign with, or just use the master key if none specified
+                signingKey = signingKeyRing.getSecretKey(input.getSignatureSubKeyId());
+
+                // Make sure we are allowed to sign here!
+                if (!signingKey.canSign()) {
+                    log.add(LogType.MSG_PSE_ERROR_KEY_SIGN, indent);
+                    return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
                 }
 
-                // fetch the specific subkey to sign with, or just use the master key if none specified
-                signingKey = signingKeyRing.getSecretKey(signKeyId);
+                if (signingKey.getSecretKeyType() != SecretKeyType.DIVERT_TO_CARD) {
+                    if (cryptoInput.getPassphrase() == null) {
+                        log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
+                        return new PgpSignEncryptResult(log, RequiredInputParcel.createRequiredPassphrase(
+                                signingKeyRing.getMasterKeyId(), signingKey.getKeyId(),
+                                cryptoInput.getSignatureTime()));
+                    }
+                }
 
-            } catch (ProviderHelper.NotFoundException | PgpGeneralException e) {
-                log.add(LogType.MSG_PSE_ERROR_SIGN_KEY, indent);
-                return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
-            }
-
-            // Make sure we are allowed to sign here!
-            if (!signingKey.canSign()) {
-                log.add(LogType.MSG_PSE_ERROR_KEY_SIGN, indent);
-                return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
-            }
-
-            // if no passphrase was explicitly set try to get it from the cache service
-            if (cryptoInput.getPassphrase() == null) {
-                log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
-                PgpSignEncryptResult result = new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE, log);
-                result.setKeyIdPassphraseNeeded(signingKey.getKeyId());
-                return result;
-            }
-
-            updateProgress(R.string.progress_extracting_signature_key, 0, 100);
-
-            try {
                 if (!signingKey.unlock(cryptoInput.getPassphrase())) {
                     log.add(LogType.MSG_PSE_ERROR_BAD_PASSPHRASE, indent);
                     return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
                 }
+
+            } catch (ProviderHelper.NotFoundException e) {
+                log.add(LogType.MSG_PSE_ERROR_SIGN_KEY, indent);
+                return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
             } catch (PgpGeneralException e) {
                 log.add(LogType.MSG_PSE_ERROR_UNLOCK, indent);
                 return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
@@ -473,20 +466,8 @@ public class PgpSignEncryptOperation extends BaseOperation {
                 } catch (NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded e) {
                     // this secret key diverts to a OpenPGP card, throw exception with hash that will be signed
                     log.add(LogType.MSG_PSE_PENDING_NFC, indent);
-                    PgpSignEncryptResult result =
-                            new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_PENDING_NFC, log);
-
-                    // SignatureSubKeyId can be null.
-                    if (input.getSignatureSubKeyId() == null) {
-                        return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
-                    }
-
-                    // Note that the checked key here is the master key, not the signing key
-                    // (although these are always the same on Yubikeys)
-                    result.setNfcData(signingKey.getKeyId(), e.hashToSign, e.hashAlgo,
-                            cryptoInput.getPassphrase());
-                    Log.d(Constants.TAG, "e.hashToSign" + Hex.toHexString(e.hashToSign));
-                    return result;
+                    return new PgpSignEncryptResult(log, RequiredInputParcel.createNfcSignOperation(
+                            e.hashToSign, e.hashAlgo, cryptoInput.getSignatureTime()));
                 }
             }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 3575c3c18..4760412ea 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -18,6 +18,7 @@
 package org.sufficientlysecure.keychain.remote;
 
 import android.app.PendingIntent;
+import android.content.Context;
 import android.content.Intent;
 import android.database.Cursor;
 import android.net.Uri;
@@ -31,7 +32,6 @@ import org.openintents.openpgp.OpenPgpMetadata;
 import org.openintents.openpgp.OpenPgpSignatureResult;
 import org.openintents.openpgp.util.OpenPgpApi;
 import org.spongycastle.bcpg.CompressionAlgorithmTags;
-import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
@@ -49,19 +49,18 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.remote.ui.RemoteServiceActivity;
 import org.sufficientlysecure.keychain.remote.ui.SelectSignKeyIdActivity;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.ui.ImportKeysActivity;
-import org.sufficientlysecure.keychain.ui.NfcActivity;
+import org.sufficientlysecure.keychain.ui.NfcOperationActivity;
 import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
 import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
-import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.ArrayList;
-import java.util.Date;
 import java.util.Set;
 
 public class OpenPgpService extends RemoteService {
@@ -79,9 +78,6 @@ public class OpenPgpService extends RemoteService {
 
     /**
      * Search database for key ids based on emails.
-     *
-     * @param encryptionUserIds
-     * @return
      */
     private Intent returnKeyIdsFromEmails(Intent data, String[] encryptionUserIds) {
         boolean noUserIdsCheck = (encryptionUserIds == null || encryptionUserIds.length == 0);
@@ -164,52 +160,35 @@ public class OpenPgpService extends RemoteService {
         }
     }
 
-    private Intent returnPassphraseIntent(Intent data, long keyId) {
-        // build PendingIntent for passphrase input
-        Intent intent = new Intent(getBaseContext(), PassphraseDialogActivity.class);
-        intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, keyId);
-        // pass params through to activity that it can be returned again later to repeat pgp operation
-        intent.putExtra(PassphraseDialogActivity.EXTRA_DATA, data);
-        PendingIntent pi = PendingIntent.getActivity(getBaseContext(), 0,
-                intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
+    private static PendingIntent getRequiredInputPendingIntent(Context context,
+            Intent data, RequiredInputParcel requiredInput) {
 
-        // return PendingIntent to be executed by client
-        Intent result = new Intent();
-        result.putExtra(OpenPgpApi.RESULT_INTENT, pi);
-        result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
-        return result;
-    }
+        switch (requiredInput.mType) {
+            case NFC_DECRYPT:
+            case NFC_SIGN: {
+                // build PendingIntent for Yubikey NFC operations
+                Intent intent = new Intent(context, NfcOperationActivity.class);
+                // pass params through to activity that it can be returned again later to repeat pgp operation
+                intent.putExtra(NfcOperationActivity.EXTRA_SERVICE_INTENT, data);
+                intent.putExtra(NfcOperationActivity.EXTRA_REQUIRED_INPUT, requiredInput);
+                return PendingIntent.getActivity(context, 0, intent,
+                        PendingIntent.FLAG_CANCEL_CURRENT);
+            }
 
-    private PendingIntent getNfcSignPendingIntent(Intent data, long keyId, Passphrase pin, byte[] hashToSign, int hashAlgo) {
-        // build PendingIntent for Yubikey NFC operations
-        Intent intent = new Intent(getBaseContext(), NfcActivity.class);
-        intent.setAction(NfcActivity.ACTION_SIGN_HASH);
-        // pass params through to activity that it can be returned again later to repeat pgp operation
-        intent.putExtra(NfcActivity.EXTRA_DATA, data);
-        intent.putExtra(NfcActivity.EXTRA_PIN, pin);
-        intent.putExtra(NfcActivity.EXTRA_KEY_ID, keyId);
+            case PASSPHRASE: {
+                // build PendingIntent for Passphrase request
+                Intent intent = new Intent(context, PassphraseDialogActivity.class);
+                // pass params through to activity that it can be returned again later to repeat pgp operation
+                intent.putExtra(PassphraseDialogActivity.EXTRA_SERVICE_INTENT, data);
+                intent.putExtra(PassphraseDialogActivity.EXTRA_REQUIRED_INPUT, requiredInput);
+                return PendingIntent.getActivity(context, 0, intent,
+                        PendingIntent.FLAG_CANCEL_CURRENT);
+            }
 
-        intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign);
-        intent.putExtra(NfcActivity.EXTRA_NFC_HASH_ALGO, hashAlgo);
-        return PendingIntent.getActivity(getBaseContext(), 0,
-                intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
-    }
+            default:
+                throw new AssertionError("Unhandled required input type!");
+        }
 
-    private PendingIntent getNfcDecryptPendingIntent(Intent data, long subKeyId, Passphrase pin, byte[] encryptedSessionKey) {
-        // build PendingIntent for Yubikey NFC operations
-        Intent intent = new Intent(getBaseContext(), NfcActivity.class);
-        intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
-        // pass params through to activity that it can be returned again later to repeat pgp operation
-        intent.putExtra(NfcActivity.EXTRA_DATA, data);
-        intent.putExtra(NfcActivity.EXTRA_PIN, pin);
-        intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId);
-
-        intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey);
-        return PendingIntent.getActivity(getBaseContext(), 0,
-                intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
     }
 
     private PendingIntent getKeyserverPendingIntent(Intent data, long masterKeyId) {
@@ -241,18 +220,6 @@ public class OpenPgpService extends RemoteService {
         try {
             boolean asciiArmor = cleartextSign || data.getBooleanExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true);
 
-            Passphrase passphrase = null;
-            if (data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE) != null) {
-                passphrase = new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE));
-            }
-
-            byte[] nfcSignedHash = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_SIGNED_HASH);
-            if (nfcSignedHash != null) {
-                Log.d(Constants.TAG, "nfcSignedHash:" + Hex.toHexString(nfcSignedHash));
-            } else {
-                Log.d(Constants.TAG, "nfcSignedHash: null");
-            }
-
             Intent signKeyIdIntent = getSignKeyMasterId(data);
             // NOTE: Fallback to return account settings (Old API)
             if (signKeyIdIntent.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR)
@@ -264,16 +231,6 @@ public class OpenPgpService extends RemoteService {
                 Log.e(Constants.TAG, "No signing key given!");
             }
 
-            // carefully: only set if timestamp exists
-            Date nfcCreationDate;
-            long nfcCreationTimestamp = data.getLongExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, -1);
-            Log.d(Constants.TAG, "nfcCreationTimestamp: " + nfcCreationTimestamp);
-            if (nfcCreationTimestamp != -1) {
-                nfcCreationDate = new Date(nfcCreationTimestamp);
-            } else {
-                nfcCreationDate = new Date();
-            }
-
             // Get Input- and OutputStream from ParcelFileDescriptor
             is = new ParcelFileDescriptor.AutoCloseInputStream(input);
             if (cleartextSign) {
@@ -284,8 +241,7 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength);
 
-            CryptoInputParcel cryptoInput = new CryptoInputParcel(nfcCreationDate, passphrase);
-            cryptoInput.addCryptoData(null, nfcSignedHash); // TODO fix
+            CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
 
             // sign-only
             PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
@@ -301,26 +257,16 @@ public class OpenPgpService extends RemoteService {
             PgpSignEncryptResult pgpResult = pse.execute(pseInput, cryptoInput, inputData, os);
 
             if (pgpResult.isPending()) {
-                if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
-                        PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) {
-                    return returnPassphraseIntent(data, pgpResult.getKeyIdPassphraseNeeded());
-                } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
-                        PgpSignEncryptResult.RESULT_PENDING_NFC) {
-                    // return PendingIntent to execute NFC activity
-                    // pass through the signature creation timestamp to be used again on second execution
-                    // of PgpSignEncrypt when we have the signed hash!
-                    data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, nfcCreationDate.getTime());
 
-                    // return PendingIntent to be executed by client
-                    Intent result = new Intent();
-                    result.putExtra(OpenPgpApi.RESULT_INTENT,
-                            getNfcSignPendingIntent(data, pgpResult.getNfcKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcHash(), pgpResult.getNfcAlgo()));
-                    result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
-                    return result;
-                } else {
-                    throw new PgpGeneralException(
-                            "Encountered unhandled type of pending action not supported by API!");
-                }
+                RequiredInputParcel requiredInput = pgpResult.getRequiredInputParcel();
+                PendingIntent pIntent = getRequiredInputPendingIntent(getBaseContext(), data, requiredInput);
+
+                // return PendingIntent to be executed by client
+                Intent result = new Intent();
+                result.putExtra(OpenPgpApi.RESULT_INTENT, pIntent);
+                result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
+                return result;
+
             } else if (pgpResult.success()) {
                 Intent result = new Intent();
                 if (pgpResult.getDetachedSignature() != null && !cleartextSign) {
@@ -376,11 +322,6 @@ public class OpenPgpService extends RemoteService {
                 compressionId = CompressionAlgorithmTags.UNCOMPRESSED;
             }
 
-            Passphrase passphrase = null;
-            if (data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE) != null) {
-                passphrase = new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE));
-            }
-
             // first try to get key ids from non-ambiguous key id extra
             long[] keyIds = data.getLongArrayExtra(OpenPgpApi.EXTRA_KEY_IDS);
             if (keyIds == null) {
@@ -405,8 +346,6 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength, originalFilename);
 
-            CryptoInputParcel cryptoInput;
-
             PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel();
             pseInput.setEnableAsciiArmorOutput(asciiArmor)
                     .setVersionHeader(null)
@@ -428,52 +367,28 @@ public class OpenPgpService extends RemoteService {
                     Log.e(Constants.TAG, "No signing key given!");
                 }
 
-                byte[] nfcSignedHash = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_SIGNED_HASH);
-                // carefully: only set if timestamp exists
-                Date nfcCreationDate;
-                long nfcCreationTimestamp = data.getLongExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, -1);
-                if (nfcCreationTimestamp != -1) {
-                    nfcCreationDate = new Date(nfcCreationTimestamp);
-                } else {
-                    nfcCreationDate = new Date();
-                }
-
-                cryptoInput = new CryptoInputParcel(nfcCreationDate, passphrase);
-                cryptoInput.addCryptoData(null, nfcSignedHash); // TODO fix!
-
                 // sign and encrypt
                 pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
                         .setSignatureMasterKeyId(signKeyId)
                         .setAdditionalEncryptId(signKeyId); // add sign key for encryption
-            } else {
-                cryptoInput = new CryptoInputParcel();
             }
 
+            CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
+
             PgpSignEncryptOperation op = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
 
             // execute PGP operation!
             PgpSignEncryptResult pgpResult = op.execute(pseInput, cryptoInput, inputData, os);
 
             if (pgpResult.isPending()) {
-                if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
-                        PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) {
-                    return returnPassphraseIntent(data, pgpResult.getKeyIdPassphraseNeeded());
-                } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
-                        PgpSignEncryptResult.RESULT_PENDING_NFC) {
-                    // return PendingIntent to execute NFC activity
-                    // pass through the signature creation timestamp to be used again on second execution
-                    // of PgpSignEncrypt when we have the signed hash!
-                    data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, 0L); // TODO fix
-                    // return PendingIntent to be executed by client
-                    Intent result = new Intent();
-                    result.putExtra(OpenPgpApi.RESULT_INTENT,
-                            getNfcSignPendingIntent(data, pgpResult.getNfcKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcHash(), pgpResult.getNfcAlgo()));
-                    result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
-                    return result;
-                } else {
-                    throw new PgpGeneralException(
-                            "Encountered unhandled type of pending action not supported by API!");
-                }
+                RequiredInputParcel requiredInput = pgpResult.getRequiredInputParcel();
+                PendingIntent pIntent = getRequiredInputPendingIntent(getBaseContext(), data, requiredInput);
+
+                // return PendingIntent to be executed by client
+                Intent result = new Intent();
+                result.putExtra(OpenPgpApi.RESULT_INTENT, pIntent);
+                result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
+                return result;
             } else if (pgpResult.success()) {
                 Intent result = new Intent();
                 result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
@@ -522,11 +437,6 @@ public class OpenPgpService extends RemoteService {
                 os = new ParcelFileDescriptor.AutoCloseOutputStream(output);
             }
 
-            Passphrase passphrase = null;
-            if (data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE) != null) {
-                passphrase = new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE));
-            }
-
             String currentPkg = getCurrentCallingPackage();
             Set<Long> allowedKeyIds;
             if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 7) {
@@ -544,17 +454,17 @@ public class OpenPgpService extends RemoteService {
                     this, new ProviderHelper(getContext()), null, inputData, os
             );
 
-            byte[] nfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
+            CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
 
             byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
 
             // allow only private keys associated with accounts of this app
             // no support for symmetric encryption
-            builder.setPassphrase(passphrase)
+            builder.setPassphrase(cryptoInput.getPassphrase()) // TODO proper CryptoInputParcel support
                     .setAllowSymmetricDecryption(false)
                     .setAllowedKeyIds(allowedKeyIds)
                     .setDecryptMetadataOnly(decryptMetadataOnly)
-                    .setNfcState(nfcDecryptedSessionKey)
+                    .setNfcState(null) // TODO proper CryptoInputParcel support
                     .setDetachedSignature(detachedSignature);
 
             DecryptVerifyResult pgpResult = builder.build().execute();
@@ -562,20 +472,15 @@ public class OpenPgpService extends RemoteService {
             if (pgpResult.isPending()) {
                 if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
                         DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-                    return returnPassphraseIntent(data, pgpResult.getKeyIdPassphraseNeeded());
+                    throw new AssertionError("not implemented"); // TODO
+                    // return returnPassphraseIntent(data, pgpResult.getKeyIdPassphraseNeeded());
                 } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
                         DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
                     throw new PgpGeneralException(
                             "Decryption of symmetric content not supported by API!");
                 } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
                         DecryptVerifyResult.RESULT_PENDING_NFC) {
-
-                    // return PendingIntent to be executed by client
-                    Intent result = new Intent();
-                    result.putExtra(OpenPgpApi.RESULT_INTENT,
-                            getNfcDecryptPendingIntent(data, pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()));
-                    result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
-                    return result;
+                    throw new AssertionError("not implemented"); // TODO
                 } else {
                     throw new PgpGeneralException(
                             "Encountered unhandled type of pending action not supported by API!");
@@ -765,7 +670,6 @@ public class OpenPgpService extends RemoteService {
      * - has supported API version
      * - is allowed to call the service (access has been granted)
      *
-     * @param data
      * @return null if everything is okay, or a Bundle with an error/PendingIntent
      */
     private Intent checkRequirements(Intent data) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
index 471fc0ec9..5cc2607cc 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
@@ -1,6 +1,7 @@
 package org.sufficientlysecure.keychain.service.input;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
 
@@ -56,11 +57,11 @@ public class RequiredInputParcel implements Parcelable {
 
     }
 
-    public long getMasterKeyId() {
+    public Long getMasterKeyId() {
         return mMasterKeyId;
     }
 
-    public long getSubKeyId() {
+    public Long getSubKeyId() {
         return mSubKeyId;
     }
 
@@ -88,7 +89,6 @@ public class RequiredInputParcel implements Parcelable {
                 null, null, req.mSignatureTime, req.mMasterKeyId, req.mSubKeyId);
     }
 
-
     @Override
     public int describeContents() {
         return 0;
@@ -142,10 +142,10 @@ public class RequiredInputParcel implements Parcelable {
         Date mSignatureTime;
         ArrayList<Integer> mSignAlgos = new ArrayList<>();
         ArrayList<byte[]> mInputHashes = new ArrayList<>();
-        long mMasterKeyId;
-        long mSubKeyId;
+        Long mMasterKeyId;
+        Long mSubKeyId;
 
-        public NfcSignOperationsBuilder(Date signatureTime, long masterKeyId, long subKeyId) {
+        public NfcSignOperationsBuilder(Date signatureTime, Long masterKeyId, Long subKeyId) {
             mSignatureTime = signatureTime;
             mMasterKeyId = masterKeyId;
             mSubKeyId = subKeyId;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
index 5227c1477..b632509bb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -66,7 +66,7 @@ public abstract class CryptoOperationFragment extends Fragment {
             case REQUEST_CODE_PASSPHRASE: {
                 if (resultCode == Activity.RESULT_OK && data != null) {
                     CryptoInputParcel cryptoInput =
-                            data.getParcelableExtra(PassphraseDialogActivity.RESULT_DATA);
+                            data.getParcelableExtra(PassphraseDialogActivity.RESULT_CRYPTO_INPUT);
                     cryptoOperation(cryptoInput);
                     return;
                 }
@@ -110,6 +110,10 @@ public abstract class CryptoOperationFragment extends Fragment {
         return false;
     }
 
+    protected void cryptoOperation() {
+        cryptoOperation(new CryptoInputParcel());
+    }
+
     protected abstract void cryptoOperation(CryptoInputParcel cryptoInput);
 
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
index ecc99b348..d1c005868 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
@@ -198,7 +198,7 @@ public class DecryptFilesFragment extends DecryptFragment {
 //        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
 //        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
 //
-//        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+//        intent.putExtra(KeychainIntentService.EXTRA_SERVICE_INTENT, data);
 //
 //        // Message is received after decrypting is done in KeychainIntentService
 //        ServiceProgressHandler saveHandler = new ServiceProgressHandler(
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index f00136d5b..38ad54ad3 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -105,7 +105,7 @@ public abstract class DecryptFragment extends CryptoOperationFragment {
 //        // build PendingIntent for Yubikey NFC operations
 //        Intent intent = new Intent(getActivity(), NfcActivity.class);
 //        intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
-//        intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
+//        intent.putExtra(NfcActivity.EXTRA_SERVICE_INTENT, new Intent()); // not used, only relevant to OpenPgpService
 //        intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId);
 //        intent.putExtra(NfcActivity.EXTRA_PIN, pin);
 //
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
deleted file mode 100644
index bd52d74cf..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package org.sufficientlysecure.keychain.ui;
-
-import android.app.Activity;
-import android.app.ProgressDialog;
-import android.content.Intent;
-import android.os.Bundle;
-import android.os.Message;
-import android.os.Messenger;
-import android.view.View;
-
-import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
-import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
-import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
-import org.sufficientlysecure.keychain.service.KeychainIntentService;
-import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
-import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
-import org.sufficientlysecure.keychain.ui.base.BaseActivity;
-import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
-import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
-import org.sufficientlysecure.keychain.util.Passphrase;
-
-public abstract class EncryptActivity extends BaseActivity {
-
-    public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
-    public static final int REQUEST_CODE_NFC = 0x00008002;
-
-    // For NFC data
-    protected Passphrase mSigningKeyPassphrase = null;
-
-    @Override
-    public void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-
-        setFullScreenDialogClose(new View.OnClickListener() {
-            @Override
-            public void onClick(View v) {
-                setResult(Activity.RESULT_CANCELED);
-                finish();
-            }
-        }, false);
-    }
-
-    protected void startPassphraseDialog(long subkeyId) {
-        Intent intent = new Intent(this, PassphraseDialogActivity.class);
-        intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, subkeyId);
-        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
-    }
-
-    protected void startNfcSign(long keyId, RequiredInputParcel nfcOps) {
-
-        Intent intent = new Intent(this, NfcOperationActivity.class);
-        intent.putExtra(NfcOperationActivity.EXTRA_REQUIRED_INPUT, nfcOps);
-        // TODO respect keyid(?)
-
-        startActivityForResult(intent, REQUEST_CODE_NFC);
-    }
-
-    @Override
-    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
-        switch (requestCode) {
-            case REQUEST_CODE_PASSPHRASE: {
-                if (resultCode == RESULT_OK && data != null) {
-                    mSigningKeyPassphrase = data.getParcelableExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-                    startEncrypt();
-                    return;
-                }
-                break;
-            }
-
-            case REQUEST_CODE_NFC: {
-                if (resultCode == RESULT_OK && data != null) {
-                    CryptoInputParcel cryptoInput =
-                            data.getParcelableExtra(NfcOperationActivity.RESULT_DATA);
-                    startEncrypt(cryptoInput);
-                    return;
-                }
-                break;
-            }
-
-            default: {
-                super.onActivityResult(requestCode, resultCode, data);
-                break;
-            }
-        }
-    }
-
-    public void startEncrypt() {
-        startEncrypt(null);
-    }
-
-    public void startEncrypt(final CryptoInputParcel cryptoInput) {
-        if (!inputIsValid()) {
-            // Notify was created by inputIsValid.
-            return;
-        }
-
-        // Send all information needed to service to edit key in other thread
-        Intent intent = new Intent(this, KeychainIntentService.class);
-        intent.setAction(KeychainIntentService.ACTION_SIGN_ENCRYPT);
-
-        final SignEncryptParcel input = createEncryptBundle();
-
-        Bundle data = new Bundle();
-        data.putParcelable(KeychainIntentService.SIGN_ENCRYPT_PARCEL, input);
-        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
-        intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
-
-        // Message is received after encrypting is done in KeychainIntentService
-        ServiceProgressHandler serviceHandler = new ServiceProgressHandler(
-                this,
-                getString(R.string.progress_encrypting),
-                ProgressDialog.STYLE_HORIZONTAL,
-                ProgressDialogFragment.ServiceType.KEYCHAIN_INTENT) {
-            public void handleMessage(Message message) {
-                // handle messages by standard KeychainIntentServiceHandler first
-                super.handleMessage(message);
-
-                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
-                    SignEncryptResult result =
-                            message.getData().getParcelable(SignEncryptResult.EXTRA_RESULT);
-
-                    PgpSignEncryptResult pgpResult = result.getPending();
-
-                    if (pgpResult != null && pgpResult.isPending()) {
-                        if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
-                                PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) {
-                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-                        } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
-                                PgpSignEncryptResult.RESULT_PENDING_NFC) {
-
-                            RequiredInputParcel parcel = RequiredInputParcel.createNfcSignOperation(
-                                    pgpResult.getNfcHash(),
-                                    pgpResult.getNfcAlgo(),
-                                    cryptoInput.getSignatureTime());
-                            startNfcSign(pgpResult.getNfcKeyId(), parcel);
-
-                        } else {
-                            throw new RuntimeException("Unhandled pending result!");
-                        }
-                        return;
-                    }
-
-                    if (result.success()) {
-                        onEncryptSuccess(result);
-                    } else {
-                        result.createNotify(EncryptActivity.this).show();
-                    }
-
-                    // no matter the result, reset parameters
-                    mSigningKeyPassphrase = null;
-                }
-            }
-        };
-        // Create a new Messenger for the communication back
-        Messenger messenger = new Messenger(serviceHandler);
-        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
-
-        // show progress dialog
-        serviceHandler.showProgressDialog(this);
-
-        // start service with intent
-        startService(intent);
-    }
-
-    protected abstract boolean inputIsValid();
-
-    protected abstract void onEncryptSuccess(SignEncryptResult result);
-
-    protected abstract SignEncryptParcel createEncryptBundle();
-
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 7e4c48e10..b320c8a50 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -363,7 +363,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
     public void startEncrypt(boolean share) {
         mShareAfterEncrypt = share;
-        cryptoOperation(new CryptoInputParcel());
+        cryptoOperation();
     }
 
     public void onEncryptSuccess(final SignEncryptResult result) {
@@ -512,36 +512,11 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
                 if (message.arg1 == MessageStatus.OKAY.ordinal()) {
                     SignEncryptResult result =
                             message.getData().getParcelable(SignEncryptResult.EXTRA_RESULT);
-
-//                    PgpSignEncryptResult pgpResult = result.getPending();
-//
-//                    if (pgpResult != null && pgpResult.isPending()) {
-//                        if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
-//                                PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) {
-//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-//                        } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
-//                                PgpSignEncryptResult.RESULT_PENDING_NFC) {
-//
-//                            RequiredInputParcel parcel = RequiredInputParcel.createNfcSignOperation(
-//                                    pgpResult.getNfcHash(),
-//                                    pgpResult.getNfcAlgo(),
-//                                    input.getSignatureTime());
-//                            startNfcSign(pgpResult.getNfcKeyId(), parcel);
-//
-//                        } else {
-//                            throw new RuntimeException("Unhandled pending result!");
-//                        }
-//                        return;
-//                    }
-
                     if (result.success()) {
                         onEncryptSuccess(result);
                     } else {
                         result.createNotify(getActivity()).show();
                     }
-
-                    // no matter the result, reset parameters
-//                    mSigningKeyPassphrase = null;
                 }
             }
         };
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
index 2ffb29b09..03ab48e23 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java
@@ -160,6 +160,6 @@ public class EncryptTextActivity extends BaseActivity implements
 
     @Override
     public void onPassphraseChanged(Passphrase passphrase) {
-        mEncryptFragment.setPassphrase(passphrase);
+        mEncryptFragment.setSymmetricPassphrase(passphrase);
     }
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
index 7197cf88d..fecc9ef52 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
@@ -37,7 +37,6 @@ import org.spongycastle.bcpg.CompressionAlgorithmTags;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
-import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
 import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
@@ -73,7 +72,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
     private String mEncryptionUserIds[] = null;
     // TODO Constants.key.none? What's wrong with a null value?
     private long mSigningKeyId = Constants.key.none;
-    private Passphrase mPassphrase = new Passphrase();
+    private Passphrase mSymmetricPassphrase = new Passphrase();
     private String mMessage = "";
 
     private TextView mText;
@@ -90,8 +89,8 @@ public class EncryptTextFragment extends CryptoOperationFragment {
         mSigningKeyId = signingKeyId;
     }
 
-    public void setPassphrase(Passphrase passphrase) {
-        mPassphrase = passphrase;
+    public void setSymmetricPassphrase(Passphrase passphrase) {
+        mSymmetricPassphrase = passphrase;
     }
 
     /**
@@ -233,7 +232,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
 
         if (mSymmetricMode) {
             Log.d(Constants.TAG, "Symmetric encryption enabled!");
-            Passphrase passphrase = mPassphrase;
+            Passphrase passphrase = mSymmetricPassphrase;
             if (passphrase.isEmpty()) {
                 passphrase = null;
             }
@@ -241,7 +240,6 @@ public class EncryptTextFragment extends CryptoOperationFragment {
         } else {
             data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
             data.setSignatureMasterKeyId(mSigningKeyId);
-//            data.setSignaturePassphrase(mSigningKeyPassphrase);
         }
         return data;
     }
@@ -296,12 +294,12 @@ public class EncryptTextFragment extends CryptoOperationFragment {
         if (mSymmetricMode) {
             // symmetric encryption checks
 
-            if (mPassphrase == null) {
+            if (mSymmetricPassphrase == null) {
                 Notify.create(getActivity(), R.string.passphrases_do_not_match, Notify.Style.ERROR)
                         .show();
                 return false;
             }
-            if (mPassphrase.isEmpty()) {
+            if (mSymmetricPassphrase.isEmpty()) {
                 Notify.create(getActivity(), R.string.passphrase_must_not_be_empty, Notify.Style.ERROR)
                         .show();
                 return false;
@@ -325,11 +323,7 @@ public class EncryptTextFragment extends CryptoOperationFragment {
 
     public void startEncrypt(boolean share) {
         mShareAfterEncrypt = share;
-        startEncrypt();
-    }
-
-    public void startEncrypt() {
-        cryptoOperation(null);
+        cryptoOperation();
     }
 
     @Override
@@ -359,45 +353,19 @@ public class EncryptTextFragment extends CryptoOperationFragment {
                 // handle messages by standard KeychainIntentServiceHandler first
                 super.handleMessage(message);
 
-                // TODO: We need a InputPendingResult!
-//                // handle pending messages
-//                if (handlePendingMessage(message)) {
-//                    return;
-//                }
+                if (handlePendingMessage(message)) {
+                    return;
+                }
 
                 if (message.arg1 == MessageStatus.OKAY.ordinal()) {
                     SignEncryptResult result =
                             message.getData().getParcelable(SignEncryptResult.EXTRA_RESULT);
 
-                    PgpSignEncryptResult pgpResult = result.getPending();
-
-//                    if (pgpResult != null && pgpResult.isPending()) {
-//                        if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) ==
-//                                PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE) {
-//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-//                        } else if ((pgpResult.getResult() & PgpSignEncryptResult.RESULT_PENDING_NFC) ==
-//                                PgpSignEncryptResult.RESULT_PENDING_NFC) {
-//
-//                            RequiredInputParcel parcel = RequiredInputParcel.createNfcSignOperation(
-//                                    pgpResult.getNfcHash(),
-//                                    pgpResult.getNfcAlgo(),
-//                                    input.getSignatureTime());
-//                            startNfcSign(pgpResult.getNfcKeyId(), parcel);
-//
-//                        } else {
-//                            throw new RuntimeException("Unhandled pending result!");
-//                        }
-//                        return;
-//                    }
-
                     if (result.success()) {
                         onEncryptSuccess(result);
                     } else {
                         result.createNotify(getActivity()).show();
                     }
-
-                    // no matter the result, reset parameters
-//                    mSigningKeyPassphrase = null;
                 }
             }
         };
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
index 57acf3e93..1cb5a41a7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
@@ -100,7 +100,7 @@ public class NfcActivity extends BaseActivity {
                 Log.d(Constants.TAG, "NfcActivity mAction: " + mAction);
                 Log.d(Constants.TAG, "NfcActivity mPin: " + mPin);
                 Log.d(Constants.TAG, "NfcActivity mHashToSign as hex: " + getHex(mHashToSign));
-                Log.d(Constants.TAG, "NfcActivity mServiceIntent: " + mServiceIntent.toString());
+                Log.d(Constants.TAG, "NfcActivity mServiceIntent: " + mServiceIntent);
                 break;
             case ACTION_DECRYPT_SESSION_KEY:
                 mAction = action;
@@ -111,7 +111,7 @@ public class NfcActivity extends BaseActivity {
                 Log.d(Constants.TAG, "NfcActivity mAction: " + mAction);
                 Log.d(Constants.TAG, "NfcActivity mPin: " + mPin);
                 Log.d(Constants.TAG, "NfcActivity mEncryptedSessionKey as hex: " + getHex(mEncryptedSessionKey));
-                Log.d(Constants.TAG, "NfcActivity mServiceIntent: " + mServiceIntent.toString());
+                Log.d(Constants.TAG, "NfcActivity mServiceIntent: " + mServiceIntent);
                 break;
             case NfcAdapter.ACTION_TAG_DISCOVERED:
                 Log.e(Constants.TAG, "This should not happen! NfcActivity.onCreate() is being called instead of onNewIntent()!");
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index 511183b04..d70b0aad1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -10,8 +10,10 @@ import android.annotation.TargetApi;
 import android.content.Intent;
 import android.os.Build;
 import android.os.Bundle;
+import android.os.Parcelable;
 import android.view.WindowManager;
 
+import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
@@ -34,9 +36,13 @@ public class NfcOperationActivity extends BaseNfcActivity {
 
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
 
+    // passthrough for OpenPgpService
+    public static final String EXTRA_SERVICE_INTENT = "data";
+
     public static final String RESULT_DATA = "result_data";
 
-    RequiredInputParcel mRequiredInput;
+    private RequiredInputParcel mRequiredInput;
+    private Intent mServiceIntent;
 
     @Override
     protected void onCreate(Bundle savedInstanceState) {
@@ -49,6 +55,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
         Bundle data = intent.getExtras();
 
         mRequiredInput = data.getParcelable(EXTRA_REQUIRED_INPUT);
+        mServiceIntent = data.getParcelable(EXTRA_SERVICE_INTENT);
 
         // obtain passphrase for this subkey
         obtainYubikeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
@@ -84,10 +91,15 @@ public class NfcOperationActivity extends BaseNfcActivity {
                 break;
         }
 
-        // give data through for new service call
-        Intent result = new Intent();
-        result.putExtra(NfcOperationActivity.RESULT_DATA, resultData);
-        setResult(RESULT_OK, result);
+        if (mServiceIntent != null) {
+            mServiceIntent.putExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT, resultData);
+            setResult(RESULT_OK, mServiceIntent);
+        } else {
+            Intent result = new Intent();
+            result.putExtra(NfcOperationActivity.RESULT_DATA, resultData);
+            setResult(RESULT_OK, result);
+        }
+
         finish();
 
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index 9e04426eb..c1771ce57 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -41,7 +41,7 @@ import android.widget.EditText;
 import android.widget.TextView;
 import android.widget.Toast;
 
-import junit.framework.Assert;
+import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
@@ -67,14 +67,13 @@ import org.sufficientlysecure.keychain.util.Preferences;
  * This activity encapsulates a DialogFragment to emulate a dialog.
  */
 public class PassphraseDialogActivity extends FragmentActivity {
-    public static final String MESSAGE_DATA_PASSPHRASE = "passphrase";
-    public static final String RESULT_DATA = "result_data";
+    public static final String RESULT_CRYPTO_INPUT = "result_data";
 
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
     public static final String EXTRA_SUBKEY_ID = "secret_key_id";
 
     // special extra for OpenPgpService
-    public static final String EXTRA_DATA = "data";
+    public static final String EXTRA_SERVICE_INTENT = "data";
 
     private static final int REQUEST_CODE_ENTER_PATTERN = 2;
 
@@ -104,7 +103,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
             keyId = requiredInput.getSubKeyId();
         }
 
-        Intent serviceIntent = getIntent().getParcelableExtra(EXTRA_DATA);
+        Intent serviceIntent = getIntent().getParcelableExtra(EXTRA_SERVICE_INTENT);
 
         show(this, keyId, serviceIntent);
     }
@@ -155,7 +154,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
                 PassphraseDialogFragment frag = new PassphraseDialogFragment();
                 Bundle args = new Bundle();
                 args.putLong(EXTRA_SUBKEY_ID, keyId);
-                args.putParcelable(EXTRA_DATA, serviceIntent);
+                args.putParcelable(EXTRA_SERVICE_INTENT, serviceIntent);
 
                 frag.setArguments(args);
 
@@ -188,7 +187,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
                     R.style.Theme_AppCompat_Light_Dialog);
 
             mSubKeyId = getArguments().getLong(EXTRA_SUBKEY_ID);
-            mServiceIntent = getArguments().getParcelable(EXTRA_DATA);
+            mServiceIntent = getArguments().getParcelable(EXTRA_SERVICE_INTENT);
 
             CustomAlertDialogBuilder alert = new CustomAlertDialogBuilder(theme);
 
@@ -418,15 +417,13 @@ public class PassphraseDialogActivity extends FragmentActivity {
             }
 
             if (mServiceIntent != null) {
-                // TODO: Not routing passphrase through OpenPGP API currently
-                // due to security concerns...
-                // BUT this means you need to _cache_ passphrases!
+                // TODO really pass this through the PendingIntent?
+                mServiceIntent.putExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT, new CryptoInputParcel(null, passphrase));
                 getActivity().setResult(RESULT_OK, mServiceIntent);
             } else {
                 // also return passphrase back to activity
                 Intent returnIntent = new Intent();
-                returnIntent.putExtra(MESSAGE_DATA_PASSPHRASE, passphrase);
-                returnIntent.putExtra(RESULT_DATA, new CryptoInputParcel(null, passphrase));
+                returnIntent.putExtra(RESULT_CRYPTO_INPUT, new CryptoInputParcel(null, passphrase));
                 getActivity().setResult(RESULT_OK, returnIntent);
             }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index a8a5a1f28..0b22ecdaf 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -130,7 +130,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
     protected void onActivityResult(int requestCode, int resultCode, Intent data) {
         switch (requestCode) {
             case REQUEST_CODE_PASSPHRASE:
-                CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_DATA);
+                CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_CRYPTO_INPUT);
                 mPin = input.getPassphrase();
                 break;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/KeyUpdateHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/KeyUpdateHelper.java
index 943b913d7..3bbd86d6a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/KeyUpdateHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/KeyUpdateHelper.java
@@ -57,7 +57,7 @@ public class KeyUpdateHelper {
                 Bundle importData = new Bundle();
                 importData.putParcelableArrayList(KeychainIntentService.DOWNLOAD_KEY_LIST,
                         new ArrayList<ImportKeysListEntry>(keys));
-                importIntent.putExtra(KeychainIntentService.EXTRA_DATA, importData);
+                importIntent.putExtra(KeychainIntentService.EXTRA_SERVICE_INTENT, importData);
 
                 importIntent.putExtra(KeychainIntentService.EXTRA_MESSENGER, new Messenger(mHandler));
 
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 78940aa9e..6d29ce3fd 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1048,7 +1048,6 @@
     <string name="msg_se_error_input_uri_not_found">"Error opening URI for reading!"</string>
     <string name="msg_se_error_output_uri_not_found">"Error opening URI for writing!"</string>
     <string name="msg_se_error_too_many_inputs">"More inputs than outputs specified! This is probably a programming error, please report!"</string>
-    <string name="msg_se_warn_output_left">"Got outputs left but no inputs. This is probably a programming error, please report!"</string>
     <string name="msg_se_success">"Sign/encrypt operation successful"</string>
 
     <!-- Messages for PgpSignEncrypt operation -->

From b0a51e7dd30b7f921d575e1e360670cbfed7be6c Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Mon, 30 Mar 2015 23:39:36 +0200
Subject: [PATCH 39/80] remove unused NfcActivity

---
 OpenKeychain/src/main/AndroidManifest.xml     |   6 -
 .../keychain/ui/EncryptFilesFragment.java     |  10 +-
 .../keychain/ui/NfcActivity.java              | 569 ------------------
 3 files changed, 5 insertions(+), 580 deletions(-)
 delete mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java

diff --git a/OpenKeychain/src/main/AndroidManifest.xml b/OpenKeychain/src/main/AndroidManifest.xml
index b92d49d28..9b52bb788 100644
--- a/OpenKeychain/src/main/AndroidManifest.xml
+++ b/OpenKeychain/src/main/AndroidManifest.xml
@@ -670,12 +670,6 @@
               restarts the activity with onCreate() instead of calling onNewIntent().
               taskAffinity and allowTaskReparenting somehow prevents this from happening!
          -->
-        <activity
-            android:name=".ui.NfcActivity"
-            android:launchMode="singleTop"
-            android:taskAffinity=":Nfc"
-            android:allowTaskReparenting="true" />
-
         <activity
             android:name=".ui.NfcOperationActivity"
             android:launchMode="singleTop"
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index b320c8a50..7c52798dd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -361,11 +361,6 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         return true;
     }
 
-    public void startEncrypt(boolean share) {
-        mShareAfterEncrypt = share;
-        cryptoOperation();
-    }
-
     public void onEncryptSuccess(final SignEncryptResult result) {
         if (mDeleteAfterEncrypt) {
             final Uri[] inputUris = mInputUris.toArray(new Uri[mInputUris.size()]);
@@ -472,6 +467,11 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         return sendIntent;
     }
 
+    public void startEncrypt(boolean share) {
+        mShareAfterEncrypt = share;
+        cryptoOperation();
+    }
+
     @Override
     protected void cryptoOperation(CryptoInputParcel cryptoInput) {
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
deleted file mode 100644
index 1cb5a41a7..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
+++ /dev/null
@@ -1,569 +0,0 @@
-/**
- * Copyright (c) 2013-2014 Philipp Jakubeit, Signe Rüsch, Dominik Schürmann
- *
- * Licensed under the Bouncy Castle License (MIT license). See LICENSE file for details.
- */
-
-package org.sufficientlysecure.keychain.ui;
-
-import android.annotation.TargetApi;
-import android.app.PendingIntent;
-import android.content.Intent;
-import android.content.IntentFilter;
-import android.nfc.NfcAdapter;
-import android.nfc.Tag;
-import android.nfc.tech.IsoDep;
-import android.os.Build;
-import android.os.Bundle;
-import android.view.WindowManager;
-import android.widget.Toast;
-
-import org.spongycastle.bcpg.HashAlgorithmTags;
-import org.spongycastle.util.encoders.Hex;
-import org.sufficientlysecure.keychain.Constants;
-import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.ui.base.BaseActivity;
-import org.sufficientlysecure.keychain.util.Iso7816TLV;
-import org.sufficientlysecure.keychain.util.Log;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
-
-/**
- * This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
- * NFC devices.
- *
- * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
- */
-@TargetApi(Build.VERSION_CODES.GINGERBREAD_MR1)
-public class NfcActivity extends BaseActivity {
-
-    // actions
-    public static final String ACTION_SIGN_HASH = "sign_hash";
-    public static final String ACTION_DECRYPT_SESSION_KEY = "decrypt_session_key";
-
-    // always
-    public static final String EXTRA_KEY_ID = "key_id";
-    public static final String EXTRA_PIN = "pin";
-    // special extra for OpenPgpService
-    public static final String EXTRA_DATA = "data";
-
-    // sign
-    public static final String EXTRA_NFC_HASH_TO_SIGN = "nfc_hash";
-    public static final String EXTRA_NFC_HASH_ALGO = "nfc_hash_algo";
-
-    // decrypt
-    public static final String EXTRA_NFC_ENC_SESSION_KEY = "encrypted_session_key";
-
-    private Intent mServiceIntent;
-
-    private static final int TIMEOUT = 100000;
-
-    private NfcAdapter mNfcAdapter;
-    private IsoDep mIsoDep;
-    private String mAction;
-
-    private String mPin;
-    private Long mKeyId;
-
-    // sign
-    private byte[] mHashToSign;
-    private int mHashAlgo;
-
-    // decrypt
-    private byte[] mEncryptedSessionKey;
-
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        Log.d(Constants.TAG, "NfcActivity.onCreate");
-
-        getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
-
-        Intent intent = getIntent();
-        Bundle data = intent.getExtras();
-        String action = intent.getAction();
-
-        // if we get are passed a key id, save it for the check
-        if (data.containsKey(EXTRA_KEY_ID)) {
-            mKeyId = data.getLong(EXTRA_KEY_ID);
-        }
-
-        switch (action) {
-            case ACTION_SIGN_HASH:
-                mAction = action;
-                mPin = data.getString(EXTRA_PIN);
-                mHashToSign = data.getByteArray(EXTRA_NFC_HASH_TO_SIGN);
-                mHashAlgo = data.getInt(EXTRA_NFC_HASH_ALGO);
-                mServiceIntent = data.getParcelable(EXTRA_DATA);
-
-                Log.d(Constants.TAG, "NfcActivity mAction: " + mAction);
-                Log.d(Constants.TAG, "NfcActivity mPin: " + mPin);
-                Log.d(Constants.TAG, "NfcActivity mHashToSign as hex: " + getHex(mHashToSign));
-                Log.d(Constants.TAG, "NfcActivity mServiceIntent: " + mServiceIntent);
-                break;
-            case ACTION_DECRYPT_SESSION_KEY:
-                mAction = action;
-                mPin = data.getString(EXTRA_PIN);
-                mEncryptedSessionKey = data.getByteArray(EXTRA_NFC_ENC_SESSION_KEY);
-                mServiceIntent = data.getParcelable(EXTRA_DATA);
-
-                Log.d(Constants.TAG, "NfcActivity mAction: " + mAction);
-                Log.d(Constants.TAG, "NfcActivity mPin: " + mPin);
-                Log.d(Constants.TAG, "NfcActivity mEncryptedSessionKey as hex: " + getHex(mEncryptedSessionKey));
-                Log.d(Constants.TAG, "NfcActivity mServiceIntent: " + mServiceIntent);
-                break;
-            case NfcAdapter.ACTION_TAG_DISCOVERED:
-                Log.e(Constants.TAG, "This should not happen! NfcActivity.onCreate() is being called instead of onNewIntent()!");
-                toast("This should not happen! Please create a new bug report that the NFC screen is restarted!");
-                finish();
-                break;
-            default:
-                Log.d(Constants.TAG, "Action not supported: " + action);
-                break;
-        }
-    }
-
-    @Override
-    protected void initLayout() {
-        setContentView(R.layout.nfc_activity);
-    }
-
-    /**
-     * Called when the system is about to start resuming a previous activity,
-     * disables NFC Foreground Dispatch
-     */
-    public void onPause() {
-        super.onPause();
-        Log.d(Constants.TAG, "NfcActivity.onPause");
-
-        disableNfcForegroundDispatch();
-    }
-
-    /**
-     * Called when the activity will start interacting with the user,
-     * enables NFC Foreground Dispatch
-     */
-    public void onResume() {
-        super.onResume();
-        Log.d(Constants.TAG, "NfcActivity.onResume");
-
-        enableNfcForegroundDispatch();
-    }
-
-    /**
-     * This activity is started as a singleTop activity.
-     * All new NFC Intents which are delivered to this activity are handled here
-     */
-    public void onNewIntent(Intent intent) {
-        if (NfcAdapter.ACTION_TAG_DISCOVERED.equals(intent.getAction())) {
-            try {
-                handleNdefDiscoveredIntent(intent);
-            } catch (IOException e) {
-                Log.e(Constants.TAG, "Connection error!", e);
-                toast("Connection Error: " + e.getMessage());
-                setResult(RESULT_CANCELED, mServiceIntent);
-                finish();
-            }
-        }
-    }
-
-    /** Handle NFC communication and return a result.
-     *
-     * This method is called by onNewIntent above upon discovery of an NFC tag.
-     * It handles initialization and login to the application, subsequently
-     * calls either nfcCalculateSignature() or nfcDecryptSessionKey(), then
-     * finishes the activity with an appropiate result.
-     *
-     * On general communication, see also
-     * http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-a.aspx
-     *
-     * References to pages are generally related to the OpenPGP Application
-     * on ISO SmartCard Systems specification.
-     *
-     */
-    private void handleNdefDiscoveredIntent(Intent intent) throws IOException {
-
-        Tag detectedTag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
-
-        // Connect to the detected tag, setting a couple of settings
-        mIsoDep = IsoDep.get(detectedTag);
-        mIsoDep.setTimeout(TIMEOUT); // timeout is set to 100 seconds to avoid cancellation during calculation
-        mIsoDep.connect();
-
-        // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
-        // See specification, page 51
-        String accepted = "9000";
-
-        // Command APDU (page 51) for SELECT FILE command (page 29)
-        String opening =
-                  "00" // CLA
-                + "A4" // INS
-                + "04" // P1
-                + "00" // P2
-                + "06" // Lc (number of bytes)
-                + "D27600012401" // Data (6 bytes)
-                + "00"; // Le
-        if ( ! card(opening).equals(accepted)) { // activate connection
-            toast("Opening Error!");
-            setResult(RESULT_CANCELED, mServiceIntent);
-            finish();
-            return;
-        }
-
-        // Command APDU for VERIFY command (page 32)
-        String login =
-              "00" // CLA
-            + "20" // INS
-            + "00" // P1
-            + "82" // P2 (PW1)
-            + String.format("%02x", mPin.length()) // Lc
-            + Hex.toHexString(mPin.getBytes());
-        if ( ! card(login).equals(accepted)) { // login
-            toast("Wrong PIN!");
-            setResult(RESULT_CANCELED, mServiceIntent);
-            finish();
-            return;
-        }
-
-        if (ACTION_SIGN_HASH.equals(mAction)) {
-
-            // If we were supplied with a key id for checking, do so
-            if (mKeyId != null) {
-                // For signing, we check the master key
-                long keyId = nfcGetKeyId(mIsoDep, 0);
-                // If it's wrong, just cancel
-                if (keyId != mKeyId) {
-                    toast("NFC Tag has wrong signing key id!");
-                    setResult(RESULT_CANCELED, mServiceIntent);
-                    finish();
-                    return;
-                }
-            }
-
-            // returns signed hash
-            byte[] signedHash = nfcCalculateSignature(mHashToSign, mHashAlgo);
-
-            if (signedHash == null) {
-                setResult(RESULT_CANCELED, mServiceIntent);
-                finish();
-                return;
-            }
-
-            Log.d(Constants.TAG, "NfcActivity signedHash as hex: " + getHex(signedHash));
-
-            // give data through for new service call
-            // OpenPgpApi.EXTRA_NFC_SIGNED_HASH
-            mServiceIntent.putExtra("nfc_signed_hash", signedHash);
-            setResult(RESULT_OK, mServiceIntent);
-            finish();
-
-        } else if (ACTION_DECRYPT_SESSION_KEY.equals(mAction)) {
-
-            // If we were supplied with a key id for checking, do so
-            if (mKeyId != null) {
-                // For decryption, we check the confidentiality key
-                long keyId = nfcGetKeyId(mIsoDep, 1);
-                // If it's wrong, just cancel
-                if (keyId != mKeyId) {
-                    toast("NFC Tag has wrong encryption key id!");
-                    setResult(RESULT_CANCELED, mServiceIntent);
-                    finish();
-                    return;
-                }
-            }
-
-            byte[] decryptedSessionKey = nfcDecryptSessionKey(mEncryptedSessionKey);
-
-            // give data through for new service call
-            // OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY
-            mServiceIntent.putExtra("nfc_decrypted_session_key", decryptedSessionKey);
-            setResult(RESULT_OK, mServiceIntent);
-            finish();
-        }
-
-    }
-
-    /**
-     * Gets the user ID
-     *
-     * @return the user id as "name <email>"
-     * @throws java.io.IOException
-     */
-    public String getUserId() throws IOException {
-        String info = "00CA006500";
-        String data = "00CA005E00";
-        return getName(card(info)) + " <" + (new String(Hex.decode(getDataField(card(data))))) + ">";
-    }
-
-    /** Return the key id from application specific data stored on tag, or null
-     * if it doesn't exist.
-     *
-     * @param idx Index of the key to return the fingerprint from.
-     * @return The long key id of the requested key, or null if not found.
-     */
-    public static Long nfcGetKeyId(IsoDep isoDep, int idx) throws IOException {
-        byte[] fp = nfcGetFingerprint(isoDep, idx);
-        if (fp == null) {
-            return null;
-        }
-        ByteBuffer buf = ByteBuffer.wrap(fp);
-        // skip first 12 bytes of the fingerprint
-        buf.position(12);
-        // the last eight bytes are the key id (big endian, which is default order in ByteBuffer)
-        return buf.getLong();
-    }
-
-    /** Return fingerprints of all keys from application specific data stored
-     * on tag, or null if data not available.
-     *
-     * @return The fingerprints of all subkeys in a contiguous byte array.
-     */
-    public static byte[] nfcGetFingerprints(IsoDep isoDep) throws IOException {
-        String data = "00CA006E00";
-        byte[] buf = isoDep.transceive(Hex.decode(data));
-
-        Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true);
-        Log.d(Constants.TAG, "nfc tlv data:\n" + tlv.prettyPrint());
-
-        Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5);
-        if (fptlv == null) {
-            return null;
-        }
-
-        return fptlv.mV;
-    }
-
-    /** Return the fingerprint from application specific data stored on tag, or
-     * null if it doesn't exist.
-     *
-     * @param idx Index of the key to return the fingerprint from.
-     * @return The fingerprint of the requested key, or null if not found.
-     */
-    public static byte[] nfcGetFingerprint(IsoDep isoDep, int idx) throws IOException {
-        byte[] data = nfcGetFingerprints(isoDep);
-
-        // return the master key fingerprint
-        ByteBuffer fpbuf = ByteBuffer.wrap(data);
-        byte[] fp = new byte[20];
-        fpbuf.position(idx*20);
-        fpbuf.get(fp, 0, 20);
-
-        return fp;
-    }
-
-    /**
-     * Calls to calculate the signature and returns the MPI value
-     *
-     * @param hash the hash for signing
-     * @return a big integer representing the MPI for the given hash
-     * @throws java.io.IOException
-     */
-    public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
-
-        // dsi, including Lc
-        String dsi;
-
-        Log.i(Constants.TAG, "Hash: " + hashAlgo);
-        switch (hashAlgo) {
-            case HashAlgorithmTags.SHA1:
-                if (hash.length != 20) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 10!");
-                }
-                dsi = "23" // Lc
-                        + "3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
-                        + "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes
-                        + "0605" + "2B0E03021A" // OID of SHA1
-                        + "0500" // TLV coding of ZERO
-                        + "0414" + getHex(hash); // 0x14 are 20 hash bytes
-                break;
-            case HashAlgorithmTags.RIPEMD160:
-                if (hash.length != 20) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 20!");
-                }
-                dsi = "233021300906052B2403020105000414" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA224:
-                if (hash.length != 28) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 28!");
-                }
-                dsi = "2F302D300D06096086480165030402040500041C" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA256:
-                if (hash.length != 32) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 32!");
-                }
-                dsi = "333031300D060960864801650304020105000420" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA384:
-                if (hash.length != 48) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 48!");
-                }
-                dsi = "433041300D060960864801650304020205000430" + getHex(hash);
-                break;
-            case HashAlgorithmTags.SHA512:
-                if (hash.length != 64) {
-                    throw new RuntimeException("Bad hash length (" + hash.length + ", expected 64!");
-                }
-                dsi = "533051300D060960864801650304020305000440" + getHex(hash);
-                break;
-            default:
-                throw new RuntimeException("Not supported hash algo!");
-        }
-
-        // Command APDU for PERFORM SECURITY OPERATION: COMPUTE DIGITAL SIGNATURE (page 37)
-        String apdu  =
-                  "002A9E9A" // CLA, INS, P1, P2
-                + dsi // digital signature input
-                + "00"; // Le
-
-        String response = card(apdu);
-
-        // split up response into signature and status
-        String status = response.substring(response.length()-4);
-        String signature = response.substring(0, response.length() - 4);
-
-        // while we are getting 0x61 status codes, retrieve more data
-        while (status.substring(0, 2).equals("61")) {
-            Log.d(Constants.TAG, "requesting more data, status " + status);
-            // Send GET RESPONSE command
-            response = card("00C00000" + status.substring(2));
-            status = response.substring(response.length()-4);
-            signature += response.substring(0, response.length()-4);
-        }
-
-        Log.d(Constants.TAG, "final response:" + status);
-
-        if ( ! status.equals("9000")) {
-            toast("Bad NFC response code: " + status);
-            return null;
-        }
-
-        // Make sure the signature we received is actually the expected number of bytes long!
-        if (signature.length() != 256 && signature.length() != 512) {
-            toast("Bad signature length! Expected 128 or 256 bytes, got " + signature.length() / 2);
-            return null;
-        }
-
-        return Hex.decode(signature);
-    }
-
-    /**
-     * Calls to calculate the signature and returns the MPI value
-     *
-     * @param encryptedSessionKey the encoded session key
-     * @return the decoded session key
-     * @throws java.io.IOException
-     */
-    public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
-        String firstApdu = "102a8086fe";
-        String secondApdu = "002a808603";
-        String le = "00";
-
-        byte[] one = new byte[254];
-        // leave out first byte:
-        System.arraycopy(encryptedSessionKey, 1, one, 0, one.length);
-
-        byte[] two = new byte[encryptedSessionKey.length - 1 - one.length];
-        for (int i = 0; i < two.length; i++) {
-            two[i] = encryptedSessionKey[i + one.length + 1];
-        }
-
-        String first = card(firstApdu + getHex(one));
-        String second = card(secondApdu + getHex(two) + le);
-
-        String decryptedSessionKey = getDataField(second);
-
-        Log.d(Constants.TAG, "decryptedSessionKey: " + decryptedSessionKey);
-
-        return Hex.decode(decryptedSessionKey);
-    }
-
-    /**
-     * Prints a message to the screen
-     *
-     * @param text the text which should be contained within the toast
-     */
-    private void toast(String text) {
-        Toast.makeText(this, text, Toast.LENGTH_LONG).show();
-    }
-
-    /**
-     * Receive new NFC Intents to this activity only by enabling foreground dispatch.
-     * This can only be done in onResume!
-     */
-    public void enableNfcForegroundDispatch() {
-        mNfcAdapter = NfcAdapter.getDefaultAdapter(this);
-        Intent nfcI = new Intent(this, NfcActivity.class)
-                .addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
-        PendingIntent nfcPendingIntent = PendingIntent.getActivity(this, 0, nfcI, PendingIntent.FLAG_CANCEL_CURRENT);
-        IntentFilter[] writeTagFilters = new IntentFilter[]{
-                new IntentFilter(NfcAdapter.ACTION_TAG_DISCOVERED)
-        };
-
-        // https://code.google.com/p/android/issues/detail?id=62918
-        // maybe mNfcAdapter.enableReaderMode(); ?
-        try {
-            mNfcAdapter.enableForegroundDispatch(this, nfcPendingIntent, writeTagFilters, null);
-        } catch (IllegalStateException e) {
-            Log.i(Constants.TAG, "NfcForegroundDispatch Error!", e);
-        }
-        Log.d(Constants.TAG, "NfcForegroundDispatch has been enabled!");
-    }
-
-    /**
-     * Disable foreground dispatch in onPause!
-     */
-    public void disableNfcForegroundDispatch() {
-        mNfcAdapter.disableForegroundDispatch(this);
-        Log.d(Constants.TAG, "NfcForegroundDispatch has been disabled!");
-    }
-
-    /**
-     * Gets the name of the user out of the raw card output regarding card holder related data
-     *
-     * @param name the raw card holder related data from the card
-     * @return the name given in this data
-     */
-    public String getName(String name) {
-        String slength;
-        int ilength;
-        name = name.substring(6);
-        slength = name.substring(0, 2);
-        ilength = Integer.parseInt(slength, 16) * 2;
-        name = name.substring(2, ilength + 2);
-        name = (new String(Hex.decode(name))).replace('<', ' ');
-        return (name);
-    }
-
-    /**
-     * Reduces the raw data from the card by four characters
-     *
-     * @param output the raw data from the card
-     * @return the data field of that data
-     */
-    private String getDataField(String output) {
-        return output.substring(0, output.length() - 4);
-    }
-
-    /**
-     * Communicates with the OpenPgpCard via the APDU
-     *
-     * @param hex the hexadecimal APDU
-     * @return The answer from the card
-     * @throws java.io.IOException throws an exception if something goes wrong
-     */
-    public String card(String hex) throws IOException {
-        return getHex(mIsoDep.transceive(Hex.decode(hex)));
-    }
-
-    /**
-     * Converts a byte array into an hex string
-     *
-     * @param raw the byte array representation
-     * @return the  hexadecimal string representation
-     */
-    public static String getHex(byte[] raw) {
-        return new String(Hex.encode(raw));
-    }
-}

From 6cc7b6141a42870840a290455e16d7e599fa3469 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Mon, 30 Mar 2015 23:56:09 +0200
Subject: [PATCH 40/80] update OpenPgpApi, re-add EXTRA_PASSPHRASE

---
 .../keychain/remote/OpenPgpService.java             | 13 +++++++++++++
 extern/openpgp-api-lib                              |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 4760412ea..e6b3a2167 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -56,6 +56,7 @@ import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
 import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -242,6 +243,10 @@ public class OpenPgpService extends RemoteService {
             InputData inputData = new InputData(is, inputLength);
 
             CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
+            if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
+                cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
+                        new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
+            }
 
             // sign-only
             PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
@@ -374,6 +379,10 @@ public class OpenPgpService extends RemoteService {
             }
 
             CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
+            if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
+                cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
+                        new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
+            }
 
             PgpSignEncryptOperation op = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
 
@@ -455,6 +464,10 @@ public class OpenPgpService extends RemoteService {
             );
 
             CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
+            if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
+                cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
+                        new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
+            }
 
             byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
 
diff --git a/extern/openpgp-api-lib b/extern/openpgp-api-lib
index 9abb91d3a..97cf30e5b 160000
--- a/extern/openpgp-api-lib
+++ b/extern/openpgp-api-lib
@@ -1 +1 @@
-Subproject commit 9abb91d3a69964a547f26aa1d56de233e75c4410
+Subproject commit 97cf30e5b9190d06aba29ad08426bbfeb2ab3a28

From aea52f2e6f5463b0a957a36a14604d56b342069c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 31 Mar 2015 00:24:08 +0200
Subject: [PATCH 41/80] Simplify passphrase dialog design

---
 .../keychain/ui/PassphraseDialogActivity.java                | 5 +++--
 OpenKeychain/src/main/res/layout/passphrase_dialog.xml       | 1 -
 OpenKeychain/src/main/res/values/strings.xml                 | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index c1771ce57..c75e188a8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -191,7 +191,8 @@ public class PassphraseDialogActivity extends FragmentActivity {
 
             CustomAlertDialogBuilder alert = new CustomAlertDialogBuilder(theme);
 
-            alert.setTitle(R.string.title_unlock);
+            // No title, see http://www.google.com/design/spec/components/dialogs.html#dialogs-alerts
+            //alert.setTitle()
 
             LayoutInflater inflater = LayoutInflater.from(theme);
             View view = inflater.inflate(R.layout.passphrase_dialog, null);
@@ -319,7 +320,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
 
             AlertDialog dialog = alert.create();
             dialog.setButton(DialogInterface.BUTTON_POSITIVE,
-                    activity.getString(android.R.string.ok), (DialogInterface.OnClickListener) null);
+                    activity.getString(R.string.btn_unlock), (DialogInterface.OnClickListener) null);
 
             return dialog;
         }
diff --git a/OpenKeychain/src/main/res/layout/passphrase_dialog.xml b/OpenKeychain/src/main/res/layout/passphrase_dialog.xml
index d2e85633f..a2e6af27c 100644
--- a/OpenKeychain/src/main/res/layout/passphrase_dialog.xml
+++ b/OpenKeychain/src/main/res/layout/passphrase_dialog.xml
@@ -26,7 +26,6 @@
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
             android:layout_marginTop="8dp"
-            android:layout_marginBottom="8dp"
             android:imeOptions="actionDone"
             android:hint="@string/label_passphrase"
             android:ems="10"
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 6d29ce3fd..8d148c8fe 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -12,7 +12,6 @@
     <string name="title_encrypt_text">"Encrypt"</string>
     <string name="title_encrypt_files">"Encrypt"</string>
     <string name="title_decrypt">"Decrypt"</string>
-    <string name="title_unlock">"Unlock Key"</string>
     <string name="title_add_subkey">"Add subkey"</string>
     <string name="title_edit_key">"Edit Key"</string>
     <string name="title_preferences">"Settings"</string>
@@ -86,6 +85,7 @@
     <string name="btn_encrypt_files">"Encrypt files"</string>
     <string name="btn_encrypt_text">"Encrypt text"</string>
     <string name="btn_add_email">"Add additional email address"</string>
+    <string name="btn_unlock">"Unlock"</string>
 
     <!-- menu -->
     <string name="menu_preferences">"Settings"</string>

From 8bd8267a47bbc86fc534858be68de43e9ecb8eec Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Tue, 31 Mar 2015 00:28:24 +0200
Subject: [PATCH 42/80] work on passphrase data flow

---
 .../keychain/pgp/PgpSignEncryptOperation.java | 44 ++++++++++++++-----
 .../keychain/ui/CryptoOperationFragment.java  |  9 ++++
 .../keychain/ui/PassphraseDialogActivity.java |  3 +-
 .../keychain/ui/base/BaseNfcActivity.java     |  6 +++
 4 files changed, 50 insertions(+), 12 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index 0b22df790..f6959ffb3 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -50,6 +50,7 @@ import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 
 import java.io.BufferedReader;
@@ -164,18 +165,41 @@ public class PgpSignEncryptOperation extends BaseOperation {
                     return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
                 }
 
-                if (signingKey.getSecretKeyType() != SecretKeyType.DIVERT_TO_CARD) {
-                    if (cryptoInput.getPassphrase() == null) {
-                        log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
-                        return new PgpSignEncryptResult(log, RequiredInputParcel.createRequiredPassphrase(
-                                signingKeyRing.getMasterKeyId(), signingKey.getKeyId(),
-                                cryptoInput.getSignatureTime()));
+                switch (signingKey.getSecretKeyType()) {
+                    case DIVERT_TO_CARD:
+                    case PASSPHRASE_EMPTY: {
+                        if (!signingKey.unlock(new Passphrase())) {
+                            throw new AssertionError(
+                                    "PASSPHRASE_EMPTY/DIVERT_TO_CARD keyphrase not unlocked with empty passphrase."
+                                            + " This is a programming error!");
+                        }
+                        break;
+                    }
+
+                    case PIN:
+                    case PATTERN:
+                    case PASSPHRASE: {
+                        if (cryptoInput.getPassphrase() == null) {
+                            log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
+                            return new PgpSignEncryptResult(log, RequiredInputParcel.createRequiredPassphrase(
+                                    signingKeyRing.getMasterKeyId(), signingKey.getKeyId(),
+                                    cryptoInput.getSignatureTime()));
+                        }
+                        if (!signingKey.unlock(cryptoInput.getPassphrase())) {
+                            log.add(LogType.MSG_PSE_ERROR_BAD_PASSPHRASE, indent);
+                            return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
+                        }
+                        break;
+                    }
+
+                    case GNU_DUMMY: {
+                        log.add(LogType.MSG_PSE_ERROR_UNLOCK, indent);
+                        return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
+                    }
+                    default: {
+                        throw new AssertionError("Unhandled SecretKeyType! (should not happen)");
                     }
-                }
 
-                if (!signingKey.unlock(cryptoInput.getPassphrase())) {
-                    log.add(LogType.MSG_PSE_ERROR_BAD_PASSPHRASE, indent);
-                    return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
                 }
 
             } catch (ProviderHelper.NotFoundException e) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
index b632509bb..f0a7859f7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -62,6 +62,11 @@ public abstract class CryptoOperationFragment extends Fragment {
 
     @Override
     public void onActivityResult(int requestCode, int resultCode, Intent data) {
+        if (resultCode == Activity.RESULT_CANCELED) {
+            onCryptoOperationCancelled();
+            return;
+        }
+
         switch (requestCode) {
             case REQUEST_CODE_PASSPHRASE: {
                 if (resultCode == Activity.RESULT_OK && data != null) {
@@ -116,4 +121,8 @@ public abstract class CryptoOperationFragment extends Fragment {
 
     protected abstract void cryptoOperation(CryptoInputParcel cryptoInput);
 
+    protected void onCryptoOperationCancelled() {
+        // Nothing to do here, in most cases
+    }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index c1771ce57..02500df65 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -253,8 +253,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
                             message = getString(R.string.yubikey_pin_for, userId);
                             break;
                         default:
-                            message = "This should not happen!";
-                            break;
+                            throw new AssertionError("Unhandled SecretKeyType (should not happen)");
                     }
 
                 } catch (ProviderHelper.NotFoundException e) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index 0b22ecdaf..9b10ccdb1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -4,6 +4,7 @@ package org.sufficientlysecure.keychain.ui.base;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 
+import android.app.Activity;
 import android.app.PendingIntent;
 import android.content.Intent;
 import android.content.IntentFilter;
@@ -130,6 +131,11 @@ public abstract class BaseNfcActivity extends BaseActivity {
     protected void onActivityResult(int requestCode, int resultCode, Intent data) {
         switch (requestCode) {
             case REQUEST_CODE_PASSPHRASE:
+                if (resultCode != Activity.RESULT_OK) {
+                    setResult(resultCode);
+                    finish();
+                    return;
+                }
                 CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_CRYPTO_INPUT);
                 mPin = input.getPassphrase();
                 break;

From 7c258bdedde0c7906253f82bb352ec9de170bb40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 31 Mar 2015 00:32:48 +0200
Subject: [PATCH 43/80] From passphrase to password

---
 OpenKeychain/src/main/res/values/strings.xml | 94 ++++++++++----------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 8d148c8fe..78ab45cf3 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -17,7 +17,7 @@
     <string name="title_preferences">"Settings"</string>
     <string name="title_api_registered_apps">"Apps"</string>
     <string name="title_key_server_preference">"Keyservers"</string>
-    <string name="title_change_passphrase">"Change Passphrase"</string>
+    <string name="title_change_passphrase">"Change Password"</string>
     <string name="title_share_fingerprint_with">"Share fingerprint with…"</string>
     <string name="title_share_key">"Share key with…"</string>
     <string name="title_share_file">"Share file with…"</string>
@@ -48,7 +48,7 @@
     <string name="section_cloud_evidence">"Proofs from the cloud"</string>
     <string name="section_keys">"Subkeys"</string>
     <string name="section_cloud_search">"Cloud search"</string>
-    <string name="section_passphrase_cache">"Passphrase Cache"</string>
+    <string name="section_passphrase_cache">"Password Cache"</string>
     <string name="section_certify">"Confirm"</string>
     <string name="section_actions">"Actions"</string>
     <string name="section_share_key">"Key"</string>
@@ -109,11 +109,11 @@
     <string name="label_file">"File"</string>
     <string name="label_files">"File(s)"</string>
     <string name="label_file_colon">"File:"</string>
-    <string name="label_no_passphrase">"No Passphrase"</string>
-    <string name="label_passphrase">"Passphrase"</string>
+    <string name="label_no_passphrase">"No Password"</string>
+    <string name="label_passphrase">"Password"</string>
     <string name="label_unlock">"Unlocking…"</string>
-    <string name="label_passphrase_again">"Repeat Passphrase"</string>
-    <string name="label_show_passphrase">"Show Passphrase"</string>
+    <string name="label_passphrase_again">"Repeat Password"</string>
+    <string name="label_show_passphrase">"Show Password"</string>
     <string name="label_algorithm">"Algorithm"</string>
     <string name="label_ascii_armor">"File ASCII Armor"</string>
     <string name="label_file_ascii_armor">"Enable ASCII Armor"</string>
@@ -128,9 +128,9 @@
     <string name="label_delete_after_decryption">"Delete after decryption"</string>
     <string name="label_encryption_algorithm">"Encryption algorithm"</string>
     <string name="label_hash_algorithm">"Hash algorithm"</string>
-    <string name="label_symmetric">"Encrypt with passphrase"</string>
+    <string name="label_symmetric">"Encrypt with password"</string>
     <string name="label_passphrase_cache_ttl">"Cache time"</string>
-    <string name="label_passphrase_cache_subs">"Cache passphrases by subkey"</string>
+    <string name="label_passphrase_cache_subs">"Cache passwords by subkey"</string>
     <string name="label_message_compression">"Text compression"</string>
     <string name="label_file_compression">"File compression"</string>
     <string name="label_keyservers">"Keyservers"</string>
@@ -203,12 +203,12 @@
     <string name="flag_authenticate">"Authenticate"</string>
 
     <!-- sentences -->
-    <string name="wrong_passphrase">"Wrong passphrase."</string>
+    <string name="wrong_passphrase">"Wrong password."</string>
     <string name="no_filemanager_installed">"No compatible file manager installed."</string>
-    <string name="passphrases_do_not_match">"The passphrases didn't match."</string>
-    <string name="passphrase_must_not_be_empty">"Please enter a passphrase."</string>
+    <string name="passphrases_do_not_match">"The passwords didn't match."</string>
+    <string name="passphrase_must_not_be_empty">"Please enter a password."</string>
     <string name="passphrase_for_symmetric_encryption">"Symmetric encryption."</string>
-    <string name="passphrase_for">"Enter passphrase for '%s'"</string>
+    <string name="passphrase_for">"Enter password for '%s'"</string>
     <string name="pin_for">"Enter PIN for '%s'"</string>
     <string name="yubikey_pin_for">"Enter PIN to access YubiKey for '%s'"</string>
     <string name="nfc_text">"Hold YubiKey against the back of your device."</string>
@@ -264,11 +264,11 @@
     <string name="error_unknown_algorithm_choice">"unknown algorithm choice"</string>
     <string name="error_user_id_no_email">"no email address found"</string>
     <string name="error_key_needs_a_user_id">"need at least one identity"</string>
-    <string name="error_no_signature_passphrase">"no passphrase given"</string>
+    <string name="error_no_signature_passphrase">"no password given"</string>
     <string name="error_no_signature_key">"no signature key given"</string>
     <string name="error_invalid_data">"No valid encrypted or signed OpenPGP content!"</string>
     <string name="error_integrity_check_failed">"integrity check failed! Data has been modified!"</string>
-    <string name="error_wrong_passphrase">"wrong passphrase"</string>
+    <string name="error_wrong_passphrase">"wrong password"</string>
     <string name="error_could_not_extract_private_key">"could not extract private key"</string>
 
     <!-- errors without preceeding Error: -->
@@ -325,7 +325,7 @@
     <string name="progress_modify_subkeyrevoke">"revoking subkeys…"</string>
     <string name="progress_modify_subkeystrip">"stripping subkeys…"</string>
     <string name="progress_modify_subkeyadd">"adding subkeys…"</string>
-    <string name="progress_modify_passphrase">"changing passphrase…"</string>
+    <string name="progress_modify_passphrase">"changing passwords…"</string>
 
     <plurals name="progress_exporting_key">
         <item quantity="one">"exporting key…"</item>
@@ -592,7 +592,7 @@
     <string name="keybase_verify">"Verify"</string>
 
     <!-- Edit key -->
-    <string name="edit_key_action_change_passphrase">"Change Passphrase"</string>
+    <string name="edit_key_action_change_passphrase">"Change Password"</string>
     <string name="edit_key_action_add_identity">"Add Identity"</string>
     <string name="edit_key_action_add_subkey">"Add Subkey"</string>
     <string name="edit_key_edit_user_id_title">"Select an action!"</string>
@@ -618,14 +618,14 @@
     <!-- Create key -->
     <string name="create_key_upload">"Synchronize with the cloud"</string>
     <string name="create_key_empty">"This field is required"</string>
-    <string name="create_key_passphrases_not_equal">"Passphrases do not match"</string>
+    <string name="create_key_passphrases_not_equal">"Passwords do not match"</string>
     <string name="create_key_final_text">"You entered the following identity:"</string>
     <string name="create_key_final_robot_text">"Creating a key may take a while, have a cup of coffee in the meantime…"</string>
     <string name="create_key_rsa">"(3 subkeys, RSA, 4096 bit)"</string>
     <string name="create_key_custom">"(custom key configuration)"</string>
     <string name="create_key_name_text">"Choose a name associated with this key. This can be a full name, e.g., 'John Doe', or a nickname, e.g., 'Johnny'."</string>
     <string name="create_key_email_text">"Enter your main email address used for secure communication."</string>
-    <string name="create_key_passphrase_text">"Choose a strong passphrase. It protects your key when your device gets stolen."</string>
+    <string name="create_key_passphrase_text">"Choose a strong password. It protects your key when your device gets stolen."</string>
     <string name="create_key_hint_full_name">"Full Name or Nickname"</string>
     <string name="create_key_edit">"Change key configuration"</string>
     <string name="create_key_add_email">"Add email address"</string>
@@ -777,7 +777,7 @@
     <string name="msg_is_pubring_generate">"Generating public keyring from secret keyring"</string>
     <string name="msg_is_subkey_nonexistent">"Subkey %s unavailable in secret key"</string>
     <string name="msg_is_subkey_ok">"Marked secret subkey %s as available"</string>
-    <string name="msg_is_subkey_empty">"Marked secret subkey %s as available, with empty passphrase"</string>
+    <string name="msg_is_subkey_empty">"Marked secret subkey %s as available, with empty password"</string>
     <string name="msg_is_subkey_pin">"Marked secret subkey %s as available, with PIN"</string>
     <string name="msg_is_subkey_stripped">"Marked secret subkey %s as stripped"</string>
     <string name="msg_is_subkey_divert">"Marked secret subkey %s as 'divert to smartcard/NFC'"</string>
@@ -896,7 +896,7 @@
     <string name="msg_mf_error_master_none">"No master certificate found to operate on! (All revoked?)"</string>
     <string name="msg_mf_error_noexist_primary">"Bad primary user ID specified!"</string>
     <string name="msg_mf_error_noexist_revoke">"Bad user ID for revocation specified!"</string>
-    <string name="msg_mf_error_restricted">"Tried to execute restricted operation without passphrase! This is a programming error, please file a bug report!"</string>
+    <string name="msg_mf_error_restricted">"Tried to execute restricted operation without password! This is a programming error, please file a bug report!"</string>
     <string name="msg_mf_error_revoked_primary">"Revoked user IDs cannot be primary!"</string>
     <string name="msg_mf_error_null_expiry">"Expiry time cannot be "same as before" on subkey creation. This is a programming error, please file a bug report!"</string>
     <string name="msg_mf_error_noop">"Nothing to do!"</string>
@@ -907,16 +907,16 @@
     <string name="msg_mf_master">"Modifying master certifications"</string>
     <string name="msg_mf_notation_empty">"Adding empty notation packet"</string>
     <string name="msg_mf_notation_pin">"Adding PIN notation packet"</string>
-    <string name="msg_mf_passphrase">"Changing passphrase for keyring"</string>
-    <string name="msg_mf_passphrase_key">"Re-encrypting subkey %s with new passphrase"</string>
-    <string name="msg_mf_passphrase_empty_retry">"Setting new passphrase failed, trying again with empty old passphrase"</string>
-    <string name="msg_mf_passphrase_fail">"Passphrase for subkey could not be changed! (Does it have a different one from the other keys?)"</string>
+    <string name="msg_mf_passphrase">"Changing password for keyring"</string>
+    <string name="msg_mf_passphrase_key">"Re-encrypting subkey %s with new password"</string>
+    <string name="msg_mf_passphrase_empty_retry">"Setting new password failed, trying again with empty old password"</string>
+    <string name="msg_mf_passphrase_fail">"Password for subkey could not be changed! (Does it have a different one from the other keys?)"</string>
     <string name="msg_mf_primary_replace_old">"Replacing certificate of previous primary user ID"</string>
     <string name="msg_mf_primary_new">"Generating new certificate for new primary user ID"</string>
     <string name="msg_mf_restricted_mode">"Changing to restricted operation mode"</string>
     <string name="msg_mf_subkey_change">"Modifying subkey %s"</string>
     <string name="msg_mf_require_divert">"Diverting to card/nfc for crypto operations"</string>
-    <string name="msg_mf_require_passphrase">"Passphrase required for operations"</string>
+    <string name="msg_mf_require_passphrase">"Password required for operations"</string>
     <string name="msg_mf_subkey_new">"Adding new subkey of type %s"</string>
     <string name="msg_mf_subkey_new_id">"New subkey ID: %s"</string>
     <string name="msg_mf_error_past_expiry">"Expiry date cannot be in the past!"</string>
@@ -968,7 +968,7 @@
 
     <!-- Edit Key (higher level than modify) -->
     <string name="msg_ed">"Performing key operation"</string>
-    <string name="msg_ed_caching_new">"Caching new passphrase"</string>
+    <string name="msg_ed_caching_new">"Caching new password"</string>
     <string name="msg_ed_error_no_parcel">"Missing SaveKeyringParcel! (this is a bug, please report)"</string>
     <string name="msg_ed_error_key_not_found">"Key not found!"</string>
     <string name="msg_ed_fetching">"Fetching key to modify (%s)"</string>
@@ -1002,7 +1002,7 @@
     <string name="msg_dc_clear_signature_ok">"Signature check OK"</string>
     <string name="msg_dc_clear_signature">"Saving signature data for later"</string>
     <string name="msg_dc_clear">"Processing cleartext data"</string>
-    <string name="msg_dc_error_bad_passphrase">"Error unlocking key, bad passphrase!"</string>
+    <string name="msg_dc_error_bad_passphrase">"Error unlocking key, bad password!"</string>
     <string name="msg_dc_error_extract_key">"Unknown error unlocking key!"</string>
     <string name="msg_dc_error_integrity_check">"Integrity check error!"</string>
     <string name="msg_dc_error_integrity_missing">"Missing integrity check! This can happen because the encrypting application is out of date, or from a downgrade attack."</string>
@@ -1014,9 +1014,9 @@
     <string name="msg_dc_integrity_check_ok">"Integrity check OK!"</string>
     <string name="msg_dc_ok_meta_only">"Only metadata was requested, skipping decryption"</string>
     <string name="msg_dc_ok">"Decryption/Verification finished"</string>
-    <string name="msg_dc_pass_cached">"Using passphrase from cache"</string>
+    <string name="msg_dc_pass_cached">"Using password from cache"</string>
     <string name="msg_dc_pending_nfc">"NFC token required, requesting user input…"</string>
-    <string name="msg_dc_pending_passphrase">"Passphrase required, requesting user input…"</string>
+    <string name="msg_dc_pending_passphrase">"Password required, requesting user input…"</string>
     <string name="msg_dc_prep_streams">"Preparing streams for decryption"</string>
     <string name="msg_dc">"Starting decrypt operation…"</string>
     <string name="msg_dc_sym_skip">"Symmetric data not allowed, skipping…"</string>
@@ -1055,13 +1055,13 @@
     <string name="msg_pse_clearsign_only">"Signing of cleartext input not supported!"</string>
     <string name="msg_pse_compressing">"Preparing compression"</string>
     <string name="msg_pse_encrypting">"Encrypting data"</string>
-    <string name="msg_pse_error_bad_passphrase">"Bad passphrase!"</string>
+    <string name="msg_pse_error_bad_passphrase">"Bad password!"</string>
     <string name="msg_pse_error_hash_algo">"Requested hashing algorithm is not supported by this key!"</string>
     <string name="msg_pse_error_io">"Encountered IO Exception during operation!"</string>
     <string name="msg_pse_error_key_sign">"Selected signing key cannot sign data!"</string>
     <string name="msg_pse_error_sign_key">"Error fetching signing key!"</string>
     <string name="msg_pse_error_nfc">"NFC data error!"</string>
-    <string name="msg_pse_error_no_passphrase">"No passphrase provided!"</string>
+    <string name="msg_pse_error_no_passphrase">"No password provided!"</string>
     <string name="msg_pse_error_pgp">"Internal OpenPGP error!"</string>
     <string name="msg_pse_error_sig">"Encountered OpenPGP signature exception!"</string>
     <string name="msg_pse_error_unlock">"Unknown error unlocking key!"</string>
@@ -1070,7 +1070,7 @@
     <string name="msg_pse_key_warn">"Bad key for encryption: %s"</string>
     <string name="msg_pse_ok">"Sign/Encrypt operation successful!"</string>
     <string name="msg_pse_pending_nfc">"NFC token required, requesting user input…"</string>
-    <string name="msg_pse_pending_passphrase">"Passphrase required, requesting user input…"</string>
+    <string name="msg_pse_pending_passphrase">"Password required, requesting user input…"</string>
     <string name="msg_pse_signing">"Signing data (without encryption)"</string>
     <string name="msg_pse_signing_cleartext">"Creating cleartext signature"</string>
     <string name="msg_pse_signing_detached">"Creating detached signature"</string>
@@ -1181,11 +1181,11 @@
     <string name="msg_export_log_success">"Log exported successfully!"</string>
 
     <!-- PassphraseCache -->
-    <string name="passp_cache_notif_click_to_clear">"Click to clear cached passphrases"</string>
-    <string name="passp_cache_notif_n_keys">"OpenKeychain has cached %d passphrases"</string>
-    <string name="passp_cache_notif_keys">"Cached Passphrases:"</string>
+    <string name="passp_cache_notif_click_to_clear">"Click to clear cached passwords"</string>
+    <string name="passp_cache_notif_n_keys">"OpenKeychain has cached %d passwords"</string>
+    <string name="passp_cache_notif_keys">"Cached Passwords:"</string>
     <string name="passp_cache_notif_clear">"Clear Cache"</string>
-    <string name="passp_cache_notif_pwd">"Passphrase"</string>
+    <string name="passp_cache_notif_pwd">"Password"</string>
 
     <!-- First Time -->
     <string name="first_time_text1">"Take back your privacy with OpenKeychain!"</string>
@@ -1211,7 +1211,7 @@
     <string name="error_key_processing">"Error processing key!"</string>
     <string name="key_stripped">"stripped"</string>
     <string name="key_divert">"divert to smartcard/NFC"</string>
-    <string name="key_no_passphrase">"no passphrase"</string>
+    <string name="key_no_passphrase">"no password"</string>
     <string name="key_unavailable">"unavailable"</string>
     <string name="secret_cannot_multiple">"Your own keys can only be deleted individually!"</string>
     <string name="title_view_cert">"View Certificate Details"</string>
@@ -1231,20 +1231,20 @@
     <!-- Passphrase wizard -->
     <!-- TODO: rename all the things! -->
     <string name="title_unlock_method">Choose an unlock method</string>
-    <!--<string name="enter_passphrase_twice">Enter passphrase twice</string>-->
-    <string name="enter_passphrase">Enter passphrase</string>
-    <string name="passphrase">Passphrase</string>
-    <string name="noPassphrase">No passphrase</string>
-    <string name="no_passphrase_set">No passphrase set</string>
-    <string name="passphrases_match">Passphrases do match</string>
-    <string name="passphrase_saved">Passphrase saved</string>
-    <string name="passphrase_invalid">Passphrase invalid</string>
-    <string name="missing_passphrase">Missing passphrase</string>
+    <!--<string name="enter_passphrase_twice">Enter password twice</string>-->
+    <string name="enter_passphrase">Enter password</string>
+    <string name="passphrase">Password</string>
+    <string name="noPassphrase">No password</string>
+    <string name="no_passphrase_set">No password set</string>
+    <string name="passphrases_match">Passwords do match</string>
+    <string name="passphrase_saved">Password saved</string>
+    <string name="passphrase_invalid">Password invalid</string>
+    <string name="missing_passphrase">Missing password</string>
     <string name="passphrase_again">Again</string>
     <string name="lockpattern">Lockpattern</string>
     <string name="lockpatternNFC">NFC + Lockpattern</string>
     <string name="unlock_method">Unlock method</string>
-    <string name="set_passphrase">Set passphrase</string>
+    <string name="set_passphrase">Set password</string>
     <string name="draw_lockpattern">Draw lockpattern</string>
     <string name="nfc_title">NFC</string>
     <!--<string name="nfc_text">Please place a NFC tag near your device</string>-->

From c37e7ef2410cc09cf880f6c85168605c70d5d691 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 31 Mar 2015 01:53:37 +0200
Subject: [PATCH 44/80] Better check if file is already added

---
 .../keychain/ui/EncryptFilesFragment.java     | 61 +++++++++++++------
 1 file changed, 42 insertions(+), 19 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 1a67bc8dd..f85bd707b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -19,6 +19,7 @@ package org.sufficientlysecure.keychain.ui;
 
 import android.app.Activity;
 import android.app.ProgressDialog;
+import android.content.Context;
 import android.content.Intent;
 import android.graphics.Bitmap;
 import android.graphics.Point;
@@ -62,6 +63,7 @@ import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.ShareHelper;
 
 import java.io.File;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
@@ -194,14 +196,14 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             return;
         }
 
-        if (mFilesAdapter.getAsArrayList().contains(inputUri)) {
+        try {
+            mFilesAdapter.add(inputUri);
+        } catch (IOException e) {
             Notify.create(getActivity(),
                     getActivity().getString(R.string.error_file_added_already, FileHelper.getFilename(getActivity(), inputUri)),
                     Notify.Style.ERROR).show();
             return;
         }
-
-        mFilesAdapter.add(inputUri);
         mSelectedFiles.requestFocus();
     }
 
@@ -428,7 +430,6 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
         } else {
             data.setEncryptionMasterKeyIds(mEncryptionKeyIds);
             data.setSignatureMasterKeyId(mSigningKeyId);
-//            data.setSignaturePassphrase(mSigningKeyPassphrase);
         }
         return data;
     }
@@ -578,11 +579,32 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             String filename;
             long fileSize;
 
-            ViewModel(Uri inputUri, Bitmap thumbnail, String filename, long fileSize) {
+            ViewModel(Context context, Uri inputUri) {
                 this.inputUri = inputUri;
-                this.thumbnail = thumbnail;
-                this.filename = filename;
-                this.fileSize = fileSize;
+                int px = FormattingUtils.dpToPx(context, 48);
+                this.thumbnail = FileHelper.getThumbnail(context, inputUri, new Point(px, px));
+                this.filename = FileHelper.getFilename(context, inputUri);
+                this.fileSize = FileHelper.getFileSize(context, inputUri);
+            }
+
+            /**
+             * Depends on inputUri only
+             */
+            @Override
+            public boolean equals(Object o) {
+                if (this == o) return true;
+                if (o == null || getClass() != o.getClass()) return false;
+                ViewModel viewModel = (ViewModel) o;
+                return !(inputUri != null ? !inputUri.equals(viewModel.inputUri)
+                        : viewModel.inputUri != null);
+            }
+
+            /**
+             * Depends on inputUri only
+             */
+            @Override
+            public int hashCode() {
+                return inputUri != null ? inputUri.hashCode() : 0;
             }
 
             @Override
@@ -691,28 +713,29 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
             return position == mDataset.size();
         }
 
-        public void add(Uri inputUri) {
-            mDataset.add(createModel(inputUri));
+        public void add(Uri inputUri) throws IOException {
+            ViewModel newModel = new ViewModel(mActivity, inputUri);
+            if (mDataset.contains(newModel)) {
+                throw new IOException("Already added!");
+            }
+            mDataset.add(newModel);
             notifyItemInserted(mDataset.size() - 1);
         }
 
         public void addAll(ArrayList<Uri> inputUris) {
             if (inputUris != null) {
                 for (Uri inputUri : inputUris) {
-                    mDataset.add(createModel(inputUri));
+                    ViewModel newModel = new ViewModel(mActivity, inputUri);
+                    if (mDataset.contains(newModel)) {
+                        Log.e(Constants.TAG, "Skipped duplicate " + inputUri.toString());
+                    } else {
+                        mDataset.add(newModel);
+                    }
                 }
             }
             // TODO: notifyItemInserted?
         }
 
-        private ViewModel createModel(Uri inputUri) {
-            int px = FormattingUtils.dpToPx(mActivity, 48);
-            Bitmap thumbnail = FileHelper.getThumbnail(mActivity, inputUri, new Point(px, px));
-            String filename = FileHelper.getFilename(mActivity, inputUri);
-            long size = FileHelper.getFileSize(mActivity, inputUri);
-            return new ViewModel(inputUri, thumbnail, filename, size);
-        }
-
         public void remove(ViewModel model) {
             int position = mDataset.indexOf(model);
             mDataset.remove(position);

From 6c706f8a90940bac1088a6c4bdd21e2df5089eca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 31 Mar 2015 10:49:33 +0200
Subject: [PATCH 45/80] Rename advanced to extended

---
 OpenKeychain/src/main/res/values/strings.xml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 78ab45cf3..c1e3b51f9 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -34,7 +34,7 @@
     <string name="title_help">"Help"</string>
     <string name="title_log_display">"Log"</string>
     <string name="title_exchange_keys">"Exchange Keys"</string>
-    <string name="title_advanced_key_info">"Advanced Key Info"</string>
+    <string name="title_advanced_key_info">"Extended Information"</string>
     <string name="title_delete_secret_key">"Delete YOUR key '%s'?"</string>
     <string name="title_export_log">"Export Log"</string>
     <string name="title_manage_my_keys">"Manage my keys"</string>
@@ -100,7 +100,7 @@
     <string name="menu_select_all">"Select all"</string>
     <string name="menu_export_all_keys">"Export all keys"</string>
     <string name="menu_update_all_keys">"Update all keys"</string>
-    <string name="menu_advanced">"Show advanced info"</string>
+    <string name="menu_advanced">"Extended information"</string>
     <string name="menu_certify_fingerprint">"Confirm via fingerprint comparison"</string>
     <string name="menu_export_log">"Export Log"</string>
 
@@ -478,10 +478,10 @@
     <string name="intent_send_decrypt">"Decrypt with OpenKeychain"</string>
 
     <!-- Remote API -->
-    <string name="api_settings_show_info">"Show advanced information"</string>
-    <string name="api_settings_hide_info">"Hide advanced information"</string>
-    <string name="api_settings_show_advanced">"Show advanced settings"</string>
-    <string name="api_settings_hide_advanced">"Hide advanced settings"</string>
+    <string name="api_settings_show_info">"Show extended information"</string>
+    <string name="api_settings_hide_info">"Hide extended information"</string>
+    <string name="api_settings_show_advanced">"Show extended settings"</string>
+    <string name="api_settings_hide_advanced">"Hide extended settings"</string>
     <string name="api_settings_no_key">"No key selected"</string>
     <string name="api_settings_select_key">"Select key"</string>
     <string name="api_settings_create_key">"Create new key"</string>
@@ -494,7 +494,7 @@
     <string name="api_settings_package_name">"Package Name"</string>
     <string name="api_settings_package_signature">"SHA-256 of Package Signature"</string>
     <string name="api_settings_accounts">"Accounts (deprecated API)"</string>
-    <string name="api_settings_advanced">"Advanced Information"</string>
+    <string name="api_settings_advanced">"Extended Information"</string>
     <string name="api_settings_allowed_keys">"Allowed Keys"</string>
     <string name="api_settings_settings">"Settings"</string>
     <string name="api_settings_key">"Account key:"</string>

From cc44ff1a8b3b51331023ef738ccd28bece32da40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 31 Mar 2015 15:44:37 +0200
Subject: [PATCH 46/80] Prepare decrypt UI for input parcel

---
 .../service/input/CryptoInputParcel.java      |  26 ++-
 .../keychain/ui/DecryptFilesFragment.java     | 164 ++++++------------
 .../keychain/ui/DecryptTextFragment.java      |  14 +-
 3 files changed, 77 insertions(+), 127 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
index 21aacd1f0..3d1ccaca1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
@@ -1,3 +1,20 @@
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 package org.sufficientlysecure.keychain.service.input;
 
 import java.nio.ByteBuffer;
@@ -11,9 +28,8 @@ import android.os.Parcelable;
 
 import org.sufficientlysecure.keychain.util.Passphrase;
 
-
-/** This is a base class for the input of crypto operations.
- *
+/**
+ * This is a base class for the input of crypto operations.
  */
 public class CryptoInputParcel implements Parcelable {
 
@@ -22,7 +38,7 @@ public class CryptoInputParcel implements Parcelable {
 
     // this map contains both decrypted session keys and signed hashes to be
     // used in the crypto operation described by this parcel.
-    private HashMap<ByteBuffer,byte[]> mCryptoData = new HashMap<>();
+    private HashMap<ByteBuffer, byte[]> mCryptoData = new HashMap<>();
 
     public CryptoInputParcel() {
         mSignatureTime = new Date();
@@ -71,7 +87,7 @@ public class CryptoInputParcel implements Parcelable {
         dest.writeParcelable(mPassphrase, 0);
 
         dest.writeInt(mCryptoData.size());
-        for (HashMap.Entry<ByteBuffer,byte[]> entry : mCryptoData.entrySet()) {
+        for (HashMap.Entry<ByteBuffer, byte[]> entry : mCryptoData.entrySet()) {
             dest.writeByteArray(entry.getKey().array());
             dest.writeByteArray(entry.getValue());
         }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
index d1c005868..cd66902ba 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
@@ -17,6 +17,7 @@
 
 package org.sufficientlysecure.keychain.ui;
 
+import android.annotation.SuppressLint;
 import android.app.Activity;
 import android.app.ProgressDialog;
 import android.content.Intent;
@@ -32,7 +33,6 @@ import android.view.ViewGroup;
 import android.widget.CheckBox;
 import android.widget.TextView;
 
-import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
@@ -64,6 +64,8 @@ public class DecryptFilesFragment extends DecryptFragment {
     private Uri mInputUri = null;
     private Uri mOutputUri = null;
 
+    private String mCurrentCryptoOperation;
+
     /**
      * Creates new instance of this fragment
      */
@@ -145,7 +147,7 @@ public class DecryptFilesFragment extends DecryptFragment {
             return;
         }
 
-//        decryptOriginalFilename();
+        startDecryptFilenames();
     }
 
     private String removeEncryptedAppend(String name) {
@@ -158,121 +160,45 @@ public class DecryptFilesFragment extends DecryptFragment {
     }
 
     private void askForOutputFilename(String originalFilename) {
-        String targetName;
-        if (!TextUtils.isEmpty(originalFilename)) {
-            targetName = originalFilename;
-        } else {
-            targetName = removeEncryptedAppend(FileHelper.getFilename(getActivity(), mInputUri));
+        if (TextUtils.isEmpty(originalFilename)) {
+            originalFilename = removeEncryptedAppend(FileHelper.getFilename(getActivity(), mInputUri));
         }
+
         if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
             File file = new File(mInputUri.getPath());
             File parentDir = file.exists() ? file.getParentFile() : Constants.Path.APP_DIR;
-            File targetFile = new File(parentDir, targetName);
+            File targetFile = new File(parentDir, originalFilename);
             FileHelper.saveFile(this, getString(R.string.title_decrypt_to_file),
                     getString(R.string.specify_file_to_decrypt_to), targetFile, REQUEST_CODE_OUTPUT);
         } else {
-            FileHelper.saveDocument(this, "*/*", targetName, REQUEST_CODE_OUTPUT);
+            FileHelper.saveDocument(this, "*/*", originalFilename, REQUEST_CODE_OUTPUT);
         }
     }
 
+    private void startDecrypt() {
+        mCurrentCryptoOperation = KeychainIntentService.ACTION_DECRYPT_VERIFY;
+        cryptoOperation(new CryptoInputParcel());
+    }
 
-    // TODO: also needs to use cryptoOperation!!! (switch between this and normal decrypt
-//    private void decryptOriginalFilename() {
-//        Log.d(Constants.TAG, "decryptOriginalFilename");
-//
-//        Intent intent = new Intent(getActivity(), KeychainIntentService.class);
-//
-//        // fill values for this action
-//        Bundle data = new Bundle();
-//        intent.setAction(KeychainIntentService.ACTION_DECRYPT_METADATA);
-//
-//        // data
-//        Log.d(Constants.TAG, "mInputUri=" + mInputUri + ", mOutputUri=" + mOutputUri);
-//
-//        data.putInt(KeychainIntentService.SOURCE, IOType.URI.ordinal());
-//        data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_INPUT_URI, mInputUri);
-//
-//        data.putInt(KeychainIntentService.TARGET, IOType.URI.ordinal());
-//        data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_OUTPUT_URI, mOutputUri);
-//
-//        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
-//        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
-//
-//        intent.putExtra(KeychainIntentService.EXTRA_SERVICE_INTENT, data);
-//
-//        // Message is received after decrypting is done in KeychainIntentService
-//        ServiceProgressHandler saveHandler = new ServiceProgressHandler(
-//                getActivity(),
-//                getString(R.string.progress_decrypting),
-//                ProgressDialog.STYLE_HORIZONTAL,
-//                ProgressDialogFragment.ServiceType.KEYCHAIN_INTENT) {
-//            public void handleMessage(Message message) {
-//                // handle messages by standard KeychainIntentServiceHandler first
-//                super.handleMessage(message);
-//
-//    // handle pending messages
-//    if (handlePendingMessage(message)) {
-//        return;
-//    }
-//
-//                if (message.arg1 == MessageStatus.OKAY.ordinal()) {
-//                    // get returned data bundle
-//                    Bundle returnData = message.getData();
-//
-//                    DecryptVerifyResult pgpResult =
-//                            returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
-//
-//                    if (pgpResult.isPending()) {
-//                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
-//                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
-//                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
-//                            startPassphraseDialog(Constants.key.symmetric);
-//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
-//                                DecryptVerifyResult.RESULT_PENDING_NFC) {
-//                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
-//                        } else {
-//                            throw new RuntimeException("Unhandled pending result!");
-//                        }
-//                    } else if (pgpResult.success()) {
-//                        // go on...
-//                        askForOutputFilename(pgpResult.getDecryptMetadata().getFilename());
-//                    } else {
-//                        pgpResult.createNotify(getActivity()).show();
-//                    }
-//                }
-//            }
-//        };
-//
-//        // Create a new Messenger for the communication back
-//        Messenger messenger = new Messenger(saveHandler);
-//        intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
-//
-//        // show progress dialog
-//        saveHandler.showProgressDialog(getActivity());
-//
-//        // start service with intent
-//        getActivity().startService(intent);
-//    }
-
-    private void decryptStart() {
+    private void startDecryptFilenames() {
+        mCurrentCryptoOperation = KeychainIntentService.ACTION_DECRYPT_METADATA;
         cryptoOperation(new CryptoInputParcel());
     }
 
     @Override
+    @SuppressLint("HandlerLeak")
     protected void cryptoOperation(CryptoInputParcel cryptoInput) {
-        Log.d(Constants.TAG, "decryptStart");
-
         // Send all information needed to service to decrypt in other thread
         Intent intent = new Intent(getActivity(), KeychainIntentService.class);
 
         // fill values for this action
         Bundle data = new Bundle();
-
-        intent.setAction(KeychainIntentService.ACTION_DECRYPT_VERIFY);
+        // use current operation, either decrypt metadata or decrypt payload
+        intent.setAction(mCurrentCryptoOperation);
 
         // data
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
+
         Log.d(Constants.TAG, "mInputUri=" + mInputUri + ", mOutputUri=" + mOutputUri);
 
         data.putInt(KeychainIntentService.SOURCE, IOType.URI.ordinal());
@@ -281,8 +207,8 @@ public class DecryptFilesFragment extends DecryptFragment {
         data.putInt(KeychainIntentService.TARGET, IOType.URI.ordinal());
         data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_OUTPUT_URI, mOutputUri);
 
-        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
-        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
+//        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
+//        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
 
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
@@ -292,6 +218,7 @@ public class DecryptFilesFragment extends DecryptFragment {
                 getString(R.string.progress_decrypting),
                 ProgressDialog.STYLE_HORIZONTAL,
                 ProgressDialogFragment.ServiceType.KEYCHAIN_INTENT) {
+            @Override
             public void handleMessage(Message message) {
                 // handle messages by standard KeychainIntentServiceHandler first
                 super.handleMessage(message);
@@ -324,24 +251,37 @@ public class DecryptFilesFragment extends DecryptFragment {
 
                     if (pgpResult.success()) {
 
-                        // display signature result in activity
-                        onResult(pgpResult);
+                        switch (mCurrentCryptoOperation) {
+                            case KeychainIntentService.ACTION_DECRYPT_METADATA: {
+                                askForOutputFilename(pgpResult.getDecryptMetadata().getFilename());
+                                break;
+                            }
+                            case KeychainIntentService.ACTION_DECRYPT_VERIFY: {
+                                // display signature result in activity
+                                onResult(pgpResult);
 
-                        if (mDeleteAfter.isChecked()) {
-                            // Create and show dialog to delete original file
-                            DeleteFileDialogFragment deleteFileDialog = DeleteFileDialogFragment.newInstance(mInputUri);
-                            deleteFileDialog.show(getActivity().getSupportFragmentManager(), "deleteDialog");
-                            setInputUri(null);
-                        }
+                                if (mDeleteAfter.isChecked()) {
+                                    // Create and show dialog to delete original file
+                                    DeleteFileDialogFragment deleteFileDialog = DeleteFileDialogFragment.newInstance(mInputUri);
+                                    deleteFileDialog.show(getActivity().getSupportFragmentManager(), "deleteDialog");
+                                    setInputUri(null);
+                                }
 
-                        /*
-                        // A future open after decryption feature
-                        if () {
-                            Intent viewFile = new Intent(Intent.ACTION_VIEW);
-                            viewFile.setInputData(mOutputUri);
-                            startActivity(viewFile);
+                                /*
+                                // A future open after decryption feature
+                                if () {
+                                    Intent viewFile = new Intent(Intent.ACTION_VIEW);
+                                    viewFile.setInputData(mOutputUri);
+                                    startActivity(viewFile);
+                                }
+                                */
+                                break;
+                            }
+                            default: {
+                                Log.e(Constants.TAG, "Bug: not supported operation!");
+                                break;
+                            }
                         }
-                        */
                     } else {
                         pgpResult.createNotify(getActivity()).show();
                     }
@@ -391,7 +331,7 @@ public class DecryptFilesFragment extends DecryptFragment {
                 // This happens after output file was selected, so start our operation
                 if (resultCode == Activity.RESULT_OK && data != null) {
                     mOutputUri = data.getData();
-                    decryptStart();
+                    startDecrypt();
                 }
                 return;
             }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
index 523b24fd7..086830389 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
@@ -144,19 +144,12 @@ public class DecryptTextFragment extends DecryptFragment {
         String ciphertext = getArguments().getString(ARG_CIPHERTEXT);
         if (ciphertext != null) {
             mCiphertext = ciphertext;
-            decryptStart();
+            cryptoOperation(new CryptoInputParcel());
         }
     }
 
-    private void decryptStart() {
-        cryptoOperation(new CryptoInputParcel());
-    }
-
     @Override
     protected void cryptoOperation(CryptoInputParcel cryptoInput) {
-
-        Log.d(Constants.TAG, "decryptStart");
-
         // Send all information needed to service to decrypt in other thread
         Intent intent = new Intent(getActivity(), KeychainIntentService.class);
 
@@ -166,10 +159,11 @@ public class DecryptTextFragment extends DecryptFragment {
         intent.setAction(KeychainIntentService.ACTION_DECRYPT_VERIFY);
 
         // data
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
         data.putInt(KeychainIntentService.TARGET, IOType.BYTES.ordinal());
         data.putByteArray(KeychainIntentService.DECRYPT_CIPHERTEXT_BYTES, mCiphertext.getBytes());
-        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
-        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
+//        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
+//        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
 
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 

From ad69622b6983d139e2cef1380f502edef19d2180 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Wed, 1 Apr 2015 00:38:01 +0200
Subject: [PATCH 47/80] fix Decrypt*Fragment for RequiredInputParcel (except
 decryptOriginalFilename)

---
 ...cPublicKeyDataDecryptorFactoryBuilder.java | 21 ++---
 .../keychain/operations/CertifyOperation.java |  2 +-
 .../results/DecryptVerifyResult.java          | 58 ++------------
 .../keychain/pgp/CanonicalizedSecretKey.java  |  7 +-
 .../keychain/pgp/PgpDecryptVerify.java        | 80 +++++++++----------
 .../keychain/pgp/PgpKeyOperation.java         |  2 +-
 .../keychain/pgp/PgpSignEncryptOperation.java |  4 +-
 .../keychain/remote/OpenPgpService.java       | 36 ++++-----
 .../service/KeychainIntentService.java        | 39 ++++-----
 .../service/input/RequiredInputParcel.java    | 47 ++++++++---
 .../keychain/ui/CryptoOperationFragment.java  |  3 +-
 .../keychain/ui/DecryptFilesFragment.java     | 36 +--------
 .../keychain/ui/DecryptFragment.java          | 10 ---
 .../keychain/ui/DecryptTextFragment.java      | 66 +++------------
 .../keychain/ui/PassphraseDialogActivity.java | 15 +++-
 15 files changed, 150 insertions(+), 276 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPublicKeyDataDecryptorFactoryBuilder.java b/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPublicKeyDataDecryptorFactoryBuilder.java
index ffa154876..067bb3e19 100644
--- a/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPublicKeyDataDecryptorFactoryBuilder.java
+++ b/OpenKeychain/src/main/java/org/spongycastle/openpgp/operator/jcajce/NfcSyncPublicKeyDataDecryptorFactoryBuilder.java
@@ -15,7 +15,10 @@ import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.operator.PGPDataDecryptor;
 import org.spongycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
 
+import java.nio.ByteBuffer;
 import java.security.Provider;
+import java.util.Map;
+
 
 /**
  * This class is based on JcePublicKeyDataDecryptorFactoryBuilder
@@ -88,7 +91,7 @@ public class NfcSyncPublicKeyDataDecryptorFactoryBuilder
         return this;
     }
 
-    public PublicKeyDataDecryptorFactory build(final byte[] nfcDecrypted) {
+    public PublicKeyDataDecryptorFactory build(final Map<ByteBuffer,byte[]> nfcDecryptedMap) {
         return new PublicKeyDataDecryptorFactory()
         {
             public byte[] recoverSessionData(int keyAlgorithm, byte[][] secKeyData)
@@ -99,7 +102,7 @@ public class NfcSyncPublicKeyDataDecryptorFactoryBuilder
                     throw new PGPException("ECDH not supported!");
                 }
 
-                return decryptSessionData(keyAlgorithm, secKeyData, nfcDecrypted);
+                return decryptSessionData(keyAlgorithm, secKeyData, nfcDecryptedMap);
             }
 
             public PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket, int encAlgorithm, byte[] key)
@@ -197,8 +200,9 @@ public class NfcSyncPublicKeyDataDecryptorFactoryBuilder
 //        }
 //    }
 
-    private byte[] decryptSessionData(int keyAlgorithm, byte[][] secKeyData, byte[] nfcDecrypted)
-            throws PGPException
+    private byte[] decryptSessionData(int keyAlgorithm, byte[][] secKeyData,
+            Map<ByteBuffer,byte[]> nfcDecryptedMap)
+        throws PGPException
     {
 //        Cipher c1 = helper.createPublicKeyCipher(keyAlgorithm);
 //
@@ -214,15 +218,14 @@ public class NfcSyncPublicKeyDataDecryptorFactoryBuilder
         if (keyAlgorithm == PGPPublicKey.RSA_ENCRYPT
                 || keyAlgorithm == PGPPublicKey.RSA_GENERAL)
         {
-            byte[] bi = secKeyData[0];  // encoded MPI
+            ByteBuffer bi = ByteBuffer.wrap(secKeyData[0]);  // encoded MPI
 
-            if (nfcDecrypted != null) {
-                // we already have the decrypted bytes from a previous execution, return this!
-                return nfcDecrypted;
+            if (nfcDecryptedMap.containsKey(bi)) {
+                return nfcDecryptedMap.get(bi);
             } else {
                 // catch this when decryptSessionData() is executed and divert digest to card,
                 // when doing the operation again reuse nfcDecrypted
-                throw new NfcInteractionNeeded(bi);
+                throw new NfcInteractionNeeded(bi.array());
             }
 
 //            c1.update(bi, 2, bi.length - 2);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
index eb2a3d33f..051517abd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -80,7 +80,7 @@ public class CertifyOperation extends BaseOperation {
             certificationKey = secretKeyRing.getSecretKey();
 
             if (!cryptoInput.hasPassphrase()) {
-                return new CertifyResult(log, RequiredInputParcel.createRequiredPassphrase(
+                return new CertifyResult(log, RequiredInputParcel.createRequiredSignPassphrase(
                         certificationKey.getKeyId(), certificationKey.getKeyId(), null));
             }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
index 7df37cd9b..917b3415f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
@@ -22,23 +22,10 @@ import android.os.Parcel;
 
 import org.openintents.openpgp.OpenPgpMetadata;
 import org.openintents.openpgp.OpenPgpSignatureResult;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
-public class DecryptVerifyResult extends OperationResult {
-
-    // the fourth bit indicates a "data pending" result! (it's also a form of non-success)
-    public static final int RESULT_PENDING = RESULT_ERROR + 8;
-
-    // fifth to sixth bit in addition indicate specific type of pending
-    public static final int RESULT_PENDING_ASYM_PASSPHRASE = RESULT_PENDING + 16;
-    public static final int RESULT_PENDING_SYM_PASSPHRASE = RESULT_PENDING + 32;
-    public static final int RESULT_PENDING_NFC = RESULT_PENDING + 64;
-
-    long mKeyIdPassphraseNeeded;
-
-    long mNfcSubKeyId;
-    byte[] mNfcSessionKey;
-    Passphrase mNfcPassphrase;
+public class DecryptVerifyResult extends InputPendingResult {
 
     OpenPgpSignatureResult mSignatureResult;
     OpenPgpMetadata mDecryptMetadata;
@@ -46,32 +33,6 @@ public class DecryptVerifyResult extends OperationResult {
     // https://tools.ietf.org/html/rfc4880#page56
     String mCharset;
 
-    public long getKeyIdPassphraseNeeded() {
-        return mKeyIdPassphraseNeeded;
-    }
-
-    public void setKeyIdPassphraseNeeded(long keyIdPassphraseNeeded) {
-        mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
-    }
-
-    public void setNfcState(long subKeyId, byte[] sessionKey, Passphrase passphrase) {
-        mNfcSubKeyId = subKeyId;
-        mNfcSessionKey = sessionKey;
-        mNfcPassphrase = passphrase;
-    }
-
-    public long getNfcSubKeyId() {
-        return mNfcSubKeyId;
-    }
-
-    public byte[] getNfcEncryptedSessionKey() {
-        return mNfcSessionKey;
-    }
-
-    public Passphrase getNfcPassphrase() {
-        return mNfcPassphrase;
-    }
-
     public OpenPgpSignatureResult getSignatureResult() {
         return mSignatureResult;
     }
@@ -104,13 +65,14 @@ public class DecryptVerifyResult extends OperationResult {
         super(result, log);
     }
 
+    public DecryptVerifyResult(OperationLog log, RequiredInputParcel requiredInput) {
+        super(log, requiredInput);
+    }
+
     public DecryptVerifyResult(Parcel source) {
         super(source);
-        mKeyIdPassphraseNeeded = source.readLong();
         mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader());
         mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
-        mNfcSessionKey = source.readInt() != 0 ? source.createByteArray() : null;
-        mNfcPassphrase = source.readParcelable(Passphrase.class.getClassLoader());
     }
 
     public int describeContents() {
@@ -119,16 +81,8 @@ public class DecryptVerifyResult extends OperationResult {
 
     public void writeToParcel(Parcel dest, int flags) {
         super.writeToParcel(dest, flags);
-        dest.writeLong(mKeyIdPassphraseNeeded);
         dest.writeParcelable(mSignatureResult, 0);
         dest.writeParcelable(mDecryptMetadata, 0);
-        if (mNfcSessionKey != null) {
-            dest.writeInt(1);
-            dest.writeByteArray(mNfcSessionKey);
-        } else {
-            dest.writeInt(0);
-        }
-        dest.writeParcelable(mNfcPassphrase, flags);
     }
 
     public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index 30be72dd5..39d0a2f1d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -40,6 +40,7 @@ import org.spongycastle.openpgp.operator.jcajce.NfcSyncPublicKeyDataDecryptorFac
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
@@ -264,14 +265,16 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         }
     }
 
-    public PublicKeyDataDecryptorFactory getDecryptorFactory(byte[] nfcDecryptedSessionKey) {
+    public PublicKeyDataDecryptorFactory getDecryptorFactory(CryptoInputParcel cryptoInput) {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
             throw new PrivateKeyNotUnlockedException();
         }
 
         if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
             return new NfcSyncPublicKeyDataDecryptorFactoryBuilder()
-                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(nfcDecryptedSessionKey);
+                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
+                            cryptoInput.getCryptoData()
+                    );
         } else {
             return new JcePublicKeyDataDecryptorFactoryBuilder()
                     .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(mPrivateKey);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index 364a1067d..f6580b85a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -47,16 +47,15 @@ import org.spongycastle.openpgp.operator.jcajce.NfcSyncPublicKeyDataDecryptorFac
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.BaseOperation;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
-import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
-import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
-import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
-import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
@@ -84,10 +83,8 @@ public class PgpDecryptVerify extends BaseOperation {
     private OutputStream mOutStream;
 
     private boolean mAllowSymmetricDecryption;
-    private Passphrase mPassphrase;
     private Set<Long> mAllowedKeyIds;
     private boolean mDecryptMetadataOnly;
-    private byte[] mDecryptedSessionKey;
     private byte[] mDetachedSignature;
     private String mRequiredSignerFingerprint;
     private boolean mSignedLiteralData;
@@ -100,10 +97,8 @@ public class PgpDecryptVerify extends BaseOperation {
         this.mOutStream = builder.mOutStream;
 
         this.mAllowSymmetricDecryption = builder.mAllowSymmetricDecryption;
-        this.mPassphrase = builder.mPassphrase;
         this.mAllowedKeyIds = builder.mAllowedKeyIds;
         this.mDecryptMetadataOnly = builder.mDecryptMetadataOnly;
-        this.mDecryptedSessionKey = builder.mDecryptedSessionKey;
         this.mDetachedSignature = builder.mDetachedSignature;
         this.mSignedLiteralData = builder.mSignedLiteralData;
         this.mRequiredSignerFingerprint = builder.mRequiredSignerFingerprint;
@@ -119,10 +114,8 @@ public class PgpDecryptVerify extends BaseOperation {
         private OutputStream mOutStream = null;
         private Progressable mProgressable = null;
         private boolean mAllowSymmetricDecryption = true;
-        private Passphrase mPassphrase = null;
         private Set<Long> mAllowedKeyIds = null;
         private boolean mDecryptMetadataOnly = false;
-        private byte[] mDecryptedSessionKey = null;
         private byte[] mDetachedSignature = null;
         private String mRequiredSignerFingerprint = null;
         private boolean mSignedLiteralData = false;
@@ -160,11 +153,6 @@ public class PgpDecryptVerify extends BaseOperation {
             return this;
         }
 
-        public Builder setPassphrase(Passphrase passphrase) {
-            mPassphrase = passphrase;
-            return this;
-        }
-
         /**
          * Allow these key ids alone for decryption.
          * This means only ciphertexts encrypted for one of these private key can be decrypted.
@@ -183,11 +171,6 @@ public class PgpDecryptVerify extends BaseOperation {
             return this;
         }
 
-        public Builder setNfcState(byte[] decryptedSessionKey) {
-            mDecryptedSessionKey = decryptedSessionKey;
-            return this;
-        }
-
         /**
          * If detachedSignature != null, it will be used exclusively to verify the signature
          */
@@ -204,7 +187,7 @@ public class PgpDecryptVerify extends BaseOperation {
     /**
      * Decrypts and/or verifies data based on parameters of class
      */
-    public DecryptVerifyResult execute() {
+    public DecryptVerifyResult execute(CryptoInputParcel cryptoInput) {
         try {
             if (mDetachedSignature != null) {
                 Log.d(Constants.TAG, "Detached signature present, verifying with this signature only");
@@ -226,10 +209,10 @@ public class PgpDecryptVerify extends BaseOperation {
                         return verifyCleartextSignature(aIn, 0);
                     } else {
                         // else: ascii armored encryption! go on...
-                        return decryptVerify(in, 0);
+                        return decryptVerify(cryptoInput, in, 0);
                     }
                 } else {
-                    return decryptVerify(in, 0);
+                    return decryptVerify(cryptoInput, in, 0);
                 }
             }
         } catch (PGPException e) {
@@ -248,7 +231,8 @@ public class PgpDecryptVerify extends BaseOperation {
     /**
      * Verify Keybase.io style signed literal data
      */
-    private DecryptVerifyResult verifySignedLiteralData(InputStream in, int indent) throws IOException, PGPException {
+    private DecryptVerifyResult verifySignedLiteralData(InputStream in, int indent)
+            throws IOException, PGPException {
         OperationLog log = new OperationLog();
         log.add(LogType.MSG_VL, indent);
 
@@ -378,7 +362,8 @@ public class PgpDecryptVerify extends BaseOperation {
     /**
      * Decrypt and/or verifies binary or ascii armored pgp
      */
-    private DecryptVerifyResult decryptVerify(InputStream in, int indent) throws IOException, PGPException {
+    private DecryptVerifyResult decryptVerify(CryptoInputParcel cryptoInput,
+            InputStream in, int indent) throws IOException, PGPException {
 
         OperationLog log = new OperationLog();
 
@@ -433,6 +418,8 @@ public class PgpDecryptVerify extends BaseOperation {
             }
         }
 
+        Passphrase passphrase = null;
+
         // go through all objects and find one we can decrypt
         while (it.hasNext()) {
             Object obj = it.next();
@@ -492,11 +479,15 @@ public class PgpDecryptVerify extends BaseOperation {
 
                 encryptedDataAsymmetric = encData;
 
-                // if no passphrase was explicitly set try to get it from the cache service
-                if (mPassphrase == null) {
+                if (secretEncryptionKey.getSecretKeyType() == SecretKeyType.DIVERT_TO_CARD) {
+                    passphrase = null;
+                } else if (cryptoInput.hasPassphrase()) {
+                    passphrase = cryptoInput.getPassphrase();
+                } else {
+                    // if no passphrase was explicitly set try to get it from the cache service
                     try {
                         // returns "" if key has no passphrase
-                        mPassphrase = getCachedPassphrase(subKeyId);
+                        passphrase = getCachedPassphrase(subKeyId);
                         log.add(LogType.MSG_DC_PASS_CACHED, indent + 1);
                     } catch (PassphraseCacheInterface.NoSecretKeyException e) {
                         log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1);
@@ -504,12 +495,11 @@ public class PgpDecryptVerify extends BaseOperation {
                     }
 
                     // if passphrase was not cached, return here indicating that a passphrase is missing!
-                    if (mPassphrase == null) {
+                    if (passphrase == null) {
                         log.add(LogType.MSG_DC_PENDING_PASSPHRASE, indent + 1);
-                        DecryptVerifyResult result =
-                                new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE, log);
-                        result.setKeyIdPassphraseNeeded(subKeyId);
-                        return result;
+                        return new DecryptVerifyResult(log,
+                                RequiredInputParcel.createRequiredDecryptPassphrase(
+                                    secretKeyRing.getMasterKeyId(), secretEncryptionKey.getKeyId()));
                     }
                 }
 
@@ -536,11 +526,14 @@ public class PgpDecryptVerify extends BaseOperation {
 
                 // if no passphrase is given, return here
                 // indicating that a passphrase is missing!
-                if (mPassphrase == null) {
+                if (!cryptoInput.hasPassphrase()) {
                     log.add(LogType.MSG_DC_PENDING_PASSPHRASE, indent + 1);
-                    return new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE, log);
+                    return new DecryptVerifyResult(log,
+                            RequiredInputParcel.createRequiredSymmetricPassphrase());
                 }
 
+                passphrase = cryptoInput.getPassphrase();
+
                 // break out of while, only decrypt the first packet
                 break;
             }
@@ -573,7 +566,7 @@ public class PgpDecryptVerify extends BaseOperation {
                     .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build();
             PBEDataDecryptorFactory decryptorFactory = new JcePBEDataDecryptorFactoryBuilder(
                     digestCalcProvider).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
-                    mPassphrase.getCharArray());
+                    passphrase.getCharArray());
 
             clear = encryptedDataSymmetric.getDataStream(decryptorFactory);
             encryptedData = encryptedDataSymmetric;
@@ -585,7 +578,7 @@ public class PgpDecryptVerify extends BaseOperation {
 
             try {
                 log.add(LogType.MSG_DC_UNLOCKING, indent + 1);
-                if (!secretEncryptionKey.unlock(mPassphrase)) {
+                if (!secretEncryptionKey.unlock(passphrase)) {
                     log.add(LogType.MSG_DC_ERROR_BAD_PASSPHRASE, indent + 1);
                     return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
                 }
@@ -599,16 +592,15 @@ public class PgpDecryptVerify extends BaseOperation {
 
             try {
                 PublicKeyDataDecryptorFactory decryptorFactory
-                        = secretEncryptionKey.getDecryptorFactory(mDecryptedSessionKey);
+                        = secretEncryptionKey.getDecryptorFactory(cryptoInput);
                 clear = encryptedDataAsymmetric.getDataStream(decryptorFactory);
 
                 symmetricEncryptionAlgo = encryptedDataAsymmetric.getSymmetricAlgorithm(decryptorFactory);
             } catch (NfcSyncPublicKeyDataDecryptorFactoryBuilder.NfcInteractionNeeded e) {
                 log.add(LogType.MSG_DC_PENDING_NFC, indent + 1);
-                DecryptVerifyResult result =
-                        new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_NFC, log);
-                result.setNfcState(secretEncryptionKey.getKeyId(), e.encryptedSessionKey, mPassphrase);
-                return result;
+                return new DecryptVerifyResult(log, RequiredInputParcel.createNfcDecryptOperation(
+                        e.encryptedSessionKey, secretEncryptionKey.getKeyId()
+                ));
             }
             encryptedData = encryptedDataAsymmetric;
         } else {
@@ -878,8 +870,8 @@ public class PgpDecryptVerify extends BaseOperation {
      * The method is heavily based on
      * pg/src/main/java/org/spongycastle/openpgp/examples/ClearSignedFileProcessor.java
      */
-    private DecryptVerifyResult verifyCleartextSignature(ArmoredInputStream aIn, int indent)
-            throws IOException, PGPException {
+    private DecryptVerifyResult verifyCleartextSignature(
+            ArmoredInputStream aIn, int indent) throws IOException, PGPException {
 
         OperationLog log = new OperationLog();
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index f73bada06..89db378a9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -408,7 +408,7 @@ public class PgpKeyOperation {
         // Do we require a passphrase? If so, pass it along
         if (!isDivertToCard(masterSecretKey) && !cryptoInput.hasPassphrase()) {
             log.add(LogType.MSG_MF_REQUIRE_PASSPHRASE, indent);
-            return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredPassphrase(
+            return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredSignPassphrase(
                     masterSecretKey.getKeyID(), masterSecretKey.getKeyID(),
                     cryptoInput.getSignatureTime()));
         }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index f6959ffb3..cdb6000c2 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -33,14 +33,12 @@ import org.spongycastle.openpgp.PGPSignatureGenerator;
 import org.spongycastle.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator;
 import org.spongycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
 import org.spongycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder;
-import org.spongycastle.util.encoders.Hex;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.BaseOperation;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
-import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
@@ -181,7 +179,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
                     case PASSPHRASE: {
                         if (cryptoInput.getPassphrase() == null) {
                             log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1);
-                            return new PgpSignEncryptResult(log, RequiredInputParcel.createRequiredPassphrase(
+                            return new PgpSignEncryptResult(log, RequiredInputParcel.createRequiredSignPassphrase(
                                     signingKeyRing.getMasterKeyId(), signingKey.getKeyId(),
                                     cryptoInput.getSignatureTime()));
                         }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index e6b3a2167..98ddaaf27 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -473,31 +473,23 @@ public class OpenPgpService extends RemoteService {
 
             // allow only private keys associated with accounts of this app
             // no support for symmetric encryption
-            builder.setPassphrase(cryptoInput.getPassphrase()) // TODO proper CryptoInputParcel support
-                    .setAllowSymmetricDecryption(false)
-                    .setAllowedKeyIds(allowedKeyIds)
-                    .setDecryptMetadataOnly(decryptMetadataOnly)
-                    .setNfcState(null) // TODO proper CryptoInputParcel support
-                    .setDetachedSignature(detachedSignature);
+            builder.setAllowSymmetricDecryption(false)
+                   .setAllowedKeyIds(allowedKeyIds)
+                   .setDecryptMetadataOnly(decryptMetadataOnly)
+                   .setDetachedSignature(detachedSignature);
 
-            DecryptVerifyResult pgpResult = builder.build().execute();
+            DecryptVerifyResult pgpResult = builder.build().execute(cryptoInput);
 
             if (pgpResult.isPending()) {
-                if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
-                        DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-                    throw new AssertionError("not implemented"); // TODO
-                    // return returnPassphraseIntent(data, pgpResult.getKeyIdPassphraseNeeded());
-                } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
-                        DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
-                    throw new PgpGeneralException(
-                            "Decryption of symmetric content not supported by API!");
-                } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
-                        DecryptVerifyResult.RESULT_PENDING_NFC) {
-                    throw new AssertionError("not implemented"); // TODO
-                } else {
-                    throw new PgpGeneralException(
-                            "Encountered unhandled type of pending action not supported by API!");
-                }
+                // prepare and return PendingIntent to be executed by client
+                RequiredInputParcel requiredInput = pgpResult.getRequiredInputParcel();
+                PendingIntent pIntent = getRequiredInputPendingIntent(getBaseContext(), data, requiredInput);
+
+                Intent result = new Intent();
+                result.putExtra(OpenPgpApi.RESULT_INTENT, pIntent);
+                result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
+                return result;
+
             } else if (pgpResult.success()) {
                 Intent result = new Intent();
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index c7d9d5e38..e0509ac9b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -151,8 +151,6 @@ public class KeychainIntentService extends IntentService implements Progressable
 
     // decrypt/verify
     public static final String DECRYPT_CIPHERTEXT_BYTES = "ciphertext_bytes";
-    public static final String DECRYPT_PASSPHRASE = "passphrase";
-    public static final String DECRYPT_NFC_DECRYPTED_SESSION_KEY = "nfc_decrypted_session_key";
 
     // keybase proof
     public static final String KEYBASE_REQUIRED_FINGERPRINT = "keybase_required_fingerprint";
@@ -284,25 +282,19 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 try {
                     /* Input */
-                    Passphrase passphrase = data.getParcelable(DECRYPT_PASSPHRASE);
-                    byte[] nfcDecryptedSessionKey = data.getByteArray(DECRYPT_NFC_DECRYPTED_SESSION_KEY);
+                    CryptoInputParcel cryptoInput = data.getParcelable(EXTRA_CRYPTO_INPUT);
 
                     InputData inputData = createDecryptInputData(data);
 
-                    /* Operation */
-                    Bundle resultData = new Bundle();
-
                     // verifyText and decrypt returning additional resultData values for the
                     // verification of signatures
                     PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
                             this, new ProviderHelper(this), this, inputData, null
                     );
                     builder.setAllowSymmetricDecryption(true)
-                            .setPassphrase(passphrase)
-                            .setDecryptMetadataOnly(true)
-                            .setNfcState(nfcDecryptedSessionKey);
+                            .setDecryptMetadataOnly(true);
 
-                    DecryptVerifyResult decryptVerifyResult = builder.build().execute();
+                    DecryptVerifyResult decryptVerifyResult = builder.build().execute(cryptoInput);
 
                     sendMessageToHandler(MessageStatus.OKAY, decryptVerifyResult);
                 } catch (Exception e) {
@@ -377,7 +369,8 @@ public class KeychainIntentService extends IntentService implements Progressable
                     );
                     builder.setSignedLiteralData(true).setRequiredSignerFingerprint(requiredFingerprint);
 
-                    DecryptVerifyResult decryptVerifyResult = builder.build().execute();
+                    DecryptVerifyResult decryptVerifyResult = builder.build().execute(
+                            new CryptoInputParcel());
                     outStream.close();
 
                     if (!decryptVerifyResult.success()) {
@@ -412,15 +405,13 @@ public class KeychainIntentService extends IntentService implements Progressable
             case ACTION_DECRYPT_VERIFY: {
 
                 try {
-                /* Input */
-                    Passphrase passphrase = data.getParcelable(DECRYPT_PASSPHRASE);
-                    byte[] nfcDecryptedSessionKey = data.getByteArray(DECRYPT_NFC_DECRYPTED_SESSION_KEY);
+                    /* Input */
+                    CryptoInputParcel cryptoInput = data.getParcelable(EXTRA_CRYPTO_INPUT);
 
                     InputData inputData = createDecryptInputData(data);
                     OutputStream outStream = createCryptOutputStream(data);
 
-                /* Operation */
-
+                    /* Operation */
                     Bundle resultData = new Bundle();
 
                     // verifyText and decrypt returning additional resultData values for the
@@ -429,24 +420,22 @@ public class KeychainIntentService extends IntentService implements Progressable
                             this, new ProviderHelper(this), this,
                             inputData, outStream
                     );
-                    builder.setAllowSymmetricDecryption(true)
-                            .setPassphrase(passphrase)
-                            .setNfcState(nfcDecryptedSessionKey);
+                    builder.setAllowSymmetricDecryption(true);
 
-                    DecryptVerifyResult decryptVerifyResult = builder.build().execute();
+                    DecryptVerifyResult decryptVerifyResult = builder.build().execute(cryptoInput);
 
                     outStream.close();
 
                     resultData.putParcelable(DecryptVerifyResult.EXTRA_RESULT, decryptVerifyResult);
 
-                /* Output */
-
+                    /* Output */
                     finalizeDecryptOutputStream(data, resultData, outStream);
-
                     Log.logDebugBundle(resultData, "resultData");
 
                     sendMessageToHandler(MessageStatus.OKAY, resultData);
-                } catch (Exception e) {
+
+                } catch (IOException | PgpGeneralException e) {
+                    // TODO get rid of this!
                     sendErrorToHandler(e);
                 }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
index 5cc2607cc..535c1e735 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
@@ -1,18 +1,19 @@
 package org.sufficientlysecure.keychain.service.input;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
 
 import android.os.Parcel;
 import android.os.Parcelable;
 
+import org.sufficientlysecure.keychain.Constants.key;
+
 
 public class RequiredInputParcel implements Parcelable {
 
     public enum RequiredInputType {
-        PASSPHRASE, NFC_SIGN, NFC_DECRYPT
+        PASSPHRASE, PASSPHRASE_SYMMETRIC, NFC_SIGN, NFC_DECRYPT
     }
 
     public Date mSignatureTime;
@@ -38,13 +39,22 @@ public class RequiredInputParcel implements Parcelable {
     public RequiredInputParcel(Parcel source) {
         mType = RequiredInputType.values()[source.readInt()];
 
-        if (source.readInt() != 0) {
+        // 0 = none, 1 = both, 2 = only hashes (decrypt)
+        int hashTypes = source.readInt();
+        if (hashTypes != 0) {
             int count = source.readInt();
             mInputHashes = new byte[count][];
-            mSignAlgos = new int[count];
-            for (int i = 0; i < count; i++) {
-                mInputHashes[i] = source.createByteArray();
-                mSignAlgos[i] = source.readInt();
+            if (hashTypes == 1) {
+                mSignAlgos = new int[count];
+                for (int i = 0; i < count; i++) {
+                    mInputHashes[i] = source.createByteArray();
+                    mSignAlgos[i] = source.readInt();
+                }
+            } else {
+                mSignAlgos = null;
+                for (int i = 0; i < count; i++) {
+                    mInputHashes[i] = source.createByteArray();
+                }
             }
         } else {
             mInputHashes = null;
@@ -72,17 +82,28 @@ public class RequiredInputParcel implements Parcelable {
                 signatureTime, null, null);
     }
 
-    public static RequiredInputParcel createNfcDecryptOperation(byte[] inputHash) {
+    public static RequiredInputParcel createNfcDecryptOperation(byte[] inputHash, long subKeyId) {
         return new RequiredInputParcel(RequiredInputType.NFC_DECRYPT,
-                new byte[][] { inputHash }, null, null, null, null);
+                new byte[][] { inputHash }, null, null, null, subKeyId);
     }
 
-    public static RequiredInputParcel createRequiredPassphrase(
+    public static RequiredInputParcel createRequiredSignPassphrase(
             long masterKeyId, long subKeyId, Date signatureTime) {
         return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
                 null, null, signatureTime, masterKeyId, subKeyId);
     }
 
+    public static RequiredInputParcel createRequiredDecryptPassphrase(
+            long masterKeyId, long subKeyId) {
+        return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
+                null, null, null, masterKeyId, subKeyId);
+    }
+
+    public static RequiredInputParcel createRequiredSymmetricPassphrase() {
+        return new RequiredInputParcel(RequiredInputType.PASSPHRASE_SYMMETRIC,
+                null, null, null, null, null);
+    }
+
     public static RequiredInputParcel createRequiredPassphrase(
             RequiredInputParcel req) {
         return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
@@ -98,11 +119,13 @@ public class RequiredInputParcel implements Parcelable {
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeInt(mType.ordinal());
         if (mInputHashes != null) {
-            dest.writeInt(1);
+            dest.writeInt(mSignAlgos != null ? 1 : 2);
             dest.writeInt(mInputHashes.length);
             for (int i = 0; i < mInputHashes.length; i++) {
                 dest.writeByteArray(mInputHashes[i]);
-                dest.writeInt(mSignAlgos[i]);
+                if (mSignAlgos != null) {
+                    dest.writeInt(mSignAlgos[i]);
+                }
             }
         } else {
             dest.writeInt(0);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
index f0a7859f7..b136492b4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
@@ -49,7 +49,8 @@ public abstract class CryptoOperationFragment extends Fragment {
                 return;
             }
 
-            case PASSPHRASE: {
+            case PASSPHRASE:
+            case PASSPHRASE_SYMMETRIC: {
                 Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
                 intent.putExtra(PassphraseDialogActivity.EXTRA_REQUIRED_INPUT, requiredInput);
                 startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
index cd66902ba..766e65e8b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
@@ -93,9 +93,6 @@ public class DecryptFilesFragment extends DecryptFragment {
         mDecryptButton = view.findViewById(R.id.decrypt_file_action_decrypt);
         view.findViewById(R.id.decrypt_file_browse).setOnClickListener(new View.OnClickListener() {
             public void onClick(View v) {
-                // reset state
-                mPassphrase = null;
-                mNfcDecryptedSessionKey = null;
                 if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
                     FileHelper.openDocument(DecryptFilesFragment.this, "*/*", REQUEST_CODE_INPUT);
                 } else {
@@ -207,8 +204,7 @@ public class DecryptFilesFragment extends DecryptFragment {
         data.putInt(KeychainIntentService.TARGET, IOType.URI.ordinal());
         data.putParcelable(KeychainIntentService.ENCRYPT_DECRYPT_OUTPUT_URI, mOutputUri);
 
-//        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
-//        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
 
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
@@ -235,20 +231,6 @@ public class DecryptFilesFragment extends DecryptFragment {
                     DecryptVerifyResult pgpResult =
                             returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
 
-//                    if (pgpResult.isPending()) {
-//                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
-//                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
-//                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
-//                            startPassphraseDialog(Constants.key.symmetric);
-//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
-//                                DecryptVerifyResult.RESULT_PENDING_NFC) {
-//                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
-//                        } else {
-//                            throw new RuntimeException("Unhandled pending result!");
-//                        }
-
                     if (pgpResult.success()) {
 
                         switch (mCurrentCryptoOperation) {
@@ -304,22 +286,6 @@ public class DecryptFilesFragment extends DecryptFragment {
     @Override
     public void onActivityResult(int requestCode, int resultCode, Intent data) {
         switch (requestCode) {
-//            case REQUEST_CODE_PASSPHRASE: {
-//                if (resultCode == Activity.RESULT_OK && data != null) {
-//                    mPassphrase = data.getParcelableExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-////                    decryptOriginalFilename();
-//                }
-//                return;
-//            }
-//
-//            case REQUEST_CODE_NFC_DECRYPT: {
-//                if (resultCode == Activity.RESULT_OK && data != null) {
-//                    mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
-////                    decryptOriginalFilename();
-//                }
-//                return;
-//            }
-
             case REQUEST_CODE_INPUT: {
                 if (resultCode == Activity.RESULT_OK && data != null) {
                     setInputUri(data.getData());
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index 38ad54ad3..f320a6d84 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -19,7 +19,6 @@ package org.sufficientlysecure.keychain.ui;
 
 import android.content.Intent;
 import android.os.Bundle;
-import android.support.v4.app.Fragment;
 import android.view.View;
 import android.widget.ImageView;
 import android.widget.LinearLayout;
@@ -32,14 +31,10 @@ import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils.State;
-import org.sufficientlysecure.keychain.util.Passphrase;
 
 public abstract class DecryptFragment extends CryptoOperationFragment {
     private static final int RESULT_CODE_LOOKUP_KEY = 0x00007006;
 
-//    public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
-//    public static final int REQUEST_CODE_NFC_DECRYPT = 0x00008002;
-
     protected long mSignatureKeyId = 0;
 
     protected LinearLayout mResultLayout;
@@ -56,11 +51,6 @@ public abstract class DecryptFragment extends CryptoOperationFragment {
     protected TextView mSignatureEmail;
     protected TextView mSignatureAction;
 
-
-    // State
-    protected Passphrase mPassphrase;
-    protected byte[] mNfcDecryptedSessionKey;
-
     @Override
     public void onActivityCreated(Bundle savedInstanceState) {
         super.onActivityCreated(savedInstanceState);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
index 086830389..9c6c89c43 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
@@ -17,7 +17,6 @@
 
 package org.sufficientlysecure.keychain.ui;
 
-import android.app.Activity;
 import android.app.ProgressDialog;
 import android.content.Intent;
 import android.os.Bundle;
@@ -30,7 +29,6 @@ import android.widget.Button;
 import android.widget.LinearLayout;
 import android.widget.TextView;
 
-import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
@@ -52,10 +50,7 @@ public class DecryptTextFragment extends DecryptFragment {
     // view
     private LinearLayout mValidLayout;
     private LinearLayout mInvalidLayout;
-    private Button mInvalidButton;
     private TextView mText;
-    private View mShareButton;
-    private View mCopyButton;
 
     // model
     private String mCiphertext;
@@ -82,23 +77,26 @@ public class DecryptTextFragment extends DecryptFragment {
         View view = inflater.inflate(R.layout.decrypt_text_fragment, container, false);
         mValidLayout = (LinearLayout) view.findViewById(R.id.decrypt_text_valid);
         mInvalidLayout = (LinearLayout) view.findViewById(R.id.decrypt_text_invalid);
-        mInvalidButton = (Button) view.findViewById(R.id.decrypt_text_invalid_button);
         mText = (TextView) view.findViewById(R.id.decrypt_text_plaintext);
-        mShareButton = view.findViewById(R.id.action_decrypt_share_plaintext);
-        mCopyButton = view.findViewById(R.id.action_decrypt_copy_plaintext);
-        mShareButton.setOnClickListener(new View.OnClickListener() {
+
+        View vShareButton = view.findViewById(R.id.action_decrypt_share_plaintext);
+        vShareButton.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
                 startActivity(sendWithChooserExcludingEncrypt(mText.getText().toString()));
             }
         });
-        mCopyButton.setOnClickListener(new View.OnClickListener() {
+
+        View vCopyButton = view.findViewById(R.id.action_decrypt_copy_plaintext);
+        vCopyButton.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
                 copyToClipboard(mText.getText().toString());
             }
         });
-        mInvalidButton.setOnClickListener(new View.OnClickListener() {
+
+        Button vInvalidButton = (Button) view.findViewById(R.id.decrypt_text_invalid_button);
+        vInvalidButton.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View v) {
                 mInvalidLayout.setVisibility(View.GONE);
@@ -162,8 +160,7 @@ public class DecryptTextFragment extends DecryptFragment {
         data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
         data.putInt(KeychainIntentService.TARGET, IOType.BYTES.ordinal());
         data.putByteArray(KeychainIntentService.DECRYPT_CIPHERTEXT_BYTES, mCiphertext.getBytes());
-//        data.putParcelable(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
-//        data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
+        data.putParcelable(KeychainIntentService.EXTRA_CRYPTO_INPUT, cryptoInput);
 
         intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
 
@@ -189,19 +186,6 @@ public class DecryptTextFragment extends DecryptFragment {
                     DecryptVerifyResult pgpResult =
                             returnData.getParcelable(DecryptVerifyResult.EXTRA_RESULT);
 
-//                    if (pgpResult.isPending()) {
-//                        if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) ==
-//                                DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE) {
-//                            startPassphraseDialog(pgpResult.getKeyIdPassphraseNeeded());
-//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) ==
-//                                DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE) {
-//                            startPassphraseDialog(Constants.key.symmetric);
-//                        } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
-//                                DecryptVerifyResult.RESULT_PENDING_NFC) {
-//                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
-//                        } else {
-//                            throw new RuntimeException("Unhandled pending result!");
-//                        }
                     if (pgpResult.success()) {
 
                         byte[] decryptedMessage = returnData
@@ -250,34 +234,4 @@ public class DecryptTextFragment extends DecryptFragment {
         getActivity().startService(intent);
     }
 
-//    @Override
-//    public void onActivityResult(int requestCode, int resultCode, Intent data) {
-//        switch (requestCode) {
-//
-//            case REQUEST_CODE_PASSPHRASE: {
-//                if (resultCode == Activity.RESULT_OK && data != null) {
-//                    mPassphrase = data.getParcelableExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
-//                    decryptStart();
-//                } else {
-//                    getActivity().finish();
-//                }
-//                return;
-//            }
-//
-//            case REQUEST_CODE_NFC_DECRYPT: {
-//                if (resultCode == Activity.RESULT_OK && data != null) {
-//                    mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
-//                    decryptStart();
-//                } else {
-//                    getActivity().finish();
-//                }
-//                return;
-//            }
-//
-//            default: {
-//                super.onActivityResult(requestCode, resultCode, data);
-//            }
-//        }
-//    }
-
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index 074e40b22..007608f80 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -97,10 +97,19 @@ public class PassphraseDialogActivity extends FragmentActivity {
             keyId = getIntent().getLongExtra(EXTRA_SUBKEY_ID, 0);
         } else {
             RequiredInputParcel requiredInput = getIntent().getParcelableExtra(EXTRA_REQUIRED_INPUT);
-            if (requiredInput.mType != RequiredInputType.PASSPHRASE) {
-                throw new AssertionError("Wrong required input type for PassphraseDialogActivity!");
+            switch (requiredInput.mType) {
+                case PASSPHRASE_SYMMETRIC: {
+                    keyId = Constants.key.symmetric;
+                    break;
+                }
+                case PASSPHRASE: {
+                    keyId = requiredInput.getSubKeyId();
+                    break;
+                }
+                default: {
+                    throw new AssertionError("Unsupported required input type for PassphraseDialogActivity!");
+                }
             }
-            keyId = requiredInput.getSubKeyId();
         }
 
         Intent serviceIntent = getIntent().getParcelableExtra(EXTRA_SERVICE_INTENT);

From ac3efb8b58eb919c8755d2532a97d61cfd36b5e8 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Wed, 1 Apr 2015 01:23:25 +0200
Subject: [PATCH 48/80] fix PgpEncryptDecryptTest for CryptoInputParcel

---
 .../keychain/pgp/PgpEncryptDecryptTest.java   | 48 +++++++++----------
 1 file changed, 22 insertions(+), 26 deletions(-)

diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
index 5a90af2dc..dabfb008c 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
@@ -37,6 +37,8 @@ import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Passphrase;
@@ -48,7 +50,6 @@ import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
 import java.io.PrintStream;
 import java.security.Security;
-import java.util.Arrays;
 import java.util.HashSet;
 
 @RunWith(RobolectricTestRunner.class)
@@ -142,7 +143,7 @@ public class PgpEncryptDecryptTest {
             b.setSymmetricPassphrase(mPassphrase);
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
 
-            PgpSignEncryptResult result = op.execute(b, data, out);
+            PgpSignEncryptResult result = op.execute(b, new CryptoInputParcel(), data, out);
 
             Assert.assertTrue("encryption must succeed", result.success());
 
@@ -159,8 +160,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application),
                     null, // new DummyPassphraseCache(mPassphrase, 0L),
                     data, out);
-            b.setPassphrase(mPassphrase);
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel(mPassphrase));
             Assert.assertTrue("decryption must succeed", result.success());
             Assert.assertArrayEquals("decrypted ciphertext should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -182,8 +182,8 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application),
                     null, // new DummyPassphraseCache(mPassphrase, 0L),
                     data, out);
-            b.setPassphrase(new Passphrase(Arrays.toString(mPassphrase.getCharArray()) + "x"));
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel(
+                    new Passphrase(new String(mPassphrase.getCharArray()) + "x")));
             Assert.assertFalse("decryption must succeed", result.success());
             Assert.assertEquals("decrypted plaintext should be empty", 0, out.size());
             Assert.assertNull("signature should be an error", result.getSignatureResult());
@@ -200,7 +200,7 @@ public class PgpEncryptDecryptTest {
                     new ProviderHelper(Robolectric.application),
                     null, // new DummyPassphraseCache(mPassphrase, 0L),
                     data, out);
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertFalse("decryption must succeed", result.success());
             Assert.assertEquals("decrypted plaintext should be empty", 0, out.size());
             Assert.assertNull("signature should be an error", result.getSignatureResult());
@@ -226,7 +226,7 @@ public class PgpEncryptDecryptTest {
 
             b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() });
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
-            PgpSignEncryptResult result = op.execute(b, data, out);
+            PgpSignEncryptResult result = op.execute(b, new CryptoInputParcel(), data, out);
             Assert.assertTrue("encryption must succeed", result.success());
 
             ciphertext = out.toByteArray();
@@ -238,10 +238,8 @@ public class PgpEncryptDecryptTest {
             ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
             InputData data = new InputData(in, in.available());
 
-
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out, null, null, null);
-            b.setPassphrase(mKeyPhrase1);
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel(mKeyPhrase1));
             Assert.assertTrue("decryption with provided passphrase must succeed", result.success());
             Assert.assertArrayEquals("decrypted ciphertext with provided passphrase should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -264,7 +262,7 @@ public class PgpEncryptDecryptTest {
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
                     mKeyPhrase1, mStaticRing1.getMasterKeyId(), null);
 
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertTrue("decryption with cached passphrase must succeed", result.success());
             Assert.assertArrayEquals("decrypted ciphertext with cached passphrase  should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -279,11 +277,11 @@ public class PgpEncryptDecryptTest {
 
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
                     null, mStaticRing1.getMasterKeyId(), null);
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertFalse("decryption with no passphrase must return pending", result.success());
             Assert.assertTrue("decryption with no passphrase should return pending", result.isPending());
             Assert.assertEquals("decryption with no passphrase should return pending passphrase",
-                    DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE, result.getResult());
+                    RequiredInputType.PASSPHRASE, result.getRequiredInputParcel().mType);
         }
 
     }
@@ -310,7 +308,7 @@ public class PgpEncryptDecryptTest {
             });
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
 
-            PgpSignEncryptResult result = op.execute(b, data, out);
+            PgpSignEncryptResult result = op.execute(b, new CryptoInputParcel(), data, out);
             Assert.assertTrue("encryption must succeed", result.success());
 
             ciphertext = out.toByteArray();
@@ -325,7 +323,7 @@ public class PgpEncryptDecryptTest {
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
                     mKeyPhrase1, mStaticRing1.getMasterKeyId(), null);
 
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success());
             Assert.assertArrayEquals("decrypted ciphertext with cached passphrase  should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -343,7 +341,7 @@ public class PgpEncryptDecryptTest {
             InputData data = new InputData(in, in.available());
 
             // allow only the second to decrypt
-            HashSet<Long> allowed = new HashSet<Long>();
+            HashSet<Long> allowed = new HashSet<>();
             allowed.add(mStaticRing2.getMasterKeyId());
 
             // provide passphrase for the second, and check that the first is never asked for!
@@ -351,7 +349,7 @@ public class PgpEncryptDecryptTest {
                     mKeyPhrase2, mStaticRing2.getMasterKeyId(), null);
             b.setAllowedKeyIds(allowed);
 
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success());
             Assert.assertArrayEquals("decrypted ciphertext with cached passphrase  should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -372,7 +370,7 @@ public class PgpEncryptDecryptTest {
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
                     mKeyPhrase2, mStaticRing2.getMasterKeyId(), null);
 
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertTrue("decryption with cached passphrase must succeed", result.success());
             Assert.assertArrayEquals("decrypted ciphertext with cached passphrase  should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -403,10 +401,9 @@ public class PgpEncryptDecryptTest {
             });
             b.setSignatureMasterKeyId(mStaticRing1.getMasterKeyId());
             b.setSignatureSubKeyId(KeyringTestingHelper.getSubkeyId(mStaticRing1, 1));
-            b.setSignaturePassphrase(mKeyPhrase1);
             b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
 
-            PgpSignEncryptResult result = op.execute(b, data, out);
+            PgpSignEncryptResult result = op.execute(b, new CryptoInputParcel(mKeyPhrase1), data, out);
             Assert.assertTrue("encryption must succeed", result.success());
 
             ciphertext = out.toByteArray();
@@ -421,7 +418,7 @@ public class PgpEncryptDecryptTest {
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
                     mKeyPhrase1, mStaticRing1.getMasterKeyId(), null);
 
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success());
             Assert.assertArrayEquals("decrypted ciphertext with cached passphrase  should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -447,7 +444,7 @@ public class PgpEncryptDecryptTest {
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
                     mKeyPhrase2, mStaticRing2.getMasterKeyId(), null);
 
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
             Assert.assertTrue("decryption with cached passphrase must succeed", result.success());
             Assert.assertArrayEquals("decrypted ciphertext with cached passphrase  should equal plaintext",
                     out.toByteArray(), plaintext.getBytes());
@@ -484,7 +481,7 @@ public class PgpEncryptDecryptTest {
             // this only works with ascii armored output!
             b.setEnableAsciiArmorOutput(true);
             b.setCharset("iso-2022-jp");
-            PgpSignEncryptResult result = op.execute(b, data, out);
+            PgpSignEncryptResult result = op.execute(b, new CryptoInputParcel(), data, out);
             Assert.assertTrue("encryption must succeed", result.success());
 
             ciphertext = out.toByteArray();
@@ -497,8 +494,7 @@ public class PgpEncryptDecryptTest {
             InputData data = new InputData(in, in.available());
 
             PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out, null, null, null);
-            b.setPassphrase(mKeyPhrase1);
-            DecryptVerifyResult result = b.build().execute();
+            DecryptVerifyResult result = b.build().execute(new CryptoInputParcel(mKeyPhrase1));
             Assert.assertTrue("decryption with provided passphrase must succeed", result.success());
             Assert.assertArrayEquals("decrypted ciphertext should equal plaintext bytes",
                     out.toByteArray(), plaindata);

From 8e5d0d1682bf0478b2df8e44c6d184a14cbd4ead Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sat, 4 Apr 2015 19:01:03 +0200
Subject: [PATCH 49/80] Fix nullpointer with Intent API, fix clearing of
 encrypt file list, notify when adding a range of input uris

---
 .../keychain/ui/EncryptFilesFragment.java                 | 5 ++---
 .../keychain/ui/EncryptTextFragment.java                  | 8 +++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index f85bd707b..ddced7cce 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -390,8 +390,6 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
             });
             deleteFileDialog.show(getActivity().getSupportFragmentManager(), "deleteDialog");
-
-            mFilesModels.clear();
         } else {
             if (mShareAfterEncrypt) {
                 // Share encrypted message/file
@@ -724,6 +722,7 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
 
         public void addAll(ArrayList<Uri> inputUris) {
             if (inputUris != null) {
+                int startIndex = mDataset.size();
                 for (Uri inputUri : inputUris) {
                     ViewModel newModel = new ViewModel(mActivity, inputUri);
                     if (mDataset.contains(newModel)) {
@@ -732,8 +731,8 @@ public class EncryptFilesFragment extends CryptoOperationFragment {
                         mDataset.add(newModel);
                     }
                 }
+                notifyItemRangeInserted(startIndex, mDataset.size() - startIndex);
             }
-            // TODO: notifyItemInserted?
         }
 
         public void remove(ViewModel model) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
index fecc9ef52..47645099d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
@@ -123,9 +123,6 @@ public class EncryptTextFragment extends CryptoOperationFragment {
     public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
         View view = inflater.inflate(R.layout.encrypt_text_fragment, container, false);
 
-        if (mMessage != null) {
-            mText.setText(mMessage);
-        }
         mText = (TextView) view.findViewById(R.id.encrypt_text_text);
         mText.addTextChangedListener(new TextWatcher() {
             @Override
@@ -144,6 +141,11 @@ public class EncryptTextFragment extends CryptoOperationFragment {
             }
         });
 
+        // set initial text
+        if (mMessage != null) {
+            mText.setText(mMessage);
+        }
+
         return view;
     }
 

From a4674807173bd32dd4f954893684ee7c88598454 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 7 Apr 2015 13:49:34 +0200
Subject: [PATCH 50/80] Fix signing subkey selection in remote service

---
 .../operations/SignEncryptOperation.java      |  1 +
 .../keychain/remote/OpenPgpService.java       | 71 +++++++++++++------
 2 files changed, 52 insertions(+), 20 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
index d718d231e..651d15e8f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java
@@ -77,6 +77,7 @@ public class SignEncryptOperation extends BaseOperation {
 
         NfcSignOperationsBuilder pendingInputBuilder = null;
 
+        // if signing subkey has not explicitly been set, get first usable subkey capable of signing
         if (input.getSignatureMasterKeyId() != Constants.key.none
                 && input.getSignatureSubKeyId() == null) {
             try {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 98ddaaf27..9a8f5c522 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -36,11 +36,12 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
+import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
-import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAccounts;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
@@ -162,7 +163,7 @@ public class OpenPgpService extends RemoteService {
     }
 
     private static PendingIntent getRequiredInputPendingIntent(Context context,
-            Intent data, RequiredInputParcel requiredInput) {
+                                                               Intent data, RequiredInputParcel requiredInput) {
 
         switch (requiredInput.mType) {
             case NFC_DECRYPT:
@@ -221,15 +222,35 @@ public class OpenPgpService extends RemoteService {
         try {
             boolean asciiArmor = cleartextSign || data.getBooleanExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true);
 
+            // sign-only
+            PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
+                    .setEnableAsciiArmorOutput(asciiArmor)
+                    .setCleartextSignature(cleartextSign)
+                    .setDetachedSignature(!cleartextSign)
+                    .setVersionHeader(null)
+                    .setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED);
+
             Intent signKeyIdIntent = getSignKeyMasterId(data);
             // NOTE: Fallback to return account settings (Old API)
             if (signKeyIdIntent.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR)
                     == OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED) {
                 return signKeyIdIntent;
             }
+
             long signKeyId = signKeyIdIntent.getLongExtra(OpenPgpApi.EXTRA_SIGN_KEY_ID, Constants.key.none);
             if (signKeyId == Constants.key.none) {
-                Log.e(Constants.TAG, "No signing key given!");
+                throw new Exception("No signing key given");
+            } else {
+                pseInput.setSignatureMasterKeyId(signKeyId);
+
+                // get first usable subkey capable of signing
+                try {
+                    long signSubKeyId = mProviderHelper.getCachedPublicKeyRing(
+                            pseInput.getSignatureMasterKeyId()).getSecretSignId();
+                    pseInput.setSignatureSubKeyId(signSubKeyId);
+                } catch (PgpKeyNotFoundException e) {
+                    throw new Exception("signing subkey not found!", e);
+                }
             }
 
             // Get Input- and OutputStream from ParcelFileDescriptor
@@ -243,20 +264,14 @@ public class OpenPgpService extends RemoteService {
             InputData inputData = new InputData(is, inputLength);
 
             CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
+            if (cryptoInput == null) {
+                cryptoInput = new CryptoInputParcel();
+            }
             if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
                 cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
-                        new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
+                        new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
             }
 
-            // sign-only
-            PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
-                    .setEnableAsciiArmorOutput(asciiArmor)
-                    .setCleartextSignature(cleartextSign)
-                    .setDetachedSignature(!cleartextSign)
-                    .setVersionHeader(null)
-                    .setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
-                    .setSignatureMasterKeyId(signKeyId);
-
             // execute PGP operation!
             PgpSignEncryptOperation pse = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
             PgpSignEncryptResult pgpResult = pse.execute(pseInput, cryptoInput, inputData, os);
@@ -369,19 +384,32 @@ public class OpenPgpService extends RemoteService {
                 }
                 long signKeyId = signKeyIdIntent.getLongExtra(OpenPgpApi.EXTRA_SIGN_KEY_ID, Constants.key.none);
                 if (signKeyId == Constants.key.none) {
-                    Log.e(Constants.TAG, "No signing key given!");
+                    throw new Exception("No signing key given");
+                } else {
+                    pseInput.setSignatureMasterKeyId(signKeyId);
+
+                    // get first usable subkey capable of signing
+                    try {
+                        long signSubKeyId = mProviderHelper.getCachedPublicKeyRing(
+                                pseInput.getSignatureMasterKeyId()).getSecretSignId();
+                        pseInput.setSignatureSubKeyId(signSubKeyId);
+                    } catch (PgpKeyNotFoundException e) {
+                        throw new Exception("signing subkey not found!", e);
+                    }
                 }
 
                 // sign and encrypt
                 pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
-                        .setSignatureMasterKeyId(signKeyId)
                         .setAdditionalEncryptId(signKeyId); // add sign key for encryption
             }
 
             CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
+            if (cryptoInput == null) {
+                cryptoInput = new CryptoInputParcel();
+            }
             if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
                 cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
-                        new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
+                        new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
             }
 
             PgpSignEncryptOperation op = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
@@ -464,9 +492,12 @@ public class OpenPgpService extends RemoteService {
             );
 
             CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
+            if (cryptoInput == null) {
+                cryptoInput = new CryptoInputParcel();
+            }
             if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
                 cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
-                        new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
+                        new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
             }
 
             byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
@@ -474,9 +505,9 @@ public class OpenPgpService extends RemoteService {
             // allow only private keys associated with accounts of this app
             // no support for symmetric encryption
             builder.setAllowSymmetricDecryption(false)
-                   .setAllowedKeyIds(allowedKeyIds)
-                   .setDecryptMetadataOnly(decryptMetadataOnly)
-                   .setDetachedSignature(detachedSignature);
+                    .setAllowedKeyIds(allowedKeyIds)
+                    .setDecryptMetadataOnly(decryptMetadataOnly)
+                    .setDetachedSignature(detachedSignature);
 
             DecryptVerifyResult pgpResult = builder.build().execute(cryptoInput);
 

From 13332bc28dd0d85c28c9f66b2d871aac68293db0 Mon Sep 17 00:00:00 2001
From: Adithya Abraham Philip <adithyaphilip@gmail.com>
Date: Tue, 7 Apr 2015 22:59:31 +0530
Subject: [PATCH 51/80] linked system contact auto-refresh added, fixed contact
 image issue

---
 .../keychain/ui/ViewKeyFragment.java          | 90 ++++++++++++++-----
 .../keychain/util/ContactHelper.java          | 53 +++++++----
 2 files changed, 105 insertions(+), 38 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java
index c3a8d60f8..ce353f82e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java
@@ -55,7 +55,6 @@ public class ViewKeyFragment extends LoaderFragment implements
     //private ListView mLinkedSystemContact;
 
     boolean mIsSecret = false;
-    boolean mSystemContactLoaded = false;
 
     LinearLayout mSystemContactLayout;
     ImageView mSystemContactPicture;
@@ -63,6 +62,12 @@ public class ViewKeyFragment extends LoaderFragment implements
 
     private static final int LOADER_ID_UNIFIED = 0;
     private static final int LOADER_ID_USER_IDS = 1;
+    private static final int LOADER_ID_LINKED_CONTACT = 2;
+
+    private static final String LOADER_LINKED_CONTACT_MASTER_KEY_ID
+            = "loader_linked_contact_master_key_id";
+    private static final String LOADER_LINKED_CONTACT_IS_SECRET
+            = "loader_linked_contact_is_secret";
 
     private UserIdsAdapter mUserIdsAdapter;
 
@@ -119,28 +124,25 @@ public class ViewKeyFragment extends LoaderFragment implements
     }
 
     /**
-     * Checks if a system contact exists for given masterKeyId, and if it does, sets name, picture
-     * and onClickListener for the linked system contact's layout
-     * In the case of a secret key, "me" contact details are loaded
+     * Expects to be called only if a linked system contact exists. Sets name, picture
+     * and onClickListener for the linked system contact's layout.
+     * In the case of a secret key, "me" contact details are loaded.
      *
-     * @param masterKeyId
+     * @param contactId
      */
-    private void loadLinkedSystemContact(final long masterKeyId) {
+    private void loadLinkedSystemContact(final long contactId) {
+
         final Context context = mSystemContactName.getContext();
         final ContentResolver resolver = context.getContentResolver();
 
-        long contactId;
         String contactName = null;
 
         if (mIsSecret) {//all secret keys are linked to "me" profile in contacts
-            contactId = ContactHelper.getMainProfileContactId(resolver);
             List<String> mainProfileNames = ContactHelper.getMainProfileContactName(context);
             if (mainProfileNames != null && mainProfileNames.size() > 0) {
                 contactName = mainProfileNames.get(0);
             }
-
         } else {
-            contactId = ContactHelper.findContactId(resolver, masterKeyId);
             contactName = ContactHelper.getContactName(resolver, contactId);
         }
 
@@ -151,18 +153,16 @@ public class ViewKeyFragment extends LoaderFragment implements
             if (mIsSecret) {
                 picture = ContactHelper.loadMainProfilePhoto(resolver, false);
             } else {
-                picture = ContactHelper.loadPhotoByMasterKeyId(resolver, masterKeyId, false);
+                picture = ContactHelper.loadPhotoByContactId(resolver, contactId, false);
             }
             if (picture != null) mSystemContactPicture.setImageBitmap(picture);
 
-            final long finalContactId = contactId;
             mSystemContactLayout.setOnClickListener(new View.OnClickListener() {
                 @Override
                 public void onClick(View v) {
-                    launchContactActivity(finalContactId, context);
+                    launchContactActivity(contactId, context);
                 }
             });
-            mSystemContactLoaded = true;
         }
     }
 
@@ -195,7 +195,6 @@ public class ViewKeyFragment extends LoaderFragment implements
         loadData(dataUri);
     }
 
-
     // These are the rows that we will retrieve.
     static final String[] UNIFIED_PROJECTION = new String[]{
             KeychainContract.KeyRings._ID,
@@ -218,6 +217,12 @@ public class ViewKeyFragment extends LoaderFragment implements
     static final int INDEX_FINGERPRINT = 7;
     static final int INDEX_HAS_ENCRYPT = 8;
 
+    private static final String[] RAWCONTACT_PROJECTION = {
+            ContactsContract.RawContacts.CONTACT_ID
+    };
+
+    private static final int INDEX_CONTACT_ID = 0;
+
     private void loadData(Uri dataUri) {
         mDataUri = dataUri;
 
@@ -241,6 +246,33 @@ public class ViewKeyFragment extends LoaderFragment implements
             case LOADER_ID_USER_IDS:
                 return UserIdsAdapter.createLoader(getActivity(), mDataUri);
 
+            //we need a separate loader for linked contact to ensure refreshing on verification
+            case LOADER_ID_LINKED_CONTACT: {
+                //passed in args to explicitly specify their need
+                long masterKeyId = args.getLong(LOADER_LINKED_CONTACT_MASTER_KEY_ID);
+                boolean isSecret = args.getBoolean(LOADER_LINKED_CONTACT_IS_SECRET);
+
+                Uri baseUri;
+                if (isSecret)
+                    baseUri = ContactsContract.Profile.CONTENT_RAW_CONTACTS_URI;
+                else
+                    baseUri = ContactsContract.RawContacts.CONTENT_URI;
+
+                return new CursorLoader(
+                        getActivity(),
+                        baseUri,
+                        RAWCONTACT_PROJECTION,
+                        ContactsContract.RawContacts.ACCOUNT_TYPE + "=? AND " +
+                                ContactsContract.RawContacts.SOURCE_ID + "=? AND " +
+                                ContactsContract.RawContacts.DELETED + "=?",
+                        new String[]{//"0" for "not deleted"
+                                Constants.ACCOUNT_TYPE,
+                                Long.toString(masterKeyId),
+                                "0"
+                        },
+                        null);
+            }
+
             default:
                 return null;
         }
@@ -263,16 +295,26 @@ public class ViewKeyFragment extends LoaderFragment implements
 
                     mIsSecret = data.getInt(INDEX_HAS_ANY_SECRET) != 0;
 
-                    //TODO system to allow immediate refreshing of system contact on verification
-                    if (!mSystemContactLoaded) {//ensure we load linked system contact only once
-                        long masterKeyId = data.getLong(INDEX_MASTER_KEY_ID);
-                        loadLinkedSystemContact(masterKeyId);
-                    }
                     // load user ids after we know if it's a secret key
                     mUserIdsAdapter = new UserIdsAdapter(getActivity(), null, 0, !mIsSecret, null);
                     mUserIds.setAdapter(mUserIdsAdapter);
                     getLoaderManager().initLoader(LOADER_ID_USER_IDS, null, this);
 
+                    long masterKeyId = data.getLong(INDEX_MASTER_KEY_ID);
+                    // we need to load linked contact here to prevent lag introduced by loader
+                    // for the linked contact
+                    long contactId = ContactHelper.findContactId(
+                            getActivity().getContentResolver(),
+                            masterKeyId);
+                    loadLinkedSystemContact(contactId);
+
+                    Bundle linkedContactData = new Bundle();
+                    linkedContactData.putLong(LOADER_LINKED_CONTACT_MASTER_KEY_ID, masterKeyId);
+                    linkedContactData.putBoolean(LOADER_LINKED_CONTACT_IS_SECRET, mIsSecret);
+
+                    // initialises loader for contact query so we can listen to any updates
+                    getLoaderManager().initLoader(LOADER_ID_LINKED_CONTACT, linkedContactData, this);
+
                     break;
                 }
             }
@@ -282,6 +324,14 @@ public class ViewKeyFragment extends LoaderFragment implements
                 break;
             }
 
+            case LOADER_ID_LINKED_CONTACT: {
+                if (data.moveToFirst()) {// if we have a linked contact
+                    long contactId = data.getLong(INDEX_CONTACT_ID);
+                    loadLinkedSystemContact(contactId);
+                }
+                break;
+            }
+
         }
         setContentShown(true);
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java
index c782d2507..45e026171 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java
@@ -27,6 +27,7 @@ import android.database.Cursor;
 import android.graphics.Bitmap;
 import android.graphics.BitmapFactory;
 import android.net.Uri;
+import android.os.Build;
 import android.provider.ContactsContract;
 import android.util.Patterns;
 
@@ -220,15 +221,14 @@ public class ContactHelper {
      */
     public static long getMainProfileContactId(ContentResolver resolver) {
         Cursor profileCursor = resolver.query(ContactsContract.Profile.CONTENT_URI,
-                new String[]{ ContactsContract.Profile._ID}, null, null, null);
+                new String[]{ContactsContract.Profile._ID}, null, null, null);
 
-        if(profileCursor != null && profileCursor.getCount() != 0 && profileCursor.moveToNext()) {
+        if (profileCursor != null && profileCursor.getCount() != 0 && profileCursor.moveToNext()) {
             long contactId = profileCursor.getLong(0);
             profileCursor.close();
             return contactId;
-        }
-        else {
-            if(profileCursor != null) {
+        } else {
+            if (profileCursor != null) {
                 profileCursor.close();
             }
             return -1;
@@ -330,7 +330,9 @@ public class ContactHelper {
                         ContactsContract.RawContacts.SOURCE_ID + "=? AND " +
                         ContactsContract.RawContacts.DELETED + "=?",
                 new String[]{//"0" for "not deleted"
-                        Constants.ACCOUNT_TYPE, Long.toString(masterKeyId), "0"
+                        Constants.ACCOUNT_TYPE,
+                        Long.toString(masterKeyId),
+                        "0"
                 }, null);
         if (raw != null) {
             if (raw.moveToNext()) {
@@ -385,23 +387,38 @@ public class ContactHelper {
             return null;
         }
         try {
-            long rawContactId = findRawContactId(contentResolver, masterKeyId);
-            if (rawContactId == -1) {
-                return null;
-            }
-            Uri rawContactUri = ContentUris.withAppendedId(ContactsContract.RawContacts.CONTENT_URI, rawContactId);
-            Uri contactUri = ContactsContract.RawContacts.getContactLookupUri(contentResolver, rawContactUri);
-            InputStream photoInputStream =
-                    ContactsContract.Contacts.openContactPhotoInputStream(contentResolver, contactUri, highRes);
-            if (photoInputStream == null) {
-                return null;
-            }
-            return BitmapFactory.decodeStream(photoInputStream);
+            long contactId = findContactId(contentResolver, masterKeyId);
+            return loadPhotoByContactId(contentResolver, contactId, highRes);
+
         } catch (Throwable ignored) {
             return null;
         }
     }
 
+    public static Bitmap loadPhotoByContactId(ContentResolver contentResolver, long contactId,
+                                              boolean highRes) {
+        if (contactId == -1) {
+            return null;
+        }
+        Uri contactUri = ContentUris.withAppendedId(ContactsContract.Contacts.CONTENT_URI, contactId);
+        // older android versions (tested on API level 15) fail on lookupuris being passed to
+        // openContactPhotoInputStream
+        // http://stackoverflow.com/a/21214524/3000919
+        // Uri lookupUri = ContactsContract.Contacts.getLookupUri(contentResolver, contactUri);
+        // also, we aren't storing the contact image for long term use. Hence it is okay to use
+        // contactUri.
+
+        InputStream photoInputStream = ContactsContract.Contacts.openContactPhotoInputStream(
+                contentResolver,
+                contactUri,
+                highRes);
+
+        if (photoInputStream == null) {
+            return null;
+        }
+        return BitmapFactory.decodeStream(photoInputStream);
+    }
+
     public static final String[] KEYS_TO_CONTACT_PROJECTION = new String[]{
             KeychainContract.KeyRings.MASTER_KEY_ID,
             KeychainContract.KeyRings.USER_ID,

From 083cd100cebbbfdca3a0df76e050b817d8711cd8 Mon Sep 17 00:00:00 2001
From: Adithya Abraham Philip <adithyaphilip@gmail.com>
Date: Wed, 8 Apr 2015 00:58:21 +0530
Subject: [PATCH 52/80] hide linked system contact card if no contact present

---
 .../keychain/ui/ViewKeyFragment.java          | 32 +++++++++++++------
 .../keychain/util/ContactHelper.java          |  4 +--
 .../src/main/res/layout/view_key_fragment.xml |  1 +
 3 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java
index ce353f82e..1e02ca450 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java
@@ -29,6 +29,7 @@ import android.provider.ContactsContract;
 import android.support.v4.app.LoaderManager;
 import android.support.v4.content.CursorLoader;
 import android.support.v4.content.Loader;
+import android.support.v7.widget.CardView;
 import android.view.LayoutInflater;
 import android.view.View;
 import android.view.ViewGroup;
@@ -37,7 +38,6 @@ import android.widget.*;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
-import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.ui.adapter.UserIdsAdapter;
 import org.sufficientlysecure.keychain.ui.dialog.UserIdInfoDialogFragment;
@@ -56,6 +56,7 @@ public class ViewKeyFragment extends LoaderFragment implements
 
     boolean mIsSecret = false;
 
+    CardView mSystemContactCard;
     LinearLayout mSystemContactLayout;
     ImageView mSystemContactPicture;
     TextView mSystemContactName;
@@ -64,9 +65,9 @@ public class ViewKeyFragment extends LoaderFragment implements
     private static final int LOADER_ID_USER_IDS = 1;
     private static final int LOADER_ID_LINKED_CONTACT = 2;
 
-    private static final String LOADER_LINKED_CONTACT_MASTER_KEY_ID
+    private static final String LOADER_EXTRA_LINKED_CONTACT_MASTER_KEY_ID
             = "loader_linked_contact_master_key_id";
-    private static final String LOADER_LINKED_CONTACT_IS_SECRET
+    private static final String LOADER_EXTRA_LINKED_CONTACT_IS_SECRET
             = "loader_linked_contact_is_secret";
 
     private UserIdsAdapter mUserIdsAdapter;
@@ -100,6 +101,7 @@ public class ViewKeyFragment extends LoaderFragment implements
             }
         });
 
+        mSystemContactCard = (CardView) view.findViewById(R.id.linked_system_contact_card);
         mSystemContactLayout = (LinearLayout) view.findViewById(R.id.system_contact_layout);
         mSystemContactName = (TextView) view.findViewById(R.id.system_contact_name);
         mSystemContactPicture = (ImageView) view.findViewById(R.id.system_contact_picture);
@@ -124,9 +126,9 @@ public class ViewKeyFragment extends LoaderFragment implements
     }
 
     /**
-     * Expects to be called only if a linked system contact exists. Sets name, picture
+     * Hides card if no linked system contact exists. Sets name, picture
      * and onClickListener for the linked system contact's layout.
-     * In the case of a secret key, "me" contact details are loaded.
+     * In the case of a secret key, "me" (own profile) contact details are loaded.
      *
      * @param contactId
      */
@@ -147,6 +149,8 @@ public class ViewKeyFragment extends LoaderFragment implements
         }
 
         if (contactName != null) {//contact name exists for given master key
+            showLinkedSystemContact();
+
             mSystemContactName.setText(contactName);
 
             Bitmap picture;
@@ -163,9 +167,19 @@ public class ViewKeyFragment extends LoaderFragment implements
                     launchContactActivity(contactId, context);
                 }
             });
+        } else {
+            hideLinkedSystemContact();
         }
     }
 
+    private void hideLinkedSystemContact() {
+        mSystemContactCard.setVisibility(View.GONE);
+    }
+
+    private void showLinkedSystemContact() {
+        mSystemContactCard.setVisibility(View.VISIBLE);
+    }
+
     /**
      * launches the default android Contacts app to view a contact with the passed
      * contactId (CONTACT_ID column from ContactsContract.RawContact table which is _ID column in
@@ -249,8 +263,8 @@ public class ViewKeyFragment extends LoaderFragment implements
             //we need a separate loader for linked contact to ensure refreshing on verification
             case LOADER_ID_LINKED_CONTACT: {
                 //passed in args to explicitly specify their need
-                long masterKeyId = args.getLong(LOADER_LINKED_CONTACT_MASTER_KEY_ID);
-                boolean isSecret = args.getBoolean(LOADER_LINKED_CONTACT_IS_SECRET);
+                long masterKeyId = args.getLong(LOADER_EXTRA_LINKED_CONTACT_MASTER_KEY_ID);
+                boolean isSecret = args.getBoolean(LOADER_EXTRA_LINKED_CONTACT_IS_SECRET);
 
                 Uri baseUri;
                 if (isSecret)
@@ -309,8 +323,8 @@ public class ViewKeyFragment extends LoaderFragment implements
                     loadLinkedSystemContact(contactId);
 
                     Bundle linkedContactData = new Bundle();
-                    linkedContactData.putLong(LOADER_LINKED_CONTACT_MASTER_KEY_ID, masterKeyId);
-                    linkedContactData.putBoolean(LOADER_LINKED_CONTACT_IS_SECRET, mIsSecret);
+                    linkedContactData.putLong(LOADER_EXTRA_LINKED_CONTACT_MASTER_KEY_ID, masterKeyId);
+                    linkedContactData.putBoolean(LOADER_EXTRA_LINKED_CONTACT_IS_SECRET, mIsSecret);
 
                     // initialises loader for contact query so we can listen to any updates
                     getLoaderManager().initLoader(LOADER_ID_LINKED_CONTACT, linkedContactData, this);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java
index 45e026171..609288bf1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ContactHelper.java
@@ -27,7 +27,6 @@ import android.database.Cursor;
 import android.graphics.Bitmap;
 import android.graphics.BitmapFactory;
 import android.net.Uri;
-import android.os.Build;
 import android.provider.ContactsContract;
 import android.util.Patterns;
 
@@ -405,8 +404,7 @@ public class ContactHelper {
         // openContactPhotoInputStream
         // http://stackoverflow.com/a/21214524/3000919
         // Uri lookupUri = ContactsContract.Contacts.getLookupUri(contentResolver, contactUri);
-        // also, we aren't storing the contact image for long term use. Hence it is okay to use
-        // contactUri.
+        // Also, we don't need a permanent shortcut to the contact since we load it afresh each time
 
         InputStream photoInputStream = ContactsContract.Contacts.openContactPhotoInputStream(
                 contentResolver,
diff --git a/OpenKeychain/src/main/res/layout/view_key_fragment.xml b/OpenKeychain/src/main/res/layout/view_key_fragment.xml
index 454d5f9c7..a71eb5880 100644
--- a/OpenKeychain/src/main/res/layout/view_key_fragment.xml
+++ b/OpenKeychain/src/main/res/layout/view_key_fragment.xml
@@ -46,6 +46,7 @@
             android:layout_gravity="center"
             android:layout_width="match_parent"
             android:layout_height="wrap_content"
+            android:visibility="gone"
             card_view:cardBackgroundColor="@android:color/white"
             card_view:cardElevation="2dp"
             card_view:cardUseCompatPadding="true"

From 702a77ccd1357dce5bd212b9761bec5044ec1280 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 10 Apr 2015 15:16:13 +0200
Subject: [PATCH 53/80] Externalize Parcelable caching

---
 .../operations/results/OperationResult.java   | 70 +++-----------
 .../keychain/util/ParcelableCache.java        | 95 +++++++++++++++++++
 2 files changed, 106 insertions(+), 59 deletions(-)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 55d5d974a..094afd4a5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -33,75 +33,33 @@ import org.sufficientlysecure.keychain.ui.util.Notify.Showable;
 import org.sufficientlysecure.keychain.ui.util.Notify.Style;
 import org.sufficientlysecure.keychain.util.IterableIterator;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.ParcelableCache;
 
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
 
-/** Represent the result of an operation.
+/**
+ * Represent the result of an operation.
  *
  * This class holds a result and the log of an operation. It can be subclassed
  * to include typed additional information specific to the operation. To keep
  * the class structure (somewhat) simple, this class contains an exhaustive
  * list (ie, enum) of all possible log types, which should in all cases be tied
  * to string resource ids.
- *
  */
 public abstract class OperationResult implements Parcelable {
 
     public static final String EXTRA_RESULT = "operation_result";
-    public static final UUID NULL_UUID = new UUID(0,0);
 
     /**
-     * A HashMap of UUID:OperationLog which contains logs that we don't need
-     * to care about. This is used such that when we become parceled, we are
-     * well below the 1Mbit boundary that is specified.
+     * Instead of parceling the logs, they are cached to overcome the 1 MB boundary of
+     * Android's Binder. See ParcelableCache
      */
-    private static ConcurrentHashMap<UUID, OperationLog> dehydratedLogs;
+    private static ParcelableCache<OperationLog> logCache;
     static {
-        // Static initializer for ConcurrentHashMap
-        dehydratedLogs = new ConcurrentHashMap<UUID,OperationLog>();
-    }
-
-    /**
-     * Dehydrate a log (such that it is available after deparcelization)
-     *
-     * Returns the NULL uuid (0) if you hand it null.
-     * @param log An OperationLog to dehydrate
-     * @return a UUID, the ticket for your dehydrated log
-     *
-     */
-    private static UUID dehydrateLog(OperationLog log) {
-        if(log == null) {
-            return NULL_UUID;
-        }
-        else {
-            UUID ticket = UUID.randomUUID();
-            dehydratedLogs.put(ticket, log);
-            return ticket;
-        }
-    }
-
-    /***
-     * Rehydrate a log after going through parcelization, invalidating its place in the
-     * dehydration pool.
-     * This is used such that when parcelized, the parcel is no larger than 1mbit.
-     * @param ticket A UUID ticket that identifies the log in question.
-     * @return An OperationLog.
-     */
-    private static OperationLog rehydrateLog(UUID ticket) {
-        // UUID.equals isn't well documented; we use compareTo instead.
-        if( NULL_UUID.compareTo(ticket) == 0 ) {
-            return null;
-        }
-        else {
-            OperationLog log = dehydratedLogs.get(ticket);
-            dehydratedLogs.remove(ticket);
-            return log;
-        }
+        logCache = new ParcelableCache<>();
     }
 
     /** Holds the overall result, the number specifying varying degrees of success:
@@ -126,11 +84,8 @@ public abstract class OperationResult implements Parcelable {
 
     public OperationResult(Parcel source) {
         mResult = source.readInt();
-        long mostSig = source.readLong();
-        long leastSig = source.readLong();
-        UUID mTicket = new UUID(mostSig, leastSig);
-        // fetch the dehydrated log out of storage (this removes it from the dehydration pool)
-        mLog = rehydrateLog(mTicket);
+        // get log out of cache based on UUID from source
+        mLog = logCache.readFromParcelAndGetFromCache(source);
     }
 
     public int getResult() {
@@ -813,11 +768,8 @@ public abstract class OperationResult implements Parcelable {
     @Override
     public void writeToParcel(Parcel dest, int flags) {
         dest.writeInt(mResult);
-        // Get a ticket for our log.
-        UUID mTicket = dehydrateLog(mLog);
-        // And write out the UUID most and least significant bits.
-        dest.writeLong(mTicket.getMostSignificantBits());
-        dest.writeLong(mTicket.getLeastSignificantBits());
+        // cache log and write UUID to dest
+        logCache.cacheAndWriteToParcel(mLog, dest);
     }
 
     public static class OperationLog implements Iterable<LogEntryParcel> {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
new file mode 100644
index 000000000..4d723cb30
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.util;
+
+import android.os.Parcel;
+
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * If Parcelables are above 1 MB, Android OS fails to send them via the Binder IPC:
+ * JavaBinder  E  !!! FAILED BINDER TRANSACTION !!!
+ * To overcome this issue this class allows to cache Parcelables, mapped by unique UUIDs,
+ * which are written to the parcel instead of the whole Parcelable.
+ */
+public class ParcelableCache<E extends Object> {
+
+    private static final UUID NULL_UUID = new UUID(0, 0);
+
+    /**
+     * A HashMap of UUID:Object
+     * This is used such that when we become parceled, we are
+     * well below the 1 MB boundary that is specified.
+     */
+    private ConcurrentHashMap<UUID, E> dehydratedLogs = new ConcurrentHashMap<>();
+
+    /**
+     * Dehydrate a Parcelable (such that it is available after deparcelization)
+     * Returns the NULL uuid (0) if you hand it null.
+     *
+     * @param parcelable A Parcelable to dehydrate
+     * @return a UUID, the ticket for your dehydrated Parcelable
+     */
+    private UUID dehydrateParcelable(E parcelable) {
+        if (parcelable == null) {
+            return NULL_UUID;
+        } else {
+            UUID ticket = UUID.randomUUID();
+            dehydratedLogs.put(ticket, parcelable);
+            return ticket;
+        }
+    }
+
+    /**
+     * Rehydrate a Parcelable after going through parcelization,
+     * invalidating its place in the dehydration pool.
+     * This is used such that when parcelized, the Parcelable is no larger than 1 MB.
+     *
+     * @param ticket A UUID ticket that identifies the log in question.
+     * @return An OperationLog.
+     */
+    private E rehydrateParcelable(UUID ticket) {
+        // UUID.equals isn't well documented; we use compareTo instead.
+        if (NULL_UUID.compareTo(ticket) == 0) {
+            return null;
+        } else {
+            E parcelable = dehydratedLogs.get(ticket);
+            dehydratedLogs.remove(ticket);
+            return parcelable;
+        }
+    }
+
+    public E readFromParcelAndGetFromCache(Parcel source) {
+        long mostSig = source.readLong();
+        long leastSig = source.readLong();
+        UUID mTicket = new UUID(mostSig, leastSig);
+        // fetch the dehydrated log out of storage (this removes it from the dehydration pool)
+        return rehydrateParcelable(mTicket);
+    }
+
+
+    public void cacheAndWriteToParcel(E parcelable, Parcel dest) {
+        // Get a ticket for our log.
+        UUID mTicket = dehydrateParcelable(parcelable);
+        // And write out the UUID most and least significant bits.
+        dest.writeLong(mTicket.getMostSignificantBits());
+        dest.writeLong(mTicket.getLeastSignificantBits());
+    }
+
+}

From ae4fc4744372db6e9c1c484a6b056a10473a57a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 10 Apr 2015 15:20:36 +0200
Subject: [PATCH 54/80] Add license headers

---
 .../keychain/util/DatabaseUtil.java             | 17 +++++++++++++++++
 .../keychain/util/FabContainer.java             | 17 +++++++++++++++++
 .../keychain/util/ProgressFixedScaler.java      | 17 +++++++++++++++++
 3 files changed, 51 insertions(+)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/DatabaseUtil.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/DatabaseUtil.java
index c18e5cabd..93b6a5697 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/DatabaseUtil.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/DatabaseUtil.java
@@ -1,3 +1,20 @@
+/*
+ * Copyright (C) 2012-2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 package org.sufficientlysecure.keychain.util;
 
 import android.text.TextUtils;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FabContainer.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FabContainer.java
index 116b98d1e..ffc0484f7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FabContainer.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FabContainer.java
@@ -1,3 +1,20 @@
+/*
+ * Copyright (C) 2012-2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 package org.sufficientlysecure.keychain.util;
 
 public interface FabContainer {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ProgressFixedScaler.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ProgressFixedScaler.java
index 4bb4ca5de..861298f56 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ProgressFixedScaler.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ProgressFixedScaler.java
@@ -1,3 +1,20 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 package org.sufficientlysecure.keychain.util;
 
 import org.sufficientlysecure.keychain.pgp.Progressable;

From 5ea01a15d33f0bef970aa650abd5b3ffb03c4caf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 10 Apr 2015 15:21:02 +0200
Subject: [PATCH 55/80] Remove unused AlgorithmNames

---
 .../keychain/util/AlgorithmNames.java         | 93 -------------------
 1 file changed, 93 deletions(-)
 delete mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/AlgorithmNames.java

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/AlgorithmNames.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/AlgorithmNames.java
deleted file mode 100644
index c1955f75b..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/AlgorithmNames.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Dominik Schürmann <dominik@dominikschuermann.de>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package org.sufficientlysecure.keychain.util;
-
-import android.annotation.SuppressLint;
-import android.app.Activity;
-
-import org.spongycastle.bcpg.CompressionAlgorithmTags;
-import org.spongycastle.bcpg.HashAlgorithmTags;
-import org.spongycastle.openpgp.PGPEncryptedData;
-import org.sufficientlysecure.keychain.R;
-
-import java.util.HashMap;
-
-@SuppressLint("UseSparseArrays")
-public class AlgorithmNames {
-    Activity mActivity;
-
-    HashMap<Integer, String> mEncryptionNames = new HashMap<>();
-    HashMap<Integer, String> mHashNames = new HashMap<>();
-    HashMap<Integer, String> mCompressionNames = new HashMap<>();
-
-    public AlgorithmNames(Activity context) {
-        super();
-        this.mActivity = context;
-
-        mEncryptionNames.put(PGPEncryptedData.AES_128, "AES-128");
-        mEncryptionNames.put(PGPEncryptedData.AES_192, "AES-192");
-        mEncryptionNames.put(PGPEncryptedData.AES_256, "AES-256");
-        mEncryptionNames.put(PGPEncryptedData.BLOWFISH, "Blowfish");
-        mEncryptionNames.put(PGPEncryptedData.TWOFISH, "Twofish");
-        mEncryptionNames.put(PGPEncryptedData.CAST5, "CAST5");
-        mEncryptionNames.put(PGPEncryptedData.DES, "DES");
-        mEncryptionNames.put(PGPEncryptedData.TRIPLE_DES, "Triple DES");
-        mEncryptionNames.put(PGPEncryptedData.IDEA, "IDEA");
-
-        mHashNames.put(HashAlgorithmTags.RIPEMD160, "RIPEMD-160");
-        mHashNames.put(HashAlgorithmTags.SHA1, "SHA-1");
-        mHashNames.put(HashAlgorithmTags.SHA224, "SHA-224");
-        mHashNames.put(HashAlgorithmTags.SHA256, "SHA-256");
-        mHashNames.put(HashAlgorithmTags.SHA384, "SHA-384");
-        mHashNames.put(HashAlgorithmTags.SHA512, "SHA-512");
-
-        mCompressionNames.put(CompressionAlgorithmTags.UNCOMPRESSED, mActivity.getString(R.string.choice_none)
-                + " (" + mActivity.getString(R.string.compression_fast) + ")");
-        mCompressionNames.put(CompressionAlgorithmTags.ZIP,
-                "ZIP (" + mActivity.getString(R.string.compression_fast) + ")");
-        mCompressionNames.put(CompressionAlgorithmTags.ZLIB,
-                "ZLIB (" + mActivity.getString(R.string.compression_fast) + ")");
-        mCompressionNames.put(CompressionAlgorithmTags.BZIP2,
-                "BZIP2 (" + mActivity.getString(R.string.compression_very_slow) + ")");
-    }
-
-    public HashMap<Integer, String> getEncryptionNames() {
-        return mEncryptionNames;
-    }
-
-    public void setEncryptionNames(HashMap<Integer, String> encryptionNames) {
-        this.mEncryptionNames = encryptionNames;
-    }
-
-    public HashMap<Integer, String> getHashNames() {
-        return mHashNames;
-    }
-
-    public void setHashNames(HashMap<Integer, String> hashNames) {
-        this.mHashNames = hashNames;
-    }
-
-    public HashMap<Integer, String> getCompressionNames() {
-        return mCompressionNames;
-    }
-
-    public void setCompressionNames(HashMap<Integer, String> compressionNames) {
-        this.mCompressionNames = compressionNames;
-    }
-
-}

From 7074b443472b620dbfd452d1682b30407b1851b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 10 Apr 2015 15:58:37 +0200
Subject: [PATCH 56/80] Cache CryptoInputParcel in OpenPgpService

---
 .../keychain/remote/OpenPgpService.java       | 53 +++++++++++++------
 .../keychain/ui/NfcOperationActivity.java     | 11 ++--
 .../keychain/ui/PassphraseDialogActivity.java |  7 +--
 .../keychain/util/ParcelableCache.java        | 22 +++++++-
 4 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 9a8f5c522..39f7f815c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -57,6 +57,7 @@ import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
 import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.ParcelableCache;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.io.IOException;
@@ -67,6 +68,25 @@ import java.util.Set;
 
 public class OpenPgpService extends RemoteService {
 
+    /**
+     * Instead of parceling the CryptoInputParcel, they are cached on our side to prevent
+     * leakage of passphrases, symmetric keys, an yubikey related pass-through values
+     */
+    private static ParcelableCache<CryptoInputParcel> inputParcelCache;
+    static {
+        inputParcelCache = new ParcelableCache<>();
+    }
+
+    public static void cacheCryptoInputParcel(Intent data, CryptoInputParcel inputParcel) {
+        inputParcelCache.cacheAndWriteToIntent(inputParcel, data,
+                OpenPgpApi.EXTRA_CALL_UUID1, OpenPgpApi.EXTRA_CALL_UUID2);
+    }
+
+    public static CryptoInputParcel getCryptoInputParcel(Intent data) {
+        return inputParcelCache.readFromIntentAndGetFromCache(data,
+                OpenPgpApi.EXTRA_CALL_UUID1, OpenPgpApi.EXTRA_CALL_UUID2);
+    }
+
     static final String[] EMAIL_SEARCH_PROJECTION = new String[]{
             KeyRings._ID,
             KeyRings.MASTER_KEY_ID,
@@ -263,18 +283,19 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength);
 
-            CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
-            if (cryptoInput == null) {
-                cryptoInput = new CryptoInputParcel();
+            CryptoInputParcel inputParcel = getCryptoInputParcel(data);
+            if (inputParcel == null) {
+                inputParcel = new CryptoInputParcel();
             }
+            // override passphrase in input parcel if given by API call
             if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
-                cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
+                inputParcel = new CryptoInputParcel(inputParcel.getSignatureTime(),
                         new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
             }
 
             // execute PGP operation!
             PgpSignEncryptOperation pse = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
-            PgpSignEncryptResult pgpResult = pse.execute(pseInput, cryptoInput, inputData, os);
+            PgpSignEncryptResult pgpResult = pse.execute(pseInput, inputParcel, inputData, os);
 
             if (pgpResult.isPending()) {
 
@@ -403,19 +424,20 @@ public class OpenPgpService extends RemoteService {
                         .setAdditionalEncryptId(signKeyId); // add sign key for encryption
             }
 
-            CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
-            if (cryptoInput == null) {
-                cryptoInput = new CryptoInputParcel();
+            CryptoInputParcel inputParcel = getCryptoInputParcel(data);
+            if (inputParcel == null) {
+                inputParcel = new CryptoInputParcel();
             }
+            // override passphrase in input parcel if given by API call
             if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
-                cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
+                inputParcel = new CryptoInputParcel(inputParcel.getSignatureTime(),
                         new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
             }
 
             PgpSignEncryptOperation op = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
 
             // execute PGP operation!
-            PgpSignEncryptResult pgpResult = op.execute(pseInput, cryptoInput, inputData, os);
+            PgpSignEncryptResult pgpResult = op.execute(pseInput, inputParcel, inputData, os);
 
             if (pgpResult.isPending()) {
                 RequiredInputParcel requiredInput = pgpResult.getRequiredInputParcel();
@@ -491,12 +513,13 @@ public class OpenPgpService extends RemoteService {
                     this, new ProviderHelper(getContext()), null, inputData, os
             );
 
-            CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
-            if (cryptoInput == null) {
-                cryptoInput = new CryptoInputParcel();
+            CryptoInputParcel inputParcel = getCryptoInputParcel(data);
+            if (inputParcel == null) {
+                inputParcel = new CryptoInputParcel();
             }
+            // override passphrase in input parcel if given by API call
             if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
-                cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
+                inputParcel = new CryptoInputParcel(inputParcel.getSignatureTime(),
                         new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
             }
 
@@ -509,7 +532,7 @@ public class OpenPgpService extends RemoteService {
                     .setDecryptMetadataOnly(decryptMetadataOnly)
                     .setDetachedSignature(detachedSignature);
 
-            DecryptVerifyResult pgpResult = builder.build().execute(cryptoInput);
+            DecryptVerifyResult pgpResult = builder.build().execute(inputParcel);
 
             if (pgpResult.isPending()) {
                 // prepare and return PendingIntent to be executed by client
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index d70b0aad1..02fc81825 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -16,6 +16,7 @@ import android.view.WindowManager;
 import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.remote.OpenPgpService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -69,7 +70,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
     @Override
     protected void onNfcPerform() throws IOException {
 
-        CryptoInputParcel resultData = new CryptoInputParcel(mRequiredInput.mSignatureTime);
+        CryptoInputParcel inputParcel = new CryptoInputParcel(mRequiredInput.mSignatureTime);
 
         switch (mRequiredInput.mType) {
 
@@ -77,7 +78,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
                 for (int i = 0; i < mRequiredInput.mInputHashes.length; i++) {
                     byte[] hash = mRequiredInput.mInputHashes[i];
                     byte[] decryptedSessionKey = nfcDecryptSessionKey(hash);
-                    resultData.addCryptoData(hash, decryptedSessionKey);
+                    inputParcel.addCryptoData(hash, decryptedSessionKey);
                 }
                 break;
 
@@ -86,17 +87,17 @@ public class NfcOperationActivity extends BaseNfcActivity {
                     byte[] hash = mRequiredInput.mInputHashes[i];
                     int algo = mRequiredInput.mSignAlgos[i];
                     byte[] signedHash = nfcCalculateSignature(hash, algo);
-                    resultData.addCryptoData(hash, signedHash);
+                    inputParcel.addCryptoData(hash, signedHash);
                 }
                 break;
         }
 
         if (mServiceIntent != null) {
-            mServiceIntent.putExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT, resultData);
+            OpenPgpService.cacheCryptoInputParcel(mServiceIntent, inputParcel);
             setResult(RESULT_OK, mServiceIntent);
         } else {
             Intent result = new Intent();
-            result.putExtra(NfcOperationActivity.RESULT_DATA, resultData);
+            result.putExtra(NfcOperationActivity.RESULT_DATA, inputParcel);
             setResult(RESULT_OK, result);
         }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index 007608f80..bf6129407 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -53,6 +53,7 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.remote.OpenPgpService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -425,14 +426,14 @@ public class PassphraseDialogActivity extends FragmentActivity {
                 return;
             }
 
+            CryptoInputParcel inputParcel = new CryptoInputParcel(null, passphrase);
             if (mServiceIntent != null) {
-                // TODO really pass this through the PendingIntent?
-                mServiceIntent.putExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT, new CryptoInputParcel(null, passphrase));
+                OpenPgpService.cacheCryptoInputParcel(mServiceIntent, inputParcel);
                 getActivity().setResult(RESULT_OK, mServiceIntent);
             } else {
                 // also return passphrase back to activity
                 Intent returnIntent = new Intent();
-                returnIntent.putExtra(RESULT_CRYPTO_INPUT, new CryptoInputParcel(null, passphrase));
+                returnIntent.putExtra(RESULT_CRYPTO_INPUT, inputParcel);
                 getActivity().setResult(RESULT_OK, returnIntent);
             }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
index 4d723cb30..54c984190 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
@@ -17,6 +17,8 @@
 
 package org.sufficientlysecure.keychain.util;
 
+import android.content.Intent;
+import android.os.Bundle;
 import android.os.Parcel;
 
 import java.util.UUID;
@@ -75,6 +77,17 @@ public class ParcelableCache<E extends Object> {
         }
     }
 
+    public E readFromIntentAndGetFromCache(Intent data, String key1, String key2) {
+        if (!data.getExtras().containsKey(key1) || !data.getExtras().containsKey(key2)) {
+            return null;
+        }
+        long mostSig = data.getLongExtra(key1, 0);
+        long leastSig = data.getLongExtra(key2, 0);
+        UUID mTicket = new UUID(mostSig, leastSig);
+        // fetch the dehydrated log out of storage (this removes it from the dehydration pool)
+        return rehydrateParcelable(mTicket);
+    }
+
     public E readFromParcelAndGetFromCache(Parcel source) {
         long mostSig = source.readLong();
         long leastSig = source.readLong();
@@ -83,7 +96,6 @@ public class ParcelableCache<E extends Object> {
         return rehydrateParcelable(mTicket);
     }
 
-
     public void cacheAndWriteToParcel(E parcelable, Parcel dest) {
         // Get a ticket for our log.
         UUID mTicket = dehydrateParcelable(parcelable);
@@ -92,4 +104,12 @@ public class ParcelableCache<E extends Object> {
         dest.writeLong(mTicket.getLeastSignificantBits());
     }
 
+    public void cacheAndWriteToIntent(E parcelable, Intent data, String key1, String key2) {
+        // Get a ticket for our log.
+        UUID mTicket = dehydrateParcelable(parcelable);
+        // And write out the UUID most and least significant bits.
+        data.putExtra(key1, mTicket.getMostSignificantBits());
+        data.putExtra(key2, mTicket.getLeastSignificantBits());
+    }
+
 }

From f44256589643df6c3dcad0f3c9ea263452b7e8eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 10 Apr 2015 17:36:34 +0200
Subject: [PATCH 57/80] Update api lib

---
 extern/openpgp-api-lib | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extern/openpgp-api-lib b/extern/openpgp-api-lib
index 97cf30e5b..70259ab74 160000
--- a/extern/openpgp-api-lib
+++ b/extern/openpgp-api-lib
@@ -1 +1 @@
-Subproject commit 97cf30e5b9190d06aba29ad08426bbfeb2ab3a28
+Subproject commit 70259ab74889fb5b785da0afc74259816f0b34bf

From 2512d3007e17e2709b6f3a1fcc49fe4ba8d2a5bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 12 Apr 2015 18:13:03 +0200
Subject: [PATCH 58/80] Switch to html-textview from JCenter

---
 .gitmodules               | 4 ----
 OpenKeychain/build.gradle | 4 ++--
 extern/html-textview      | 1 -
 3 files changed, 2 insertions(+), 7 deletions(-)
 delete mode 160000 extern/html-textview

diff --git a/.gitmodules b/.gitmodules
index 09cf5e785..db9342d20 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,10 +2,6 @@
 	path = extern/spongycastle
 	url = https://github.com/open-keychain/spongycastle.git
 	ignore = dirty
-[submodule "extern/html-textview"]
-	path = extern/html-textview
-	url = https://github.com/open-keychain/html-textview.git
-	ignore = dirty
 [submodule "extern/openpgp-api-lib"]
 	path = extern/openpgp-api-lib
 	url = https://github.com/open-keychain/openpgp-api-lib.git
diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle
index bfbc19893..27b4725e1 100644
--- a/OpenKeychain/build.gradle
+++ b/OpenKeychain/build.gradle
@@ -22,11 +22,11 @@ dependencies {
     compile 'org.commonjava.googlecode.markdown4j:markdown4j:2.2-cj-1.0'
     compile "com.splitwise:tokenautocomplete:1.3.3@aar"
     compile 'se.emilsjolander:stickylistheaders:2.5.2'
+    compile 'org.sufficientlysecure:html-textview:1.0'
 
     // libs as submodules
     compile project(':extern:openpgp-api-lib')
     compile project(':extern:openkeychain-api-lib')
-    compile project(':extern:html-textview')
     compile project(':extern:spongycastle:core')
     compile project(':extern:spongycastle:pg')
     compile project(':extern:spongycastle:pkix')
@@ -55,9 +55,9 @@ dependencyVerification {
             'org.commonjava.googlecode.markdown4j:markdown4j:e952e825d29e1317d96f79f346bfb6786c7c5eef50bd26e54a80823704b62e13',
             'com.splitwise:tokenautocomplete:20bee71cc59b3828eb000b684d46ddf738efd56b8fee453a509cd16fda42c8cb',
             'se.emilsjolander:stickylistheaders:bc158f51be842a5f92c6e2adc5782f6329b69796d76ebb8f39c77f611cdef573',
+            'org.sufficientlysecure:html-textview:e0f0862f6080bffb2aaf2f5c0fecbf246dec850fd156d329406931093f598423',
 //            'OpenKeychain.extern:openpgp-api-lib:f05a9215cdad3a6597e4c5ece6fcec92b178d218195a3e88d2c0937c48dd9580',
 //            'OpenKeychain.extern:openkeychain-api-lib:50f6ebb5452d3fdc7be137ccf857a0ff44d55539fcb7b91baef495766ed7f429',
-//            'OpenKeychain.extern:html-textview:536822e8fdcd3e4628d0a1cd6c252285ba5f8e5bfb20d71ff80fdbdb6cc8be8c',
 //            'com.madgag.spongycastle:core:df8fcc028a95ac5ffab3b78c9163f5cfa672e41cd50128ca55d458b6cfbacf4b',
 //            'com.madgag.spongycastle:pg:160b345b10a2c92dc731453eec87037377f66a8e14a0648d404d7b193c4e380d',
 //            'com.madgag.spongycastle:pkix:0b4f3301ea12dd9f25d71770e6ea9f75e0611bf53062543e47be5bc15340a7e4',
diff --git a/extern/html-textview b/extern/html-textview
deleted file mode 160000
index 9872a7315..000000000
--- a/extern/html-textview
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 9872a73156518fd8df79dd2cd4d24750574b9ac7

From fd09b9d380a96d92f08b3ee970c350228aa2ef63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 12 Apr 2015 18:39:37 +0200
Subject: [PATCH 59/80] Remove html-textview reference from settings.gradle

---
 settings.gradle | 1 -
 1 file changed, 1 deletion(-)

diff --git a/settings.gradle b/settings.gradle
index e15270e49..16be28694 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -1,7 +1,6 @@
 include ':OpenKeychain'
 include ':extern:openpgp-api-lib'
 include ':extern:openkeychain-api-lib'
-include ':extern:html-textview'
 include ':extern:StickyListHeaders:library'
 include ':extern:spongycastle:core'
 include ':extern:spongycastle:pg'

From c3d6637e6acf595e0f13ce8a3cb7accd6173e5d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 12 Apr 2015 19:55:10 +0200
Subject: [PATCH 60/80] Simplify PassphraseCacheService

---
 .../service/PassphraseCacheService.java       | 28 ++++++++-----------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index 8e37a8867..2bea05de8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -355,25 +355,21 @@ public class PassphraseCacheService extends Service {
                                 + masterKeyId + ", subKeyId: " + subKeyId + ", ttl: " + ttl + ", usrId: " + primaryUserID
                 );
 
-                // if we don't cache by specific subkey id, or the requested subkey is the master key,
-                // just add master key id to the cache
+                long referenceKeyId;
                 if (subKeyId == masterKeyId || !Preferences.getPreferences(mContext).getPassphraseCacheSubs()) {
-                    mPassphraseCache.put(masterKeyId, new CachedPassphrase(passphrase, primaryUserID));
-                    if (ttl > 0) {
-                        // register new alarm with keyId for this passphrase
-                        long triggerTime = new Date().getTime() + (ttl * 1000);
-                        AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
-                        am.set(AlarmManager.RTC_WAKEUP, triggerTime, buildIntent(this, masterKeyId));
-                    }
+                    // if we don't cache by specific subkey id, or the requested subkey is the master key,
+                    // just add master key id to the cache
+                    referenceKeyId = masterKeyId;
                 } else {
                     // otherwise, add this specific subkey to the cache
-                    mPassphraseCache.put(subKeyId, new CachedPassphrase(passphrase, primaryUserID));
-                    if (ttl > 0) {
-                        // register new alarm with keyId for this passphrase
-                        long triggerTime = new Date().getTime() + (ttl * 1000);
-                        AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
-                        am.set(AlarmManager.RTC_WAKEUP, triggerTime, buildIntent(this, subKeyId));
-                    }
+                    referenceKeyId = subKeyId;
+                }
+                mPassphraseCache.put(referenceKeyId, new CachedPassphrase(passphrase, primaryUserID));
+                if (ttl > 0) {
+                    // register new alarm with keyId for this passphrase
+                    long triggerTime = new Date().getTime() + (ttl * 1000);
+                    AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
+                    am.set(AlarmManager.RTC_WAKEUP, triggerTime, buildIntent(this, referenceKeyId));
                 }
 
                 updateService();

From 4a553087416097cfe08269c0417313fa691b3042 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 12 Apr 2015 20:12:10 +0200
Subject: [PATCH 61/80] More simplifications to PassphraseCacheService

---
 .../service/PassphraseCacheService.java       | 48 ++++++++-----------
 1 file changed, 21 insertions(+), 27 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index 2bea05de8..ba3216c23 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -52,27 +52,26 @@ import java.util.Date;
  * This service runs in its own process, but is available to all other processes as the main
  * passphrase cache. Use the static methods addCachedPassphrase and getCachedPassphrase for
  * convenience.
- *
+ * <p/>
  * The passphrase cache service always works with both a master key id and a subkey id. The master
  * key id is always used to retrieve relevant info from the database, while the subkey id is used
  * to determine the type behavior (regular passphrase, empty passphrase, stripped key,
  * divert-to-card) for the specific key requested.
- *
+ * <p/>
  * Caching behavior for subkeys depends on the cacheSubs preference:
- *
- *  - If cacheSubs is NOT set, passphrases will be cached and retrieved by master key id. The
- *      checks for special subkeys will still be done, but otherwise it is assumed that all subkeys
- *      from the same master key will use the same passphrase. This can lead to bad passphrase
- *      errors if two subkeys are encrypted differently. This is the default behavior.
- *
- *  - If cacheSubs IS set, passphrases will be cached per subkey id. This means that if a keyring
- *      has two subkeys for different purposes, passphrases will be cached independently and the
- *      user will be asked for a passphrase once per subkey even if it is the same one. This mode
- *      of operation is more precise, since we can assume that all passphrases returned from cache
- *      will be correct without fail. Since keyrings with differently encrypted subkeys are a very
- *      rare occurrence, and caching by keyring is what the user expects in the vast majority of
- *      cases, this is not the default behavior.
- *
+ * <p/>
+ * - If cacheSubs is NOT set, passphrases will be cached and retrieved by master key id. The
+ * checks for special subkeys will still be done, but otherwise it is assumed that all subkeys
+ * from the same master key will use the same passphrase. This can lead to bad passphrase
+ * errors if two subkeys are encrypted differently. This is the default behavior.
+ * <p/>
+ * - If cacheSubs IS set, passphrases will be cached per subkey id. This means that if a keyring
+ * has two subkeys for different purposes, passphrases will be cached independently and the
+ * user will be asked for a passphrase once per subkey even if it is the same one. This mode
+ * of operation is more precise, since we can assume that all passphrases returned from cache
+ * will be correct without fail. Since keyrings with differently encrypted subkeys are a very
+ * rare occurrence, and caching by keyring is what the user expects in the vast majority of
+ * cases, this is not the default behavior.
  */
 public class PassphraseCacheService extends Service {
 
@@ -153,7 +152,7 @@ public class PassphraseCacheService extends Service {
     /**
      * Gets a cached passphrase from memory by sending an intent to the service. This method is
      * designed to wait until the service returns the passphrase.
-
+     *
      * @return passphrase or null (if no passphrase is cached for this keyId)
      */
     public static Passphrase getCachedPassphrase(Context context, long masterKeyId, long subKeyId) throws KeyNotFoundException {
@@ -231,7 +230,7 @@ public class PassphraseCacheService extends Service {
         }
 
         // on "none" key, just do nothing
-        if(masterKeyId == Constants.key.none) {
+        if (masterKeyId == Constants.key.none) {
             return null;
         }
 
@@ -355,15 +354,10 @@ public class PassphraseCacheService extends Service {
                                 + masterKeyId + ", subKeyId: " + subKeyId + ", ttl: " + ttl + ", usrId: " + primaryUserID
                 );
 
-                long referenceKeyId;
-                if (subKeyId == masterKeyId || !Preferences.getPreferences(mContext).getPassphraseCacheSubs()) {
-                    // if we don't cache by specific subkey id, or the requested subkey is the master key,
-                    // just add master key id to the cache
-                    referenceKeyId = masterKeyId;
-                } else {
-                    // otherwise, add this specific subkey to the cache
-                    referenceKeyId = subKeyId;
-                }
+                // if we don't cache by specific subkey id, or the requested subkey is the master key,
+                // just add master key id to the cache, otherwise, add this specific subkey to the cache
+                long referenceKeyId =
+                        Preferences.getPreferences(mContext).getPassphraseCacheSubs() ? subKeyId : masterKeyId;
                 mPassphraseCache.put(referenceKeyId, new CachedPassphrase(passphrase, primaryUserID));
                 if (ttl > 0) {
                     // register new alarm with keyId for this passphrase

From 9fc001c9b98e54f37eb8254a215f9d4c1e1c95ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 12 Apr 2015 21:23:59 +0200
Subject: [PATCH 62/80] Clearer var naming

---
 .../keychain/service/PassphraseCacheService.java | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index ba3216c23..2e09db900 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -322,11 +322,11 @@ public class PassphraseCacheService extends Service {
     /**
      * Build pending intent that is executed by alarm manager to time out a specific passphrase
      */
-    private static PendingIntent buildIntent(Context context, long keyId) {
+    private static PendingIntent buildIntent(Context context, long referenceKeyId) {
         Intent intent = new Intent(BROADCAST_ACTION_PASSPHRASE_CACHE_SERVICE);
-        intent.putExtra(EXTRA_KEY_ID, keyId);
+        intent.putExtra(EXTRA_KEY_ID, referenceKeyId);
         // request code should be unique for each PendingIntent, thus keyId is used
-        return PendingIntent.getBroadcast(context, (int) keyId, intent,
+        return PendingIntent.getBroadcast(context, (int) referenceKeyId, intent,
                 PendingIntent.FLAG_CANCEL_CURRENT);
     }
 
@@ -400,15 +400,15 @@ public class PassphraseCacheService extends Service {
 
                 if (intent.hasExtra(EXTRA_SUBKEY_ID) && intent.hasExtra(EXTRA_KEY_ID)) {
 
-                    long keyId;
+                    long referenceKeyId;
                     if (Preferences.getPreferences(mContext).getPassphraseCacheSubs()) {
-                        keyId = intent.getLongExtra(EXTRA_KEY_ID, 0L);
+                        referenceKeyId = intent.getLongExtra(EXTRA_KEY_ID, 0L);
                     } else {
-                        keyId = intent.getLongExtra(EXTRA_SUBKEY_ID, 0L);
+                        referenceKeyId = intent.getLongExtra(EXTRA_SUBKEY_ID, 0L);
                     }
                     // Stop specific ttl alarm and
-                    am.cancel(buildIntent(this, keyId));
-                    mPassphraseCache.delete(keyId);
+                    am.cancel(buildIntent(this, referenceKeyId));
+                    mPassphraseCache.delete(referenceKeyId);
 
                 } else {
 

From 256d644d03f989132e9db01e15f75aaee2f76157 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 13 Apr 2015 23:29:35 +0200
Subject: [PATCH 63/80] IMplement CryptoInputParcelCacheService

---
 OpenKeychain/src/main/AndroidManifest.xml     |   4 +
 .../remote/CryptoInputParcelCacheService.java | 246 ++++++++++++++++++
 .../keychain/remote/OpenPgpService.java       |  89 +++----
 .../service/PassphraseCacheService.java       |  29 ++-
 .../keychain/ui/NfcOperationActivity.java     |   6 +-
 .../keychain/ui/PassphraseDialogActivity.java |   6 +-
 .../keychain/util/ParcelableCache.java        |  45 +---
 7 files changed, 325 insertions(+), 100 deletions(-)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java

diff --git a/OpenKeychain/src/main/AndroidManifest.xml b/OpenKeychain/src/main/AndroidManifest.xml
index 9b52bb788..d0f50d5cc 100644
--- a/OpenKeychain/src/main/AndroidManifest.xml
+++ b/OpenKeychain/src/main/AndroidManifest.xml
@@ -696,6 +696,10 @@
             android:name=".service.PassphraseCacheService"
             android:exported="false"
             android:process=":passphrase_cache" />
+        <service
+            android:name=".remote.CryptoInputParcelCacheService"
+            android:exported="false"
+            android:process=":remote_api" />
         <service
             android:name=".service.KeychainIntentService"
             android:exported="false" />
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java
new file mode 100644
index 000000000..e3e39417a
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java
@@ -0,0 +1,246 @@
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.remote;
+
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Binder;
+import android.os.Bundle;
+import android.os.Handler;
+import android.os.HandlerThread;
+import android.os.IBinder;
+import android.os.Message;
+import android.os.Messenger;
+import android.os.RemoteException;
+
+import org.openintents.openpgp.util.OpenPgpApi;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.util.Log;
+
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+
+
+public class CryptoInputParcelCacheService extends Service {
+
+    public static final String ACTION_ADD = Constants.INTENT_PREFIX + "ADD";
+    public static final String ACTION_GET = Constants.INTENT_PREFIX + "GET";
+
+    public static final String EXTRA_CRYPTO_INPUT_PARCEL = "crypto_input_parcel";
+    public static final String EXTRA_UUID1 = "uuid1";
+    public static final String EXTRA_UUID2 = "uuid2";
+    public static final String EXTRA_MESSENGER = "messenger";
+
+    private static final int MSG_GET_OKAY = 1;
+    private static final int MSG_GET_NOT_FOUND = 2;
+
+    Context mContext;
+
+    private static final UUID NULL_UUID = new UUID(0, 0);
+
+    private ConcurrentHashMap<UUID, CryptoInputParcel> mCache = new ConcurrentHashMap<>();
+
+    public static class InputParcelNotFound extends Exception {
+        public InputParcelNotFound() {
+        }
+
+        public InputParcelNotFound(String name) {
+            super(name);
+        }
+    }
+
+    public static void addCryptoInputParcel(Context context, Intent data, CryptoInputParcel inputParcel) {
+        UUID mTicket = addCryptoInputParcel(context, inputParcel);
+        // And write out the UUID most and least significant bits.
+        data.putExtra(OpenPgpApi.EXTRA_CALL_UUID1, mTicket.getMostSignificantBits());
+        data.putExtra(OpenPgpApi.EXTRA_CALL_UUID2, mTicket.getLeastSignificantBits());
+    }
+
+    public static CryptoInputParcel getCryptoInputParcel(Context context, Intent data) {
+        if (!data.getExtras().containsKey(OpenPgpApi.EXTRA_CALL_UUID1)
+                || !data.getExtras().containsKey(OpenPgpApi.EXTRA_CALL_UUID2)) {
+            return null;
+        }
+        long mostSig = data.getLongExtra(OpenPgpApi.EXTRA_CALL_UUID1, 0);
+        long leastSig = data.getLongExtra(OpenPgpApi.EXTRA_CALL_UUID2, 0);
+        UUID uuid = new UUID(mostSig, leastSig);
+        try {
+            return getCryptoInputParcel(context, uuid);
+        } catch (InputParcelNotFound inputParcelNotFound) {
+            return null;
+        }
+    }
+
+    private static UUID addCryptoInputParcel(Context context, CryptoInputParcel inputParcel) {
+        UUID uuid = UUID.randomUUID();
+
+        Intent intent = new Intent(context, CryptoInputParcelCacheService.class);
+        intent.setAction(ACTION_ADD);
+        intent.putExtra(EXTRA_CRYPTO_INPUT_PARCEL, inputParcel);
+        intent.putExtra(EXTRA_UUID1, uuid.getMostSignificantBits());
+        intent.putExtra(EXTRA_UUID2, uuid.getLeastSignificantBits());
+        context.startService(intent);
+        return uuid;
+    }
+
+    private static CryptoInputParcel getCryptoInputParcel(Context context, UUID uuid) throws InputParcelNotFound {
+        Intent intent = new Intent(context, CryptoInputParcelCacheService.class);
+        intent.setAction(ACTION_GET);
+
+        final Object mutex = new Object();
+        final Message returnMessage = Message.obtain();
+
+        HandlerThread handlerThread = new HandlerThread("getParcelableThread");
+        handlerThread.start();
+        Handler returnHandler = new Handler(handlerThread.getLooper()) {
+            @Override
+            public void handleMessage(Message message) {
+                // copy over result to handle after mutex.wait
+                returnMessage.what = message.what;
+                returnMessage.copyFrom(message);
+                synchronized (mutex) {
+                    mutex.notify();
+                }
+                // quit handlerThread
+                getLooper().quit();
+            }
+        };
+
+        // Create a new Messenger for the communication back
+        Messenger messenger = new Messenger(returnHandler);
+        intent.putExtra(EXTRA_UUID1, uuid.getMostSignificantBits());
+        intent.putExtra(EXTRA_UUID2, uuid.getLeastSignificantBits());
+        intent.putExtra(EXTRA_MESSENGER, messenger);
+        // send intent to this service
+        context.startService(intent);
+
+        // Wait on mutex until parcelable is returned to handlerThread. Note that this local
+        // variable is used in the handler closure above, so it does make sense here!
+        // noinspection SynchronizationOnLocalVariableOrMethodParameter
+        synchronized (mutex) {
+            try {
+                mutex.wait(3000);
+            } catch (InterruptedException e) {
+                // don't care
+            }
+        }
+
+        switch (returnMessage.what) {
+            case MSG_GET_OKAY:
+                Bundle returnData = returnMessage.getData();
+                returnData.setClassLoader(context.getClassLoader());
+                return returnData.getParcelable(EXTRA_CRYPTO_INPUT_PARCEL);
+            case MSG_GET_NOT_FOUND:
+                throw new InputParcelNotFound();
+            default:
+                Log.e(Constants.TAG, "timeout!");
+                throw new InputParcelNotFound("should not happen!");
+        }
+    }
+
+    /**
+     * Executed when service is started by intent
+     */
+    @Override
+    public int onStartCommand(Intent intent, int flags, int startId) {
+
+        if (intent == null || intent.getAction() == null) {
+            return START_NOT_STICKY;
+        }
+
+        String action = intent.getAction();
+        switch (action) {
+            case ACTION_ADD: {
+                long uuid1 = intent.getLongExtra(EXTRA_UUID1, 0);
+                long uuid2 = intent.getLongExtra(EXTRA_UUID2, 0);
+                UUID uuid = new UUID(uuid1, uuid2);
+                CryptoInputParcel inputParcel = intent.getParcelableExtra(EXTRA_CRYPTO_INPUT_PARCEL);
+                mCache.put(uuid, inputParcel);
+
+                break;
+            }
+            case ACTION_GET: {
+                long uuid1 = intent.getLongExtra(EXTRA_UUID1, 0);
+                long uuid2 = intent.getLongExtra(EXTRA_UUID2, 0);
+                UUID uuid = new UUID(uuid1, uuid2);
+                Messenger messenger = intent.getParcelableExtra(EXTRA_MESSENGER);
+
+                Message msg = Message.obtain();
+                // UUID.equals isn't well documented; we use compareTo instead.
+                if (NULL_UUID.compareTo(uuid) == 0) {
+                    msg.what = MSG_GET_NOT_FOUND;
+                } else {
+                    CryptoInputParcel inputParcel = mCache.get(uuid);
+                    mCache.remove(uuid);
+                    msg.what = MSG_GET_OKAY;
+                    Bundle bundle = new Bundle();
+                    bundle.putParcelable(EXTRA_CRYPTO_INPUT_PARCEL, inputParcel);
+                    msg.setData(bundle);
+                }
+
+                try {
+                    messenger.send(msg);
+                } catch (RemoteException e) {
+                    Log.e(Constants.TAG, "CryptoInputParcelCacheService: Sending message failed", e);
+                }
+                break;
+            }
+            default: {
+                Log.e(Constants.TAG, "CryptoInputParcelCacheService: Intent or Intent Action not supported!");
+                break;
+            }
+        }
+
+        if (mCache.size() <= 0) {
+            // stop whole service if cache is empty
+            Log.d(Constants.TAG, "CryptoInputParcelCacheService: No passphrases remaining in memory, stopping service!");
+            stopSelf();
+        }
+
+        return START_NOT_STICKY;
+    }
+
+    @Override
+    public void onCreate() {
+        super.onCreate();
+        mContext = this;
+        Log.d(Constants.TAG, "CryptoInputParcelCacheService, onCreate()");
+    }
+
+    @Override
+    public void onDestroy() {
+        super.onDestroy();
+        Log.d(Constants.TAG, "CryptoInputParcelCacheService, onDestroy()");
+    }
+
+    @Override
+    public IBinder onBind(Intent intent) {
+        return mBinder;
+    }
+
+    public class CryptoInputParcelCacheServiceBinder extends Binder {
+        public CryptoInputParcelCacheService getService() {
+            return CryptoInputParcelCacheService.this;
+        }
+    }
+
+    private final IBinder mBinder = new CryptoInputParcelCacheServiceBinder();
+
+}
\ No newline at end of file
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 39f7f815c..71843cd7f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -36,7 +36,6 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
-import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.PgpConstants;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
@@ -57,7 +56,6 @@ import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
 import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
-import org.sufficientlysecure.keychain.util.ParcelableCache;
 import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.io.IOException;
@@ -68,25 +66,6 @@ import java.util.Set;
 
 public class OpenPgpService extends RemoteService {
 
-    /**
-     * Instead of parceling the CryptoInputParcel, they are cached on our side to prevent
-     * leakage of passphrases, symmetric keys, an yubikey related pass-through values
-     */
-    private static ParcelableCache<CryptoInputParcel> inputParcelCache;
-    static {
-        inputParcelCache = new ParcelableCache<>();
-    }
-
-    public static void cacheCryptoInputParcel(Intent data, CryptoInputParcel inputParcel) {
-        inputParcelCache.cacheAndWriteToIntent(inputParcel, data,
-                OpenPgpApi.EXTRA_CALL_UUID1, OpenPgpApi.EXTRA_CALL_UUID2);
-    }
-
-    public static CryptoInputParcel getCryptoInputParcel(Intent data) {
-        return inputParcelCache.readFromIntentAndGetFromCache(data,
-                OpenPgpApi.EXTRA_CALL_UUID1, OpenPgpApi.EXTRA_CALL_UUID2);
-    }
-
     static final String[] EMAIL_SEARCH_PROJECTION = new String[]{
             KeyRings._ID,
             KeyRings.MASTER_KEY_ID,
@@ -283,7 +262,7 @@ public class OpenPgpService extends RemoteService {
             long inputLength = is.available();
             InputData inputData = new InputData(is, inputLength);
 
-            CryptoInputParcel inputParcel = getCryptoInputParcel(data);
+            CryptoInputParcel inputParcel = CryptoInputParcelCacheService.getCryptoInputParcel(this, data);
             if (inputParcel == null) {
                 inputParcel = new CryptoInputParcel();
             }
@@ -424,7 +403,7 @@ public class OpenPgpService extends RemoteService {
                         .setAdditionalEncryptId(signKeyId); // add sign key for encryption
             }
 
-            CryptoInputParcel inputParcel = getCryptoInputParcel(data);
+            CryptoInputParcel inputParcel = CryptoInputParcelCacheService.getCryptoInputParcel(this, data);
             if (inputParcel == null) {
                 inputParcel = new CryptoInputParcel();
             }
@@ -513,7 +492,7 @@ public class OpenPgpService extends RemoteService {
                     this, new ProviderHelper(getContext()), null, inputData, os
             );
 
-            CryptoInputParcel inputParcel = getCryptoInputParcel(data);
+            CryptoInputParcel inputParcel = CryptoInputParcelCacheService.getCryptoInputParcel(this, data);
             if (inputParcel == null) {
                 inputParcel = new CryptoInputParcel();
             }
@@ -768,9 +747,7 @@ public class OpenPgpService extends RemoteService {
         return null;
     }
 
-    // TODO: multi-threading
     private final IOpenPgpService.Stub mBinder = new IOpenPgpService.Stub() {
-
         @Override
         public Intent execute(Intent data, ParcelFileDescriptor input, ParcelFileDescriptor output) {
             try {
@@ -780,30 +757,42 @@ public class OpenPgpService extends RemoteService {
                 }
 
                 String action = data.getAction();
-                if (OpenPgpApi.ACTION_CLEARTEXT_SIGN.equals(action)) {
-                    return signImpl(data, input, output, true);
-                } else if (OpenPgpApi.ACTION_SIGN.equals(action)) {
-                    // DEPRECATED: same as ACTION_CLEARTEXT_SIGN
-                    Log.w(Constants.TAG, "You are using a deprecated API call, please use ACTION_CLEARTEXT_SIGN instead of ACTION_SIGN!");
-                    return signImpl(data, input, output, true);
-                } else if (OpenPgpApi.ACTION_DETACHED_SIGN.equals(action)) {
-                    return signImpl(data, input, output, false);
-                } else if (OpenPgpApi.ACTION_ENCRYPT.equals(action)) {
-                    return encryptAndSignImpl(data, input, output, false);
-                } else if (OpenPgpApi.ACTION_SIGN_AND_ENCRYPT.equals(action)) {
-                    return encryptAndSignImpl(data, input, output, true);
-                } else if (OpenPgpApi.ACTION_DECRYPT_VERIFY.equals(action)) {
-                    return decryptAndVerifyImpl(data, input, output, false);
-                } else if (OpenPgpApi.ACTION_DECRYPT_METADATA.equals(action)) {
-                    return decryptAndVerifyImpl(data, input, output, true);
-                } else if (OpenPgpApi.ACTION_GET_SIGN_KEY_ID.equals(action)) {
-                    return getSignKeyIdImpl(data);
-                } else if (OpenPgpApi.ACTION_GET_KEY_IDS.equals(action)) {
-                    return getKeyIdsImpl(data);
-                } else if (OpenPgpApi.ACTION_GET_KEY.equals(action)) {
-                    return getKeyImpl(data);
-                } else {
-                    return null;
+                switch (action) {
+                    case OpenPgpApi.ACTION_CLEARTEXT_SIGN: {
+                        return signImpl(data, input, output, true);
+                    }
+                    case OpenPgpApi.ACTION_SIGN: {
+                        // DEPRECATED: same as ACTION_CLEARTEXT_SIGN
+                        Log.w(Constants.TAG, "You are using a deprecated API call, please use ACTION_CLEARTEXT_SIGN instead of ACTION_SIGN!");
+                        return signImpl(data, input, output, true);
+                    }
+                    case OpenPgpApi.ACTION_DETACHED_SIGN: {
+                        return signImpl(data, input, output, false);
+                    }
+                    case OpenPgpApi.ACTION_ENCRYPT: {
+                        return encryptAndSignImpl(data, input, output, false);
+                    }
+                    case OpenPgpApi.ACTION_SIGN_AND_ENCRYPT: {
+                        return encryptAndSignImpl(data, input, output, true);
+                    }
+                    case OpenPgpApi.ACTION_DECRYPT_VERIFY: {
+                        return decryptAndVerifyImpl(data, input, output, false);
+                    }
+                    case OpenPgpApi.ACTION_DECRYPT_METADATA: {
+                        return decryptAndVerifyImpl(data, input, output, true);
+                    }
+                    case OpenPgpApi.ACTION_GET_SIGN_KEY_ID: {
+                        return getSignKeyIdImpl(data);
+                    }
+                    case OpenPgpApi.ACTION_GET_KEY_IDS: {
+                        return getKeyIdsImpl(data);
+                    }
+                    case OpenPgpApi.ACTION_GET_KEY: {
+                        return getKeyImpl(data);
+                    }
+                    default: {
+                        return null;
+                    }
                 }
             } finally {
                 // always close input and output file descriptors even in error cases
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index 2e09db900..778d0d525 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -337,11 +337,17 @@ public class PassphraseCacheService extends Service {
     public int onStartCommand(Intent intent, int flags, int startId) {
         Log.d(Constants.TAG, "PassphraseCacheService.onStartCommand()");
 
+        if (intent == null || intent.getAction() == null) {
+            updateService();
+            return START_STICKY;
+        }
+
         // register broadcastreceiver
         registerReceiver();
 
-        if (intent != null && intent.getAction() != null) {
-            if (ACTION_PASSPHRASE_CACHE_ADD.equals(intent.getAction())) {
+        String action = intent.getAction();
+        switch (action) {
+            case ACTION_PASSPHRASE_CACHE_ADD: {
                 long ttl = intent.getLongExtra(EXTRA_TTL, DEFAULT_TTL);
                 long masterKeyId = intent.getLongExtra(EXTRA_KEY_ID, -1);
                 long subKeyId = intent.getLongExtra(EXTRA_SUBKEY_ID, -1);
@@ -365,9 +371,9 @@ public class PassphraseCacheService extends Service {
                     AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
                     am.set(AlarmManager.RTC_WAKEUP, triggerTime, buildIntent(this, referenceKeyId));
                 }
-
-                updateService();
-            } else if (ACTION_PASSPHRASE_CACHE_GET.equals(intent.getAction())) {
+                break;
+            }
+            case ACTION_PASSPHRASE_CACHE_GET: {
                 long masterKeyId = intent.getLongExtra(EXTRA_KEY_ID, Constants.key.symmetric);
                 long subKeyId = intent.getLongExtra(EXTRA_SUBKEY_ID, Constants.key.symmetric);
                 Messenger messenger = intent.getParcelableExtra(EXTRA_MESSENGER);
@@ -395,7 +401,9 @@ public class PassphraseCacheService extends Service {
                 } catch (RemoteException e) {
                     Log.e(Constants.TAG, "PassphraseCacheService: Sending message failed", e);
                 }
-            } else if (ACTION_PASSPHRASE_CACHE_CLEAR.equals(intent.getAction())) {
+                break;
+            }
+            case ACTION_PASSPHRASE_CACHE_CLEAR: {
                 AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
 
                 if (intent.hasExtra(EXTRA_SUBKEY_ID) && intent.hasExtra(EXTRA_KEY_ID)) {
@@ -419,13 +427,16 @@ public class PassphraseCacheService extends Service {
                     mPassphraseCache.clear();
 
                 }
-
-                updateService();
-            } else {
+                break;
+            }
+            default: {
                 Log.e(Constants.TAG, "PassphraseCacheService: Intent or Intent Action not supported!");
+                break;
             }
         }
 
+        updateService();
+
         return START_STICKY;
     }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index 02fc81825..a0b38c2b2 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -10,13 +10,11 @@ import android.annotation.TargetApi;
 import android.content.Intent;
 import android.os.Build;
 import android.os.Bundle;
-import android.os.Parcelable;
 import android.view.WindowManager;
 
-import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.remote.OpenPgpService;
+import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -93,7 +91,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
         }
 
         if (mServiceIntent != null) {
-            OpenPgpService.cacheCryptoInputParcel(mServiceIntent, inputParcel);
+            CryptoInputParcelCacheService.addCryptoInputParcel(this, mServiceIntent, inputParcel);
             setResult(RESULT_OK, mServiceIntent);
         } else {
             Intent result = new Intent();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index bf6129407..84612002f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -41,7 +41,6 @@ import android.widget.EditText;
 import android.widget.TextView;
 import android.widget.Toast;
 
-import org.openintents.openpgp.util.OpenPgpApi;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
@@ -53,11 +52,10 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.remote.OpenPgpService;
+import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
-import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
 import org.sufficientlysecure.keychain.ui.dialog.CustomAlertDialogBuilder;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
@@ -428,7 +426,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
 
             CryptoInputParcel inputParcel = new CryptoInputParcel(null, passphrase);
             if (mServiceIntent != null) {
-                OpenPgpService.cacheCryptoInputParcel(mServiceIntent, inputParcel);
+                CryptoInputParcelCacheService.addCryptoInputParcel(getActivity(), mServiceIntent, inputParcel);
                 getActivity().setResult(RESULT_OK, mServiceIntent);
             } else {
                 // also return passphrase back to activity
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
index 54c984190..75bdee00a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableCache.java
@@ -17,8 +17,6 @@
 
 package org.sufficientlysecure.keychain.util;
 
-import android.content.Intent;
-import android.os.Bundle;
 import android.os.Parcel;
 
 import java.util.UUID;
@@ -30,7 +28,7 @@ import java.util.concurrent.ConcurrentHashMap;
  * To overcome this issue this class allows to cache Parcelables, mapped by unique UUIDs,
  * which are written to the parcel instead of the whole Parcelable.
  */
-public class ParcelableCache<E extends Object> {
+public class ParcelableCache<E> {
 
     private static final UUID NULL_UUID = new UUID(0, 0);
 
@@ -39,7 +37,7 @@ public class ParcelableCache<E extends Object> {
      * This is used such that when we become parceled, we are
      * well below the 1 MB boundary that is specified.
      */
-    private ConcurrentHashMap<UUID, E> dehydratedLogs = new ConcurrentHashMap<>();
+    private ConcurrentHashMap<UUID, E> objectCache = new ConcurrentHashMap<>();
 
     /**
      * Dehydrate a Parcelable (such that it is available after deparcelization)
@@ -52,9 +50,9 @@ public class ParcelableCache<E extends Object> {
         if (parcelable == null) {
             return NULL_UUID;
         } else {
-            UUID ticket = UUID.randomUUID();
-            dehydratedLogs.put(ticket, parcelable);
-            return ticket;
+            UUID uuid = UUID.randomUUID();
+            objectCache.put(uuid, parcelable);
+            return uuid;
         }
     }
 
@@ -63,53 +61,34 @@ public class ParcelableCache<E extends Object> {
      * invalidating its place in the dehydration pool.
      * This is used such that when parcelized, the Parcelable is no larger than 1 MB.
      *
-     * @param ticket A UUID ticket that identifies the log in question.
+     * @param uuid A UUID ticket that identifies the log in question.
      * @return An OperationLog.
      */
-    private E rehydrateParcelable(UUID ticket) {
+    private E rehydrateParcelable(UUID uuid) {
         // UUID.equals isn't well documented; we use compareTo instead.
-        if (NULL_UUID.compareTo(ticket) == 0) {
+        if (NULL_UUID.compareTo(uuid) == 0) {
             return null;
         } else {
-            E parcelable = dehydratedLogs.get(ticket);
-            dehydratedLogs.remove(ticket);
+            E parcelable = objectCache.get(uuid);
+            objectCache.remove(uuid);
             return parcelable;
         }
     }
 
-    public E readFromIntentAndGetFromCache(Intent data, String key1, String key2) {
-        if (!data.getExtras().containsKey(key1) || !data.getExtras().containsKey(key2)) {
-            return null;
-        }
-        long mostSig = data.getLongExtra(key1, 0);
-        long leastSig = data.getLongExtra(key2, 0);
-        UUID mTicket = new UUID(mostSig, leastSig);
-        // fetch the dehydrated log out of storage (this removes it from the dehydration pool)
-        return rehydrateParcelable(mTicket);
-    }
-
     public E readFromParcelAndGetFromCache(Parcel source) {
         long mostSig = source.readLong();
         long leastSig = source.readLong();
         UUID mTicket = new UUID(mostSig, leastSig);
-        // fetch the dehydrated log out of storage (this removes it from the dehydration pool)
+        // fetch the dehydrated parcelable out of storage (this removes it from the dehydration pool)
         return rehydrateParcelable(mTicket);
     }
 
     public void cacheAndWriteToParcel(E parcelable, Parcel dest) {
-        // Get a ticket for our log.
+        // Get a ticket for our parcelable.
         UUID mTicket = dehydrateParcelable(parcelable);
         // And write out the UUID most and least significant bits.
         dest.writeLong(mTicket.getMostSignificantBits());
         dest.writeLong(mTicket.getLeastSignificantBits());
     }
 
-    public void cacheAndWriteToIntent(E parcelable, Intent data, String key1, String key2) {
-        // Get a ticket for our log.
-        UUID mTicket = dehydrateParcelable(parcelable);
-        // And write out the UUID most and least significant bits.
-        data.putExtra(key1, mTicket.getMostSignificantBits());
-        data.putExtra(key2, mTicket.getLeastSignificantBits());
-    }
-
 }

From 1923942fc97534eb86177053a29868df5223cb16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 13 Apr 2015 23:41:16 +0200
Subject: [PATCH 64/80] Buffer ascii armored encryption/signatures

---
 .../keychain/pgp/PgpSignEncryptOperation.java                | 5 +++--
 .../org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index cdb6000c2..8ecb30cdd 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -51,6 +51,7 @@ import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 
+import java.io.BufferedOutputStream;
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -130,7 +131,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
         ArmoredOutputStream armorOut = null;
         OutputStream out;
         if (input.isEnableAsciiArmorOutput()) {
-            armorOut = new ArmoredOutputStream(outputStream);
+            armorOut = new ArmoredOutputStream(new BufferedOutputStream(outputStream, 1 << 16));
             if (input.getVersionHeader() != null) {
                 armorOut.setHeader("Version", input.getVersionHeader());
             }
@@ -408,7 +409,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
                 detachedByteOut = new ByteArrayOutputStream();
                 OutputStream detachedOut = detachedByteOut;
                 if (input.isEnableAsciiArmorOutput()) {
-                    detachedArmorOut = new ArmoredOutputStream(detachedOut);
+                    detachedArmorOut = new ArmoredOutputStream(new BufferedOutputStream(detachedOut, 1 << 16));
                     if (input.getVersionHeader() != null) {
                         detachedArmorOut.setHeader("Version", input.getVersionHeader());
                     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index 681aff56d..b86618a9a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -1165,7 +1165,7 @@ public class UncachedKeyRing {
                     }
                 }
 
-                // If anything changed, save the updated (sub)key
+                // If anything change, save the updated (sub)key
                 if (modified != resultKey) {
                     result = replacePublicKey(result, modified);
                 }

From 71024460cbb397957ab079a3568b0bb9462c0c84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 13 Apr 2015 23:53:46 +0200
Subject: [PATCH 65/80] Reformat comment in PassphraseCacheService

---
 .../keychain/service/PassphraseCacheService.java         | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index 778d0d525..03c250035 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -52,19 +52,19 @@ import java.util.Date;
  * This service runs in its own process, but is available to all other processes as the main
  * passphrase cache. Use the static methods addCachedPassphrase and getCachedPassphrase for
  * convenience.
- * <p/>
+ *
  * The passphrase cache service always works with both a master key id and a subkey id. The master
  * key id is always used to retrieve relevant info from the database, while the subkey id is used
  * to determine the type behavior (regular passphrase, empty passphrase, stripped key,
  * divert-to-card) for the specific key requested.
- * <p/>
+ *
  * Caching behavior for subkeys depends on the cacheSubs preference:
- * <p/>
+ *
  * - If cacheSubs is NOT set, passphrases will be cached and retrieved by master key id. The
  * checks for special subkeys will still be done, but otherwise it is assumed that all subkeys
  * from the same master key will use the same passphrase. This can lead to bad passphrase
  * errors if two subkeys are encrypted differently. This is the default behavior.
- * <p/>
+ *
  * - If cacheSubs IS set, passphrases will be cached per subkey id. This means that if a keyring
  * has two subkeys for different purposes, passphrases will be cached independently and the
  * user will be asked for a passphrase once per subkey even if it is the same one. This mode
@@ -72,6 +72,7 @@ import java.util.Date;
  * will be correct without fail. Since keyrings with differently encrypted subkeys are a very
  * rare occurrence, and caching by keyring is what the user expects in the vast majority of
  * cases, this is not the default behavior.
+ *
  */
 public class PassphraseCacheService extends Service {
 

From b288e5f4fe5ffb46f587619bb95c75a401d1cc37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 14 Apr 2015 00:06:05 +0200
Subject: [PATCH 66/80] Update html-textview, fix build

---
 OpenKeychain/build.gradle | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle
index 27b4725e1..8b04af766 100644
--- a/OpenKeychain/build.gradle
+++ b/OpenKeychain/build.gradle
@@ -22,7 +22,7 @@ dependencies {
     compile 'org.commonjava.googlecode.markdown4j:markdown4j:2.2-cj-1.0'
     compile "com.splitwise:tokenautocomplete:1.3.3@aar"
     compile 'se.emilsjolander:stickylistheaders:2.5.2'
-    compile 'org.sufficientlysecure:html-textview:1.0'
+    compile 'org.sufficientlysecure:html-textview:1.1'
 
     // libs as submodules
     compile project(':extern:openpgp-api-lib')
@@ -55,7 +55,7 @@ dependencyVerification {
             'org.commonjava.googlecode.markdown4j:markdown4j:e952e825d29e1317d96f79f346bfb6786c7c5eef50bd26e54a80823704b62e13',
             'com.splitwise:tokenautocomplete:20bee71cc59b3828eb000b684d46ddf738efd56b8fee453a509cd16fda42c8cb',
             'se.emilsjolander:stickylistheaders:bc158f51be842a5f92c6e2adc5782f6329b69796d76ebb8f39c77f611cdef573',
-            'org.sufficientlysecure:html-textview:e0f0862f6080bffb2aaf2f5c0fecbf246dec850fd156d329406931093f598423',
+            'org.sufficientlysecure:html-textview:ca24b1522be88378634093815ce9ff1b4920c72e7513a045a7846e14069ef988',
 //            'OpenKeychain.extern:openpgp-api-lib:f05a9215cdad3a6597e4c5ece6fcec92b178d218195a3e88d2c0937c48dd9580',
 //            'OpenKeychain.extern:openkeychain-api-lib:50f6ebb5452d3fdc7be137ccf857a0ff44d55539fcb7b91baef495766ed7f429',
 //            'com.madgag.spongycastle:core:df8fcc028a95ac5ffab3b78c9163f5cfa672e41cd50128ca55d458b6cfbacf4b',

From a545d50f4b90915274bba7de405b251b86fdf2fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 14 Apr 2015 00:40:28 +0200
Subject: [PATCH 67/80] Pull from transifex

---
 .../src/main/res/raw-bg/help_about.md         |   1 +
 .../src/main/res/raw-bg/help_certification.md |   3 +-
 .../src/main/res/raw-bg/help_changelog.md     |   7 +-
 .../src/main/res/raw-bg/help_start.md         |   5 +-
 .../src/main/res/raw-cs/help_about.md         |   1 +
 .../src/main/res/raw-cs/help_certification.md |   3 +-
 .../src/main/res/raw-cs/help_changelog.md     |   7 +-
 .../src/main/res/raw-cs/help_start.md         |   5 +-
 .../src/main/res/raw-de/help_about.md         |  41 +-
 .../src/main/res/raw-de/help_certification.md |   9 +-
 .../src/main/res/raw-de/help_changelog.md     |  81 +--
 .../src/main/res/raw-de/help_start.md         |  17 +-
 .../src/main/res/raw-es/help_about.md         |   1 +
 .../src/main/res/raw-es/help_certification.md |   3 +-
 .../src/main/res/raw-es/help_changelog.md     | 263 +++++-----
 .../src/main/res/raw-es/help_start.md         |   5 +-
 .../src/main/res/raw-et/help_about.md         |   1 +
 .../src/main/res/raw-et/help_certification.md |   3 +-
 .../src/main/res/raw-et/help_changelog.md     |   7 +-
 .../src/main/res/raw-et/help_start.md         |   5 +-
 .../src/main/res/raw-eu/help_about.md         |   1 +
 .../src/main/res/raw-eu/help_certification.md |   3 +-
 .../src/main/res/raw-eu/help_changelog.md     |   7 +-
 .../src/main/res/raw-eu/help_start.md         |   5 +-
 .../src/main/res/raw-fi/help_about.md         |   1 +
 .../src/main/res/raw-fi/help_certification.md |   3 +-
 .../src/main/res/raw-fi/help_changelog.md     |   7 +-
 .../src/main/res/raw-fi/help_start.md         |   5 +-
 .../src/main/res/raw-fr/help_about.md         |   1 +
 .../src/main/res/raw-fr/help_certification.md |   1 +
 .../src/main/res/raw-fr/help_changelog.md     | 297 +++++------
 .../src/main/res/raw-fr/help_start.md         |   3 +-
 .../src/main/res/raw-is/help_about.md         |   1 +
 .../src/main/res/raw-is/help_certification.md |   3 +-
 .../src/main/res/raw-is/help_changelog.md     |   7 +-
 .../src/main/res/raw-is/help_start.md         |   5 +-
 .../src/main/res/raw-it/help_about.md         |   1 +
 .../src/main/res/raw-it/help_certification.md |   3 +-
 .../src/main/res/raw-it/help_changelog.md     |   7 +-
 .../src/main/res/raw-it/help_start.md         |   5 +-
 .../src/main/res/raw-ja/help_about.md         |  13 +-
 .../src/main/res/raw-ja/help_certification.md |   3 +-
 .../src/main/res/raw-ja/help_changelog.md     | 119 ++---
 .../src/main/res/raw-ja/help_start.md         |   5 +-
 .../src/main/res/raw-nl/help_about.md         |   1 +
 .../src/main/res/raw-nl/help_certification.md |  37 +-
 .../src/main/res/raw-nl/help_changelog.md     | 223 ++++----
 .../src/main/res/raw-nl/help_start.md         |   3 +-
 .../src/main/res/raw-pl/help_about.md         |   1 +
 .../src/main/res/raw-pl/help_certification.md |   3 +-
 .../src/main/res/raw-pl/help_changelog.md     |   7 +-
 .../src/main/res/raw-pl/help_start.md         |   5 +-
 .../src/main/res/raw-pt/help_about.md         |   1 +
 .../src/main/res/raw-pt/help_certification.md |   3 +-
 .../src/main/res/raw-pt/help_changelog.md     |   7 +-
 .../src/main/res/raw-pt/help_start.md         |   5 +-
 .../src/main/res/raw-ro/help_about.md         |   1 +
 .../src/main/res/raw-ro/help_certification.md |   3 +-
 .../src/main/res/raw-ro/help_changelog.md     |   7 +-
 .../src/main/res/raw-ro/help_start.md         |   5 +-
 .../src/main/res/raw-ru/help_about.md         |   1 +
 .../src/main/res/raw-ru/help_certification.md |   3 +-
 .../src/main/res/raw-ru/help_changelog.md     |   7 +-
 .../src/main/res/raw-ru/help_start.md         |   5 +-
 .../src/main/res/raw-sl/help_about.md         |  41 +-
 .../src/main/res/raw-sl/help_certification.md |  37 +-
 .../src/main/res/raw-sl/help_changelog.md     |   7 +-
 .../src/main/res/raw-sl/help_start.md         |  23 +-
 .../src/main/res/raw-sr/help_about.md         |   1 +
 .../src/main/res/raw-sr/help_certification.md |   3 +-
 .../src/main/res/raw-sr/help_changelog.md     |   7 +-
 .../src/main/res/raw-sr/help_start.md         |   5 +-
 .../src/main/res/raw-sv/help_about.md         |   1 +
 .../src/main/res/raw-sv/help_certification.md |   3 +-
 .../src/main/res/raw-sv/help_changelog.md     |   7 +-
 .../src/main/res/raw-sv/help_start.md         |   5 +-
 .../src/main/res/raw-tr/help_about.md         |   1 +
 .../src/main/res/raw-tr/help_certification.md |   3 +-
 .../src/main/res/raw-tr/help_changelog.md     |   7 +-
 .../src/main/res/raw-tr/help_start.md         |   5 +-
 .../src/main/res/raw-uk/help_about.md         |   1 +
 .../src/main/res/raw-uk/help_certification.md |   3 +-
 .../src/main/res/raw-uk/help_changelog.md     |   7 +-
 .../src/main/res/raw-uk/help_start.md         |   5 +-
 .../src/main/res/raw-zh-rTW/help_about.md     |   1 +
 .../main/res/raw-zh-rTW/help_certification.md |   3 +-
 .../src/main/res/raw-zh-rTW/help_changelog.md |   7 +-
 .../src/main/res/raw-zh-rTW/help_start.md     |   5 +-
 .../src/main/res/raw-zh/help_about.md         |   1 +
 .../src/main/res/raw-zh/help_certification.md |   3 +-
 .../src/main/res/raw-zh/help_changelog.md     |   7 +-
 .../src/main/res/raw-zh/help_start.md         |   5 +-
 .../src/main/res/values-cs/strings.xml        |  38 +-
 .../src/main/res/values-de/strings.xml        |  39 +-
 .../src/main/res/values-es/strings.xml        |  85 ++--
 .../src/main/res/values-et/strings.xml        |   2 -
 .../src/main/res/values-eu/strings.xml        |  19 -
 .../src/main/res/values-fi/strings.xml        |  18 -
 .../src/main/res/values-fr/strings.xml        |  35 +-
 .../src/main/res/values-it/strings.xml        |  23 -
 .../src/main/res/values-ja/strings.xml        |  42 +-
 .../src/main/res/values-nl/strings.xml        |  35 +-
 .../src/main/res/values-pl/strings.xml        |  21 -
 .../src/main/res/values-ru/strings.xml        |  69 ++-
 .../src/main/res/values-sl/strings.xml        | 480 +++++++++++++++++-
 .../src/main/res/values-sv/strings.xml        |  23 -
 .../src/main/res/values-tr/strings.xml        |  20 -
 .../src/main/res/values-uk/strings.xml        |  20 -
 .../src/main/res/values-zh-rTW/strings.xml    | 170 ++++++-
 .../src/main/res/values-zh/strings.xml        |  14 -
 110 files changed, 1552 insertions(+), 1107 deletions(-)

diff --git a/OpenKeychain/src/main/res/raw-bg/help_about.md b/OpenKeychain/src/main/res/raw-bg/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-bg/help_about.md
+++ b/OpenKeychain/src/main/res/raw-bg/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-bg/help_certification.md b/OpenKeychain/src/main/res/raw-bg/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-bg/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-bg/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-bg/help_changelog.md b/OpenKeychain/src/main/res/raw-bg/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-bg/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-bg/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-bg/help_start.md b/OpenKeychain/src/main/res/raw-bg/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-bg/help_start.md
+++ b/OpenKeychain/src/main/res/raw-bg/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-cs/help_about.md b/OpenKeychain/src/main/res/raw-cs/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-cs/help_about.md
+++ b/OpenKeychain/src/main/res/raw-cs/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-cs/help_certification.md b/OpenKeychain/src/main/res/raw-cs/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-cs/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-cs/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-cs/help_changelog.md b/OpenKeychain/src/main/res/raw-cs/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-cs/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-cs/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-cs/help_start.md b/OpenKeychain/src/main/res/raw-cs/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-cs/help_start.md
+++ b/OpenKeychain/src/main/res/raw-cs/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-de/help_about.md b/OpenKeychain/src/main/res/raw-de/help_about.md
index d6a8eca93..ec2501ee6 100644
--- a/OpenKeychain/src/main/res/raw-de/help_about.md
+++ b/OpenKeychain/src/main/res/raw-de/help_about.md
@@ -1,12 +1,13 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
-[OpenKeychain](http://www.openkeychain.org) is an OpenPGP implementation for Android.
+[OpenKeychain](http://www.openkeychain.org) ist eine OpenPGP-Implementierung für Android.
 
-License: GPLv3+
+Lizenz: GPLv3+
 
-## Developers
-  * Dominik Schürmann (Maintainer)
+## Entwickler
+  * Dominik Schürmann (Leitender Entwickler)
   * Art O Cathain
   * Ash Hughes
   * Brian C. Barnes
@@ -27,19 +28,19 @@ License: GPLv3+
   * Tim Bray
   * Vincent Breitmoser
 
-## Libraries
-  * [SpongyCastle](http://rtyley.github.com/spongycastle/) (MIT X11 License)
-  * [SafeSlinger Exchange library](https://github.com/SafeSlingerProject/exchange-android) (MIT License)
-  * [Android Support Libraries](http://developer.android.com/tools/support-library/index.html) (Apache License v2)
-  * [KeybaseLib](https://github.com/timbray/KeybaseLib) (Apache License v2)
-  * [TokenAutoComplete](https://github.com/splitwise/TokenAutoComplete) (Apache License v2)
-  * [MiniDNS](https://github.com/rtreffer/minidns) (Apache License v2)
-  * [StickyListHeaders](https://github.com/emilsjolander/StickyListHeaders) (Apache License v2)
-  * [ZXing](https://github.com/zxing/zxing) (Apache License v2)
-  * [ZXing Android Minimal](https://github.com/journeyapps/zxing-android-embedded) (Apache License v2)
-  * [PagerSlidingTabStrip](https://github.com/jpardogo/PagerSlidingTabStrip) (Material Design)</a> (Apache License v2)
-  * [MaterialNavigationDrawer](https://github.com/neokree/MaterialNavigationDrawer) (Apache License v2)
-  * [Snackbar](https://github.com/nispok/snackbar) (MIT License)
-  * [FloatingActionButton](https://github.com/futuresimple/android-floating-action-button) (Apache License v2)
-  * [HtmlTextView](https://github.com/dschuermann/html-textview) (Apache License v2)
-  * [Markdown4J](https://github.com/jdcasey/markdown4j) (Apache License v2)
\ No newline at end of file
+## Bibliotheken
+  * [SpongyCastle](http://rtyley.github.com/spongycastle/) (MIT X11-Lizenz)
+  * [SafeSlinger Exchange library](https://github.com/SafeSlingerProject/exchange-android) (MIT-Lizenz)
+  * [Android Support Libraries](http://developer.android.com/tools/support-library/index.html) (Apache-Lizenz v2)
+  * [KeybaseLib](https://github.com/timbray/KeybaseLib) (Apache-Lizenz v2)
+  * [TokenAutoComplete](https://github.com/splitwise/TokenAutoComplete) (Apache-Lizenz v2)
+  * [MiniDNS](https://github.com/rtreffer/minidns) (Apache-Lizenz v2)
+  * [StickyListHeaders](https://github.com/emilsjolander/StickyListHeaders) (Apache-Lizenz v2)
+  * [ZXing](https://github.com/zxing/zxing) (Apache-Lizenz v2)
+  * [ZXing Android Minimal](https://github.com/journeyapps/zxing-android-embedded) (Apache-Lizenz v2)
+  * [PagerSlidingTabStrip](https://github.com/jpardogo/PagerSlidingTabStrip) (Material-Design)</a> (Apache-Lizenz v2)
+  * [MaterialNavigationDrawer](https://github.com/neokree/MaterialNavigationDrawer) (Apache-Lizenz v2)
+  * [Snackbar](https://github.com/nispok/snackbar) (MIT-Lizenz)
+  * [FloatingActionButton](https://github.com/futuresimple/android-floating-action-button) (Apache-Lizenz v2)
+  * [HtmlTextView](https://github.com/dschuermann/html-textview) (Apache-Lizenz v2)
+  * [Markdown4J](https://github.com/jdcasey/markdown4j) (Apache-Lizenz v2)
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-de/help_certification.md b/OpenKeychain/src/main/res/raw-de/help_certification.md
index 8da27e8e0..5089301f3 100644
--- a/OpenKeychain/src/main/res/raw-de/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-de/help_certification.md
@@ -1,10 +1,11 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
-## Key Confirmation
+## Schlüsselbestätigung
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
-## Key Status
+## Schlüsselstatus
 
 <img src="status_signature_verified_cutout_24dp"/>  
 Confirmed: You have already confirmed this key, e.g., by scanning the QR Code.  
@@ -15,7 +16,7 @@ Expired: This key is no longer valid. Only the owner can extend its validity.
 <img src="status_signature_revoked_cutout_24dp"/>  
 Revoked: This key is no longer valid. It has been revoked by its owner.
 
-## Advanced Information
+## Erweiterte Informationen
 A "key confirmation" in OpenKeychain is implemented by creating a certification according to the OpenPGP standard.
 This certification is a ["generic certification (0x10)"](http://tools.ietf.org/html/rfc4880#section-5.2.1) described in the standard by:
 "The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID."
diff --git a/OpenKeychain/src/main/res/raw-de/help_changelog.md b/OpenKeychain/src/main/res/raw-de/help_changelog.md
index e9d61d0f3..cd0a47f45 100644
--- a/OpenKeychain/src/main/res/raw-de/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-de/help_changelog.md
@@ -1,11 +1,12 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
-  * Material design
-  * Integration of QR Scanner (New permissions required)
-  * Improved key creation wizard
-  * Fix missing contacts after sync
-  * Requires Android 4
+  * Material-Design
+  * QR-Scanner-Integration (benötigt neue Berechtigungen)
+  * Schlüsselerzeugungsassistent verbessert
+  * Fehlende Kontakte nach Synchronisierung behoben
+  * Benötigt Android 4
   * Redesigned key screen
   * Simplify crypto preferences, better selection of secure ciphers
   * API: Detached signatures, free selection of signing key,...
@@ -22,17 +23,17 @@
 ## 3.1.1
 
   * Fix key export to files (they were written partially)
-  * Fix crash on Android 2.3
+  * Absturz unter Android 2.3 behoben
 
 
 ## 3.1
 
-  * Fix crash on Android 5
-  * New certify screen
+  * Absturz unter Android 5 behoben
+  * Neuer Beglaubigungsbildschirm
   * Secure Exchange directly from key list (SafeSlinger library)
-  * New QR Code program flow
+  * Neuer Programmablauf für QR-Codes
   * Redesigned decrypt screen
-  * New icon usage and colors
+  * Verwendung neuer Symbole und Farben
   * Fix import of secret keys from Symantec Encryption Desktop
   * Subkey IDs on Yubikeys are now checked correctly
 
@@ -70,7 +71,7 @@
   * Key sharing via SafeSlinger
   * Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain
   * Fix usage of stripped keys
-  * SHA256 as default for compatibility
+  * Standardmäßig SHA256 aufgrund von Kompatibilität
   * Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API
   * OpenPGP API now handles revoked/expired keys and returns all user ids
 
@@ -78,7 +79,7 @@
 ## 2.9
 
   * Fixing crashes introduced in v2.8
-  * Experimental ECC support
+  * Experimentelle ECC-Unterstützung
   * Experimental Yubikey support (signing-only with imported keys)
 
 
@@ -87,7 +88,7 @@
   * So many bugs have been fixed in this release that we focus on the main new features
   * Key edit: awesome new design, key revocation
   * Key import: awesome new design, secure keyserver connections via hkps, keyserver resolving via DNS SRV records
-  * New first time screen
+  * Neuer Bildschirm bei der ersten Öffnung
   * New key creation screen: autocompletion of name and email based on your personal Android accounts
   * File encryption: awesome new design, support for encrypting multiple files
   * New icons to show status of key (by Brennan Novak)
@@ -95,15 +96,15 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
-  * Purple! (Dominik, Vincent)
+  * Lila! (Dominik, Vincent)
   * New key view design (Dominik, Vincent)
   * New flat Android buttons (Dominik, Vincent)
-  * API fixes (Dominik)
-  * Keybase.io import (Tim Bray)
+  * API-Korrekturen (Dominik)
+  * Import aus keybase.io (Tim Bray)
 
 
 ## 2.6.1
@@ -116,7 +117,7 @@
   * Key certifications (thanks to Vincent Breitmoser)
   * Support for GnuPG partial secret keys (thanks to Vincent Breitmoser)
   * New design for signature verification
-  * Custom key length (thanks to Greg Witczak)
+  * Benutzerdefinierte Schlüssellänge (Dank an Greg Witczak)
   * Fix share-functionality from other apps
 
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
@@ -142,7 +143,7 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
   * Keyserver query based on machine-readable output
   * Lock navigation drawer on tablets
   * Suggestions for emails on creation of keys
-  * Search in public key lists
+  * Suchen in öffentlichen Schlüssellisten
   * And much more improvements and fixes…
 
 
@@ -168,7 +169,7 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
   * New design with navigation drawer
   * New public key list design
-  * New public key view
+  * Neue Ansicht für öffentliche Schlüssel
   * Bug fixes for importing of keys
   * Key cross-certification (thanks to Ash Hughes)
   * Handle UTF-8 passwords properly (thanks to Ash Hughes)
@@ -185,7 +186,7 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 ## 2.1
 
   * Lots of bug fixes
-  * New API for developers
+  * Neue API für Entwickler
   * PRNG bug fix by Google
 
 
@@ -193,20 +194,20 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
   * Complete redesign
   * Share public keys via QR codes, NFC beam
-  * Sign keys
-  * Upload keys to server
+  * Schlüssel unterschreiben
+  * Schlüssel auf den Server hochladen
   * Fixes import issues
-  * New AIDL API
+  * Neue AIDL-API
 
 
 ## 1.0.8
 
-  * Basic keyserver support
+  * Grundlegende Schlüsselserverunterstützung
   * App2sd
   * More choices for passphrase cache: 1, 2, 4, 8, hours
   * Translations: Norwegian (thanks, Sander Danielsen), Chinese (thanks, Zhang Fredrick)
-  * Bugfixes
-  * Optimizations
+  * Fehlerbehebungen
+  * Optimierungen
 
 
 ## 1.0.7
@@ -218,19 +219,19 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 ## 1.0.6
 
   * Account adding crash on Froyo fixed
-  * Secure file deletion
+  * Sichere Dateilöschung
   * Option to delete key file after import
-  * Stream encryption/decryption (gallery, etc.)
+  * Streamverschlüsselung/-entschlüsselung (Galerie, usw.)
   * New options (language, force v3 signatures)
-  * Interface changes
-  * Bugfixes
+  * Oberflächenänderungen
+  * Fehlerbehebungen
 
 
 ## 1.0.5
 
-  * German and Italian translation
+  * Deutsche und Italienische Übersetzung
   * Much smaller package, due to reduced BC sources
-  * New preferences GUI
+  * Neues Einstellungen-Benutzeroberfläche
   * Layout adjustment for localization
   * Signature bugfix
 
@@ -247,7 +248,7 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
 ## 1.0.2
 
-  * Filterable key lists
+  * Filterbare Schlüsselliste
   * Smarter pre-selection of encryption keys
   * New Intent handling for VIEW and SEND, allows files to be encrypted/decrypted out of file managers
   * Fixes and additional features (key preselection) for K-9 Mail, new beta build available
@@ -261,8 +262,8 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 ## 1.0.0
 
   * K-9 Mail integration, APG supporting beta build of K-9 Mail
-  * Support of more file managers (including ASTRO)
-  * Slovenian translation
-  * New database, much faster, less memory usage
+  * Unterstützung von mehr Dateimanagern (einschließlich ASTRO)
+  * Slowenische Übersetzung
+  * Neue Datenbank, viel schneller, weniger Speicherbelegung
   * Defined Intents and content provider for other apps
-  * Bugfixes
\ No newline at end of file
+  * Fehlerbehebungen
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-de/help_start.md b/OpenKeychain/src/main/res/raw-de/help_start.md
index 1641f913b..b51aebf62 100644
--- a/OpenKeychain/src/main/res/raw-de/help_start.md
+++ b/OpenKeychain/src/main/res/raw-de/help_start.md
@@ -1,15 +1,16 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
-## How do I activate OpenKeychain in K-9 Mail?
-To use OpenKeychain with K-9 Mail, you want to follow these steps:
+## Wie kann ich OpenKeychain in K-9 Mail nutzen?
+Um OpenKeychain mit K-9 Mail zu nutzen, bitte folgenden Schritten folgen:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
-  3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
+  3. Klick auf "OpenPGP Provider" und OpenKeychain in der Liste auswählen.
 
-## I found a bug in OpenKeychain!
+## Ich habe einen Fehler in OpenKeychail gefunden!
 Please report the bug using the [issue tracker of OpenKeychain](https://github.com/openpgp-keychain/openpgp-keychain/issues).
 
-## Contribute
+## Unterstützen
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
-## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+## Übersetzungen
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-es/help_about.md b/OpenKeychain/src/main/res/raw-es/help_about.md
index 0435b2d5b..bb925e6bd 100644
--- a/OpenKeychain/src/main/res/raw-es/help_about.md
+++ b/OpenKeychain/src/main/res/raw-es/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTA: ¡Por favor ponga cada frase en su propia línea, Transifex pone cada línea en su propio campo de traducción!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-es/help_certification.md b/OpenKeychain/src/main/res/raw-es/help_certification.md
index 55e821498..412c13826 100644
--- a/OpenKeychain/src/main/res/raw-es/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-es/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTA: ¡Por favor ponga cada frase en su propia línea, Transifex pone cada línea en su propio campo de traducción!)
 
 ## Confirmación de clave
 Sin confirmación, no puede estar seguro de si una clave corresponde realmente a una persona específica.
-La forma más simple de confirmar una clave es escanear el código QR o intercambiarlo vía NFC.
+La forma más sencilla de confirmar una clave es escaneando el código QR o intercambiándolo vía NFC.
 Para confirmar claves entre más de dos personas, sugerimos usar el método de intercambio de claves disponible para sus claves.
 
 ## Estado de la clave
diff --git a/OpenKeychain/src/main/res/raw-es/help_changelog.md b/OpenKeychain/src/main/res/raw-es/help_changelog.md
index 753da969e..7c4367594 100644
--- a/OpenKeychain/src/main/res/raw-es/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-es/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTA: ¡Por favor ponga cada frase en su propia línea, Transifex pone cada línea en su propio campo de traducción!)
 
 ## 3.2beta2
 
@@ -8,10 +9,10 @@
   * Requiere Android 4
   * Pantalla de clave rediseñada
   * Simplifica las preferencias de criptografía, mejor selección de algoritmos de cifrado seguro
-  * API: Firmas desacopladas, selección libre de clave de firmado...
+  * API: Firmas desacopladas, selección libre de clave de firmado,...
   * Reparación: Algunas claves válidas se mostraron revocadas o caducadas
   * No acepte algo firmado por subclaves caducadas o revocadas
-  * Soporte Keybase.io en la vista avanzada
+  * Soporte para Keybase.io en la vista avanzada
 
 
 ## 3.1.2
@@ -22,19 +23,19 @@
 ## 3.1.1
 
   * Repara la exportación de claves a ficheros (se escribían parcialmente)
-  * Repara un fallo con caída en Android 2.3
+  * Repara una caída en Android 2.3
 
 
 ## 3.1
 
-  * Repara un fallo con caída en Android 5
+  * Repara una caída en Android 5
   * Nueva pantalla de certificación
   * Intercambio seguro directamente desde la lista de claves (librería SafeSlinger)
-  * Nuevo control de flujo del programa QR Code
+  * Nuevo control de flujo del programa para código QR
   * Pantalla de descifrado rediseñada
-  * Nuevo uso del icono y colores
-  * Repara la importación de clave secretas (privadas) desde Symantec Encryption Desktop
-  * Las identificaciones de subclaves sobre Yubikeys ahora están comprobadas correctamente
+  * Nuevo uso y colores del icono
+  * Repara la importación de claves secretas (privadas) desde Symantec Encryption Desktop
+  * Las identificaciones de subclaves en Yubikeys ahora se comprueban correctamente
 
 
 ## 3.0.1
@@ -46,223 +47,223 @@
 ## 3.0
 
   * ¡Soporte completo para generación de firma y descifrado de Yubikey!
-  * Propose installable compatible apps in apps list
-  * New design for decryption screens
-  * Many fixes for key import, also fixes stripped keys
-  * Honor and display key authenticate flags
-  * User interface to generate custom keys
-  * Fixing user id revocation certificates
-  * New cloud search (searches over traditional keyservers and keybase.io)
-  * Support for stripping keys inside OpenKeychain
+  * Propone aplicaciones instalables compatibles en la lista de aplicaciones
+  * Nuevo diseño para pantallas de descifrado
+  * Muchas reparaciones para la importación de claves, también repara claves desnudas
+  * Respeta y muestra los distintivos de autentificación de claves
+  * Interfaz de usuario para generar claves personalizadas
+  * Repara certificados de revocación de identificación de usuario
+  * Nueva búsqueda en la nube (busca sobre servidores de claves tradicionales y keybase.io)
+  * Soporte para desvestir claves dentro de OpenKeychain
 
 
 ## 2.9.2
 
-  * Fix keys broken in 2.9.1
-  * Yubikey decryption now working via API
+  * Repara claves rotas en la versión 2.9.1
+  * El descifrado de Yubikey ahora funciona vía API
 
 
 ## 2.9.1
 
-  * Split encrypt screen into two
-  * Fix key flags handling (now supporting Mailvelope 0.7 keys)
-  * Improved passphrase handling
-  * Key sharing via SafeSlinger
-  * Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain
-  * Fix usage of stripped keys
-  * SHA256 as default for compatibility
-  * Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API
-  * OpenPGP API now handles revoked/expired keys and returns all user ids
+  * Divide en dos la pantalla de cifrado 
+  * Repara el manejo de los indicativos de claves (ahora soporta claves de Mailvelope 0.7)
+  * Manejo de frase-contraseña mejorado
+  * Compartición de claves vía SafeSlinger
+  * Yubikey: Preferencia para permitir otros PINs, actualmente sólo funciona firmando mediante la API de OpenPGP, no dentro de OpenKeychain
+  * Repara el uso de claves desnudas
+  * SHA256 por defecto para compatibilidad
+  * La API de Intent ha cambiado, vea https://github.com/open-keychain/open-keychain/wiki/Intent-API
+  * La API de OpenPGP ahora maneja claves revocadas/caducadas y devuelve todas las identificaciones de usuario
 
 
 ## 2.9
 
-  * Fixing crashes introduced in v2.8
-  * Experimental ECC support
-  * Experimental Yubikey support (signing-only with imported keys)
+  * Repara caídas introducidas en la versión 2.8
+  * Soporte para ECC (criptografía de curva elíptica) experimental
+  * Soporte experimental para Yubikey (sólo-firmante con claves importadas)
 
 
 ## 2.8
 
-  * So many bugs have been fixed in this release that we focus on the main new features
-  * Key edit: awesome new design, key revocation
-  * Key import: awesome new design, secure keyserver connections via hkps, keyserver resolving via DNS SRV records
-  * New first time screen
-  * New key creation screen: autocompletion of name and email based on your personal Android accounts
-  * File encryption: awesome new design, support for encrypting multiple files
-  * New icons to show status of key (by Brennan Novak)
-  * Important bug fix: Importing of large key collections from a file is now possible
-  * Notification showing cached passphrases
-  * Keys are connected to Android's contacts
+  * Han sido reparados tantos fallos en esta versión que nos centramos en las nuevas características principales
+  * Edición de clave: Un estupendo diseño nuevo, revocación de clave
+  * Importación de clave: Un estupendo diseño nuevo, conexiones seguras a servidor de claves vía hkps (protocolo seguro HTTP de servidor de claves), servidor de claves resolviendo vía registros DNS SRV
+  * Nueva pantalla de primera vez
+  * Nueva pantalla de creación de clave: Autocompletado del nombre y correo electrónico basados en sus cuentas de Android personales
+  * Cifrado de ficheros: Un estupendo diseño nuevo, soporte para cifrar múltiples ficheros
+  * Nuevos iconos para mostrar el estado de la clave (por Brennan Novak)
+  * Reparación de un fallo importante: La importación de colecciones de claves largas desde un fichero ahora es posible
+  * Notificación mostrando frases-contraseña en caché
+  * Las claves están conectadas a los contactos de Android
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+Esta versión no sería posible sin el trabajo de Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
-  * Purple! (Dominik, Vincent)
-  * New key view design (Dominik, Vincent)
-  * New flat Android buttons (Dominik, Vincent)
-  * API fixes (Dominik)
-  * Keybase.io import (Tim Bray)
+  * ¡Púrpura! (Dominik, Vincent)
+  * Nuevo diseño de vista de clave (Dominik, Vincent)
+  * Nuevos botones planos de Android (Dominik, Vincent)
+  * Reparaciones de la API (Dominik)
+  * Importación desde Keybase.io (Tim Bray)
 
 
 ## 2.6.1
 
-  * Some fixes for regression bugs
+  * Algunas reparaciones para fallos regresivos
 
 
 ## 2.6
 
-  * Key certifications (thanks to Vincent Breitmoser)
-  * Support for GnuPG partial secret keys (thanks to Vincent Breitmoser)
-  * New design for signature verification
-  * Custom key length (thanks to Greg Witczak)
-  * Fix share-functionality from other apps
+  * Certificaciones de clave (gracias a Vincent Breitmoser)
+  * Soporte para claves secretas (privadas) parciales de GnuPG (gracias a Vincent Breitmoser)
+  * Nuevo diseño para verificación de firma
+  * Tamaño de clave personalizado (gracias a Greg Witczak)
+  * Repara la funcionalidad-compartida desde otras aplicaciones
 
 
 ## 2.5
 
-  * Fix decryption of symmetric OpenPGP messages/files
-  * Refactored key edit screen (thanks to Ash Hughes)
-  * New modern design for encrypt/decrypt screens
-  * OpenPGP API version 3 (multiple api accounts, internal fixes, key lookup)
+  * Repara el descifrado de mensajes/ficheros de OpenPGP simétricos
+  * Pantalla de edición de clave refactorizada (gracias a Ash Hughes)
+  * Nuevo diseño moderno para pantallas de cifrado/descifrado
+  * API de OpenPGP versión 3 (múltiples cuentas API, reparaciones internas, búsqueda de claves)
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
-Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+¡Gracias a todos los interesados del Google Summer of Code 2014 que hicieron posible esta versión rica en características y libre de fallos!
+Además de varios parches de seguridad pequeños, un número notable de parches fueron elaborados por las siguientes personas (en orden alfabético):
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
-  * New unified key list
-  * Colorized key fingerprint
-  * Support for keyserver ports
-  * Deactivate possibility to generate weak keys
-  * Much more internal work on the API
-  * Certify user ids
-  * Keyserver query based on machine-readable output
-  * Lock navigation drawer on tablets
-  * Suggestions for emails on creation of keys
-  * Search in public key lists
-  * And much more improvements and fixes…
+  * Nueva lista de claves unificada
+  * Huella de validación de clave (fingerprint) coloreada
+  * Soporte para puertos de servidor de claves
+  * Desactivar la posibilidad de generar claves débiles
+  * Mucho más trabajo interno en la API
+  * Certificar identificaciones de usuario
+  * Petición al servidor de claves basada en salida legible-por-máquina
+  * Bloquea la bandeja deslizante de navegación en tabletas
+  * Sugerencias sobre creación de claves para correos electrónicos
+  * Buscar en listas de claves públicas
+  * Y muchas más mejoras y reparaciones...
 
 
 ## 2.3.1
 
-  * Hotfix for crash when upgrading from old versions
+  * Reparación urgente para caída al actualizar desde versiones antiguas
 
 
 ## 2.3
 
-  * Remove unnecessary export of public keys when exporting secret key (thanks to Ash Hughes)
-  * Fix setting expiry dates on keys (thanks to Ash Hughes)
-  * More internal fixes when editing keys (thanks to Ash Hughes)
-  * Querying keyservers directly from the import screen
-  * Fix layout and dialog style on Android 2.2-3.0
-  * Fix crash on keys with empty user ids
-  * Fix crash and empty lists when coming back from signing screen
-  * Bouncy Castle (cryptography library) updated from 1.47 to 1.50 and build from source
-  * Fix upload of key from signing screen
+  * Elimina la exportación innecesaria de claves públicas al exportar la clave secreta (privada) (gracias a Ash Hughes)
+  * Repara la configuración de fechas de caducidad sobre claves (gracias a Ash Hughes)
+  * Más reparaciones internas al editar claves (gracias a Ash Hughes)
+  * Realiza peticiones directamente a los servidores de claves desde la pantalla de importación
+  * Repara la disposición y estilo del cuadro de diálogo en Android 2.2-3.0
+  * Repara caída en claves con identificaciones de usuario vacías
+  * Repara caída y listas vacías al volver de la pantalla de firmado
+  * Bouncy Castle (librería de criptografía) actualizada desde la versión 1.47 a la 1.50 y compilada desde el código fuente
+  * Repara la subida de clave desde la pantalla de firmado
 
 
 ## 2.2
 
-  * New design with navigation drawer
-  * New public key list design
-  * New public key view
-  * Bug fixes for importing of keys
-  * Key cross-certification (thanks to Ash Hughes)
-  * Handle UTF-8 passwords properly (thanks to Ash Hughes)
-  * First version with new languages (thanks to the contributors on Transifex)
-  * Sharing of keys via QR Codes fixed and improved
-  * Package signature verification for API
+  * Nuevo diseño con bandeja deslizante de navegación
+  * Nuevo diseño de lista de claves públicas
+  * Nueva vista de clave pública
+  * Reparaciones de fallos para la importación de claves
+  * Certificación-cruzada de claves (gracias a Ash Hughes)
+  * Maneja contraseñas UTF-8 de forma adecuada (gracias a Ash Hughes)
+  * Primera versión con nuevos idiomas (gracias a los contribuidores en Transifex)
+  * Compartición de claves mediante códigos QR reparada y mejorada
+  * Verificación de firmas de paquetes para la API
 
 
 ## 2.1.1
 
-  * API Updates, preparation for K-9 Mail integration
+  * Actualizaciones de la API, preparación para la integración de K-9 Mail
 
 
 ## 2.1
 
-  * Lots of bug fixes
-  * New API for developers
-  * PRNG bug fix by Google
+  * Muchas reparaciones de fallos
+  * Nueva API para desarrolladores
+  * Reparación de fallo de PRNG (generador de números pseudoaleatorios) por Google
 
 
 ## 2.0
 
-  * Complete redesign
-  * Share public keys via QR codes, NFC beam
-  * Sign keys
-  * Upload keys to server
-  * Fixes import issues
-  * New AIDL API
+  * Rediseño completo
+  * Comparte claves públicas mediante códigos QR, y NFC
+  * Firma de claves
+  * Subida de claves al servidor
+  * Repara problemas de importación
+  * Nueva API de AIDL (lenguaje de definición de interfaz Android)
 
 
 ## 1.0.8
 
-  * Basic keyserver support
+  * Soporte para servidor de claves básico
   * App2sd
-  * More choices for passphrase cache: 1, 2, 4, 8, hours
-  * Translations: Norwegian (thanks, Sander Danielsen), Chinese (thanks, Zhang Fredrick)
-  * Bugfixes
-  * Optimizations
+  * Más opciones para la caché de frase-contraseña: 1,2,4,8 horas
+  * Traducciones: Noruego (gracias, Sander Danielsen), Chino (gracias, Zhang Fredrick)
+  * Reparaciones de fallos
+  * Optimizaciones
 
 
 ## 1.0.7
 
-  * Fixed problem with signature verification of texts with trailing newline
-  * More options for passphrase cache time to live (20, 40, 60 mins)
+  * Reparado problema con la verificación de firma de textos con un salto de línea al final
+  * Más opciones para el tiempo de vida de la caché de frase-contraseña (20, 40, 60 minutos)
 
 
 ## 1.0.6
 
-  * Account adding crash on Froyo fixed
-  * Secure file deletion
-  * Option to delete key file after import
-  * Stream encryption/decryption (gallery, etc.)
-  * New options (language, force v3 signatures)
-  * Interface changes
-  * Bugfixes
+  * Reparada caída al añadir cuenta en Froyo
+  * Borrado seguro de fichero
+  * Opción para borrar el fichero de clave después de importar
+  * Cifrado/Descifrado de stream (flujo de datos) (galería, etc.)
+  * Nuevas opciones (idioma, forzado de firmas v3)
+  * Cambios en la interfaz
+  * Reparaciones de fallos
 
 
 ## 1.0.5
 
-  * German and Italian translation
-  * Much smaller package, due to reduced BC sources
-  * New preferences GUI
-  * Layout adjustment for localization
-  * Signature bugfix
+  * Traducción al alemán y al italiano
+  * Paquete mucho más pequeño, debido al código fuente reducido de Bouncy Castle (BC)
+  * Interfaz gráfica (GUI) de nuevas preferencias
+  * Ajuste de la distribución para localización
+  * Reparación de fallo de firma
 
 
 ## 1.0.4
 
-  * Fixed another crash caused by some SDK bug with query builder
+  * Reparada otra caída causada por algún fallo del SDK con el constructor de peticiones
 
 
 ## 1.0.3
 
-  * Fixed crashes during encryption/signing and possibly key export
+  * Reparadas caídas durante el cifrado/firmado y posible exportación de clave
 
 
 ## 1.0.2
 
-  * Filterable key lists
-  * Smarter pre-selection of encryption keys
-  * New Intent handling for VIEW and SEND, allows files to be encrypted/decrypted out of file managers
-  * Fixes and additional features (key preselection) for K-9 Mail, new beta build available
+  * Listas de claves filtrables
+  * Pre-selección más inteligente de claves de cifrado
+  * Nuevo manejo de Intent para VIEW y SEND (ver y enviar), permite que los ficheros sean cifrados/descifrados fuera de los administradores de ficheros
+  * Reparaciones y características adicionales (preselección de clave) para K-9 Mail, nueva versión beta disponible
 
 
 ## 1.0.1
 
-  * GMail account listing was broken in 1.0.0, fixed again
+  * El listado de cuenta de GMail se estropeó en la versión 1.0.0, reparado de nuevo
 
 
 ## 1.0.0
 
-  * K-9 Mail integration, APG supporting beta build of K-9 Mail
-  * Support of more file managers (including ASTRO)
-  * Slovenian translation
-  * New database, much faster, less memory usage
-  * Defined Intents and content provider for other apps
-  * Bugfixes
\ No newline at end of file
+  * Integración de K-9 Mail, APG (Android Privacy Guard) soportando la versión beta de K-9 Mail
+  * Soporte para más administradores de ficheros (incluyendo ASTRO)
+  * Traducción al esloveno
+  * Nueva base de datos, mucho más rápida, menos uso de memoria
+  * Definidos Intents y el proveedor de contenido para otras aplicaciones
+  * Reparaciones de fallos
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-es/help_start.md b/OpenKeychain/src/main/res/raw-es/help_start.md
index e8786003c..b304ce39b 100644
--- a/OpenKeychain/src/main/res/raw-es/help_start.md
+++ b/OpenKeychain/src/main/res/raw-es/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTA: ¡Por favor ponga cada frase en su propia línea, Transifex pone cada línea en su propio campo de traducción!)
 
 ## ¿Cómo activo OpenKeychain en K-9 Mail?
 Para usar OpenKeychain con K-9 Mail, deberá seguir estos pasos:
   1. Abra K-9 Mail y realice una pulsación larga sobre la cuenta con la que quiera usar OpenKeychain.
-  2. Seleccione "Configuración de cuenta", desplácese hasta el fondo y pulse "Criptografía".
+  2. Seleccione "Configuración de cuenta", desplácese hasta el fondo y pulse "Criptografía"
   3. Haga clic sobre "Proveedor OpenPGP" y seleccione OpenKeychain de la lista.
 
 ## ¡Encontré un fallo en OpenKeychain!
@@ -12,4 +13,4 @@ Por favor informe del fallo usando el [rastreador de fallos de OpenKeychain](htt
 Si quiere ayudarnos a desarrollar OpenKeychain contribuyendo con código [siga nuestra pequeña guía en GitHub](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Traducciones
-¡Ayude a traducir OpenKeychain! Todos pueden participar en [OpenKeychain en Transifex] (https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+¡Ayude a traducir OpenKeychain! Todos pueden participar en [OpenKeychain en Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-et/help_about.md b/OpenKeychain/src/main/res/raw-et/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-et/help_about.md
+++ b/OpenKeychain/src/main/res/raw-et/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-et/help_certification.md b/OpenKeychain/src/main/res/raw-et/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-et/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-et/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-et/help_changelog.md b/OpenKeychain/src/main/res/raw-et/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-et/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-et/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-et/help_start.md b/OpenKeychain/src/main/res/raw-et/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-et/help_start.md
+++ b/OpenKeychain/src/main/res/raw-et/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-eu/help_about.md b/OpenKeychain/src/main/res/raw-eu/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-eu/help_about.md
+++ b/OpenKeychain/src/main/res/raw-eu/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-eu/help_certification.md b/OpenKeychain/src/main/res/raw-eu/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-eu/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-eu/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-eu/help_changelog.md b/OpenKeychain/src/main/res/raw-eu/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-eu/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-eu/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-eu/help_start.md b/OpenKeychain/src/main/res/raw-eu/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-eu/help_start.md
+++ b/OpenKeychain/src/main/res/raw-eu/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-fi/help_about.md b/OpenKeychain/src/main/res/raw-fi/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-fi/help_about.md
+++ b/OpenKeychain/src/main/res/raw-fi/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-fi/help_certification.md b/OpenKeychain/src/main/res/raw-fi/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-fi/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-fi/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-fi/help_changelog.md b/OpenKeychain/src/main/res/raw-fi/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-fi/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-fi/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-fi/help_start.md b/OpenKeychain/src/main/res/raw-fi/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-fi/help_start.md
+++ b/OpenKeychain/src/main/res/raw-fi/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-fr/help_about.md b/OpenKeychain/src/main/res/raw-fr/help_about.md
index 1ff60b089..edf3dd78d 100644
--- a/OpenKeychain/src/main/res/raw-fr/help_about.md
+++ b/OpenKeychain/src/main/res/raw-fr/help_about.md
@@ -1,3 +1,4 @@
+[//] : # (NOTE : veuillez mettre chaque phrase dans sa propre ligne. Transifex met chaque ligne dans son propre champ de traduction !)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-fr/help_certification.md b/OpenKeychain/src/main/res/raw-fr/help_certification.md
index 965215a54..643756bcf 100644
--- a/OpenKeychain/src/main/res/raw-fr/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-fr/help_certification.md
@@ -1,3 +1,4 @@
+[//] : # (NOTE : veuillez mettre chaque phrase dans sa propre ligne. Transifex met chaque ligne dans son propre champ de traduction !)
 
 ## Confirmation de clef
 Sans confirmation, vous ne pouvez pas être certain que la clef appartient à une personne déterminée.
diff --git a/OpenKeychain/src/main/res/raw-fr/help_changelog.md b/OpenKeychain/src/main/res/raw-fr/help_changelog.md
index e9d61d0f3..9682bacae 100644
--- a/OpenKeychain/src/main/res/raw-fr/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-fr/help_changelog.md
@@ -1,268 +1,269 @@
+[//] : # (NOTE : veuillez mettre chaque phrase sur sa propre ligne. Transifex met chaque ligne dans son propre champ de traduction !)
 
 ## 3.2beta2
 
-  * Material design
-  * Integration of QR Scanner (New permissions required)
-  * Improved key creation wizard
-  * Fix missing contacts after sync
-  * Requires Android 4
-  * Redesigned key screen
-  * Simplify crypto preferences, better selection of secure ciphers
-  * API: Detached signatures, free selection of signing key,...
-  * Fix: Some valid keys were shown revoked or expired
-  * Don't accept signatures by expired or revoked subkeys
-  * Keybase.io support in advanced view
+  * Conception matérielle
+  * Intégration du lecteur QR (nouvelles permissions exigées)
+  * Amélioration de l'assistant de création de clef
+  * Correctif - Contacts manquants après la synchro
+  * Android 4 exigé
+  * Nouvelle conception de l'écran des clefs
+  * Simplification des préférences cryptographiques, meilleure sélection de codes de chiffrement sécurisés
+  * API : signatures détachées, sélection libre de la clef de signature...
+  * Correctif - Certaines clefs valides apparaissaient comme révoquées ou expirées
+  * Ne pas accepter de signatures par des sous-clefs expirées ou révoquées
+  * Prise en charge de keybase.io dans la vue avancée
 
 
 ## 3.1.2
 
-  * Fix key export to files (now for real)
+  * Correctif - Exportation des clefs vers des fichiers (vraiment, maintenant)
 
 
 ## 3.1.1
 
-  * Fix key export to files (they were written partially)
-  * Fix crash on Android 2.3
+  * Correctif - Exportation des clefs vers des fichiers (elles n'étaient écrites que partiellement)
+  * Correctif - Plantage sur Android 2.3
 
 
 ## 3.1
 
-  * Fix crash on Android 5
-  * New certify screen
-  * Secure Exchange directly from key list (SafeSlinger library)
-  * New QR Code program flow
-  * Redesigned decrypt screen
-  * New icon usage and colors
-  * Fix import of secret keys from Symantec Encryption Desktop
-  * Subkey IDs on Yubikeys are now checked correctly
+  * Correctif - Plantage sur Android 5
+  * Nouvel écran de certification
+  * Échange sécurisé directement de la liste des clefs (bibliothèque SafeSlinger)
+  * Nouveau flux de programme pour les codes QR
+  * Écran de déchiffrement redessiné
+  * Nouveaux agencement et couleurs d'icônes
+  * Importation des clefs secrètes corrigée de Symantec Encryption Desktop
+  * Les ID de sous-clefs des Yubikeys sont maintenant vérifiés correctement
 
 
 ## 3.0.1
 
-  * Better handling of large key imports
-  * Improved subkey selection
+  * Meilleure gestion de l'importation de nombreuses clefs
+  * Sélection des sous-clefs améliorée
 
 
 ## 3.0
 
-  * Full support for Yubikey signature generation and decryption!
-  * Propose installable compatible apps in apps list
-  * New design for decryption screens
-  * Many fixes for key import, also fixes stripped keys
-  * Honor and display key authenticate flags
-  * User interface to generate custom keys
-  * Fixing user id revocation certificates
-  * New cloud search (searches over traditional keyservers and keybase.io)
-  * Support for stripping keys inside OpenKeychain
+  * Prise en charge complète de la génération de signature par Yubikey et de leur déchiffrement !
+  * Des applis compatibles installables sont proposées dans la liste des applis
+  * Nouvelle conception pour les écrans de déchiffrement
+  * Nombreux correctifs d'importation des clefs, corrigent aussi les clefs dépouillées
+  * Accepter et afficher les drapeaux d'authentification des clefs
+  * Interface utilisateur pour générer des clefs personnalisées
+  * Corrigé - Certificats de révocation des ID utilisateurs
+  * Nouvelle recherche nuagique (dans les serveurs traditionnels et dans keybase.io)
+  * Prise en charge du dépouillement des clefs dans OpenKeychain
 
 
 ## 2.9.2
 
-  * Fix keys broken in 2.9.1
-  * Yubikey decryption now working via API
+  * Correctif - Clefs brisées dans 2.9.1
+  * Le déchiffrement des Yukukeys par l'API fonctionne maintenant
 
 
 ## 2.9.1
 
-  * Split encrypt screen into two
-  * Fix key flags handling (now supporting Mailvelope 0.7 keys)
-  * Improved passphrase handling
-  * Key sharing via SafeSlinger
-  * Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain
-  * Fix usage of stripped keys
-  * SHA256 as default for compatibility
-  * Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API
-  * OpenPGP API now handles revoked/expired keys and returns all user ids
+  * Partage de l'écran de chiffrement en deux
+  * Correctif - Gestion des drapeaux de clefs (prend maintenant en charge les clefs Mailvelope 0.7)
+  * Gestion des phrases de passe améliorée
+  * Partage de clefs par SafeSlinger
+  * Yubikey : préférence pour permette d'autre NIP, seule la signature par l'API OpenPGP fonctionne présentement, mais pas à l'intérieur d'OpenKeychain
+  * Correctif - Utilisation de clefs dépouillées
+  * SHA256 par défaut pour la compatibilité
+  * L'API des intentions a changé, voir https://github.com/open-keychain/open-keychain/wiki/Intent-API
+  * L'API d'OpenPGP gère maintenant les clefs révoquées/expirées et retourne tous les ID utilisateurs
 
 
 ## 2.9
 
-  * Fixing crashes introduced in v2.8
-  * Experimental ECC support
-  * Experimental Yubikey support (signing-only with imported keys)
+  * Correction des plantages présents dans v2.8
+  * Prise en charge expérimentale CCE
+  * Prise en charge expérimentale de Yubikey (signature seulement avec les clefs importées)
 
 
 ## 2.8
 
-  * So many bugs have been fixed in this release that we focus on the main new features
-  * Key edit: awesome new design, key revocation
-  * Key import: awesome new design, secure keyserver connections via hkps, keyserver resolving via DNS SRV records
-  * New first time screen
-  * New key creation screen: autocompletion of name and email based on your personal Android accounts
-  * File encryption: awesome new design, support for encrypting multiple files
-  * New icons to show status of key (by Brennan Novak)
-  * Important bug fix: Importing of large key collections from a file is now possible
-  * Notification showing cached passphrases
-  * Keys are connected to Android's contacts
+  * Tellement de bogues ont été réglés dans cette version que nous nous concentrons sur les nouvelles caractéristiques principales.
+  * Modification des clefs : nouvelle et superbe conception, révocations des clefs
+  * Importation des clefs : nouvelle et superbe conception, connexion sécurisé aux serveurs de clefs par hkps, résolution des serveurs de clefs par transactions DNS SRV
+  * Nouvel écran de premier lancement
+  * Nouvel écran de création de clef : auto-remplissage du nom et du courriel d'après vos coordonnées Android
+  * Chiffrement des fichiers : nouvelle et superbe conception, prise en charge du chiffrement de fichiers multiples
+  * Nouvelles icônes d'état des clefs (par Brennan Novak)
+  * Correctif important de bogue : l'importation de grandes collections de clefs à partir d'un fichier est maintenant possible
+  * Notification montrant les phrases de passe en cache
+  * Les clefs sont connectées aux contacts d'Android
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+Cette version ne serait pas possible sans le travail de Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
-  * Purple! (Dominik, Vincent)
-  * New key view design (Dominik, Vincent)
-  * New flat Android buttons (Dominik, Vincent)
-  * API fixes (Dominik)
-  * Keybase.io import (Tim Bray)
+  * Violet ! (Dominik, Vincent)
+  * Nouvelle présentation de la visualisation des clefs (Dominik, Vincent)
+  * Nouveaux boutons Android plats (Dominik, Vincent)
+  * Correctifs de l'API (Dominik)
+  * Importation de Keybase.io (Tim Bray)
 
 
 ## 2.6.1
 
-  * Some fixes for regression bugs
+  * Quelques correctifs de bogues de régression
 
 
 ## 2.6
 
-  * Key certifications (thanks to Vincent Breitmoser)
-  * Support for GnuPG partial secret keys (thanks to Vincent Breitmoser)
-  * New design for signature verification
-  * Custom key length (thanks to Greg Witczak)
-  * Fix share-functionality from other apps
+  * Certifications des clefs (merci à Vincent Breitmoser)
+  * Prise en charge clefs secrètes partielles de GnuPG (merci à Vincent Breitmoser)
+  * Nouvelle conception de la vérification de signatures
+  * Longueur de clef personnalisée (merci à Greg Witczak)
+  * Correctif - Fonctionnalités partagées d'autres applis
 
 
 ## 2.5
 
-  * Fix decryption of symmetric OpenPGP messages/files
-  * Refactored key edit screen (thanks to Ash Hughes)
-  * New modern design for encrypt/decrypt screens
-  * OpenPGP API version 3 (multiple api accounts, internal fixes, key lookup)
+  * Correctif - Déchiffrement des messages/fichiers symétriques OpenPGP
+  * Écran de modification des clefs remanié (merci à Ash Hughes)
+  * Nouvelle conception moderne pour les écrans de chiffrement/déchiffrement
+  * API OpenPGP version 3 (comptes multiples d'api, correctifs internes, recherche de clefs)
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
-Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Merci à tous les participants de « Google Summer of Code 2014 » qui ont rendu cette version riche en fonctions et sans bogue !
+À part plusieurs petits correctifs, un nombre notable de correctifs ont été apportés par les personnes suivantes (par ordre alphabétique) :
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
-  * New unified key list
-  * Colorized key fingerprint
-  * Support for keyserver ports
-  * Deactivate possibility to generate weak keys
-  * Much more internal work on the API
-  * Certify user ids
-  * Keyserver query based on machine-readable output
-  * Lock navigation drawer on tablets
-  * Suggestions for emails on creation of keys
-  * Search in public key lists
-  * And much more improvements and fixes…
+  * Nouvelle liste de clefs unifiée
+  * Empreintes de clefs colorées
+  * Prise en charge des ports des serveurs de clefs
+  * Désactiver la possibilité de générer des clefs faibles
+  * Encore plus de travail interne dans l'API
+  * Certifier les ID utilisateurs
+  * Requêtes des serveurs de clefs basées sur des sorties assimilables par la machine
+  * Verrouiller les tiroirs de navigation sur les tablettes
+  * Suggestion de courriels à la création de clefs
+  * Rechercher dans les listes de clefs publiques
+  * Et bien plus d'améliorations et de correctifs
 
 
 ## 2.3.1
 
-  * Hotfix for crash when upgrading from old versions
+  * Correctif d'urgence pour le plantage lors de la mise à niveau à partir d'anciennes versions
 
 
 ## 2.3
 
-  * Remove unnecessary export of public keys when exporting secret key (thanks to Ash Hughes)
-  * Fix setting expiry dates on keys (thanks to Ash Hughes)
-  * More internal fixes when editing keys (thanks to Ash Hughes)
-  * Querying keyservers directly from the import screen
-  * Fix layout and dialog style on Android 2.2-3.0
-  * Fix crash on keys with empty user ids
-  * Fix crash and empty lists when coming back from signing screen
-  * Bouncy Castle (cryptography library) updated from 1.47 to 1.50 and build from source
-  * Fix upload of key from signing screen
+  * Suppressions de l'exportation non nécessaire des clefs publiques lors de l'exportation de clefs secrètes (merci à Ash Hughes)
+  * Correctif - Définition de la date de péremption des clefs (merci à Ash Hughes)
+  * Plus de correctifs internes affectant la modifications des clefs (merci à Ash hughes)
+  * Interrogation des serveurs de clefs directement de l'écran d'importation
+  * Correctif - Mise en page et du style des fenêtres de dialogue sur Android 2.2-3.0
+  * Correctif - Plantage pour les clefs avec des ID utilisateur vides
+  * Correctif - Plantage et listes vides en revenant de l'écran de signature
+  * Bouncy Castle (bibliothèque cryptographique) mise à jour de 1.47 à 1.50 et compilée de la source
+  * Correctif - Téléversement d'une clef de l'écran de signature
 
 
 ## 2.2
 
-  * New design with navigation drawer
-  * New public key list design
-  * New public key view
-  * Bug fixes for importing of keys
-  * Key cross-certification (thanks to Ash Hughes)
-  * Handle UTF-8 passwords properly (thanks to Ash Hughes)
-  * First version with new languages (thanks to the contributors on Transifex)
-  * Sharing of keys via QR Codes fixed and improved
-  * Package signature verification for API
+  * Nouvelle conception avec tiroir de navigation
+  * Nouvelle conception de la liste des clefs publics
+  * Nouvelle vue des clefs publics
+  * Correctif de bogues d'importation de clefs
+  * Certification croisée des clefs (merci à Ash Hughes)
+  * Bonne gestion des mots de passe UTF-8 (merci à Ash Hughes)
+  * Première version avec de nouvelles langues (merci aux contributeurs sur Transifex)
+  * Correctif et amélioration du partage de clefs par codes QR
+  * Vérification de la signature des paquets pour l'API
 
 
 ## 2.1.1
 
-  * API Updates, preparation for K-9 Mail integration
+  * Mise à jour de l'API, préparation à l'intégration à K-9 Mail
 
 
 ## 2.1
 
-  * Lots of bug fixes
-  * New API for developers
-  * PRNG bug fix by Google
+  * Beaucoup de bogues corrigés
+  * Nouvelle API pour les développeurs
+  * Correctif du blogue PRNG par Google
 
 
 ## 2.0
 
-  * Complete redesign
-  * Share public keys via QR codes, NFC beam
-  * Sign keys
-  * Upload keys to server
-  * Fixes import issues
-  * New AIDL API
+  * Conception complètement repensée
+  * Partage de clefs publiques par codes QR, faisceau NFC
+  * Signer les clefs
+  * Téléverser les clefs vers le serveur
+  * Corrige des problèmes d'importation
+  * Nouvelle API AIDL
 
 
 ## 1.0.8
 
-  * Basic keyserver support
+  * Prise en charge de base du serveur de clefs
   * App2sd
-  * More choices for passphrase cache: 1, 2, 4, 8, hours
-  * Translations: Norwegian (thanks, Sander Danielsen), Chinese (thanks, Zhang Fredrick)
-  * Bugfixes
-  * Optimizations
+  * Plus de choix pour le cache de la phrase de passe : 1, 2, 4, 8 heures
+  * Traductions : norvégien (merci Sander Danielsen), chinois (merci Zhang Fredrick)
+  * Correctifs de bogues
+  * Optimisations
 
 
 ## 1.0.7
 
-  * Fixed problem with signature verification of texts with trailing newline
-  * More options for passphrase cache time to live (20, 40, 60 mins)
+  * Problème corrigé avec la vérification de la signature des textes se terminant par un retour à la ligne
+  * Plus de choix pour la durée de vie de la phrase de passe (20, 40, 60 min)
 
 
 ## 1.0.6
 
-  * Account adding crash on Froyo fixed
-  * Secure file deletion
-  * Option to delete key file after import
-  * Stream encryption/decryption (gallery, etc.)
-  * New options (language, force v3 signatures)
-  * Interface changes
-  * Bugfixes
+  * Correctif - Plantage lors de l'ajout de compte sur Froyo
+  * Suppression sécurisée de fichiers
+  * Option de suppression du fichier de clef après l'importation
+  * Chiffrement/déchiffrement de flux (galerie, etc.)
+  * Nouvelles options (langue, forcer les signatures v3)
+  * Changements dans l'interface
+  * Correctifs de bogues
 
 
 ## 1.0.5
 
-  * German and Italian translation
-  * Much smaller package, due to reduced BC sources
-  * New preferences GUI
-  * Layout adjustment for localization
-  * Signature bugfix
+  * Traduction allemande et italienne
+  * Paquet beaucoup plus petit grâce à des sources BC réduites
+  * Nouvelle IUG pour les préférences
+  * Ajustement de la mise en page pour les localisations
+  * Correctif de bogue de signature
 
 
 ## 1.0.4
 
-  * Fixed another crash caused by some SDK bug with query builder
+  * Correction d'un autre plantage causé par quelque bogue SDK avec le constructeur de requêtes
 
 
 ## 1.0.3
 
-  * Fixed crashes during encryption/signing and possibly key export
+  * Corrections de plantages durant le chiffrement/la signature et possiblement l'exportation de clefs
 
 
 ## 1.0.2
 
-  * Filterable key lists
-  * Smarter pre-selection of encryption keys
-  * New Intent handling for VIEW and SEND, allows files to be encrypted/decrypted out of file managers
-  * Fixes and additional features (key preselection) for K-9 Mail, new beta build available
+  * Listes de clefs filtrables
+  * Présélection plus intelligente des clefs de chiffrement
+  * Nouvelle gestion des intentions pour VIEW et SEND, permet le chiffrement/déchiffrement des fichiers du gestionnaires de fichiers
+  * Correctifs et fonctions additionnelles (présélection des clefs) pour K-9-Mail, nouvelle version bêta proposée
 
 
 ## 1.0.1
 
-  * GMail account listing was broken in 1.0.0, fixed again
+  * Le listage des comptes Gmail ne fonctionnait pas dans 1.0.0, maintenant corrigé
 
 
 ## 1.0.0
 
-  * K-9 Mail integration, APG supporting beta build of K-9 Mail
-  * Support of more file managers (including ASTRO)
-  * Slovenian translation
-  * New database, much faster, less memory usage
-  * Defined Intents and content provider for other apps
-  * Bugfixes
\ No newline at end of file
+  * Intégration à K-9 Mail, APG prenant en charge la version bêta de K-9 Mail
+  * Prise en charge de plus de gestionnaires de fichiers (incluant ASTRO)
+  * Traduction slovène
+  * Nouvelle base de données, bien plus rapide, utilisation de la mémoire moindre
+  * Intentions définies et fournisseur de contenu pour d'autres applis
+  * Correctifs de bogues
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-fr/help_start.md b/OpenKeychain/src/main/res/raw-fr/help_start.md
index c7a5cb744..7ac45cc88 100644
--- a/OpenKeychain/src/main/res/raw-fr/help_start.md
+++ b/OpenKeychain/src/main/res/raw-fr/help_start.md
@@ -1,3 +1,4 @@
+[//] : # (NOTE : veuillez mettre chaque phrase dans sa propre ligne. Transifex met chaque ligne dans son propre champ de traduction !)
 
 ## Comment puis-je activer OpenKeychain dans K-9 Mail ?
 Pour utiliser OpenKeychain avec K-9 Mail, vous devez suivre ces étapes :
@@ -12,4 +13,4 @@ Veuillez signaler le bogue en utilisant le [gestionnaire de bogue d'OpenKeychain
 Si vous voulez nous aider à développer OpenKeychain en y contribuant par du code [veuillez suivre notre petit guide sur Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Traductions
-Aidez à traduire OpenKeychain ! Tout le monde peut y participer sur la [page d'OpenKeychain sur Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
+Aidez-nous à traduire le OpenKeychain ! Tout le monde peut y participer sur la <a href="https://www.transifex.com/projects/p/open-keychain/">page d'OpenKeychain sur Transifex</a>.
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-is/help_about.md b/OpenKeychain/src/main/res/raw-is/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-is/help_about.md
+++ b/OpenKeychain/src/main/res/raw-is/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-is/help_certification.md b/OpenKeychain/src/main/res/raw-is/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-is/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-is/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-is/help_changelog.md b/OpenKeychain/src/main/res/raw-is/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-is/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-is/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-is/help_start.md b/OpenKeychain/src/main/res/raw-is/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-is/help_start.md
+++ b/OpenKeychain/src/main/res/raw-is/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-it/help_about.md b/OpenKeychain/src/main/res/raw-it/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-it/help_about.md
+++ b/OpenKeychain/src/main/res/raw-it/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-it/help_certification.md b/OpenKeychain/src/main/res/raw-it/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-it/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-it/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-it/help_changelog.md b/OpenKeychain/src/main/res/raw-it/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-it/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-it/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-it/help_start.md b/OpenKeychain/src/main/res/raw-it/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-it/help_start.md
+++ b/OpenKeychain/src/main/res/raw-it/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-ja/help_about.md b/OpenKeychain/src/main/res/raw-ja/help_about.md
index d6a8eca93..f19a5f877 100644
--- a/OpenKeychain/src/main/res/raw-ja/help_about.md
+++ b/OpenKeychain/src/main/res/raw-ja/help_about.md
@@ -1,12 +1,13 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
-[OpenKeychain](http://www.openkeychain.org) is an OpenPGP implementation for Android.
+[OpenKeychain](http://www.openkeychain.org) は Android における OpenPGP 実装です。
 
-License: GPLv3+
+ライセンス: GPLv3以降
 
-## Developers
-  * Dominik Schürmann (Maintainer)
+## Developers## 開発者
+  * Dominik Schürmann (メンテナ)
   * Art O Cathain
   * Ash Hughes
   * Brian C. Barnes
@@ -27,7 +28,7 @@ License: GPLv3+
   * Tim Bray
   * Vincent Breitmoser
 
-## Libraries
+## ライブラリ
   * [SpongyCastle](http://rtyley.github.com/spongycastle/) (MIT X11 License)
   * [SafeSlinger Exchange library](https://github.com/SafeSlingerProject/exchange-android) (MIT License)
   * [Android Support Libraries](http://developer.android.com/tools/support-library/index.html) (Apache License v2)
@@ -37,7 +38,7 @@ License: GPLv3+
   * [StickyListHeaders](https://github.com/emilsjolander/StickyListHeaders) (Apache License v2)
   * [ZXing](https://github.com/zxing/zxing) (Apache License v2)
   * [ZXing Android Minimal](https://github.com/journeyapps/zxing-android-embedded) (Apache License v2)
-  * [PagerSlidingTabStrip](https://github.com/jpardogo/PagerSlidingTabStrip) (Material Design)</a> (Apache License v2)
+  * [PagerSlidingTabStrip](https://github.com/jpardogo/PagerSlidingTabStrip) (Material Design) (Apache License v2)
   * [MaterialNavigationDrawer](https://github.com/neokree/MaterialNavigationDrawer) (Apache License v2)
   * [Snackbar](https://github.com/nispok/snackbar) (MIT License)
   * [FloatingActionButton](https://github.com/futuresimple/android-floating-action-button) (Apache License v2)
diff --git a/OpenKeychain/src/main/res/raw-ja/help_certification.md b/OpenKeychain/src/main/res/raw-ja/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-ja/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-ja/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-ja/help_changelog.md b/OpenKeychain/src/main/res/raw-ja/help_changelog.md
index e9d61d0f3..c25d91a19 100644
--- a/OpenKeychain/src/main/res/raw-ja/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-ja/help_changelog.md
@@ -1,51 +1,52 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
-  * Material design
-  * Integration of QR Scanner (New permissions required)
-  * Improved key creation wizard
-  * Fix missing contacts after sync
-  * Requires Android 4
-  * Redesigned key screen
-  * Simplify crypto preferences, better selection of secure ciphers
-  * API: Detached signatures, free selection of signing key,...
-  * Fix: Some valid keys were shown revoked or expired
-  * Don't accept signatures by expired or revoked subkeys
-  * Keybase.io support in advanced view
+  * マテリアルデザイン
+  * QRスキャナの統合 (新しいパーミッションを必要とします)
+  * 鍵生成ウィザードの改善
+  * 同期後に連絡先を見失う問題の修正
+  * Android 4を必要とします
+  * 鍵画面の再デザイン
+  * 暗号の設定をシンプル化、より良いセキュアな暗号の選択方法
+  * API: 分離署名、署名する鍵の選択がフリーとなる、...
+  * 修正: いくつかの正しい鍵が破棄もしくは期限切れとして表示される
+  * 副鍵が期限切れもしくは破棄されている場合に署名を受け入れない
+  * 拡張ビューでのKeybase.ioのサポート
 
 
 ## 3.1.2
 
-  * Fix key export to files (now for real)
+  * 鍵のファイルへのエクスポートの修正 (現実的になりました)
 
 
 ## 3.1.1
 
-  * Fix key export to files (they were written partially)
-  * Fix crash on Android 2.3
+  * 鍵のファイルへのエクスポートの修正 (部分的に修正)
+  * Android 2.3でのクラッシュ修正
 
 
 ## 3.1
 
-  * Fix crash on Android 5
-  * New certify screen
-  * Secure Exchange directly from key list (SafeSlinger library)
-  * New QR Code program flow
-  * Redesigned decrypt screen
-  * New icon usage and colors
-  * Fix import of secret keys from Symantec Encryption Desktop
-  * Subkey IDs on Yubikeys are now checked correctly
+  * Android 5でのクラッシュ修正
+  * 新しい検証画面
+  * セキュアな鍵リストの直接交換(SafeSlinger ライブラリ)
+  * 新しいQRコードのプログラムフロー
+  * 復号化画面の再デザイン
+  * 新しいアイコン利用とカラー
+  * Symantec Encryption Desktopから秘密鍵をインポート時の問題修正
+  * Yubikeyでの副鍵IDを正くチェックするようになりました
 
 
 ## 3.0.1
 
-  * Better handling of large key imports
-  * Improved subkey selection
+  * 巨大な鍵のインポートのより良い取り扱い
+  * 副鍵選択の改善
 
 
 ## 3.0
 
-  * Full support for Yubikey signature generation and decryption!
+  * Yubikeyでの署名生成と復号化のフルサポート
   * Propose installable compatible apps in apps list
   * New design for decryption screens
   * Many fixes for key import, also fixes stripped keys
@@ -53,67 +54,67 @@
   * User interface to generate custom keys
   * Fixing user id revocation certificates
   * New cloud search (searches over traditional keyservers and keybase.io)
-  * Support for stripping keys inside OpenKeychain
+  * OpenKeychain内で鍵をストリップするのをサポートしました
 
 
 ## 2.9.2
 
-  * Fix keys broken in 2.9.1
-  * Yubikey decryption now working via API
+  * 2.9.1での鍵破壊問題修正
+  * API経由でYubikeyの復号処理が動くようになった
 
 
 ## 2.9.1
 
-  * Split encrypt screen into two
-  * Fix key flags handling (now supporting Mailvelope 0.7 keys)
-  * Improved passphrase handling
-  * Key sharing via SafeSlinger
-  * Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain
-  * Fix usage of stripped keys
-  * SHA256 as default for compatibility
-  * Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API
-  * OpenPGP API now handles revoked/expired keys and returns all user ids
+  * 暗号化スクリーンを2つに分割
+  * 鍵のフラグ管理を修正 (現在Mailvelope 0.7 鍵をサポート)
+  * パスフレーズの取り回しを改善
+  * SafeSlingerでの鍵の共有
+  * Yubikey: 設定で他のPINを受け付け、現在OpenPGP API経由での署名しか動きません、OpenKeychainの内部ではないため
+  * ストリップした鍵の利用法を修正
+  * 互換性のためデフォルトをSHA256に
+  * インテント API を変更しました、以下参照 https://github.com/open-keychain/open-keychain/wiki/Intent-API
+  * OpenPGP API は現在破棄/期限切れの鍵を扱えるようになり、またすべてのユーザIDを返すようになりました
 
 
 ## 2.9
 
-  * Fixing crashes introduced in v2.8
-  * Experimental ECC support
-  * Experimental Yubikey support (signing-only with imported keys)
+  * v2.8 から発生したクラッシュ問題をFix
+  * 実験的にECCをサポート
+  * 実験的にYubikeyをサポート(インポート済みの鍵での署名のみ)
 
 
 ## 2.8
 
-  * So many bugs have been fixed in this release that we focus on the main new features
-  * Key edit: awesome new design, key revocation
-  * Key import: awesome new design, secure keyserver connections via hkps, keyserver resolving via DNS SRV records
-  * New first time screen
-  * New key creation screen: autocompletion of name and email based on your personal Android accounts
-  * File encryption: awesome new design, support for encrypting multiple files
-  * New icons to show status of key (by Brennan Novak)
-  * Important bug fix: Importing of large key collections from a file is now possible
-  * Notification showing cached passphrases
-  * Keys are connected to Android's contacts
+  * そして主要な新しい機能を主眼としたこのリリースでたくさんのバグが修正されました
+  * 鍵編集: 新しいすごいデザイン、鍵の破棄
+  * 鍵インポート: 新しいすごいデザイン、hkps経由での鍵サーバとの安全な接続、そしてDNS SRVレコードによる鍵サーバの解決
+  * 新しい初回表示
+  * 新しい鍵生成画面: Androidのあなたの個人アカウントをベースとした名前とメールの自動補完
+  * ファイル暗号化: 新しいすごいデザイン、複数ファイルの暗号化をサポートする
+  * 鍵のステータス表示の新しいアイコン(Brennan Novak提供)
+  * 重要なバグ修正: 巨大な鍵コレクションをファイルからインポートするのが可能になりました
+  * キャッシュしたパスフレーズの通知表示
+  * 鍵のアドレスをAndroidの連絡先と連携するようにした
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfiharの働きなくしてはこのリリースはありませんでした
 
 ## 2.7
 
   * Purple! (Dominik, Vincent)
-  * New key view design (Dominik, Vincent)
-  * New flat Android buttons (Dominik, Vincent)
-  * API fixes (Dominik)
-  * Keybase.io import (Tim Bray)
+  * 新しい鍵のビューのデザイン (Dominik, Vincent)
+  * 新しいフラットな Android ボタン (Dominik, Vincent)
+  * API のフィックス (Dominik)
+  * Keybase.io からのインポート (Tim Bray)
 
 
 ## 2.6.1
 
-  * Some fixes for regression bugs
+  * いくつかのリグレッションバグ修正
 
 
 ## 2.6
 
-  * Key certifications (thanks to Vincent Breitmoser)
+  * 鍵証明 (ありがとうVincent Breitmoser)
   * Support for GnuPG partial secret keys (thanks to Vincent Breitmoser)
   * New design for signature verification
   * Custom key length (thanks to Greg Witczak)
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-ja/help_start.md b/OpenKeychain/src/main/res/raw-ja/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-ja/help_start.md
+++ b/OpenKeychain/src/main/res/raw-ja/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-nl/help_about.md b/OpenKeychain/src/main/res/raw-nl/help_about.md
index 15d3796e9..9d3693d33 100644
--- a/OpenKeychain/src/main/res/raw-nl/help_about.md
+++ b/OpenKeychain/src/main/res/raw-nl/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-nl/help_certification.md b/OpenKeychain/src/main/res/raw-nl/help_certification.md
index 8da27e8e0..c7b8c6d4c 100644
--- a/OpenKeychain/src/main/res/raw-nl/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-nl/help_certification.md
@@ -1,27 +1,28 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
-## Key Confirmation
-Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
-To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
+## Sleutelbevestiging
+Zonder bevestiging kan je niet zeker zijn dat een sleutel echt overeenkomt met een bepaald persoon.
+De meest eenvoudige manier om een sleutel te bevestigen is door de QR-code te scannen of de sleutel uit te wisselen via NFC.
+Om sleutels tussen meer dan twee personen te bevestigen stellen we voor om de sleuteluitwisselingsmethode beschikbaar voor je sleutels te gebruiken.
 
-## Key Status
+## Sleutelstatus
 
 <img src="status_signature_verified_cutout_24dp"/>  
-Confirmed: You have already confirmed this key, e.g., by scanning the QR Code.  
+Bevestigd: je hebt deze sleutel al bevestigd, bv. door de QR-code te scannen.  
 <img src="status_signature_unverified_cutout_24dp"/>  
-Unconfirmed: This key has not been confirmed yet. You cannot be sure if the key really corresponds to a specific person.  
+Niet bevestigd: deze sleutel is nog niet bevestigd. Je kan niet zeker zijn dat de sleutel echt overeenkomt met een bepaald persoon.  
 <img src="status_signature_expired_cutout_24dp"/>  
-Expired: This key is no longer valid. Only the owner can extend its validity.  
+Verlopen: deze sleutel is niet meer geldig. Enkel de eigenaar kan de geldigheid verlengen.  
 <img src="status_signature_revoked_cutout_24dp"/>  
-Revoked: This key is no longer valid. It has been revoked by its owner.
+Ingetrokken: deze sleutel is niet meer geldig. Ze is door de eigenaar ingetrokken.
 
-## Advanced Information
-A "key confirmation" in OpenKeychain is implemented by creating a certification according to the OpenPGP standard.
-This certification is a ["generic certification (0x10)"](http://tools.ietf.org/html/rfc4880#section-5.2.1) described in the standard by:
-"The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID."
+## Geavanceerde informatie
+Een "sleutelbevestiging" in OpenKeychain is geïmplementeerd door een certificatie aan te maken volgens de OpenPGP-standaard.
+Deze certificatie is een ["generische certificatie (0x10)"](http://tools.ietf.org/html/rfc4880#section-5.2.1) omschreven in de standaard als:
+"De uitgever van deze certificatie maakt geen specifieke aanname over hoe goed de certificeerder heeft nagegaan dat de eigenaar van sleutel effectief de persoon is beschreven door het gebruikers-ID."
 
-Traditionally, certifications (also with higher certification levels, such as "positive certifications" (0x13)) are organized in OpenPGP's Web of Trust.
-Our model of key confirmation is a much simpler concept to avoid common usability problems related to this Web of Trust.
-We assume that keys are verified only to a certain degree that is still usable enough to be executed "on the go".
-We also do not implement (potentially transitive) trust signatures or an ownertrust database like in GnuPG.
-Furthermore, keys which contain at least one user ID certified by a trusted key will be marked as "confirmed" in the key listings.
\ No newline at end of file
+Traditioneel worden certificaties (ook met hogere certificatieniveau's, zoals "positieve certificaties" (0x13)) georganiseerd in OpenPGP's Web of Trust.
+Ons model van sleutelbevestiging is een veel eenvoudige concept om veel voorkomende gebruiksproblemen gerelateerd aan dit Web of Trust te vermijden.
+We nemen aan dat sleutels slechts geverifieerd zijn tot een bepaalde graad die nog steeds bruikbaar genoeg is om "onderweg" uitgevoerd te worden.
+We implementeren ook geen (mogelijk transitieve) vertrouwensondertekeningen of een gebruikersvertrouwendatabase zoals in GnuPG.
+Bovendien worden sleutels die minstens een gebruikers-ID gecertificeerd door een vertrouwde sleutel bevatten aangeduid als "bevestigd" in de sleutellijsten.
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-nl/help_changelog.md b/OpenKeychain/src/main/res/raw-nl/help_changelog.md
index 96dcb5241..6fd5d9872 100644
--- a/OpenKeychain/src/main/res/raw-nl/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-nl/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -28,13 +29,13 @@
 ## 3.1
 
   * Oplossing voor crash op Android 5
-  * New certify screen
-  * Secure Exchange directly from key list (SafeSlinger library)
-  * New QR Code program flow
-  * Redesigned decrypt screen
-  * New icon usage and colors
-  * Fix import of secret keys from Symantec Encryption Desktop
-  * Subkey IDs on Yubikeys are now checked correctly
+  * Nieuw certificeerscherm
+  * Veilig uitwisselen vanuit sleutellijst (SafeSlinger bibliotheek)
+  * Nieuwe QR code programma flow
+  * Nieuw design voor ontcijferingsscherm
+  * Nieuw icoon en kleuren
+  * Oplossing voor importeren van geheime sleutels van Symantec Encryption Desktop
+  * Subsleutel-ID's op Yubikeys worden nu currect gecontroleerd
 
 
 ## 3.0.1
@@ -45,15 +46,15 @@
 
 ## 3.0
 
-  * Full support for Yubikey signature generation and decryption!
-  * Propose installable compatible apps in apps list
-  * New design for decryption screens
-  * Many fixes for key import, also fixes stripped keys
-  * Honor and display key authenticate flags
-  * User interface to generate custom keys
-  * Fixing user id revocation certificates
-  * New cloud search (searches over traditional keyservers and keybase.io)
-  * Support for stripping keys inside OpenKeychain
+  * Volledige ondersteuning voor Yubikey ondertekeningsgeneratie en ontcijfering!
+  * Stel installeerbare compatibele apps voor in apps-lijst
+  * Nieuw design voor ontcijferingsschermen
+  * Veel oplossingen voor sleutelimporteren, lost ook gestripte sleutels op
+  * Eer en toon sleutelauthenticatievlaggen
+  * Gebruikersinterface om eigen sleutels aan te maken
+  * Oplossing voor gebruikers-ID-intrekkingscertificaten
+  * Nieuwe cloud search (zoekt op traditionele sleutelservers en keybase.io)
+  * Ondersteuning voor strippen van sleutels in OpenKeychain
 
 
 ## 2.9.2
@@ -64,15 +65,15 @@
 
 ## 2.9.1
 
-  * Split encrypt screen into two
-  * Fix key flags handling (now supporting Mailvelope 0.7 keys)
-  * Improved passphrase handling
-  * Key sharing via SafeSlinger
-  * Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain
-  * Fix usage of stripped keys
-  * SHA256 as default for compatibility
-  * Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API
-  * OpenPGP API now handles revoked/expired keys and returns all user ids
+  * Deel versleutelingsscherm in twee
+  * Oplossing voor sleutelvlaggen (ondersteunt nu Mailvelope 0.7 sleutels)
+  * Verbeterde behandeling van wachtwoorden
+  * Sleutels delen via SafeSlinger
+  * Yubikey: optie om andere PINs toe te staan, momenteel werkt enkel ondertekenen via de OpenPGP API, niet in OpenKeychain zelf
+  * Oplossing voor gestripte sleutels
+  * SHA256 als standaard voor compatibiliteit
+  * Intent API is veranderd, zie https://github.com/open-keychain/open-keychain/wiki/Intent-API
+  * OpenPGP API behandelt nu ingetrokken/verlopen sleutels en geeft alle gebruikers-ID's weer
 
 
 ## 2.9
@@ -84,24 +85,24 @@
 
 ## 2.8
 
-  * So many bugs have been fixed in this release that we focus on the main new features
-  * Key edit: awesome new design, key revocation
-  * Key import: awesome new design, secure keyserver connections via hkps, keyserver resolving via DNS SRV records
-  * New first time screen
-  * New key creation screen: autocompletion of name and email based on your personal Android accounts
-  * File encryption: awesome new design, support for encrypting multiple files
-  * New icons to show status of key (by Brennan Novak)
-  * Important bug fix: Importing of large key collections from a file is now possible
-  * Notification showing cached passphrases
-  * Keys are connected to Android's contacts
+  * Er zijn zoveel bugs opgelost in deze release dat we kunnen focussen op de belangrijke nieuwe mogelijkheden
+  * Sleutels wijzigen: nieuw design, sleutels intrekken
+  * Sleutels importeren: nieuw design, veilige verbindingen met sleutelservers via hkps, sleutelserver resolving via DNS SRV records
+  * Nieuw eerste gebruiksscherm
+  * Nieuw scherm voor sleutels aanmaken: automatisch aanvullen van naam en e-mailadres gebaseerd op persoonlijke Android-accounts
+  * Bestandsversleuteling: nieuw design, ondersteuning voor versleutelen van meerdere bestanden
+  * Nieuwe iconen om sleutelstatus weer te geven (door Brennan Novak)
+  * Belangrijke bugfix: importeren van grote sleutelbossen uit een bestand is nu mogelijk
+  * Melding om gecachete wachtwoorden weer te geven
+  * Sleutels worden verbonden aan Android's contacten
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+Deze release zou niet mogelijk zijn zonder het werkt van Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
-  * Purple! (Dominik, Vincent)
-  * New key view design (Dominik, Vincent)
-  * New flat Android buttons (Dominik, Vincent)
+  * Paars! (Dominik, Vincent)
+  * Nieuw sleutel scherm design (Dominik, Vincent)
+  * Nieuwe platte Android toetsen (Dominik, Vincent)
   * API fixes (Dominik)
   * Keybase.io import (Tim Bray)
 
@@ -113,37 +114,37 @@
 
 ## 2.6
 
-  * Key certifications (thanks to Vincent Breitmoser)
-  * Support for GnuPG partial secret keys (thanks to Vincent Breitmoser)
-  * New design for signature verification
-  * Custom key length (thanks to Greg Witczak)
-  * Fix share-functionality from other apps
+  * Sleutelcertificaties (dank aan Vincent Breitmoser)
+  * Ondersteuning voor GnuPG gedeeltelijke geheime sleutels (dank aan Vincent Breitmoser)
+  * Nieuw design voor ondertekeningsverificatie
+  * Aangepaste sleutellengte (dank aan Greg Witczak)
+  * Oplossing voor delen vanuit andere apps
 
 
 ## 2.5
 
-  * Fix decryption of symmetric OpenPGP messages/files
-  * Refactored key edit screen (thanks to Ash Hughes)
-  * New modern design for encrypt/decrypt screens
-  * OpenPGP API version 3 (multiple api accounts, internal fixes, key lookup)
+  * Oplossing voor ontcijfering van symmetrische OpenPGP berichten/bestanden
+  * Nieuw ontwerp voor sleutelbewerkingsscherm (dank aan Ash Hughes)
+  * Nieuw modern design voor versleutelings/ontcijferingsschermen
+  * OpenPGP API versie 3 (meerdere api accounts, interne fixes, sleutel lookup)
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
-Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Bedankt aan alle deelnemers van Google Summer of Code 2014 die deze release vol met nieuwe mogelijkheden en vrij van bugs gemaakt hebben!
+Naast vele kleine patches werden ook een aanzienlijk aantal patches gemaakt door de volgende personen (in alfabetische volgorde):
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
-  * New unified key list
-  * Colorized key fingerprint
-  * Support for keyserver ports
-  * Deactivate possibility to generate weak keys
-  * Much more internal work on the API
-  * Certify user ids
-  * Keyserver query based on machine-readable output
-  * Lock navigation drawer on tablets
-  * Suggestions for emails on creation of keys
-  * Search in public key lists
-  * And much more improvements and fixes…
+  * Nieuwe geünificeerde sleutellijst
+  * Gekleurde sleutelvingerafdruk
+  * Ondersteuning voor sleutelserver-poorten
+  * Zet mogelijkheid om zwakke sleutels aan te maken uit
+  * Veel meer intern werk aan API
+  * Certificeer gebruikers-ID's
+  * Sleutelserverzoekopdracht gebaseerd op machine-leesbare output
+  * Zet navigatiedrawer op tablets vast
+  * Suggesties voor e-mailadress bij aanmaken van sleutels
+  * Zoeken in publieke sleutellijsten
+  * En veel meer verbeteringen en fixes...
 
 
 ## 2.3.1
@@ -153,28 +154,28 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
 ## 2.3
 
-  * Remove unnecessary export of public keys when exporting secret key (thanks to Ash Hughes)
-  * Fix setting expiry dates on keys (thanks to Ash Hughes)
-  * More internal fixes when editing keys (thanks to Ash Hughes)
-  * Querying keyservers directly from the import screen
-  * Fix layout and dialog style on Android 2.2-3.0
-  * Fix crash on keys with empty user ids
-  * Fix crash and empty lists when coming back from signing screen
-  * Bouncy Castle (cryptography library) updated from 1.47 to 1.50 and build from source
-  * Fix upload of key from signing screen
+  * Verwijder onnodige export van publieke sleutels bij exporteren van geheime sleutel (dank aan Ash Hughes)
+  * Oplossing voor verloopdata op sleutels (dank aan Ash Hughes)
+  * Meer interne fixes by bewerken van sleutels (dank aan Ash Hughes)
+  * Zoeken op sleutelservers rechtstreeks van importscherm
+  * Oplossing voor layout en dialoogstijl op Android 2.2-3.0
+  * Oplossing voor crash op sleutels met lege gebruikers-ID's
+  * Oplossing voor crash en lege lijsten bij terugkeren van ondertekeningsscherm
+  * Bouncy Castle (cryptografie bibliotheek) bijgewerkt van 1.47 naar 1.50 en versie van bron
+  * Oplossing voor uploaden van sleutel van ondertekeningsscherm
 
 
 ## 2.2
 
-  * New design with navigation drawer
-  * New public key list design
-  * New public key view
-  * Bug fixes for importing of keys
-  * Key cross-certification (thanks to Ash Hughes)
-  * Handle UTF-8 passwords properly (thanks to Ash Hughes)
-  * First version with new languages (thanks to the contributors on Transifex)
-  * Sharing of keys via QR Codes fixed and improved
-  * Package signature verification for API
+  * Nieuw design met navigatiebalk
+  * Nieuw publieke sleutellijst design
+  * Nieuwe publieke sleutel view
+  * Bugfixes voor importeren van sleutels
+  * Sleutel certificatie (dank aan Ash Hughes)
+  * Behandel UTF-8 wachtwoorden correct (dank aan Ash Hughes)
+  * Eerste versie met nieuwe talen (dank aan de medewerkers op Transifex)
+  * Delen van sleutels via QR codes opgelost en verbeterd
+  * Pakketondertekeningsverificatie voor API
 
 
 ## 2.1.1
@@ -191,22 +192,22 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
 ## 2.0
 
-  * Complete redesign
-  * Share public keys via QR codes, NFC beam
-  * Sign keys
-  * Upload keys to server
-  * Fixes import issues
-  * New AIDL API
+  * Volledig nieuw design
+  * Publieke sleutels delen via QR codes, NFC beam
+  * Sleutels ondertekenen
+  * Upload sleutels naar server
+  * Importeerproblemen opgelost
+  * Nieuwe AIDL API
 
 
 ## 1.0.8
 
-  * Basic keyserver support
-  * App2sd
-  * More choices for passphrase cache: 1, 2, 4, 8, hours
-  * Translations: Norwegian (thanks, Sander Danielsen), Chinese (thanks, Zhang Fredrick)
+  * Basisondersteuning voor sleutelservers
+  * App2SD
+  * Meer keuzes voor wachtwoordcache: 1, 2, 4, 8 uur
+  * Vertalingen: Noors (bedankt, Sander Danielsen), Chinees (bedankt, Zhang Fredrick)
   * Bugfixes
-  * Optimizations
+  * Optimalisaties
 
 
 ## 1.0.7
@@ -217,22 +218,22 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
 ## 1.0.6
 
-  * Account adding crash on Froyo fixed
-  * Secure file deletion
-  * Option to delete key file after import
-  * Stream encryption/decryption (gallery, etc.)
-  * New options (language, force v3 signatures)
-  * Interface changes
+  * Crash bij toevoegen van account op Froyo opgelost
+  * Veilige bestandsverwijdering
+  * Optie om sleutelbestand na importeren te verwijderen
+  * Stream versleuteling/ontsleuteling (galerij, enz.)
+  * Nieuwe opties (taal, forceer v3 ondertekeningen)
+  * Wijzigingen in interface
   * Bugfixes
 
 
 ## 1.0.5
 
-  * German and Italian translation
-  * Much smaller package, due to reduced BC sources
-  * New preferences GUI
-  * Layout adjustment for localization
-  * Signature bugfix
+  * Duitse en Italiaanse vertaling
+  * Veel kleiner pakket, door verminderde BC bronnen
+  * Nieuwe GUI voor voorkeuren
+  * Layout wijzigingen voor localisatie
+  * Bugfix voor ondertekeningen
 
 
 ## 1.0.4
@@ -247,10 +248,10 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
 ## 1.0.2
 
-  * Filterable key lists
-  * Smarter pre-selection of encryption keys
-  * New Intent handling for VIEW and SEND, allows files to be encrypted/decrypted out of file managers
-  * Fixes and additional features (key preselection) for K-9 Mail, new beta build available
+  * Filterbare sleutellijsten
+  * Slimmere preselectie van cryptosleutels
+  * Nieuwe Intents voor VIEW en SEND, laat toe bestanden te versleutelen/ontcijferen vanuit bestandsbeheerders
+  * Oplossingen en nieuwe functies (sleutel preselectie) voor K-9 Mail, nieuwe beta build beschikbaar
 
 
 ## 1.0.1
@@ -260,9 +261,9 @@ Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Pa
 
 ## 1.0.0
 
-  * K-9 Mail integration, APG supporting beta build of K-9 Mail
-  * Support of more file managers (including ASTRO)
-  * Slovenian translation
-  * New database, much faster, less memory usage
-  * Defined Intents and content provider for other apps
+  * K-9 Mail integratie, APG ondersteunende beta versie van K-9 Mail
+  * Ondersteuning voor meer bestandsbeheerders (waaronder ASTRO)
+  * Sloveense vertaling
+  * Nieuwe database, veel sneller, minder geheugengebruik
+  * Intents en content provider voor andere apps gedefinieerd
   * Bugfixes
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-nl/help_start.md b/OpenKeychain/src/main/res/raw-nl/help_start.md
index 83e27bf97..9eaf23640 100644
--- a/OpenKeychain/src/main/res/raw-nl/help_start.md
+++ b/OpenKeychain/src/main/res/raw-nl/help_start.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Hoe activeer ik OpenKeychain in K-9 Mail?
 Volg deze stappen om OpenKeychain te gebruiken met K-9 Mail:
@@ -12,4 +13,4 @@ Rapporteer de bug met de [problementracker van OpenKeychain](https://github.com/
 Als je ons wil helpen om OpenKeychain te ontwikkelen door code bij te dragen, [volg dan onze kleine gids op GitHub](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Vertalingen
-Help OpenKeychain te vertalen! Iedereen kan deelnemen op [OpenKeychain op Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help OpenKeychain te vertalen! Iedereen kan deelnemen op [OpenKeychain op Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-pl/help_about.md b/OpenKeychain/src/main/res/raw-pl/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-pl/help_about.md
+++ b/OpenKeychain/src/main/res/raw-pl/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-pl/help_certification.md b/OpenKeychain/src/main/res/raw-pl/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-pl/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-pl/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-pl/help_changelog.md b/OpenKeychain/src/main/res/raw-pl/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-pl/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-pl/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-pl/help_start.md b/OpenKeychain/src/main/res/raw-pl/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-pl/help_start.md
+++ b/OpenKeychain/src/main/res/raw-pl/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-pt/help_about.md b/OpenKeychain/src/main/res/raw-pt/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-pt/help_about.md
+++ b/OpenKeychain/src/main/res/raw-pt/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-pt/help_certification.md b/OpenKeychain/src/main/res/raw-pt/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-pt/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-pt/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-pt/help_changelog.md b/OpenKeychain/src/main/res/raw-pt/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-pt/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-pt/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-pt/help_start.md b/OpenKeychain/src/main/res/raw-pt/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-pt/help_start.md
+++ b/OpenKeychain/src/main/res/raw-pt/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-ro/help_about.md b/OpenKeychain/src/main/res/raw-ro/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-ro/help_about.md
+++ b/OpenKeychain/src/main/res/raw-ro/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-ro/help_certification.md b/OpenKeychain/src/main/res/raw-ro/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-ro/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-ro/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-ro/help_changelog.md b/OpenKeychain/src/main/res/raw-ro/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-ro/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-ro/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-ro/help_start.md b/OpenKeychain/src/main/res/raw-ro/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-ro/help_start.md
+++ b/OpenKeychain/src/main/res/raw-ro/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-ru/help_about.md b/OpenKeychain/src/main/res/raw-ru/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-ru/help_about.md
+++ b/OpenKeychain/src/main/res/raw-ru/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-ru/help_certification.md b/OpenKeychain/src/main/res/raw-ru/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-ru/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-ru/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-ru/help_changelog.md b/OpenKeychain/src/main/res/raw-ru/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-ru/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-ru/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-ru/help_start.md b/OpenKeychain/src/main/res/raw-ru/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-ru/help_start.md
+++ b/OpenKeychain/src/main/res/raw-ru/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-sl/help_about.md b/OpenKeychain/src/main/res/raw-sl/help_about.md
index d6a8eca93..dc333ca2d 100644
--- a/OpenKeychain/src/main/res/raw-sl/help_about.md
+++ b/OpenKeychain/src/main/res/raw-sl/help_about.md
@@ -1,12 +1,13 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
-[OpenKeychain](http://www.openkeychain.org) is an OpenPGP implementation for Android.
+[OpenKeychain](http://www.openkeychain.org) je implementacija OpenPGP za Android.
 
-License: GPLv3+
+Licenca: GPLv3+
 
-## Developers
-  * Dominik Schürmann (Maintainer)
+## Razvijalci
+  * Dominik Schürmann (Skrbnik)
   * Art O Cathain
   * Ash Hughes
   * Brian C. Barnes
@@ -27,19 +28,19 @@ License: GPLv3+
   * Tim Bray
   * Vincent Breitmoser
 
-## Libraries
-  * [SpongyCastle](http://rtyley.github.com/spongycastle/) (MIT X11 License)
-  * [SafeSlinger Exchange library](https://github.com/SafeSlingerProject/exchange-android) (MIT License)
-  * [Android Support Libraries](http://developer.android.com/tools/support-library/index.html) (Apache License v2)
-  * [KeybaseLib](https://github.com/timbray/KeybaseLib) (Apache License v2)
-  * [TokenAutoComplete](https://github.com/splitwise/TokenAutoComplete) (Apache License v2)
-  * [MiniDNS](https://github.com/rtreffer/minidns) (Apache License v2)
-  * [StickyListHeaders](https://github.com/emilsjolander/StickyListHeaders) (Apache License v2)
-  * [ZXing](https://github.com/zxing/zxing) (Apache License v2)
-  * [ZXing Android Minimal](https://github.com/journeyapps/zxing-android-embedded) (Apache License v2)
-  * [PagerSlidingTabStrip](https://github.com/jpardogo/PagerSlidingTabStrip) (Material Design)</a> (Apache License v2)
-  * [MaterialNavigationDrawer](https://github.com/neokree/MaterialNavigationDrawer) (Apache License v2)
-  * [Snackbar](https://github.com/nispok/snackbar) (MIT License)
-  * [FloatingActionButton](https://github.com/futuresimple/android-floating-action-button) (Apache License v2)
-  * [HtmlTextView](https://github.com/dschuermann/html-textview) (Apache License v2)
-  * [Markdown4J](https://github.com/jdcasey/markdown4j) (Apache License v2)
\ No newline at end of file
+## Knjižnice
+  * [SpongyCastle](http://rtyley.github.com/spongycastle/) (Licenca MIT X11)
+  * [SafeSlinger Exchange library](https://github.com/SafeSlingerProject/exchange-android) (Licenca MIT)
+  * [Android Support Libraries](http://developer.android.com/tools/support-library/index.html) (Licenca Apache v2)
+  * [KeybaseLib](https://github.com/timbray/KeybaseLib) (Licenca Apache v2)
+  * [TokenAutoComplete](https://github.com/splitwise/TokenAutoComplete) (Licenca Apache v2)
+  * [MiniDNS](https://github.com/rtreffer/minidns) (Licenca Apache v2)
+  * [StickyListHeaders](https://github.com/emilsjolander/StickyListHeaders) (Licenca Apache v2)
+  * [ZXing](https://github.com/zxing/zxing) (Licenca Apache v2)
+  * [ZXing Android Minimal](https://github.com/journeyapps/zxing-android-embedded) (Licenca Apache v2)
+  * [PagerSlidingTabStrip](https://github.com/jpardogo/PagerSlidingTabStrip) (Material Design)</a> (Licenca Apache v2)
+  * [MaterialNavigationDrawer](https://github.com/neokree/MaterialNavigationDrawer) (Licenca Apache v2)
+  * [Snackbar](https://github.com/nispok/snackbar) (Licenca MIT)
+  * [FloatingActionButton](https://github.com/futuresimple/android-floating-action-button) (Licenca Apache v2)
+  * [HtmlTextView](https://github.com/dschuermann/html-textview) (Licenca Apache v2)
+  * [Markdown4J](https://github.com/jdcasey/markdown4j) (Licenca Apache v2)
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-sl/help_certification.md b/OpenKeychain/src/main/res/raw-sl/help_certification.md
index 8da27e8e0..12a86e726 100644
--- a/OpenKeychain/src/main/res/raw-sl/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-sl/help_certification.md
@@ -1,27 +1,28 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
-## Key Confirmation
-Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
-To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
+## Potrjevanje ključev
+Brez overitve ne morete vedeti, če nek ključ zares pripada določeni osebi.
+Najbolj preprost način za overitev ključa je skeniranje kode QR ali izmenjava ključev preko NFC.
+Za overjanje ključev med več kot dvema osebama priporočamo uporabo izmenjave, ki je na voljo za vaše ključe.
 
-## Key Status
+## Status ključa
 
 <img src="status_signature_verified_cutout_24dp"/>  
-Confirmed: You have already confirmed this key, e.g., by scanning the QR Code.  
+Ključ je potrjen: ta ključ ste že potrdili, npr. s skeniranjem kode QR.  
 <img src="status_signature_unverified_cutout_24dp"/>  
-Unconfirmed: This key has not been confirmed yet. You cannot be sure if the key really corresponds to a specific person.  
+Ključ ni potrjen: Ta ključ še ni bil overjen, zato ne morete vedeti, če res pripada osebi, ki naj bi jo predstavljal.  
 <img src="status_signature_expired_cutout_24dp"/>  
-Expired: This key is no longer valid. Only the owner can extend its validity.  
+Ključ je potekel: Ta ključ ni več veljaven. Samo lastnik lahko podaljša veljavnost svojega ključa.  
 <img src="status_signature_revoked_cutout_24dp"/>  
-Revoked: This key is no longer valid. It has been revoked by its owner.
+Ključ preklican: Ta ključ ni več veljaven. Lastnik ga je preklical.
 
-## Advanced Information
-A "key confirmation" in OpenKeychain is implemented by creating a certification according to the OpenPGP standard.
-This certification is a ["generic certification (0x10)"](http://tools.ietf.org/html/rfc4880#section-5.2.1) described in the standard by:
-"The issuer of this certification does not make any particular assertion as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID."
+## Dodatne informacije
+"Overitev ključa" se v aplikaciji OpenKeychain izvede s stvaritvijo potrdila v skladu s standardom OpenPGP.
+To potrdilo je ["generično potrdilo (0x10)"](http://tools.ietf.org/html/rfc4880#section-5.2.1), kot je zapisano v standardu:
+"Izdajatelj tega potrdila ne jamči za kakovost preverjanja overitelja, če je lastnik ključa dejansko oseba, označena v identifikaciji (ID) ključa."
 
-Traditionally, certifications (also with higher certification levels, such as "positive certifications" (0x13)) are organized in OpenPGP's Web of Trust.
-Our model of key confirmation is a much simpler concept to avoid common usability problems related to this Web of Trust.
-We assume that keys are verified only to a certain degree that is still usable enough to be executed "on the go".
-We also do not implement (potentially transitive) trust signatures or an ownertrust database like in GnuPG.
-Furthermore, keys which contain at least one user ID certified by a trusted key will be marked as "confirmed" in the key listings.
\ No newline at end of file
+Navadno so potrdila (tudi na višji stopnji overjanja, kot so "pozitivna pravila" (0x13)) organizirana v Omrežje zaupanja OpenPGP.
+Naš način overjanja je mnogo bolj preprost, s čimer se želimo izogniti pogostim težavam povezanim z Omrežjem zaupanja.
+Domnevamo, da so ključi preverjeni do mere, ki je še uporabna, glede na mobilno naravo aplikacije.
+Tudi ne ponujamo (potencialno prenosljivih) t.i. podpisov zaupanja kot jih ponuja GnuPG.
+Nadalje; ključi, ki vsebujejo vsaj en ID potrjen s strani zaupanja vrednega ključa, bodo na seznamu označeni kot "overjeni".
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-sl/help_changelog.md b/OpenKeychain/src/main/res/raw-sl/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-sl/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-sl/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-sl/help_start.md b/OpenKeychain/src/main/res/raw-sl/help_start.md
index 1641f913b..78c002de4 100644
--- a/OpenKeychain/src/main/res/raw-sl/help_start.md
+++ b/OpenKeychain/src/main/res/raw-sl/help_start.md
@@ -1,15 +1,16 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
-## How do I activate OpenKeychain in K-9 Mail?
-To use OpenKeychain with K-9 Mail, you want to follow these steps:
-  1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
-  3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
+## Kako aktivirati OpenKeychain v aplikaciji K-9 Mail?
+Za uporabo OpenKeychain v aplikaciji K-9 Mail sledite naslednjim korakom:
+  1. Odprite aplikacijo K-9 Mail in dlje časa zadržite prst na računu s katerim želite uporabljati OpenKeychain.
+  2. Izberite "Nastavitve računa", se pomaknite na dno in kliknite "Šifriranje".
+  3. Kliknite na "Ponudnik OpenPGP" in na seznamu izberite OpenKeychain.
 
-## I found a bug in OpenKeychain!
-Please report the bug using the [issue tracker of OpenKeychain](https://github.com/openpgp-keychain/openpgp-keychain/issues).
+## Našel sem 'hrošča' v aplikaciji OpenKeychain!
+Za prijavo hrošča uporabite [sledilnik težav za OpenKeychain](https://github.com/openpgp-keychain/openpgp-keychain/issues).
 
-## Contribute
-If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
+## Prispevajte
+Če želite pomagati pri razvoju aplikacije OpenKeychain in prispevati lastno kodo [prosimo sledite navodilom na Github-u](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
-## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+## Prevodi
+Pomagajte nam pri prevajanju aplikacije OpenKeychain! Svoje prevode lahko prispevate tukaj: [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-sr/help_about.md b/OpenKeychain/src/main/res/raw-sr/help_about.md
index 2ffe80e3b..77a4904e5 100644
--- a/OpenKeychain/src/main/res/raw-sr/help_about.md
+++ b/OpenKeychain/src/main/res/raw-sr/help_about.md
@@ -1,3 +1,4 @@
+[//]: #
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-sr/help_certification.md b/OpenKeychain/src/main/res/raw-sr/help_certification.md
index 03af89a61..20b68cf9b 100644
--- a/OpenKeychain/src/main/res/raw-sr/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-sr/help_certification.md
@@ -1,7 +1,8 @@
+[//]: #
 
 ## Потврда кључа
 Без потврде не можете бити сигурни да ли кључ заиста одговара одређеној особи.
-Најједноставнији начин потврђивања кључа је очитавање бар-кôда или размена преко НФЦ.
+Најједноставнији начин да потврдите кључ је очитавањем бар-кôда или разменом преко НФЦ.
 Да бисте потврдили кључеве између две или више особа, предлажемо да користите методу размене кључева која је доступна за ваш кључ.
 
 ## Стање кључа
diff --git a/OpenKeychain/src/main/res/raw-sr/help_changelog.md b/OpenKeychain/src/main/res/raw-sr/help_changelog.md
index 3b0dbcc05..e33c6b4e4 100644
--- a/OpenKeychain/src/main/res/raw-sr/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-sr/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: #
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Обавештење које показује кеширане лозинке
   * Кључеви су повезани са Андроидовим контактима
 
-<p>Ово издање не би било могуће без рада Винсента Брајтмозера (ГСоЦ 2014), „mar-v-in“-а (ГСоЦ 2014), Данијела Алберта (Daniel Albert), Арта Катијана (Art O Cathain), Данијела Хаса, Тима Бреја, „Thialfihar“-а</p>
+Ово издање не би било могуће без рада Винсента Брајтмозера (ГСоЦ 2014), „mar-v-in“-а (ГСоЦ 2014), Данијела Алберта (Daniel Albert), Арта Катијана (Art O Cathain), Данијела Хаса, Тима Бреја, „Thialfihar“-а
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Хвала свим апликантима Гугловог Лета Ко̂да 2014 који су учинили ово издање богатим у могућностима и без грешака!
+Хвала свим апликантима Гугловог Лета Кôда 2014 који су учинили ово издање богатим у могућностима и без грешака!
 Осим неколицине малих закрпа, значајан број закрпа направили су следећи људи (по абецедном реду):
-Данијел Хаман (Daniel Hammann), Данијел Хас (Daniel Haß), Грег Вичак (Greg Witczak), Мируђин Бакши (Miroojin Bakshi), Никил Питер Раж (Nikhil Peter Raj), Паул Сарбиновски (Paul Sarbinowski), Срирам Бујапати (Sreeram Boyapati), Винсент Брајтмозер (Vincent Breitmoser).</p>
+Данијел Хаман (Daniel Hammann), Данијел Хас (Daniel Haß), Грег Вичак (Greg Witczak), Мируђин Бакши (Miroojin Bakshi), Никил Питер Раж (Nikhil Peter Raj), Паул Сарбиновски (Paul Sarbinowski), Срирам Бујапати (Sreeram Boyapati), Винсент Брајтмозер (Vincent Breitmoser).
 
   * Нови обједињени списак кључева
   * Обојени отисак прста кључа
diff --git a/OpenKeychain/src/main/res/raw-sr/help_start.md b/OpenKeychain/src/main/res/raw-sr/help_start.md
index f531fdc82..1375f91eb 100644
--- a/OpenKeychain/src/main/res/raw-sr/help_start.md
+++ b/OpenKeychain/src/main/res/raw-sr/help_start.md
@@ -1,8 +1,9 @@
+[//]: #
 
 ## Како да активирам Отворени кључарник у К-9 Пошти?
 Да бисте користили Отворени кључарник са К-9 Поштом, пратите ове кораке:
   1. Отворите К-9 Пошту и тапните и задржите на налог са којим желите да користите Отворени кључарник.
-  2. Изаберите „поставке налога“ и клизајте на дно и тапните на „криптографија“.
+  2. Изаберите „поставке налога“, клизајте на дно и тапните на „криптографија“.
   3. Тапните на „ОпенПГП апликација“ и изаберите Отворени кључарник са списка.
 
 ## Пронађох грешку у Отвореном кључарнику!
@@ -12,4 +13,4 @@
 Ако желите да нам помогнете у развоју Отвореног кључарника доприношењем кôда, [пратите наш мали водич на Гитхабу](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Преводи
-Помозите превођењем Отвореног кључарника! Било ко може да учествује на [пројекту Отвореног кључарника на Трансифексу](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Помозите превођењем Отвореног кључарника! Сви могу да учествују на [пројекту Отвореног кључарника на Трансифексу](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-sv/help_about.md b/OpenKeychain/src/main/res/raw-sv/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-sv/help_about.md
+++ b/OpenKeychain/src/main/res/raw-sv/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-sv/help_certification.md b/OpenKeychain/src/main/res/raw-sv/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-sv/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-sv/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-sv/help_changelog.md b/OpenKeychain/src/main/res/raw-sv/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-sv/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-sv/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-sv/help_start.md b/OpenKeychain/src/main/res/raw-sv/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-sv/help_start.md
+++ b/OpenKeychain/src/main/res/raw-sv/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-tr/help_about.md b/OpenKeychain/src/main/res/raw-tr/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-tr/help_about.md
+++ b/OpenKeychain/src/main/res/raw-tr/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-tr/help_certification.md b/OpenKeychain/src/main/res/raw-tr/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-tr/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-tr/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-tr/help_changelog.md b/OpenKeychain/src/main/res/raw-tr/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-tr/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-tr/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-tr/help_start.md b/OpenKeychain/src/main/res/raw-tr/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-tr/help_start.md
+++ b/OpenKeychain/src/main/res/raw-tr/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-uk/help_about.md b/OpenKeychain/src/main/res/raw-uk/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-uk/help_about.md
+++ b/OpenKeychain/src/main/res/raw-uk/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-uk/help_certification.md b/OpenKeychain/src/main/res/raw-uk/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-uk/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-uk/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-uk/help_changelog.md b/OpenKeychain/src/main/res/raw-uk/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-uk/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-uk/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-uk/help_start.md b/OpenKeychain/src/main/res/raw-uk/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-uk/help_start.md
+++ b/OpenKeychain/src/main/res/raw-uk/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-zh-rTW/help_about.md b/OpenKeychain/src/main/res/raw-zh-rTW/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-zh-rTW/help_about.md
+++ b/OpenKeychain/src/main/res/raw-zh-rTW/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-zh-rTW/help_certification.md b/OpenKeychain/src/main/res/raw-zh-rTW/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-zh-rTW/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-zh-rTW/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-zh-rTW/help_changelog.md b/OpenKeychain/src/main/res/raw-zh-rTW/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-zh-rTW/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-zh-rTW/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-zh-rTW/help_start.md b/OpenKeychain/src/main/res/raw-zh-rTW/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-zh-rTW/help_start.md
+++ b/OpenKeychain/src/main/res/raw-zh-rTW/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/raw-zh/help_about.md b/OpenKeychain/src/main/res/raw-zh/help_about.md
index d6a8eca93..9d635d9df 100644
--- a/OpenKeychain/src/main/res/raw-zh/help_about.md
+++ b/OpenKeychain/src/main/res/raw-zh/help_about.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 [http://www.openkeychain.org](http://www.openkeychain.org)
 
diff --git a/OpenKeychain/src/main/res/raw-zh/help_certification.md b/OpenKeychain/src/main/res/raw-zh/help_certification.md
index 8da27e8e0..3518adf73 100644
--- a/OpenKeychain/src/main/res/raw-zh/help_certification.md
+++ b/OpenKeychain/src/main/res/raw-zh/help_certification.md
@@ -1,7 +1,8 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## Key Confirmation
 Without confirmation, you cannot be sure if a key really corresponds to a specific person.
-The most simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
+The simplest way to confirm a key is by scanning the QR Code or exchanging it via NFC.
 To confirm keys between more than two persons, we suggest to use the key exchange method available for your keys.
 
 ## Key Status
diff --git a/OpenKeychain/src/main/res/raw-zh/help_changelog.md b/OpenKeychain/src/main/res/raw-zh/help_changelog.md
index e9d61d0f3..4a7ddb7f2 100644
--- a/OpenKeychain/src/main/res/raw-zh/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw-zh/help_changelog.md
@@ -1,3 +1,4 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## 3.2beta2
 
@@ -95,7 +96,7 @@
   * Notification showing cached passphrases
   * Keys are connected to Android's contacts
 
-<p>This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar</p>
+This release wouldn't be possible without the work of Vincent Breitmoser (GSoC 2014), mar-v-in (GSoC 2014), Daniel Albert, Art O Cathain, Daniel Haß, Tim Bray, Thialfihar
 
 ## 2.7
 
@@ -129,9 +130,9 @@
 
 
 ## 2.4
-<p>Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
+Thanks to all applicants of Google Summer of Code 2014 who made this release feature rich and bug free!
 Besides several small patches, a notable number of patches are made by the following people (in alphabetical order):
-Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.</p>
+Daniel Hammann, Daniel Haß, Greg Witczak, Miroojin Bakshi, Nikhil Peter Raj, Paul Sarbinowski, Sreeram Boyapati, Vincent Breitmoser.
 
   * New unified key list
   * Colorized key fingerprint
diff --git a/OpenKeychain/src/main/res/raw-zh/help_start.md b/OpenKeychain/src/main/res/raw-zh/help_start.md
index 1641f913b..4cc331942 100644
--- a/OpenKeychain/src/main/res/raw-zh/help_start.md
+++ b/OpenKeychain/src/main/res/raw-zh/help_start.md
@@ -1,8 +1,9 @@
+[//]: # (NOTE: Please put every sentence in its own line, Transifex puts every line in its own translation field!)
 
 ## How do I activate OpenKeychain in K-9 Mail?
 To use OpenKeychain with K-9 Mail, you want to follow these steps:
   1. Open K-9 Mail and long-tap on the account you want to use OpenKeychain with.
-  2. Select "Account settings" and scroll to the very bottom and click "Cryptography".
+  2. Select "Account settings", scroll to the very bottom and click "Cryptography".
   3. Click on "OpenPGP Provider" and select OpenKeychain from the list.
 
 ## I found a bug in OpenKeychain!
@@ -12,4 +13,4 @@ Please report the bug using the [issue tracker of OpenKeychain](https://github.c
 If you want to help us developing OpenKeychain by contributing code [follow our small guide on Github](https://github.com/openpgp-keychain/openpgp-keychain#contribute-code).
 
 ## Translations
-Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/openpgp-keychain/).
\ No newline at end of file
+Help translating OpenKeychain! Everybody can participate at [OpenKeychain on Transifex](https://www.transifex.com/projects/p/open-keychain/).
\ No newline at end of file
diff --git a/OpenKeychain/src/main/res/values-cs/strings.xml b/OpenKeychain/src/main/res/values-cs/strings.xml
index 2434c91df..f99b32a2d 100644
--- a/OpenKeychain/src/main/res/values-cs/strings.xml
+++ b/OpenKeychain/src/main/res/values-cs/strings.xml
@@ -4,8 +4,6 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Vybrat klíče</string>
-  <string name="title_select_secret_key">Vybrat svůj klíč</string>
   <string name="title_encrypt_text">Zašifrovat</string>
   <string name="title_encrypt_files">Zašifrovat</string>
   <string name="title_decrypt">Rozšifrovat</string>
@@ -13,7 +11,6 @@
   <string name="title_add_subkey">Přidat podklíč</string>
   <string name="title_edit_key">Editovat klíč</string>
   <string name="title_preferences">Nastavení</string>
-  <string name="title_cloud_search_preferences">Nastavení vyhledávání v cloudu</string>
   <string name="title_api_registered_apps">Aplikace</string>
   <string name="title_change_passphrase">Změnit heslo</string>
   <string name="title_share_fingerprint_with">Sdílet otisk s...</string>
@@ -23,7 +20,6 @@
   <string name="title_encrypt_to_file">Zašifrovat do souboru</string>
   <string name="title_decrypt_to_file">Rozšifrovat do souboru</string>
   <string name="title_import_keys">Importovat klíče</string>
-  <string name="title_add_keys">Přidat klíče</string>
   <string name="title_export_key">Exportovat klíče</string>
   <string name="title_export_keys">Exportovat klíče</string>
   <string name="title_key_not_found">Klíč nebyl nalezen</string>
@@ -32,36 +28,33 @@
   <string name="title_key_details">Detaily klíče</string>
   <string name="title_help">Nápověda</string>
   <string name="title_log_display">Log</string>
-  <string name="title_create_key">Vytvořit klíč</string>
   <string name="title_exchange_keys">Vyměnit klíče</string>
   <string name="title_advanced_key_info">Další informace ke klíči</string>
-  <string name="title_keys">Klíče</string>
   <string name="title_delete_secret_key">Smazat Váš klíč \'%s\'?</string>
   <string name="title_export_log">Exportovat log</string>
+  <string name="title_manage_my_keys">Spravovat klíče</string>
   <!--section-->
   <string name="section_user_ids">Identity</string>
+  <string name="section_linked_system_contact">Propojený kontakt v systému</string>
   <string name="section_should_you_trust">Důvěřujete tomuto klíči?</string>
+  <string name="section_proof_details">Doložit ověření</string>
+  <string name="section_cloud_evidence">Doložení z cloudu</string>
   <string name="section_keys">Podklíče</string>
   <string name="section_cloud_search">Vyhledávání v Cloud službě</string>
-  <string name="section_general">Obecné</string>
-  <string name="section_defaults">Výchozí hodnoty</string>
-  <string name="section_advanced">Pokročilé</string>
   <string name="section_passphrase_cache">Cache hesel</string>
   <string name="section_certify">Potvrdit</string>
   <string name="section_actions">Akce</string>
   <string name="section_share_key">Klíč</string>
-  <string name="section_upload_key">Synchronizovat klíč</string>
   <string name="section_key_server">Keyserver</string>
   <string name="section_fingerprint">Otisk</string>
-  <string name="section_decrypt_files">Soubory</string>
-  <string name="section_decrypt_text">Text</string>
-  <string name="section_certs">Certifikáty</string>
   <string name="section_encrypt">Zašifrovat</string>
   <string name="section_decrypt">Rozšifrovat</string>
+  <string name="section_current_expiry">Současná expirace</string>
+  <string name="section_new_expiry">Nová expirace</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Dešifrovat, ověřit a uložit soubor</string>
-  <string name="btn_encrypt_file">Zaširovat a uložit soubor</string>
   <string name="btn_encrypt_share_file">Zašifrovat a sdílet soubor</string>
+  <string name="btn_encrypt_save_file">Zašifrovat a uložit soubor</string>
   <string name="btn_save">Uložit</string>
   <string name="btn_do_not_save">Zrušit</string>
   <string name="btn_delete">Smazat</string>
@@ -70,25 +63,31 @@
   <string name="btn_export_to_server">Nahrát na keyserver</string>
   <string name="btn_next">Další</string>
   <string name="btn_back">Zpět</string>
-  <string name="btn_lookup_key">Vyhledat klíč</string>
+  <string name="btn_no">Ne</string>
+  <string name="btn_match">Otisky souhlasí</string>
+  <string name="btn_share_encrypted_signed">Zašifrovat a sdílet text</string>
+  <string name="btn_copy_encrypted_signed">Zašifrovat a zkopírovat text</string>
   <string name="btn_view_cert_key">Zobrazit klíč certifikátu</string>
   <string name="btn_create_key">Vytvořit klíč</string>
   <string name="btn_add_files">Přidat soubor(y)</string>
   <string name="btn_add_share_decrypted_text">Sdílet dešifrovaný text</string>
+  <string name="btn_decrypt_clipboard">Dešifrovat text ze schránky</string>
   <string name="btn_decrypt_and_verify">a ověřit podpisy</string>
   <string name="btn_decrypt_files">Dešifrovat soubory</string>
+  <string name="btn_encrypt_files">Zašifrovat soubory</string>
+  <string name="btn_encrypt_text">Zašifrovat text</string>
+  <string name="btn_add_email">Přidat další emailové adresy</string>
   <!--menu-->
   <string name="menu_preferences">Nastavení</string>
   <string name="menu_help">Nápověda</string>
   <string name="menu_export_key">Exportovat do souboru</string>
   <string name="menu_delete_key">Smazat klíč</string>
-  <string name="menu_import_existing_key">Importovat ze souboru</string>
+  <string name="menu_manage_keys">Spravovat klíče</string>
   <string name="menu_search">Hledat</string>
+  <string name="menu_nfc_preferences">NFC nastavení</string>
   <string name="menu_beam_preferences">Beam settings</string>
-  <string name="menu_key_edit_cancel">Zrušit</string>
   <string name="menu_encrypt_to">Zašifrovat do...</string>
   <string name="menu_select_all">Vybrat vše</string>
-  <string name="menu_add_keys">Přidat klíče</string>
   <string name="menu_export_all_keys">Exportovat všechny klíče</string>
   <string name="menu_advanced">Zobrazit pokročilé info</string>
   <!--label-->
@@ -187,9 +186,6 @@
   <string name="encrypt_sign_clipboard_successful">Úspěšně podepsání a/nebo zašifrováno do schránky.</string>
   <string name="select_encryption_key">Vyberte alespoň jeden šifrovací klíč.</string>
   <string name="select_encryption_or_signature_key">Vyberte alespoň jeden šifrovací nebo podpisový klíč.</string>
-  <string name="specify_file_to_encrypt_to">Prosím specifikujte do kterého souboru zašifrovat.\nVAROVÁNÍ: Pokud soubor již existuje, bude přepsán.</string>
-  <string name="specify_file_to_decrypt_to">Prosím specifikujte do kterého souboru rozšifrovat.\nVAROVÁNÍ: Pokud soubor již existuje, bude přepsán.</string>
-  <string name="specify_file_to_export_to">Prosím specifikujte do kterého souboru exportovat.\nVAROVÁNÍ: Pokud soubor již existuje, bude přepsán.</string>
   <string name="also_export_secret_keys">Zárověň exportovat tajný klíč</string>
   <string name="reinstall_openkeychain">Narazili jste na známou chybu v Androidu. Přeinstalujte prosím OpenKeychain pokud chcete své propojit kontakty s klíči.</string>
   <string name="key_exported">Úspěšně exportován 1 klíč.</string>
diff --git a/OpenKeychain/src/main/res/values-de/strings.xml b/OpenKeychain/src/main/res/values-de/strings.xml
index 0022153a6..4fd310837 100644
--- a/OpenKeychain/src/main/res/values-de/strings.xml
+++ b/OpenKeychain/src/main/res/values-de/strings.xml
@@ -4,8 +4,6 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Wähle Schlüssel</string>
-  <string name="title_select_secret_key">Wähle Deinen Schlüssel</string>
   <string name="title_encrypt_text">Verschlüsseln</string>
   <string name="title_encrypt_files">Verschlüsseln</string>
   <string name="title_decrypt">Entschlüsseln</string>
@@ -13,7 +11,6 @@
   <string name="title_add_subkey">Unterschlüssel hinzufügen</string>
   <string name="title_edit_key">Schlüssel bearbeiten</string>
   <string name="title_preferences">Einstellungen</string>
-  <string name="title_cloud_search_preferences">Einstellungen Cloudsuche</string>
   <string name="title_api_registered_apps">Apps</string>
   <string name="title_key_server_preference">Schlüsselserver</string>
   <string name="title_change_passphrase">Passwort ändern</string>
@@ -24,7 +21,6 @@
   <string name="title_encrypt_to_file">In eine Datei verschlüsseln</string>
   <string name="title_decrypt_to_file">In eine Datei entschlüsseln</string>
   <string name="title_import_keys">Schlüssel importieren</string>
-  <string name="title_add_keys">Schlüssel hinzufügen</string>
   <string name="title_export_key">Schlüssel exportieren</string>
   <string name="title_export_keys">Schlüssel exportieren</string>
   <string name="title_key_not_found">Schlüssel nicht gefunden</string>
@@ -33,10 +29,8 @@
   <string name="title_key_details">Schlüsseldetails</string>
   <string name="title_help">Hilfe</string>
   <string name="title_log_display">Log</string>
-  <string name="title_create_key">Schlüssel erzeugen</string>
   <string name="title_exchange_keys">Schlüssel austauschen</string>
   <string name="title_advanced_key_info">Erweiterte Schlüsselinformation</string>
-  <string name="title_keys">Schlüssel</string>
   <string name="title_delete_secret_key">DEINEN Schlüssel \'%s\' löschen?</string>
   <string name="title_export_log">Log exportieren</string>
   <string name="title_manage_my_keys">Meine Schlüssel verwalten</string>
@@ -48,27 +42,18 @@
   <string name="section_cloud_evidence">Nachweise aus der Cloud</string>
   <string name="section_keys">Unterschlüssel</string>
   <string name="section_cloud_search">Cloudsuche</string>
-  <string name="section_general">Allgemein</string>
-  <string name="section_defaults">Standardwerte</string>
-  <string name="section_advanced">Fortgeschrittene Einstellungen</string>
   <string name="section_passphrase_cache">Passwort Zwischenspeicher</string>
   <string name="section_certify">Bestätigen</string>
   <string name="section_actions">Aktionen</string>
   <string name="section_share_key">Schlüssel</string>
-  <string name="section_upload_key">Schlüssel synchronisieren</string>
   <string name="section_key_server">Schlüsselserver</string>
   <string name="section_fingerprint">Fingerabdruck</string>
-  <string name="section_decrypt_files">Dateien</string>
-  <string name="section_decrypt_text">Text</string>
-  <string name="section_certs">Beglaubigungen</string>
   <string name="section_encrypt">Verschlüsseln</string>
   <string name="section_decrypt">Entschlüsseln</string>
   <string name="section_current_expiry">Aktuelles Ablaufdatum</string>
   <string name="section_new_expiry">Neues Ablaufdatum</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Datei entschlüsseln, verifizieren und speichern</string>
-  <string name="btn_decrypt_verify_message">Nachricht entschlüsseln und überprüfen</string>
-  <string name="btn_encrypt_file">Datei verschlüsseln und speichern</string>
   <string name="btn_encrypt_share_file">Datei verschlüsseln und teilen</string>
   <string name="btn_encrypt_save_file">Datei verschlüsseln und speichern</string>
   <string name="btn_save">Speichern</string>
@@ -81,7 +66,6 @@
   <string name="btn_back">Zurück</string>
   <string name="btn_no">Nein</string>
   <string name="btn_match">Fingerabdrücke stimmen überein</string>
-  <string name="btn_lookup_key">Schlüssel nachschlagen</string>
   <string name="btn_share_encrypted_signed">Nachricht verschlüsseln und teilen</string>
   <string name="btn_copy_encrypted_signed">Text verschlüsseln und kopieren</string>
   <string name="btn_view_cert_key">Beglaubigungsschlüssel anzeigen</string>
@@ -100,16 +84,13 @@
   <string name="menu_export_key">In Datei exportieren</string>
   <string name="menu_delete_key">Schlüssel löschen</string>
   <string name="menu_manage_keys">Meine Schlüssel verwalten</string>
-  <string name="menu_import_existing_key">Von Datei importieren</string>
   <string name="menu_search">Suchen</string>
   <string name="menu_nfc_preferences">NFC-Einstellungen</string>
   <string name="menu_beam_preferences">Beam-Einstellungen</string>
-  <string name="menu_key_edit_cancel">Abbrechen</string>
   <string name="menu_encrypt_to">Verschlüsseln nach…</string>
   <string name="menu_select_all">Alles auswählen</string>
-  <string name="menu_add_keys">Schlüssel hinzufügen</string>
-  <string name="menu_search_cloud">Cloud durchsuchen</string>
   <string name="menu_export_all_keys">Alle Schlüssel exportieren</string>
+  <string name="menu_update_all_keys">Alle Schlüssel aktualisieren</string>
   <string name="menu_advanced">Erweiterte Infos anzeigen</string>
   <string name="menu_certify_fingerprint">Über Fingerabdruckvergleich bestätigen</string>
   <string name="menu_export_log">Log exportieren</string>
@@ -161,6 +142,10 @@
   <string name="label_enable_compression">Komprimierung aktivieren</string>
   <string name="label_encrypt_filenames">Dateinamen verschlüsseln</string>
   <string name="label_hidden_recipients">Empfänger verbergen</string>
+  <string name="pref_keyserver">Schlüsselserver durchsuchen</string>
+  <string name="pref_keyserver_summary">HKP-Schlüsselserver durchsuchen</string>
+  <string name="pref_keybase">Keybase.io durchsuchen</string>
+  <string name="pref_keybase_summary">Keybase.io-Index durchsuchen</string>
   <string name="user_id_no_name">&lt;kein Name&gt;</string>
   <string name="none">&lt;keine&gt;</string>
   <plurals name="n_keys">
@@ -218,8 +203,8 @@
   <string name="select_encryption_key">Mindestens einen Schlüssel zum Verschlüsseln auswählen.</string>
   <string name="select_encryption_or_signature_key">Mindestens einen Schlüssel zum Verschlüsseln oder einen zum Signieren auswählen.</string>
   <string name="specify_file_to_encrypt_to">Bitte angeben in welche Datei verschlüsselt werden soll.\nWARNUNG: Datei wird überschrieben, wenn sie bereits existiert.</string>
-  <string name="specify_file_to_decrypt_to">Bitte angeben in welche Datei entschlüsselt werden soll.\nWARNUNG: Datei wird überschrieben, wenn sie bereits existiert. </string>
-  <string name="specify_file_to_export_to">Bitte angeben in welche Datei exportiert werden soll.\nWARNUNG: Datei wird überschrieben, wenn sie bereits existiert. </string>
+  <string name="specify_file_to_decrypt_to">Bitte angeben in welche Datei entschlüsselt werden soll.\nWARNUNG: Datei wird überschrieben, wenn sie bereits existiert.</string>
+  <string name="specify_file_to_export_to">Bitte angeben in welche Datei exportiert werden soll.\nWARNUNG: Datei wird überschrieben, wenn sie bereits existiert.</string>
   <string name="key_deletion_confirmation_multi">Möchtest du wirklich alle ausgewählten Schlüssel löschen?</string>
   <string name="secret_key_deletion_confirmation">Nach dem Löschen wird es dir nicht mehr möglich sein mit diesem Schlüssel verschlüsselte Nachrichten zu lesen und zudem wirst du alle damit getätigten Bestätigungen verlieren!</string>
   <string name="public_key_deletetion_confirmation">Schlüssel löschen \'%s\'?</string>
@@ -289,6 +274,7 @@
   <string name="progress_cancelling">Abbrechen...</string>
   <string name="progress_saving">Wird gespeichert…</string>
   <string name="progress_importing">Wird importiert…</string>
+  <string name="progress_updating">Aktualisiere Schlüssel...</string>
   <string name="progress_exporting">Wird exportiert…</string>
   <string name="progress_uploading">Wird hochgeladen...</string>
   <string name="progress_building_key">Schlüssel wird erstellt…</string>
@@ -333,7 +319,7 @@
   <string name="progress_con_saving">Zusammenführung: Im Cache speichern...</string>
   <string name="progress_con_reimport">Zusammenführung: Neuimportierung...</string>
   <!--action strings-->
-  <string name="hint_cloud_search_hint">Suche via Name, E-Mail...</string>
+  <string name="hint_cloud_search_hint">Via Name, E-Mail durchsuchen...</string>
   <!--key bit length selections-->
   <string name="key_size_512">512</string>
   <string name="key_size_768">768</string>
@@ -451,7 +437,7 @@
   <string name="api_settings_hide_advanced">Erweiterte Einstellungen ausblenden</string>
   <string name="api_settings_no_key">Kein Schlüssel ausgewählt</string>
   <string name="api_settings_select_key">Schlüssel auswählen</string>
-  <string name="api_settings_create_key">Erzeuge meinen Schlüssel</string>
+  <string name="api_settings_create_key">Neuen Schlüssel erzeugen</string>
   <string name="api_settings_save">Speichern</string>
   <string name="api_settings_save_msg">Benutzerkonto wurde gespeichert</string>
   <string name="api_settings_cancel">Abbrechen</string>
@@ -589,6 +575,7 @@
   <string name="create_key_edit">Schlüsselkonfiguration ändern</string>
   <string name="create_key_add_email">E-Mail-Adresse hinzufügen</string>
   <string name="create_key_add_email_text">Es sind zusätzliche E-Mail-Adressen mit diesem Schlüssel verknüpft, die zur sicheren Kommunikation verwendet werden können.</string>
+  <string name="create_key_email_already_exists_text">E-Mail wurde bereits hinzugefügt</string>
   <!--View key-->
   <string name="view_key_revoked">Widerrufen: Schlüssel darf nicht mehr genutzt werden!</string>
   <string name="view_key_expired">Abgelaufen: Der Kontakt muss die Gültigkeit des Schlüssels verlängern!</string>
@@ -1097,7 +1084,7 @@
   <string name="msg_download_query_too_short">Die Suchanfrage ist zu kurz, bitte die Suchanfrage verfeinern!</string>
   <string name="msg_download_too_many_responses">Schlüsselsuchanfrage lieferte zu viele Kandidaten, bitte die Suchanfrage verfeinern!</string>
   <string name="msg_download_query_too_short_or_too_many_responses">Entweder keine oder zu viele Schlüssel wurden gefunden, bitte die Suchanfrage prä­zi­sie­ren!</string>
-  <string name="msg_download_query_failed">Beim suchen der Schlüssel ist ein Fehler aufgetreten.</string>
+  <string name="msg_download_query_failed">Beim Suchen der Schlüssel ist ein Fehler aufgetreten.</string>
   <!--Messages for Export Log operation-->
   <string name="msg_export_log_start">Exportiere Protokoll</string>
   <string name="msg_export_log_error_fopen">Fehler beim Öffnen der Datei</string>
@@ -1112,7 +1099,7 @@
   <string name="passp_cache_notif_pwd">Passwort</string>
   <!--First Time-->
   <string name="first_time_text1">Hol dir deine Privatsphäre mit OpenKeychain zurück!</string>
-  <string name="first_time_create_key">Meinen Schlüssel erzeugen (empfohlen)</string>
+  <string name="first_time_create_key">Meinen Schlüssel erzeugen</string>
   <string name="first_time_import_key">Schlüssel aus Datei importieren</string>
   <string name="first_time_yubikey">YubiKey NEO verwenden</string>
   <string name="first_time_skip">Setup überspringen</string>
diff --git a/OpenKeychain/src/main/res/values-es/strings.xml b/OpenKeychain/src/main/res/values-es/strings.xml
index a042f3809..2d94eb6a2 100644
--- a/OpenKeychain/src/main/res/values-es/strings.xml
+++ b/OpenKeychain/src/main/res/values-es/strings.xml
@@ -4,27 +4,23 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Seleccionar claves</string>
-  <string name="title_select_secret_key">Seleccionar su clave</string>
-  <string name="title_encrypt_text">Cifrar</string>
-  <string name="title_encrypt_files">Cifrar</string>
+  <string name="title_encrypt_text">Encriptar</string>
+  <string name="title_encrypt_files">Encriptar</string>
   <string name="title_decrypt">Descifrar</string>
   <string name="title_unlock">Desbloquear clave</string>
   <string name="title_add_subkey">Añadir subclave</string>
   <string name="title_edit_key"> Editar clave</string>
   <string name="title_preferences">Configuración</string>
-  <string name="title_cloud_search_preferences">Preferencias de búsqueda en la nube</string>
   <string name="title_api_registered_apps">Aplicaciones</string>
   <string name="title_key_server_preference">Servidores de claves</string>
   <string name="title_change_passphrase">Cambiar frase de contraseña</string>
-  <string name="title_share_fingerprint_with">Compartir huella de validación de clave con...</string>
+  <string name="title_share_fingerprint_with">Compartir huella digital con...</string>
   <string name="title_share_key">Compartir clave con...</string>
-  <string name="title_share_file">Compartir fichero con...</string>
+  <string name="title_share_file">Compartir archivo con...</string>
   <string name="title_share_message">Compartir texto con...</string>
   <string name="title_encrypt_to_file">Cifrar hacia archivo</string>
   <string name="title_decrypt_to_file">Descifrar hacia archivo</string>
   <string name="title_import_keys">Importar claves</string>
-  <string name="title_add_keys">Añadir claves</string>
   <string name="title_export_key">Exportar clave</string>
   <string name="title_export_keys">Exportar claves</string>
   <string name="title_key_not_found">Clave no encontrada</string>
@@ -33,11 +29,9 @@
   <string name="title_key_details">Detalles de la clave</string>
   <string name="title_help">Ayuda</string>
   <string name="title_log_display">Registro (log)</string>
-  <string name="title_create_key">Crear clave</string>
   <string name="title_exchange_keys">Intercambiar claves</string>
   <string name="title_advanced_key_info">Información avanzada de clave</string>
-  <string name="title_keys">Claves</string>
-  <string name="title_delete_secret_key">¿Borrar la clave DE USTED \'%s\'?</string>
+  <string name="title_delete_secret_key">¿Borrar clave \'%s\'?</string>
   <string name="title_export_log">Exportar registro (log)</string>
   <string name="title_manage_my_keys">Administrar mis claves</string>
   <!--section-->
@@ -48,51 +42,41 @@
   <string name="section_cloud_evidence">Comprobantes desde la nube</string>
   <string name="section_keys">Subclaves</string>
   <string name="section_cloud_search">Búsqueda en la nube</string>
-  <string name="section_general">General</string>
-  <string name="section_defaults">Predeterminados</string>
-  <string name="section_advanced">Avanzado</string>
   <string name="section_passphrase_cache">Caché de frase-contraseña</string>
   <string name="section_certify">Confirmar</string>
   <string name="section_actions">Acciones</string>
   <string name="section_share_key">Clave</string>
-  <string name="section_upload_key">Sincronizar clave</string>
   <string name="section_key_server">Servidor de claves</string>
-  <string name="section_fingerprint">Huella de validación de clave</string>
-  <string name="section_decrypt_files">Ficheros</string>
-  <string name="section_decrypt_text">Texto</string>
-  <string name="section_certs">Certificados</string>
-  <string name="section_encrypt">Cifrar</string>
-  <string name="section_decrypt">Descifrar</string>
+  <string name="section_fingerprint">Huella digital</string>
+  <string name="section_encrypt">Encriptar</string>
+  <string name="section_decrypt">Desencriptar</string>
   <string name="section_current_expiry">Caducidad actual</string>
   <string name="section_new_expiry">Nueva caducidad</string>
   <!--button-->
-  <string name="btn_decrypt_verify_file">Descifrar, verificar, y guardar fichero</string>
-  <string name="btn_decrypt_verify_message">Descifrar y verificar texto</string>
-  <string name="btn_encrypt_file">Cifrar y guardar fichero</string>
-  <string name="btn_encrypt_share_file">Cifrar y compartir fichero</string>
-  <string name="btn_encrypt_save_file">Cifrar y guardar fichero</string>
+  <string name="btn_decrypt_verify_file">Desencriptar, verificar, y guardar fichero</string>
+  <string name="btn_encrypt_share_file">Encriptar y compartir fichero</string>
+  <string name="btn_encrypt_save_file">Encriptar y guardar fichero</string>
   <string name="btn_save">Guardar</string>
   <string name="btn_do_not_save">Cancelar</string>
   <string name="btn_delete">Eliminar</string>
-  <string name="btn_no_date">Sin fecha de expiración</string>
+  <string name="btn_no_date">No caduca</string>
   <string name="btn_okay">De acuerdo</string>
   <string name="btn_export_to_server">Cargar al servidor de claves</string>
   <string name="btn_next">Siguiente</string>
   <string name="btn_back">Volver</string>
   <string name="btn_no">No</string>
-  <string name="btn_match">Las huellas de validación coinciden</string>
-  <string name="btn_lookup_key">Buscar clave</string>
-  <string name="btn_share_encrypted_signed">Cifrar y compartir texto</string>
-  <string name="btn_copy_encrypted_signed">Cifrar y copiar texto</string>
+  <string name="btn_match">Las huellas digitales coinciden</string>
+  <string name="btn_share_encrypted_signed">Encriptar y compartir texto</string>
+  <string name="btn_copy_encrypted_signed">Encriptar y copiar texto</string>
   <string name="btn_view_cert_key">Ver clave de verificación</string>
   <string name="btn_create_key">Crear clave</string>
-  <string name="btn_add_files">Añadir fichero(s)</string>
-  <string name="btn_add_share_decrypted_text">Compartir texto descifrado</string>
+  <string name="btn_add_files">Añadir archivo(s)</string>
+  <string name="btn_add_share_decrypted_text">Compartir texto desencriptado</string>
   <string name="btn_decrypt_clipboard">Descifrar texto desde el portapapeles</string>
   <string name="btn_decrypt_and_verify">y verificar firmas</string>
-  <string name="btn_decrypt_files">Descifrar ficheros</string>
-  <string name="btn_encrypt_files">Cifrar ficheros</string>
-  <string name="btn_encrypt_text">Cifrar texto</string>
+  <string name="btn_decrypt_files">Desencriptar ficheros</string>
+  <string name="btn_encrypt_files">Encriptar ficheros</string>
+  <string name="btn_encrypt_text">Encriptar texto</string>
   <string name="btn_add_email">Añadir dirección de correo electrónico adicional</string>
   <!--menu-->
   <string name="menu_preferences">Ajustes</string>
@@ -100,24 +84,21 @@
   <string name="menu_export_key">Exportar hacia archivo</string>
   <string name="menu_delete_key">Borrar clave</string>
   <string name="menu_manage_keys">Administrar mis claves</string>
-  <string name="menu_import_existing_key">Importar desde fichero</string>
   <string name="menu_search">Buscar</string>
   <string name="menu_nfc_preferences">Configuraciones NFC</string>
   <string name="menu_beam_preferences">Ajustes de Beam</string>
-  <string name="menu_key_edit_cancel">Cancelar</string>
   <string name="menu_encrypt_to">Cifrar hacia...</string>
   <string name="menu_select_all">Seleccionar todo</string>
-  <string name="menu_add_keys">Añadir claves</string>
-  <string name="menu_search_cloud">Buscar en la nube</string>
   <string name="menu_export_all_keys">Exportar todas las claves</string>
+  <string name="menu_update_all_keys">Actualizar todas las claves</string>
   <string name="menu_advanced">Mostrar información avanzada</string>
-  <string name="menu_certify_fingerprint">Confirmar mediante comparación de la huella de validación (fingerprint)</string>
-  <string name="menu_export_log">Exportar registro (log)</string>
+  <string name="menu_certify_fingerprint">Confirmar mediante comparación de la huella digital</string>
+  <string name="menu_export_log">Exportar registro</string>
   <!--label-->
   <string name="label_message">Texto</string>
   <string name="label_file">Archivo</string>
-  <string name="label_files">Fichero(s)</string>
-  <string name="label_file_colon">Fichero:</string>
+  <string name="label_files">Archivo(s)</string>
+  <string name="label_file_colon">Archivo:</string>
   <string name="label_no_passphrase">No hay frase de contraseña</string>
   <string name="label_passphrase">Frase de contraseña</string>
   <string name="label_unlock">Desbloqueando...</string>
@@ -161,6 +142,10 @@
   <string name="label_enable_compression">Habilitar compresión</string>
   <string name="label_encrypt_filenames">Cifrar nombres de ficheros</string>
   <string name="label_hidden_recipients">Ocultar receptores</string>
+  <string name="pref_keyserver">Buscar en servidor de claves</string>
+  <string name="pref_keyserver_summary">Buscar en servidor de claves HKP</string>
+  <string name="pref_keybase">Buscar en Keybase.io</string>
+  <string name="pref_keybase_summary">Buscar en el índice de Keybase.io</string>
   <string name="user_id_no_name">&lt;sin nombre&gt;</string>
   <string name="none">&lt;ninguna&gt;</string>
   <plurals name="n_keys">
@@ -217,9 +202,9 @@
   <string name="encrypt_sign_clipboard_successful">Firmado y/o cifrado del portapapeles con éxito.</string>
   <string name="select_encryption_key">Selecciona al menos una clave de cifrado.</string>
   <string name="select_encryption_or_signature_key">Selecciona al menos una clave de cifrado o de firma.</string>
-  <string name="specify_file_to_encrypt_to">Por favor especifique hacia qué fichero cifrar.\nADVERTENCIA: El fichero se sobreescribirá si existe.</string>
-  <string name="specify_file_to_decrypt_to">Por favor especifique hacia que fichero descifrar.\nADVERTENCIA: El fichero se sobreescribirá si existe.</string>
-  <string name="specify_file_to_export_to">Por favor especifique hacia qué fichero exportar.\nADVERTENCIA: El fichero se sobreescribirá si existe.</string>
+  <string name="specify_file_to_encrypt_to">Por favor especifique hacia qué fichero cifrar.\nADVERTENCIA: ¡El fichero se sobreescribirá si existe!</string>
+  <string name="specify_file_to_decrypt_to">Por favor especifique hacia qué fichero descifrar.\nADVERTENCIA: ¡El fichero se sobreescribirá si existe!</string>
+  <string name="specify_file_to_export_to">Por favor especifique hacia qué fichero exportar.\nADVERTENCIA: ¡El fichero se sobreescribirá si existe!</string>
   <string name="key_deletion_confirmation_multi">¿De verdad quiere borrar todas las claves seleccionadas?</string>
   <string name="secret_key_deletion_confirmation">¡Después del borrado no podrá leer mensajes cifrados con esta clave y perderá todas las confirmaciones de clave hechas con ella!</string>
   <string name="public_key_deletetion_confirmation">¿Borrar clave \'%s\'?</string>
@@ -289,6 +274,7 @@
   <string name="progress_cancelling">cancelando...</string>
   <string name="progress_saving">guardando...</string>
   <string name="progress_importing">importando...</string>
+  <string name="progress_updating">Actualizando claves...</string>
   <string name="progress_exporting">exportando...</string>
   <string name="progress_uploading">subiendo...</string>
   <string name="progress_building_key">construyendo la clave...</string>
@@ -589,6 +575,7 @@
   <string name="create_key_edit">Cambiar configuración de clave</string>
   <string name="create_key_add_email">Añadir dirección de correo electrónico</string>
   <string name="create_key_add_email_text">Las direcciones adicionales de correo electrónico también están asociadas a esta clave y pueden utilizarse para asegurar la comunicación.</string>
+  <string name="create_key_email_already_exists_text">Ya se ha añadido el correo electrónico</string>
   <!--View key-->
   <string name="view_key_revoked">Revocada: ¡La clave no debe volver a ser usada!</string>
   <string name="view_key_expired">Caducada: ¡El contacto necesita extender la vigencia de la clave!</string>
@@ -1111,7 +1098,7 @@
   <string name="passp_cache_notif_pwd">Frase-contraseña</string>
   <!--First Time-->
   <string name="first_time_text1">¡Recupere su privacidad con OpenKeychain!</string>
-  <string name="first_time_create_key">Crear mi clave (recomendado)</string>
+  <string name="first_time_create_key">Crear mi clave</string>
   <string name="first_time_import_key">Importar clave desde fichero</string>
   <string name="first_time_yubikey">Usar Yubikey NEO</string>
   <string name="first_time_skip">Omitir configuración</string>
@@ -1123,7 +1110,7 @@
   <string name="empty_certs">No hay certificados para esta clave</string>
   <string name="certs_text">Aquí sólo se muestran auto-certificados validados y certificados validados creados con sus claves.</string>
   <string name="section_uids_to_certify">Identificaciones para</string>
-  <string name="certify_text">Las claves que está importando contienen \"identidades\": nombres y correos electrónicos. Seleccione exactamente aquellos para confirmación que coinciden con lo que esperaba.</string>
+  <string name="certify_text">Las claves que está importando contienen \"identidades\": nombres y direcciones de correo electrónico. Para confirmación seleccione exactamente aquellas que coincidan con lo que esperaba.</string>
   <string name="certify_fingerprint_text">Compare la huella de validación mostrada, caracter por caracter, con la que se muestra en el dispositivo de su colega.</string>
   <string name="certify_fingerprint_text2">¿Coinciden las huellas de validación mostradas?</string>
   <string name="label_revocation">Razón de la revocación</string>
diff --git a/OpenKeychain/src/main/res/values-et/strings.xml b/OpenKeychain/src/main/res/values-et/strings.xml
index 15b0c6c1e..cc9061149 100644
--- a/OpenKeychain/src/main/res/values-et/strings.xml
+++ b/OpenKeychain/src/main/res/values-et/strings.xml
@@ -12,8 +12,6 @@
   <string name="title_send_key">Lae võtmeserverisse</string>
   <string name="title_help">Abi</string>
   <!--section-->
-  <string name="section_general">Üldine</string>
-  <string name="section_defaults">Vaikeseaded</string>
   <!--button-->
   <string name="btn_save">Salvesta</string>
   <string name="btn_do_not_save">Katkesta</string>
diff --git a/OpenKeychain/src/main/res/values-eu/strings.xml b/OpenKeychain/src/main/res/values-eu/strings.xml
index 77f897b7c..784217b95 100644
--- a/OpenKeychain/src/main/res/values-eu/strings.xml
+++ b/OpenKeychain/src/main/res/values-eu/strings.xml
@@ -4,8 +4,6 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Hautatu Giltzak</string>
-  <string name="title_select_secret_key">Hautatu Zure Giltza</string>
   <string name="title_encrypt_text">Enkriptatu</string>
   <string name="title_encrypt_files">Enkriptatu</string>
   <string name="title_decrypt">Dekriptatu</string>
@@ -13,7 +11,6 @@
   <string name="title_add_subkey">Gehitu azpigiltza</string>
   <string name="title_edit_key">Editatu Giltza</string>
   <string name="title_preferences">Ezarpenak</string>
-  <string name="title_cloud_search_preferences">Hodei Bilaketa Hobespenak</string>
   <string name="title_api_registered_apps">Aplikazioak</string>
   <string name="title_key_server_preference">Giltza-zerbitzariak</string>
   <string name="title_change_passphrase">Aldatu Sar-esaldia</string>
@@ -23,7 +20,6 @@
   <string name="title_encrypt_to_file">Enkriptatu Agirira</string>
   <string name="title_decrypt_to_file">Dekriptatu Agirira</string>
   <string name="title_import_keys">Inportatu Giltzak</string>
-  <string name="title_add_keys">Gehitu Giltzak</string>
   <string name="title_export_key">Esportatu Giltza</string>
   <string name="title_export_keys">Esportatu Giltzak</string>
   <string name="title_key_not_found">Giltza Ez da Aurkitu</string>
@@ -32,10 +28,8 @@
   <string name="title_key_details">Giltzaren Xehetasunak</string>
   <string name="title_help">Laguntza</string>
   <string name="title_log_display">Oharra</string>
-  <string name="title_create_key">Sortu Giltza</string>
   <string name="title_exchange_keys">Trukatu Giltzak</string>
   <string name="title_advanced_key_info">Giltza Argibide Aurreratuak</string>
-  <string name="title_keys">Giltzak</string>
   <string name="title_export_log">Esportatu Oharra</string>
   <string name="title_manage_my_keys">Kudeatu nire giltzak</string>
   <!--section-->
@@ -44,26 +38,17 @@
   <string name="section_should_you_trust">Fildatu behar zara giltza honetaz?</string>
   <string name="section_keys">Azpigiltzak</string>
   <string name="section_cloud_search">Hodei bilaketa</string>
-  <string name="section_general">Orokorra</string>
-  <string name="section_defaults">Berezkoak</string>
-  <string name="section_advanced">Aurreratua</string>
   <string name="section_passphrase_cache">Sar-esaldi Katxea</string>
   <string name="section_certify">Baieztatu</string>
   <string name="section_actions">Ekintzak</string>
   <string name="section_share_key">Giltza</string>
-  <string name="section_upload_key">Aldiberetu Giltza</string>
   <string name="section_key_server">Giltza-zerbitzaria</string>
-  <string name="section_decrypt_files">Agiriak</string>
-  <string name="section_decrypt_text">Idazkia</string>
-  <string name="section_certs">Egiaztagiriak</string>
   <string name="section_encrypt">Enkriptatu</string>
   <string name="section_decrypt">Dekriptatu</string>
   <string name="section_current_expiry">Oraingo epemuga</string>
   <string name="section_new_expiry">Epemuga berria</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Dekriptatu, egiaztatu eta gorde agiria</string>
-  <string name="btn_decrypt_verify_message">Dekriptatu eta egiaztatu idazkia</string>
-  <string name="btn_encrypt_file">Enkriptatu eta gorde agiria</string>
   <string name="btn_encrypt_share_file">Enkriptatu eta elkarbanatu agiria</string>
   <string name="btn_encrypt_save_file">Enkriptatu eta gorde agiria</string>
   <string name="btn_save">Gorde</string>
@@ -93,15 +78,11 @@
   <string name="menu_export_key">Esportatu agirira</string>
   <string name="menu_delete_key">Ezabatu giltza</string>
   <string name="menu_manage_keys">Kudeatu nire giltzak</string>
-  <string name="menu_import_existing_key">inportatu agiritik</string>
   <string name="menu_search">Bilatu</string>
   <string name="menu_nfc_preferences">NFC ezarpenak</string>
   <string name="menu_beam_preferences">Beam ezarpenak</string>
-  <string name="menu_key_edit_cancel">Ezeztatu</string>
   <string name="menu_encrypt_to">Enkriptatu hona...</string>
   <string name="menu_select_all">Hautatu denak</string>
-  <string name="menu_add_keys">Gehitu giltzak</string>
-  <string name="menu_search_cloud">Bilatu hodeian</string>
   <string name="menu_export_all_keys">Esportatu giltza guztiak</string>
   <string name="menu_advanced">Erakutsi argibide aurreratuak</string>
   <string name="menu_export_log">Esportatu Oharra</string>
diff --git a/OpenKeychain/src/main/res/values-fi/strings.xml b/OpenKeychain/src/main/res/values-fi/strings.xml
index 3a87d53c1..6cbc2b1fc 100644
--- a/OpenKeychain/src/main/res/values-fi/strings.xml
+++ b/OpenKeychain/src/main/res/values-fi/strings.xml
@@ -3,14 +3,11 @@
   <!--GENERAL: Please put all strings inside quotes as described in example 1 on
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <!--title-->
-  <string name="title_select_recipients">Valitse Avaimet</string>
-  <string name="title_select_secret_key">Valitse Oma Avain</string>
   <string name="title_decrypt">Pura Salaus</string>
   <string name="title_unlock">Avaa Avain</string>
   <string name="title_add_subkey">Lisää aliavain</string>
   <string name="title_edit_key">Muokkaa avainta</string>
   <string name="title_preferences">Asetukset</string>
-  <string name="title_cloud_search_preferences">Pilvihaun Asetukset</string>
   <string name="title_api_registered_apps">Sovellukset</string>
   <string name="title_change_passphrase">Vaihda Salasana</string>
   <string name="title_share_fingerprint_with">Jaa sormenjälki...</string>
@@ -19,7 +16,6 @@
   <string name="title_encrypt_to_file">Salaa Tiedostoon</string>
   <string name="title_decrypt_to_file">Pura Tiedostoon</string>
   <string name="title_import_keys">Tuo Avaimia</string>
-  <string name="title_add_keys">Lisää Avaimia</string>
   <string name="title_export_key">Vie Avain</string>
   <string name="title_export_keys">Vie Avaimia</string>
   <string name="title_key_not_found">Avainta Ei Löydy</string>
@@ -27,28 +23,19 @@
   <string name="title_key_details">Avaimen Tiedot</string>
   <string name="title_help">Apua</string>
   <string name="title_log_display">Loki</string>
-  <string name="title_create_key">Luo Avain</string>
   <string name="title_exchange_keys">Vaihda Avaimia</string>
   <string name="title_advanced_key_info">Lisätietoa Avaimesta</string>
   <!--section-->
   <string name="section_user_ids">Identiteetit</string>
   <string name="section_keys">Aliavaimet</string>
   <string name="section_cloud_search">Pilvihaku</string>
-  <string name="section_general">Yleistä</string>
-  <string name="section_defaults">Vakiot</string>
-  <string name="section_advanced">Lisäasetukset</string>
   <string name="section_passphrase_cache">Salasanavälimuisti</string>
   <string name="section_actions">Toiminteet</string>
   <string name="section_share_key">Avain</string>
-  <string name="section_upload_key">Synkronoi Avain</string>
   <string name="section_key_server">Avainpalvelin</string>
   <string name="section_fingerprint">Sormenjälki</string>
-  <string name="section_decrypt_files">Tiedostot</string>
-  <string name="section_decrypt_text">Teksti</string>
-  <string name="section_certs">Varmenteet</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Pura, todenna ja tallenna tiedosto</string>
-  <string name="btn_encrypt_file">Salaa ja tallenna tiedosto</string>
   <string name="btn_encrypt_share_file">Salaa ja jaa tiedosto</string>
   <string name="btn_save">Tallenna</string>
   <string name="btn_do_not_save">Peruuta</string>
@@ -58,7 +45,6 @@
   <string name="btn_export_to_server">Lataa Avainpalvelimelle</string>
   <string name="btn_next">Seuraava</string>
   <string name="btn_back">Takaisin</string>
-  <string name="btn_lookup_key">Etsi avain</string>
   <string name="btn_view_cert_key">Näytä varmennusavain</string>
   <string name="btn_create_key">Luo avain</string>
   <string name="btn_add_files">Lisää tiedosto(ja)</string>
@@ -70,14 +56,10 @@
   <string name="menu_help">Apua</string>
   <string name="menu_export_key">Vie tiedostoon</string>
   <string name="menu_delete_key">Poista avain</string>
-  <string name="menu_import_existing_key">Tuo tiedostosta</string>
   <string name="menu_search">Etsi</string>
   <string name="menu_beam_preferences">Beam asetukset</string>
-  <string name="menu_key_edit_cancel">Peruuta</string>
   <string name="menu_encrypt_to">Salaa...</string>
   <string name="menu_select_all">Valitse kaikki</string>
-  <string name="menu_add_keys">Lisää avaimia</string>
-  <string name="menu_search_cloud">Etsi pilvestä</string>
   <string name="menu_export_all_keys">Vie kaikki avaimet</string>
   <string name="menu_advanced">Näytä lisäinformaatio</string>
   <!--label-->
diff --git a/OpenKeychain/src/main/res/values-fr/strings.xml b/OpenKeychain/src/main/res/values-fr/strings.xml
index f2c249869..f34dd8e46 100644
--- a/OpenKeychain/src/main/res/values-fr/strings.xml
+++ b/OpenKeychain/src/main/res/values-fr/strings.xml
@@ -4,8 +4,6 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Choisir des clefs</string>
-  <string name="title_select_secret_key">Choisir ma clef</string>
   <string name="title_encrypt_text">Chiffrer</string>
   <string name="title_encrypt_files">Chiffrer</string>
   <string name="title_decrypt">Déchiffrer</string>
@@ -13,7 +11,6 @@
   <string name="title_add_subkey">Ajouter une sous-clef</string>
   <string name="title_edit_key">Modifier une clef</string>
   <string name="title_preferences">Paramètres</string>
-  <string name="title_cloud_search_preferences">Préférences de recherche nuagique</string>
   <string name="title_api_registered_apps">Applis</string>
   <string name="title_key_server_preference">Serveurs de clefs</string>
   <string name="title_change_passphrase">Modifier la phrase de passe</string>
@@ -24,7 +21,6 @@
   <string name="title_encrypt_to_file">Chiffrer vers un fichier</string>
   <string name="title_decrypt_to_file">Déchiffrer vers un fichier</string>
   <string name="title_import_keys">importer des clefs</string>
-  <string name="title_add_keys">Ajouter des clefs</string>
   <string name="title_export_key">Exporter la clef</string>
   <string name="title_export_keys">Exporter les clefs</string>
   <string name="title_key_not_found">Clef introuvable</string>
@@ -33,10 +29,8 @@
   <string name="title_key_details">Détails sur la clef</string>
   <string name="title_help">Aide</string>
   <string name="title_log_display">Journal</string>
-  <string name="title_create_key">Créer une clef</string>
   <string name="title_exchange_keys">Échanger des clefs</string>
   <string name="title_advanced_key_info">Infos avancées sur les clefs</string>
-  <string name="title_keys">Clefs</string>
   <string name="title_delete_secret_key">Supprimer VOTRE clef « %s » ?</string>
   <string name="title_export_log">Exporter le journal</string>
   <string name="title_manage_my_keys">Gérer mes clefs</string>
@@ -48,27 +42,18 @@
   <string name="section_cloud_evidence">Preuves provenant du nuage</string>
   <string name="section_keys">Sous-clefs</string>
   <string name="section_cloud_search">Recherche nuagique</string>
-  <string name="section_general">Général</string>
-  <string name="section_defaults">Valeurs par défaut</string>
-  <string name="section_advanced">Avancée</string>
   <string name="section_passphrase_cache">Cache de la phrase de passe</string>
   <string name="section_certify">Confirmer</string>
   <string name="section_actions">Actions</string>
   <string name="section_share_key">Clef</string>
-  <string name="section_upload_key">Synchroniser la clef</string>
   <string name="section_key_server">Serveur de clefs</string>
   <string name="section_fingerprint">Empreinte</string>
-  <string name="section_decrypt_files">Fichiers</string>
-  <string name="section_decrypt_text">Texte</string>
-  <string name="section_certs">Certificats</string>
   <string name="section_encrypt">Chiffrer</string>
   <string name="section_decrypt">Déchiffrer</string>
   <string name="section_current_expiry">Expiration actuelle</string>
   <string name="section_new_expiry">Nouvelle expiration</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Déchiffrer, vérifier et enregistrer le fichier</string>
-  <string name="btn_decrypt_verify_message">Déchiffrer et vérifier le texte</string>
-  <string name="btn_encrypt_file">Chiffrer et enregistrer le fichier</string>
   <string name="btn_encrypt_share_file">Chiffrer et partager le fichier</string>
   <string name="btn_encrypt_save_file">Chiffrer et enregistrer un fichier</string>
   <string name="btn_save">Enregistrer</string>
@@ -81,7 +66,6 @@
   <string name="btn_back">Retour</string>
   <string name="btn_no">Non</string>
   <string name="btn_match">Les empreintes correspondent</string>
-  <string name="btn_lookup_key">Rechercher la clef</string>
   <string name="btn_share_encrypted_signed">Chiffrer et partager du texte</string>
   <string name="btn_copy_encrypted_signed">Chiffrer et copier du texte</string>
   <string name="btn_view_cert_key">Voir la clef de certification</string>
@@ -100,16 +84,13 @@
   <string name="menu_export_key">Exporter vers un fichier</string>
   <string name="menu_delete_key">Supprimer la clef</string>
   <string name="menu_manage_keys">Gérer mes clefs</string>
-  <string name="menu_import_existing_key">Importer d\'un fichier</string>
   <string name="menu_search">Rechercher</string>
   <string name="menu_nfc_preferences">Paramètres NFC</string>
   <string name="menu_beam_preferences">Paramètres Beam</string>
-  <string name="menu_key_edit_cancel">Annuler</string>
   <string name="menu_encrypt_to">Chiffrer vers...</string>
   <string name="menu_select_all">Tout sélectionner</string>
-  <string name="menu_add_keys">Ajouter des clefs</string>
-  <string name="menu_search_cloud">Rechercher dans le nuage</string>
   <string name="menu_export_all_keys">Exporter toutes les clefs</string>
+  <string name="menu_update_all_keys">Mettre toutes les clefs à jour</string>
   <string name="menu_advanced">Afficher les infos avancées</string>
   <string name="menu_certify_fingerprint">Confirmer par une comparaison d\'empreinte</string>
   <string name="menu_export_log">Exporter le journal</string>
@@ -161,6 +142,10 @@
   <string name="label_enable_compression">Activer la compression</string>
   <string name="label_encrypt_filenames">Chiffrer les nom de fichier</string>
   <string name="label_hidden_recipients">Cacher les destinataires</string>
+  <string name="pref_keyserver">Rechercher dans le serveur de clef</string>
+  <string name="pref_keyserver_summary">Rechercher dans le serveur de clef HKP</string>
+  <string name="pref_keybase">Rechercher dans Keybase.io</string>
+  <string name="pref_keybase_summary">Rechercher dans l\'index de Keybase.io</string>
   <string name="user_id_no_name">&lt;aucun nom&gt;</string>
   <string name="none">&lt;aucune&gt;</string>
   <plurals name="n_keys">
@@ -217,9 +202,9 @@
   <string name="encrypt_sign_clipboard_successful">Signé et/ou chiffré vers le presse-papiers avec succès.</string>
   <string name="select_encryption_key">Choisir au moins une clef de chiffrement.</string>
   <string name="select_encryption_or_signature_key">Choisir au moins une clef de chiffrement ou de signature.</string>
-  <string name="specify_file_to_encrypt_to">Veuillez spécifier vers quel fichier chiffrer.\nAVERTISSEMENT ! Le fichier sera écrasé s\'il existe.</string>
-  <string name="specify_file_to_decrypt_to">Veuillez spécifier vers quel fichier déchiffrer.\nAVERTISSEMENT : le fichier sera écrasé s\'il existe.</string>
-  <string name="specify_file_to_export_to">Veuillez spécifier vers quel fichier exporter.\nAVERTISSEMENT ! Le fichier sera écrasé s\'il existe.</string>
+  <string name="specify_file_to_encrypt_to">Veuillez spécifier vers quel fichier chiffrer.\nAVERTISSEMENT : le fichier sera écrasé s\'il existe !</string>
+  <string name="specify_file_to_decrypt_to">Veuillez spécifier vers quel fichier déchiffrer.\nAVERTISSEMENT : le fichier sera écrasé s\'il existe !</string>
+  <string name="specify_file_to_export_to">Veuillez spécifier vers quel fichier exporter.\nAVERTISSEMENT : le fichier sera écrasé s\'il existe !</string>
   <string name="key_deletion_confirmation_multi">Voulez-vous vraiment supprimer toutes les clefs sélectionnées ?</string>
   <string name="secret_key_deletion_confirmation">Après suppression vous ne pourrez plus lire les messages chiffrés avec cette clef et vous perdrez toutes les confirmations de clefs faites avec elle !</string>
   <string name="public_key_deletetion_confirmation">Supprimer la clef \'%s\' ?</string>
@@ -289,6 +274,7 @@
   <string name="progress_cancelling">annulation...</string>
   <string name="progress_saving">sauvegarde...</string>
   <string name="progress_importing">importation...</string>
+  <string name="progress_updating">Mise à jour des clefs...</string>
   <string name="progress_exporting">exportation...</string>
   <string name="progress_uploading">téléversement...</string>
   <string name="progress_building_key">assemblage de la clef...</string>
@@ -589,6 +575,7 @@
   <string name="create_key_edit">Changer la configuration de la clef</string>
   <string name="create_key_add_email">Ajouter une adresse courriel</string>
   <string name="create_key_add_email_text">Des adresses courriel supplémentaires sont aussi associées à cette clef et peuvent être utilisées pour des communications sécurisées.</string>
+  <string name="create_key_email_already_exists_text">Le courriel a déjà été ajouté</string>
   <!--View key-->
   <string name="view_key_revoked">Révoquée : la clef ne doit plus être utilisée !</string>
   <string name="view_key_expired">Expirée : le contact doit prolonger la validité de la clef !</string>
@@ -1111,7 +1098,7 @@
   <string name="passp_cache_notif_pwd">Phrase de passe</string>
   <!--First Time-->
   <string name="first_time_text1">Reprenez le contrôle de votre vie privée avec OpenKeychain |</string>
-  <string name="first_time_create_key">Créer ma clef (recommandé)</string>
+  <string name="first_time_create_key">Créer ma clef</string>
   <string name="first_time_import_key">Importer la clef d\'un fichier</string>
   <string name="first_time_yubikey">Utiliser YubiKey NEO</string>
   <string name="first_time_skip">Ignorer le paramétrage</string>
diff --git a/OpenKeychain/src/main/res/values-it/strings.xml b/OpenKeychain/src/main/res/values-it/strings.xml
index 4d0e4d6cb..6db044b49 100644
--- a/OpenKeychain/src/main/res/values-it/strings.xml
+++ b/OpenKeychain/src/main/res/values-it/strings.xml
@@ -4,12 +4,9 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Seleziona chiavi</string>
-  <string name="title_select_secret_key">Seleziona la tua chiave</string>
   <string name="title_decrypt">Decodifica</string>
   <string name="title_add_subkey">Aggiungi Sottochiave</string>
   <string name="title_edit_key">Modifica Chiave</string>
-  <string name="title_cloud_search_preferences">Preferenze di ricerca</string>
   <string name="title_api_registered_apps">Apps</string>
   <string name="title_change_passphrase">Cambia Frase Di Accesso</string>
   <string name="title_share_fingerprint_with">Condivi impronta con...</string>
@@ -18,7 +15,6 @@
   <string name="title_encrypt_to_file">Codifica File</string>
   <string name="title_decrypt_to_file">Decodifica File</string>
   <string name="title_import_keys">Importa Chiavi</string>
-  <string name="title_add_keys">Aggiungi Chiavi</string>
   <string name="title_export_key">Esporta Chiave</string>
   <string name="title_export_keys">Esporta Chiavi</string>
   <string name="title_key_not_found">Chiave Non Trovata</string>
@@ -26,28 +22,19 @@
   <string name="title_key_details">Dettagli Chiave</string>
   <string name="title_help">Aiuto</string>
   <string name="title_log_display">Registro</string>
-  <string name="title_create_key">Crea Chiave</string>
   <string name="title_exchange_keys">Scambia le chiavi</string>
   <string name="title_advanced_key_info">Informazioni avanzate sulla chiave</string>
   <!--section-->
   <string name="section_user_ids">Identità</string>
   <string name="section_keys">Sottochiavi</string>
   <string name="section_cloud_search">Ricerca</string>
-  <string name="section_general">Generale</string>
-  <string name="section_defaults">Predefiniti</string>
-  <string name="section_advanced">Avanzato</string>
   <string name="section_passphrase_cache">Cache Frase di Accesso</string>
   <string name="section_actions">Azioni</string>
   <string name="section_share_key">Chiave</string>
-  <string name="section_upload_key">Sincronizza Chiave</string>
   <string name="section_key_server">Server delle Chiavi</string>
   <string name="section_fingerprint">Impronta</string>
-  <string name="section_decrypt_files">Files</string>
-  <string name="section_decrypt_text">Testo</string>
-  <string name="section_certs">Certificati</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Decodifica, verifica e salva su file</string>
-  <string name="btn_encrypt_file">Codifica e salva file</string>
   <string name="btn_encrypt_share_file">Codifica e condividi file</string>
   <string name="btn_save">Salva</string>
   <string name="btn_do_not_save">Annulla</string>
@@ -57,7 +44,6 @@
   <string name="btn_export_to_server">Carica sul Server delle Chiavi</string>
   <string name="btn_next">Prossimo</string>
   <string name="btn_back">Precedente</string>
-  <string name="btn_lookup_key">Chiave di ricerca</string>
   <string name="btn_view_cert_key">Mostra chiave di certificazione</string>
   <string name="btn_create_key">Crea chiave</string>
   <string name="btn_add_files">Aggiungi file(s)</string>
@@ -69,13 +55,10 @@
   <string name="menu_help">Aiuto</string>
   <string name="menu_export_key">Esporta su un file</string>
   <string name="menu_delete_key">Cancella chiave</string>
-  <string name="menu_import_existing_key">Importa da file</string>
   <string name="menu_search">Cerca</string>
   <string name="menu_beam_preferences">Impostazioni Beam</string>
-  <string name="menu_key_edit_cancel">Annulla</string>
   <string name="menu_encrypt_to">Codifica su...</string>
   <string name="menu_select_all">Seleziona tutto</string>
-  <string name="menu_add_keys">Aggiungi chiavi</string>
   <string name="menu_export_all_keys">Esporta tutte le chiavi</string>
   <string name="menu_advanced">Mostra informazioni avanzate</string>
   <!--label-->
@@ -167,12 +150,6 @@
   <string name="encrypt_sign_clipboard_successful">Firmato e/o codificato con successo negli appunti.</string>
   <string name="select_encryption_key">Seleziona almeno una chiave di codifica.</string>
   <string name="select_encryption_or_signature_key">Seleziona almeno una chiave di codifica o di firma.</string>
-  <string name="specify_file_to_encrypt_to">Perfavore specifica il file da codificare.
-ATTENZIONE: Il file sara\' sovrascritto se esistente.</string>
-  <string name="specify_file_to_decrypt_to">Perfavore specifica il file da decodificare.
-ATTENZIONE: Il file sara\' sovrascritto se esistente.</string>
-  <string name="specify_file_to_export_to">Perfavore specifica il file da esportare.
-ATTENZIONE: Il file sara\' sovrascritto se esistente.</string>
   <string name="also_export_secret_keys">Esporta anche chiave segreta</string>
   <string name="reinstall_openkeychain">Hai riscontrato un bug noto con Android. Si prega di reinstallare OpenKeychain se vuoi collegare i tuoi contatti con le chiavi.</string>
   <string name="key_exported">1 chiave esportata correttamente.</string>
diff --git a/OpenKeychain/src/main/res/values-ja/strings.xml b/OpenKeychain/src/main/res/values-ja/strings.xml
index d77ae0cf6..13647a1bb 100644
--- a/OpenKeychain/src/main/res/values-ja/strings.xml
+++ b/OpenKeychain/src/main/res/values-ja/strings.xml
@@ -4,8 +4,6 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">鍵を選択</string>
-  <string name="title_select_secret_key">あなたの鍵を選択</string>
   <string name="title_encrypt_text">暗号化</string>
   <string name="title_encrypt_files">暗号化</string>
   <string name="title_decrypt">復号化</string>
@@ -13,7 +11,6 @@
   <string name="title_add_subkey">副鍵の追加</string>
   <string name="title_edit_key">鍵の編集</string>
   <string name="title_preferences">設定</string>
-  <string name="title_cloud_search_preferences">クラウド検索設定</string>
   <string name="title_api_registered_apps">アプリ</string>
   <string name="title_key_server_preference">鍵サーバ</string>
   <string name="title_change_passphrase">パスフレーズの変更</string>
@@ -24,7 +21,6 @@
   <string name="title_encrypt_to_file">暗号化してファイルに</string>
   <string name="title_decrypt_to_file">復号化してファイルに</string>
   <string name="title_import_keys">鍵のインポート</string>
-  <string name="title_add_keys">鍵の追加</string>
   <string name="title_export_key">鍵のエクスポート</string>
   <string name="title_export_keys">複数鍵のエクスポート</string>
   <string name="title_key_not_found">鍵が見当りません</string>
@@ -33,10 +29,8 @@
   <string name="title_key_details">鍵の概要</string>
   <string name="title_help">ヘルプ</string>
   <string name="title_log_display">ログ</string>
-  <string name="title_create_key">鍵の生成</string>
   <string name="title_exchange_keys">鍵の交換</string>
   <string name="title_advanced_key_info">鍵の詳細情報</string>
-  <string name="title_keys">鍵</string>
   <string name="title_delete_secret_key">あなたの鍵 \'%s\' を削除しますか?</string>
   <string name="title_export_log">エクスポートログ</string>
   <string name="title_manage_my_keys">自分の鍵の管理</string>
@@ -48,27 +42,18 @@
   <string name="section_cloud_evidence">クラウドからの証明</string>
   <string name="section_keys">副鍵</string>
   <string name="section_cloud_search">クラウド検索</string>
-  <string name="section_general">一般</string>
-  <string name="section_defaults">デフォルト</string>
-  <string name="section_advanced">拡張</string>
   <string name="section_passphrase_cache">パスフレーズキャッシュ</string>
   <string name="section_certify">確認</string>
   <string name="section_actions">アクション</string>
   <string name="section_share_key">鍵</string>
-  <string name="section_upload_key">鍵の同期</string>
   <string name="section_key_server">鍵サーバ</string>
   <string name="section_fingerprint">指紋</string>
-  <string name="section_decrypt_files">ファイル</string>
-  <string name="section_decrypt_text">テキスト</string>
-  <string name="section_certs">証明</string>
   <string name="section_encrypt">暗号化</string>
   <string name="section_decrypt">復号化</string>
   <string name="section_current_expiry">現在の期限</string>
   <string name="section_new_expiry">新しい期限</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">復号化と検証、そしてファイルの保存</string>
-  <string name="btn_decrypt_verify_message">テキストの復号化と検証</string>
-  <string name="btn_encrypt_file">暗号化してファイルを保存</string>
   <string name="btn_encrypt_share_file">暗号化してファイルを共有</string>
   <string name="btn_encrypt_save_file">暗号化してファイルを保存</string>
   <string name="btn_save">保存</string>
@@ -81,7 +66,6 @@
   <string name="btn_back">戻る</string>
   <string name="btn_no">なし</string>
   <string name="btn_match">指紋一致</string>
-  <string name="btn_lookup_key">鍵検出</string>
   <string name="btn_share_encrypted_signed">暗号化してテキストを共有</string>
   <string name="btn_copy_encrypted_signed">暗号化してテキストをコピー</string>
   <string name="btn_view_cert_key">検証した鍵を見る</string>
@@ -100,16 +84,13 @@
   <string name="menu_export_key">ファイルへのエクスポート</string>
   <string name="menu_delete_key">鍵の削除</string>
   <string name="menu_manage_keys">自分の鍵の管理</string>
-  <string name="menu_import_existing_key">ファイルからインポート</string>
   <string name="menu_search">検索</string>
   <string name="menu_nfc_preferences">NFC設定</string>
   <string name="menu_beam_preferences">Beamの設定</string>
-  <string name="menu_key_edit_cancel">キャンセル</string>
   <string name="menu_encrypt_to">暗号化...</string>
   <string name="menu_select_all">すべて選択</string>
-  <string name="menu_add_keys">鍵の追加</string>
-  <string name="menu_search_cloud">クラウドを検索</string>
   <string name="menu_export_all_keys">すべての鍵のエクスポート</string>
+  <string name="menu_update_all_keys">全部のキーをアップデートする</string>
   <string name="menu_advanced">詳細情報を表示</string>
   <string name="menu_certify_fingerprint">指紋比較による確認</string>
   <string name="menu_export_log">エクスポートログ</string>
@@ -161,6 +142,10 @@
   <string name="label_enable_compression">圧縮を有効</string>
   <string name="label_encrypt_filenames">暗号化するファイル名</string>
   <string name="label_hidden_recipients">受信者を隠す</string>
+  <string name="pref_keyserver">キーサーバーで探す</string>
+  <string name="pref_keyserver_summary">HKPキーサーバーで探す</string>
+  <string name="pref_keybase">Keybase.ioで探す</string>
+  <string name="pref_keybase_summary">Keybase.ioのインデックスで探す</string>
   <string name="user_id_no_name">&lt;名前なし&gt;</string>
   <string name="none">&lt;無し&gt;</string>
   <plurals name="n_keys">
@@ -215,12 +200,9 @@
   <string name="encrypt_sign_clipboard_successful">クリップボードの中身の署名/暗号化に成功しました。</string>
   <string name="select_encryption_key">少なくとも1つの暗号化鍵を選択して下さい。</string>
   <string name="select_encryption_or_signature_key">少なくとも1つの暗号化鍵か署名鍵を選択して下さい。</string>
-  <string name="specify_file_to_encrypt_to">どのファイルを暗号化するか決めてください。
-注意: 既存のファイルがあると上書きされます。</string>
-  <string name="specify_file_to_decrypt_to">どのファイルを復号化するか決めてください。
-注意: 既存のファイルがあると上書きされます。</string>
-  <string name="specify_file_to_export_to">どのファイルをエクスポートするか決めてください。
-注意: 既存のファイルがあると上書きされます。</string>
+  <string name="specify_file_to_encrypt_to">どれのファイルを暗号化するのを入力してください。\n注意：ファイルが存在しているなら上書きされる！</string>
+  <string name="specify_file_to_decrypt_to">どれのファイルを暗号するのを入力してください。\n注意：ファイルが存在しているなら上書きされる！</string>
+  <string name="specify_file_to_export_to">どれのファイルを復号化するのを入力してください。\n注意：ファイルが存在しているなら上書きされる！</string>
   <string name="key_deletion_confirmation_multi">選択したすべての鍵を本当に削除してよいですか?</string>
   <string name="secret_key_deletion_confirmation">削除後はこの鍵で暗号化されたメッセージが読めなくなります、またその鍵で行われたすべての鍵確認を失います!</string>
   <string name="public_key_deletetion_confirmation">鍵 \'%s\' を削除しますか?</string>
@@ -294,6 +276,7 @@
   <string name="progress_cancelling">キャンセル中...</string>
   <string name="progress_saving">保存...</string>
   <string name="progress_importing">インポート...</string>
+  <string name="progress_updating">キーをアップデート中。。。</string>
   <string name="progress_exporting">エクスポート...</string>
   <string name="progress_uploading">アップロード中...</string>
   <string name="progress_building_key">鍵の構築中...</string>
@@ -512,12 +495,16 @@
   <string name="key_trust_maybe">この鍵はすでに破棄されたか期限切れです。\n確認済みではなく、しかしあなたは信頼すると選択することもできます。</string>
   <string name="key_trust_revoked">このIDは鍵の所有者により破棄されています。信頼することはできません。</string>
   <string name="key_trust_expired">この鍵は期限切れです。信頼することができません。</string>
+  <string name="key_trust_old_keys">このキーの有効な日付の時で書いてあるメッセージを復号化 するのは恐らく大丈夫です。</string>
   <string name="key_trust_no_cloud_evidence">この鍵の信頼性についてのクラウドでの検証がありません。</string>
   <string name="key_trust_start_cloud_search">検索開始</string>
+  <string name="key_trust_results_prefix">Keybase.ioはこのキーのオーナーだと言う証拠を提供している：</string>
+  <string name="key_trust_header_text">注意：Keybase.ioのオーナー証拠は実験的な機会です。キーを確認することに加えて、QRコードや、NFCでキーを交換するのもお勧めする。</string>
   <!--keybase proof stuff-->
   <string name="keybase_narrative_twitter">Twitterへ以下のIDで投稿</string>
   <string name="keybase_narrative_github">Githubでは以下のIDで知られています</string>
   <string name="keybase_narrative_dns">制御下にあるドメイン名(たち)</string>
+  <string name="keybase_narrative_web_site">サイトに投稿できる</string>
   <string name="keybase_narrative_reddit">Redditへ以下のIDで投稿</string>
   <string name="keybase_narrative_coinbase">Coinbaseでは以下で知られています</string>
   <string name="keybase_narrative_hackernews">Hacker Newsへ以下のIDで投稿</string>
@@ -580,6 +567,7 @@
   <string name="create_key_edit">鍵の設定変更</string>
   <string name="create_key_add_email">Eメールアドレスの追加</string>
   <string name="create_key_add_email_text">追加のEメールアドレスがこの鍵に紐付きそしてセキュアな通信に使うことができます。</string>
+  <string name="create_key_email_already_exists_text">メールはすでに追加している</string>
   <!--View key-->
   <string name="view_key_revoked">破棄: 鍵はもう使われません!</string>
   <string name="view_key_expired">期限切れ: この連絡先は鍵の妥当性を拡張する必要があります!</string>
@@ -1081,7 +1069,7 @@
   <string name="passp_cache_notif_pwd">パスフレーズ</string>
   <!--First Time-->
   <string name="first_time_text1">OpenKeychainであなたのプライバシーを取り戻しましょう!</string>
-  <string name="first_time_create_key">自分の鍵の生成(推奨)</string>
+  <string name="first_time_create_key">自分のキーを作る</string>
   <string name="first_time_import_key">ファイルから鍵をインポート</string>
   <string name="first_time_yubikey">YubiKey NEOを使用する</string>
   <string name="first_time_skip">セットアップをスキップ</string>
diff --git a/OpenKeychain/src/main/res/values-nl/strings.xml b/OpenKeychain/src/main/res/values-nl/strings.xml
index 04c6f10f4..74e2c7117 100644
--- a/OpenKeychain/src/main/res/values-nl/strings.xml
+++ b/OpenKeychain/src/main/res/values-nl/strings.xml
@@ -4,8 +4,6 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Selecteer sleutels</string>
-  <string name="title_select_secret_key">Selecteer je sleutel</string>
   <string name="title_encrypt_text">Versleutelen</string>
   <string name="title_encrypt_files">Versleutelen</string>
   <string name="title_decrypt">Ontsleutelen</string>
@@ -13,7 +11,6 @@
   <string name="title_add_subkey">Voeg subsleutel toe</string>
   <string name="title_edit_key">Sleutel bewerken</string>
   <string name="title_preferences">Instellingen</string>
-  <string name="title_cloud_search_preferences">Cloud-zoekvoorkeuren</string>
   <string name="title_api_registered_apps">Apps</string>
   <string name="title_key_server_preference">Sleutelservers</string>
   <string name="title_change_passphrase">Wachtwoord wijzigen</string>
@@ -24,7 +21,6 @@
   <string name="title_encrypt_to_file">Versleutelen naar bestand</string>
   <string name="title_decrypt_to_file">Ontsleutelen naar bestand</string>
   <string name="title_import_keys">Sleutels importeren</string>
-  <string name="title_add_keys">Voeg sleutels toe</string>
   <string name="title_export_key">Sleutels exporteren</string>
   <string name="title_export_keys">Sleutels exporteren</string>
   <string name="title_key_not_found">Sleutel niet gevonden</string>
@@ -33,10 +29,8 @@
   <string name="title_key_details">Sleutel Details</string>
   <string name="title_help">Help</string>
   <string name="title_log_display">Log</string>
-  <string name="title_create_key">Sleutel aanmaken</string>
   <string name="title_exchange_keys">Sleutels uitwisselen</string>
   <string name="title_advanced_key_info">Geavanceerde sleutelinfo</string>
-  <string name="title_keys">Sleutels</string>
   <string name="title_delete_secret_key">JOUW sleutel \'%s\' verwijderen?</string>
   <string name="title_export_log">Log exporteren</string>
   <string name="title_manage_my_keys">Beheer mijn sleutels</string>
@@ -48,27 +42,18 @@
   <string name="section_cloud_evidence">Bewijzen van de cloud</string>
   <string name="section_keys">Subsleutels</string>
   <string name="section_cloud_search">Cloud zoeken</string>
-  <string name="section_general">Algemeen</string>
-  <string name="section_defaults">Standaard</string>
-  <string name="section_advanced">Geavanceerd</string>
   <string name="section_passphrase_cache">Wachtwoordcache</string>
   <string name="section_certify">Bevestigen</string>
   <string name="section_actions">Acties</string>
   <string name="section_share_key">Sleutel</string>
-  <string name="section_upload_key">Synchroniseer sleutel</string>
   <string name="section_key_server">Sleutelserver</string>
   <string name="section_fingerprint">Vingerafdruk</string>
-  <string name="section_decrypt_files">Bestanden</string>
-  <string name="section_decrypt_text">Tekst</string>
-  <string name="section_certs">Certificaten</string>
   <string name="section_encrypt">Versleutelen</string>
   <string name="section_decrypt">Ontsleutelen</string>
   <string name="section_current_expiry">Huidige verloopdatum</string>
   <string name="section_new_expiry">Nieuwe verloopdatum</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Decodeer, verifiëer en sla bestand op</string>
-  <string name="btn_decrypt_verify_message">Tekst ontsleutelen en verifiëren</string>
-  <string name="btn_encrypt_file">Codeer en sla bestanden op</string>
   <string name="btn_encrypt_share_file">Bestand versleutelen en delen</string>
   <string name="btn_encrypt_save_file">Bestand versleutelen en opslaan</string>
   <string name="btn_save">Opslaan</string>
@@ -81,7 +66,6 @@
   <string name="btn_back">Terug</string>
   <string name="btn_no">Nee</string>
   <string name="btn_match">Vingerafdrukken komen overeen</string>
-  <string name="btn_lookup_key">Opzoeksleutel</string>
   <string name="btn_share_encrypted_signed">Tekst versleutelen en opslaan</string>
   <string name="btn_copy_encrypted_signed">Tekst versleutelen en kopiëren</string>
   <string name="btn_view_cert_key">Toon certificatiesleutel</string>
@@ -100,16 +84,13 @@
   <string name="menu_export_key">Exporteren naar bestand</string>
   <string name="menu_delete_key">Sleutel verwijderen</string>
   <string name="menu_manage_keys">Beheer mijn sleutels</string>
-  <string name="menu_import_existing_key">Importeren van bestand</string>
   <string name="menu_search">Zoeken</string>
   <string name="menu_nfc_preferences">NFC-instellingen</string>
   <string name="menu_beam_preferences">Beam-instellingen</string>
-  <string name="menu_key_edit_cancel">Annuleren</string>
   <string name="menu_encrypt_to">Versleutelen naar…</string>
   <string name="menu_select_all">Alles selecteren</string>
-  <string name="menu_add_keys">Sleutels toevoegen</string>
-  <string name="menu_search_cloud">Zoeken</string>
   <string name="menu_export_all_keys">Alle sleutels exporteren</string>
+  <string name="menu_update_all_keys">Alle sleutels bijwerken</string>
   <string name="menu_advanced">Geavanceerde info tonen</string>
   <string name="menu_certify_fingerprint">Bevestigen door vingerafdrukken te vergelijken</string>
   <string name="menu_export_log">Log exporteren</string>
@@ -161,6 +142,10 @@
   <string name="label_enable_compression">Compressie aanzetten</string>
   <string name="label_encrypt_filenames">Versleutel bestandsnamen</string>
   <string name="label_hidden_recipients">Verberg ontvangers</string>
+  <string name="pref_keyserver">Zoeken op sleutelserver</string>
+  <string name="pref_keyserver_summary">Zoeken op HKP sleutelserver</string>
+  <string name="pref_keybase">Zoeken op Keybase.io</string>
+  <string name="pref_keybase_summary">Zoeken in Keybase.io-index</string>
   <string name="user_id_no_name">&lt;no naam&gt;</string>
   <string name="none">&lt;geen&gt;</string>
   <plurals name="n_keys">
@@ -217,9 +202,9 @@
   <string name="encrypt_sign_clipboard_successful">Succesvol gesigneerd en/of gecodeerd naar klembord.</string>
   <string name="select_encryption_key">Selecteer ten minste één versleutelingssleutel.</string>
   <string name="select_encryption_or_signature_key">Selecter ten minste één versleutelings-/ondertekeningssleutel.</string>
-  <string name="specify_file_to_encrypt_to">Gelieve aan te geven naar welk bestand versleuteld moet worden.\nWAARSCHUWING: Als het bestand al bestaat, zal het overschreven worden.</string>
-  <string name="specify_file_to_decrypt_to">Gelieve aan te geven naar welk bestand ontcijferd moet worden.\nWAARSCHUWING: Als het bestand al bestaat, zal het overschreven worden.</string>
-  <string name="specify_file_to_export_to">Gelieve aan te geven naar welk bestand geëxporteerd moet worden.\nWAARSCHUWING: Als het bestand al bestaat, zal het overschreven worden.</string>
+  <string name="specify_file_to_encrypt_to">Gelieve aan te geven naar welk bestand versleuteld moet worden.\nWAARSCHUWING: Als het bestand al bestaat, zal het overschreven worden!</string>
+  <string name="specify_file_to_decrypt_to">Gelieve aan te geven naar welk bestand ontcijferd moet worden.\nWAARSCHUWING: Als het bestand al bestaat, zal het overschreven worden!</string>
+  <string name="specify_file_to_export_to">Gelieve aan te geven naar welk bestand geëxporteerd moet worden.\nWAARSCHUWING: Als het bestand al bestaat, zal het overschreven worden!</string>
   <string name="key_deletion_confirmation_multi">Ben je zeker dat je alle geselecteerde sleutels wil verwijderen?</string>
   <string name="secret_key_deletion_confirmation">Na verwijderen zal je niet langer berichten versleuteld met deze sleutel kunnen lezen, en alle sleutelbevestigingen die ermee gedaan zijn verliezen!</string>
   <string name="public_key_deletetion_confirmation">Sleutel \'%s\' verwijderen?</string>
@@ -289,6 +274,7 @@
   <string name="progress_cancelling">bezig met annuleren…</string>
   <string name="progress_saving">opslaan…</string>
   <string name="progress_importing">importeren…</string>
+  <string name="progress_updating">Bezig met bijwerken van sleutels…</string>
   <string name="progress_exporting">exporteren…</string>
   <string name="progress_uploading">bezig met uploaden…</string>
   <string name="progress_building_key">sleutel maken…</string>
@@ -589,6 +575,7 @@
   <string name="create_key_edit">Sleutelconfiguratie wijzigen</string>
   <string name="create_key_add_email">E-mailadres toevoegen</string>
   <string name="create_key_add_email_text">Bijkomstige e-mailadressen zijn ook verbonden met deze sleutel en kunnen gebruikt worden voor veilige communicatie.</string>
+  <string name="create_key_email_already_exists_text">E-mail is al toegevoegd</string>
   <!--View key-->
   <string name="view_key_revoked">Ingetrokken: sleutel mag niet meer gebruikt worden!</string>
   <string name="view_key_expired">Verlopen: het contact moet de geldigheid van de sleutel verlengen!</string>
@@ -1111,7 +1098,7 @@
   <string name="passp_cache_notif_pwd">Wachtwoord</string>
   <!--First Time-->
   <string name="first_time_text1">Neem je privacy terug met OpenKeychain!</string>
-  <string name="first_time_create_key">Maak mijn sleutel aan (aanbevolen)</string>
+  <string name="first_time_create_key">Mijn sleutel aanmaken</string>
   <string name="first_time_import_key">Sleutel importeren uit bestand</string>
   <string name="first_time_yubikey">Gebruik YubiKey NEO</string>
   <string name="first_time_skip">Setup overslaan</string>
diff --git a/OpenKeychain/src/main/res/values-pl/strings.xml b/OpenKeychain/src/main/res/values-pl/strings.xml
index cbaca4aa1..b0cf1abaa 100644
--- a/OpenKeychain/src/main/res/values-pl/strings.xml
+++ b/OpenKeychain/src/main/res/values-pl/strings.xml
@@ -4,14 +4,11 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Wybierz klucze</string>
-  <string name="title_select_secret_key">Wybierz swój klucz</string>
   <string name="title_decrypt">Odszyfruj</string>
   <string name="title_unlock">Odblokuj klucz</string>
   <string name="title_add_subkey">Dodaj pod-klucz</string>
   <string name="title_edit_key">Edytuj klucz</string>
   <string name="title_preferences">Ustawienia</string>
-  <string name="title_cloud_search_preferences">Właściwości Szukania w Chmurze</string>
   <string name="title_api_registered_apps">Aplikacje</string>
   <string name="title_key_server_preference">Serwery kluczy</string>
   <string name="title_change_passphrase">Zmień hasło</string>
@@ -21,7 +18,6 @@
   <string name="title_encrypt_to_file">Zaszyfruj do pliku</string>
   <string name="title_decrypt_to_file">Odszyfruj do pliku</string>
   <string name="title_import_keys">Importuj klucze</string>
-  <string name="title_add_keys">Dodaj klucze</string>
   <string name="title_export_key">Eksportuj klucz</string>
   <string name="title_export_keys">Eksportuj klucze</string>
   <string name="title_key_not_found">Nie znaleziono klucza</string>
@@ -29,31 +25,21 @@
   <string name="title_key_details">Szczegóły klucza</string>
   <string name="title_help">Pomoc</string>
   <string name="title_log_display">Logi</string>
-  <string name="title_create_key">Utwórz klucz</string>
   <string name="title_exchange_keys">Wymień się kluczami</string>
   <string name="title_advanced_key_info">Zaawansowane informacje o kluczu</string>
-  <string name="title_keys">Klucze</string>
   <!--section-->
   <string name="section_user_ids">Tożsamości</string>
   <string name="section_keys">Pod-klucze</string>
   <string name="section_cloud_search">Szukanie w Chmurze</string>
-  <string name="section_general">Ogólne</string>
-  <string name="section_defaults">Domyślne</string>
-  <string name="section_advanced">Zaawansowane</string>
   <string name="section_passphrase_cache">Pamięć cache hasła</string>
   <string name="section_actions">Działania</string>
   <string name="section_share_key">Klucz</string>
-  <string name="section_upload_key">Synchronizuj Klucz</string>
   <string name="section_key_server">Serwer kluczy</string>
   <string name="section_fingerprint">Odcisk klucza</string>
-  <string name="section_decrypt_files">Pliki</string>
-  <string name="section_decrypt_text">Tekst</string>
-  <string name="section_certs">Certyfikaty</string>
   <string name="section_encrypt">Zaszyfruj</string>
   <string name="section_decrypt">Odszyfruj</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Odszyfruj, weryfikuj i zapisz plik</string>
-  <string name="btn_encrypt_file">Szyfruj i zapisz plik</string>
   <string name="btn_encrypt_share_file">Szyfruj i podziel się plikiem</string>
   <string name="btn_save">Zapisz</string>
   <string name="btn_do_not_save">Anuluj</string>
@@ -63,7 +49,6 @@
   <string name="btn_export_to_server">Wyślij do serwera kluczy</string>
   <string name="btn_next">Dalej</string>
   <string name="btn_back">Wstecz</string>
-  <string name="btn_lookup_key">Sprawdź klucz</string>
   <string name="btn_view_cert_key">Wyświetl klucz certyfikacji</string>
   <string name="btn_create_key">Utwórz klucz</string>
   <string name="btn_add_files">Dodaj plik(i)</string>
@@ -78,13 +63,10 @@
   <string name="menu_help">Pomoc</string>
   <string name="menu_export_key">Eksportuj do pliku</string>
   <string name="menu_delete_key">Usuń klucz</string>
-  <string name="menu_import_existing_key">Importuj z pliku</string>
   <string name="menu_search">Szukaj</string>
   <string name="menu_beam_preferences">Ustawienia Beam</string>
-  <string name="menu_key_edit_cancel">Anuluj</string>
   <string name="menu_encrypt_to">Zaszyfruj do...</string>
   <string name="menu_select_all">Wybierz wszystko</string>
-  <string name="menu_add_keys">Dodaj klucze</string>
   <string name="menu_export_all_keys">Eksportuj wszystkie klucze</string>
   <string name="menu_advanced">Pokaż zaawansowane informacje</string>
   <!--label-->
@@ -182,9 +164,6 @@
   <string name="encrypt_sign_clipboard_successful">Pomyslnie podpisano i/lub zaszyfrowano do schowka.</string>
   <string name="select_encryption_key">Wybierz co najmniej jeden klucz szyfrujący.</string>
   <string name="select_encryption_or_signature_key">Wybierz co najmniej jeden klucz szyfrujący lub klucz podpisujący.</string>
-  <string name="specify_file_to_encrypt_to">Wskaż, do którego pliku zapisać zaszyfrowane dane.\nOSTRZEŻENIE: Plik zostanie nadpisany, jeżeli istnieje.</string>
-  <string name="specify_file_to_decrypt_to">Wskaż, do którego pliku zapisać odszyfrowane dane.\nOSTRZEŻENIE: Plik zostanie nadpisany, jeżeli istnieje.</string>
-  <string name="specify_file_to_export_to">Wskaż, do którego pliku wyeksportować dane.\nOSTRZEŻENIE: Plik zostanie nadpisany, jeżeli istnieje.</string>
   <string name="also_export_secret_keys">Także eksportuj tajne klucze</string>
   <string name="reinstall_openkeychain">Napotkałeś się na znany błąd w Androidzie. Proszę ponownie zainstalować OpenKeychain jeśli chcesz połączyć kontakty z kluczami.</string>
   <string name="key_exported">Pomyślnie wyeksportowano 1 klucz.</string>
diff --git a/OpenKeychain/src/main/res/values-ru/strings.xml b/OpenKeychain/src/main/res/values-ru/strings.xml
index 0724ced26..2dd1821ee 100644
--- a/OpenKeychain/src/main/res/values-ru/strings.xml
+++ b/OpenKeychain/src/main/res/values-ru/strings.xml
@@ -4,16 +4,13 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Выберите ключи</string>
-  <string name="title_select_secret_key">Выберите Ваш ключ</string>
   <string name="title_encrypt_text">Зашифровать текст</string>
   <string name="title_encrypt_files">Зашифровать файлы</string>
   <string name="title_decrypt">Расшифровать</string>
   <string name="title_unlock">Разблокировать ключ</string>
-  <string name="title_add_subkey">Добавить доп. ключ</string>
+  <string name="title_add_subkey">Добавить подключ</string>
   <string name="title_edit_key">Изменить ключ</string>
   <string name="title_preferences">Настройки</string>
-  <string name="title_cloud_search_preferences">Настройки облачного поиска</string>
   <string name="title_api_registered_apps">Приложения</string>
   <string name="title_key_server_preference">Серверы ключей</string>
   <string name="title_change_passphrase">Изменить пароль</string>
@@ -24,7 +21,6 @@
   <string name="title_encrypt_to_file">Зашифровать в файл</string>
   <string name="title_decrypt_to_file">Расшифровать в файл</string>
   <string name="title_import_keys">Импорт ключей</string>
-  <string name="title_add_keys">Добавить ключи</string>
   <string name="title_export_key">Экспортировать ключ</string>
   <string name="title_export_keys">Экспорт ключей</string>
   <string name="title_key_not_found">Ключ не найден</string>
@@ -33,10 +29,8 @@
   <string name="title_key_details">Сведения о ключе</string>
   <string name="title_help">Помощь</string>
   <string name="title_log_display">Журнал</string>
-  <string name="title_create_key">Создать ключ</string>
   <string name="title_exchange_keys">Обмен ключами</string>
   <string name="title_advanced_key_info">Детальная информация о ключе</string>
-  <string name="title_keys">Ключи</string>
   <string name="title_delete_secret_key">Удалить ВАШ ключ \'%s\'?</string>
   <!--section-->
   <string name="section_user_ids">Идентификаторы</string>
@@ -46,26 +40,17 @@
   <string name="section_cloud_evidence">Подтвердить из облака</string>
   <string name="section_keys">Доп. ключи</string>
   <string name="section_cloud_search">Облачный поиск</string>
-  <string name="section_general">Приложение</string>
-  <string name="section_defaults">Алгоритмы</string>
-  <string name="section_advanced">Дополнительно</string>
   <string name="section_passphrase_cache">Кэш пароля</string>
   <string name="section_actions">Действия</string>
   <string name="section_share_key">Ключ</string>
-  <string name="section_upload_key">Синхронизировать ключ</string>
   <string name="section_key_server">Сервер ключей</string>
   <string name="section_fingerprint">Отпечаток ключа</string>
-  <string name="section_decrypt_files">Файлы</string>
-  <string name="section_decrypt_text">Текст</string>
-  <string name="section_certs">Сертификаты</string>
   <string name="section_encrypt">Зашифровать</string>
   <string name="section_decrypt">Расшифровать</string>
   <string name="section_current_expiry">Текущий срок годности</string>
   <string name="section_new_expiry">Новый срок годности</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Расшифровать, проверить и сохранить файл</string>
-  <string name="btn_decrypt_verify_message">Расшифровать и проверить текст</string>
-  <string name="btn_encrypt_file">Зашифровать и сохранить файл</string>
   <string name="btn_encrypt_share_file">Зашифровать и отправить файл</string>
   <string name="btn_save">Сохранить</string>
   <string name="btn_do_not_save">Отмена</string>
@@ -77,7 +62,6 @@
   <string name="btn_back">Назад</string>
   <string name="btn_no">Нет</string>
   <string name="btn_match">Отпечатки совпадают</string>
-  <string name="btn_lookup_key">Найти ключ</string>
   <string name="btn_view_cert_key">Просмотр ключа</string>
   <string name="btn_create_key">Создать ключ</string>
   <string name="btn_add_files">Добавить файл(ы)</string>
@@ -92,15 +76,11 @@
   <string name="menu_help">Помощь</string>
   <string name="menu_export_key">Экспорт в файл</string>
   <string name="menu_delete_key">Удалить ключ</string>
-  <string name="menu_import_existing_key">Импорт из файла</string>
   <string name="menu_search">Поиск</string>
   <string name="menu_nfc_preferences">Настройки NFC</string>
   <string name="menu_beam_preferences">Настройки Beam</string>
-  <string name="menu_key_edit_cancel">Отмена</string>
   <string name="menu_encrypt_to">Зашифровать....</string>
   <string name="menu_select_all">Выбрать все</string>
-  <string name="menu_add_keys">Добавить ключи</string>
-  <string name="menu_search_cloud">Поиск в облаке</string>
   <string name="menu_export_all_keys">Экспорт всех ключей</string>
   <string name="menu_advanced">Подробные данные</string>
   <!--label-->
@@ -127,6 +107,7 @@
   <string name="label_symmetric">Зашифровать паролем</string>
   <string name="label_passphrase_cache_ttl">Время хранения в кэше</string>
   <string name="label_passphrase_cache_subs">Кэшировать пароли по доп. ключу</string>
+  <string name="label_message_compression">Сжатие текста</string>
   <string name="label_file_compression">Сжатие файла</string>
   <string name="label_keyservers">Серверы ключей</string>
   <string name="label_key_id">ID ключа</string>
@@ -202,9 +183,6 @@
   <string name="encrypt_sign_clipboard_successful">Успешно подписано и/или зашифровано в буфер обмена.</string>
   <string name="select_encryption_key">Укажите хотя бы один ключ.</string>
   <string name="select_encryption_or_signature_key">Выберите хотя бы один ключ для шифрования или подписи.</string>
-  <string name="specify_file_to_encrypt_to">Пожалуйста, выберите файл для шифрования.\nВНИМАНИЕ! Файл будет перезаписан если он уже существует.</string>
-  <string name="specify_file_to_decrypt_to">Пожалуйста, выберите файл для расшифровки.\nВНИМАНИЕ! Файл будет перезаписан если он уже существует.</string>
-  <string name="specify_file_to_export_to">Пожалуйста, выберите файл для экспорта.\nВНИМАНИЕ! Файл будет перезаписан если он уже существует.</string>
   <string name="also_export_secret_keys">Экспортировать секретные ключи</string>
   <string name="reinstall_openkeychain">Вы столкнулись с багом Андроид. Пожалуйста, переустановите OpenKeychain чтобы связать ваши контакты и ключи.  </string>
   <string name="key_exported">Успешный экспорт 1 ключа.</string>
@@ -723,16 +701,37 @@
   <!--Consolidate-->
   <string name="msg_con">Консолидация базы данных</string>
   <string name="msg_con_error_bad_state">Консолидация началась но база не кэширована! Это программная ошибка, пожалуйста, сообщите об этом.</string>
+  <string name="msg_con_db_clear">Очистка базы данных</string>
   <string name="msg_con_error_db">Ошибка открытия базы данных!</string>
+  <string name="msg_con_error_io_public">Ошибка записи публичных ключей в кэш!</string>
+  <string name="msg_con_error_io_secret">Ошибка записи приватных ключей в кэш!</string>
+  <string name="msg_con_error_public">Ошибка переимпортирования публичных ключей!</string>
+  <string name="msg_con_error_secret">Ошибка переимпортирования приватных ключей!</string>
   <!--Edit Key (higher level than modify)-->
   <string name="msg_ed_error_key_not_found">Ключ не найден!</string>
+  <string name="msg_ed_success">Операция с ключом успешна!</string>
   <!--Promote key-->
+  <string name="msg_pr_error_already_secret">Этот ключ уже приватный!</string>
   <string name="msg_pr_error_key_not_found">Ключ не найден!</string>
   <!--Other messages used in OperationLogs-->
   <string name="msg_ek_error_divert">Редактирование NFC ключей (еще) не поддерживается!</string>
   <string name="msg_ek_error_not_found">Ключ не найден!</string>
   <!--Messages for DecryptVerify operation-->
+  <string name="msg_dc_clear_decompress">Распаковка сжатых данных</string>
+  <string name="msg_dc_clear_meta_size_unknown">Неизвестный размер файла</string>
+  <string name="msg_dc_clear_signature_bad">Проверка подписи НЕ ПРОЙДЕНА!</string>
+  <string name="msg_dc_error_unsupported_hash_algo">Неподдерживаемый, и потенциально небезопасный алгоритм хэширования!</string>
+  <string name="msg_dc_clear_signature_check">Проверка подписи данных</string>
+  <string name="msg_dc_clear_signature_ok">Проверка подписи ПРОЙДЕНА</string>
+  <string name="msg_dc_clear_signature">Сохранение данных подписи</string>
+  <string name="msg_dc_error_bad_passphrase">Ошибка разблокирования ключа, неверная фраза-пароль!</string>
+  <string name="msg_dc_error_extract_key">Неизвестная ошибка разблокировения ключа!</string>
+  <string name="msg_dc_error_no_data">Зашифрованные данные не найдены!</string>
+  <string name="msg_dc_error_no_key">Зашифрованные данные с известным приватным ключом не найдены!</string>
+  <string name="msg_dc_ok">Расшифрование/проверка закончена</string>
+  <string name="msg_dc_pass_cached">Использование фразы-пароля из кэша</string>
   <string name="msg_dc_unlocking">Разблокировка секретного ключа</string>
+  <string name="msg_dc_old_symmetric_encryption_algo">Был использован потенциально небезопасный алгоритм шифрования!</string>
   <!--Messages for VerifySignedLiteralData operation-->
   <string name="msg_vl_clear_signature_check">Проверка подписи данных</string>
   <string name="msg_vl_ok">ОК</string>
@@ -758,16 +757,30 @@
   <string name="msg_pse_error_nfc">Ошибка данных NFC!</string>
   <string name="msg_pse_error_no_passphrase">Парольных фраз не найдено!</string>
   <string name="msg_pse_error_pgp">Внутренняя ошибка OpenPGP!</string>
+  <string name="msg_crt_certifying">Генерация сертификатов</string>
+  <string name="msg_crt_error_master_not_found">Основной ключ не найден!</string>
+  <string name="msg_crt_error_nothing">Нет сертифицированных ключей!</string>
+  <string name="msg_crt_error_unlock">Ошибка разблокирования основного ключа!</string>
   <string name="msg_crt_saving">Сохранение связки</string>
   <string name="msg_crt_unlock">Разблокировка основного ключа</string>
   <string name="msg_crt_warn_not_found">Ключ не найден!</string>
   <string name="msg_crt_warn_cert_failed">Создание сертификата не удалось!</string>
+  <string name="msg_crt_warn_save_failed">Ошибка операции сохранения!</string>
   <string name="msg_crt_upload_success">Ключ успешно загружен на сервер</string>
   <string name="msg_import_fingerprint_ok">Проверка отпечатка успешна</string>
+  <string name="msg_import_error">Ошибка операции импорта!</string>
+  <string name="msg_import_error_io">Операция импорта прервана из-за ошибки ввода/вывода!</string>
+  <string name="msg_import_success">Операция импорта успешна!</string>
+  <string name="msg_export_all">Экспорт всех ключей</string>
+  <string name="msg_export_error_no_file">Не выбрано имя файла!</string>
   <string name="msg_export_error_fopen">Ошибка открытия файла!</string>
+  <string name="msg_export_error_no_uri">Не выбран URL!</string>
+  <string name="msg_export_error_storage">Диск не готов для записи!</string>
   <string name="msg_export_error_db">Ошибка базы данных!</string>
   <string name="msg_export_error_io">Ошибка ввода/вывода!</string>
+  <string name="msg_export_success">Операция экспорта успешна</string>
   <string name="msg_del_error_empty">Нет данных для удаления!</string>
+  <string name="msg_del_error_multi_secret">Секретные ключи можно удалять только по одному!</string>
   <string name="msg_acc_saved">Аккаунт сохранен</string>
   <plurals name="error_import_non_pgp_part">
     <item quantity="one">часть загруженного файла содержит данные OpenPGP, но это не ключ</item>
@@ -775,12 +788,19 @@
     <item quantity="other">части загруженного файла содержат данные OpenPGP, но это не ключ</item>
   </plurals>
   <!--Messages for Export Log operation-->
+  <string name="msg_export_log_error_fopen">Ошибка открытия файла</string>
+  <string name="msg_export_log_error_no_file">Не выбрано имя файла!</string>
+  <string name="msg_export_log_error_writing">Ошибка записи в файл!</string>
+  <string name="msg_export_log_success">Лог успешно экспортирован!</string>
   <!--PassphraseCache-->
   <string name="passp_cache_notif_keys">Кэшированные пароли:</string>
   <string name="passp_cache_notif_clear">Очистить кэш</string>
   <string name="passp_cache_notif_pwd">Пароль</string>
   <!--First Time-->
   <string name="first_time_text1">Верните вашу приватность с помощью OpenKeychain!</string>
+  <string name="first_time_create_key">Создать свой ключ</string>
+  <string name="first_time_import_key">Импорт ключа из файла</string>
+  <string name="first_time_yubikey">Использовать YubiKey NEO</string>
   <string name="first_time_skip">Пропустить настройку</string>
   <!--unsorted-->
   <string name="section_certifier_id">Кем подписан</string>
@@ -792,6 +812,7 @@
   <string name="label_cert_type">Тип</string>
   <string name="error_key_not_found">Ключ не найден!</string>
   <string name="error_key_processing">Ошибка обработки ключа!</string>
+  <string name="key_no_passphrase">Без фразы-пароля</string>
   <string name="key_unavailable">недоступно</string>
   <string name="title_view_cert">Просмотреть детали сертификации</string>
   <string name="unknown_algorithm">неизв.</string>
diff --git a/OpenKeychain/src/main/res/values-sl/strings.xml b/OpenKeychain/src/main/res/values-sl/strings.xml
index 051f960ed..4fee0250d 100644
--- a/OpenKeychain/src/main/res/values-sl/strings.xml
+++ b/OpenKeychain/src/main/res/values-sl/strings.xml
@@ -4,24 +4,23 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Izberi ključe</string>
-  <string name="title_select_secret_key">Izberi zasebni ključ</string>
+  <string name="title_encrypt_text">Šifriraj</string>
+  <string name="title_encrypt_files">Šifriraj</string>
   <string name="title_decrypt">Dešifriraj</string>
   <string name="title_unlock">Odkleni ključ</string>
   <string name="title_add_subkey">Dodaj podključ</string>
   <string name="title_edit_key">Uredi ključ</string>
   <string name="title_preferences">Nastavitve</string>
-  <string name="title_cloud_search_preferences">Nastavitve iskanja v oblaku</string>
   <string name="title_api_registered_apps">Aplikacije</string>
   <string name="title_key_server_preference">Strežniki javnih ključev</string>
   <string name="title_change_passphrase">Spremeni geslo</string>
   <string name="title_share_fingerprint_with">Deli prstni odtis z...</string>
   <string name="title_share_key">Deli ključ z...</string>
   <string name="title_share_file">Deli datoteko z...</string>
+  <string name="title_share_message">Deli besedilo z...</string>
   <string name="title_encrypt_to_file">Šifriraj v datoteko</string>
   <string name="title_decrypt_to_file">Dešifriraj v datoteko</string>
   <string name="title_import_keys">Uvozi ključe</string>
-  <string name="title_add_keys">Dodaj ključe</string>
   <string name="title_export_key">Izvozi kluč</string>
   <string name="title_export_keys">Izvozi ključe</string>
   <string name="title_key_not_found">Ključ ni bil najden</string>
@@ -30,32 +29,33 @@
   <string name="title_key_details">Podrobnosti o ključu</string>
   <string name="title_help">Pomoč</string>
   <string name="title_log_display">Dnevnik</string>
-  <string name="title_create_key">Ustvari kluč</string>
   <string name="title_exchange_keys">Izmenjava ključev</string>
   <string name="title_advanced_key_info">Napredne informacije o ključu</string>
-  <string name="title_keys">Ključi</string>
+  <string name="title_delete_secret_key">Izbrišem VAŠ ključ \'%s\'?</string>
+  <string name="title_export_log">Izvozi sistemsko zabeležbo</string>
+  <string name="title_manage_my_keys">Upravljanje mojih ključev</string>
   <!--section-->
   <string name="section_user_ids">Identitete</string>
+  <string name="section_linked_system_contact">Povezan stik</string>
   <string name="section_should_you_trust">Ali zaupate temu ključu?</string>
+  <string name="section_proof_details">Overba dokazila</string>
+  <string name="section_cloud_evidence">Dokazila iz oblaka</string>
   <string name="section_keys">Podključi</string>
   <string name="section_cloud_search">Iskanje v oblaku</string>
-  <string name="section_general">Splošno</string>
-  <string name="section_defaults">Privzeto</string>
-  <string name="section_advanced">Napredno</string>
+  <string name="section_passphrase_cache">Hranjenje gesla v spominu</string>
   <string name="section_certify">Potrdi</string>
   <string name="section_actions">Ravnanja</string>
   <string name="section_share_key">Ključ</string>
   <string name="section_key_server">Strežnik</string>
   <string name="section_fingerprint">Prstni odtis</string>
-  <string name="section_decrypt_files">Datoteke</string>
-  <string name="section_decrypt_text">Besedilo</string>
-  <string name="section_certs">Certifikati</string>
   <string name="section_encrypt">Šifriraj</string>
   <string name="section_decrypt">Dešifriraj</string>
+  <string name="section_current_expiry">Trenuten datum poteka</string>
+  <string name="section_new_expiry">Nov datum poteka</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Dešifriraj, preveri in shrani</string>
-  <string name="btn_encrypt_file">Šifriraj in shrani datoteko</string>
   <string name="btn_encrypt_share_file">Šifriraj in deli datoteko</string>
+  <string name="btn_encrypt_save_file">Šifriraj in shrani datoteko</string>
   <string name="btn_save">Shrani</string>
   <string name="btn_do_not_save">Prekliči</string>
   <string name="btn_delete">Izbriši</string>
@@ -64,26 +64,38 @@
   <string name="btn_export_to_server">Naloži na strežnik</string>
   <string name="btn_next">Naprej</string>
   <string name="btn_back">Nazaj</string>
-  <string name="btn_lookup_key">Išči ključ</string>
+  <string name="btn_no">Ne</string>
+  <string name="btn_match">Prstna odtisa se ujemata</string>
+  <string name="btn_share_encrypted_signed">Šifriraj in deli besedilo</string>
+  <string name="btn_copy_encrypted_signed">Šifriraj besedilo in kopiraj v odložišče</string>
   <string name="btn_view_cert_key">Poglej ključ za overjanje</string>
   <string name="btn_create_key">Ustvari ključ</string>
   <string name="btn_add_files">Dodaj datoteko</string>
+  <string name="btn_add_share_decrypted_text">Deli dešifrirano besedilo</string>
+  <string name="btn_decrypt_clipboard">Dešifriraj besedilo iz odložišča</string>
+  <string name="btn_decrypt_and_verify">in preveri podpise</string>
   <string name="btn_decrypt_files">Dešifriraj datoteke</string>
+  <string name="btn_encrypt_files">Šifriraj datoteke</string>
+  <string name="btn_encrypt_text">Šifriraj besedilo</string>
+  <string name="btn_add_email">Dodaj elektronske naslove</string>
   <!--menu-->
   <string name="menu_preferences">Nastavitve</string>
   <string name="menu_help">Pomoč</string>
   <string name="menu_export_key">Izvozi v datoteko</string>
   <string name="menu_delete_key">Izbriši ključ</string>
-  <string name="menu_import_existing_key">Uvozi iz datoteke</string>
+  <string name="menu_manage_keys">Upravljanje mojih ključev</string>
   <string name="menu_search">Išči</string>
+  <string name="menu_nfc_preferences">Nastavitve NFC</string>
   <string name="menu_beam_preferences">Nastavitve Beam</string>
-  <string name="menu_key_edit_cancel">Prekliči</string>
   <string name="menu_encrypt_to">Šifriraj v...</string>
   <string name="menu_select_all">Izberi vse</string>
-  <string name="menu_add_keys">Dodaj ključe</string>
   <string name="menu_export_all_keys">Izvozi vse ključe</string>
+  <string name="menu_update_all_keys">Posodobi vse ključe</string>
   <string name="menu_advanced">Prikaži dodatne informacije</string>
+  <string name="menu_certify_fingerprint">Potrdi s primerjavo prstnih odtisov</string>
+  <string name="menu_export_log">Izvozi sistemsko zabeležbo</string>
   <!--label-->
+  <string name="label_message">Besedilo</string>
   <string name="label_file">Datoteka</string>
   <string name="label_files">Datoteke</string>
   <string name="label_file_colon">Datoteka:</string>
@@ -91,17 +103,25 @@
   <string name="label_passphrase">Geslo</string>
   <string name="label_unlock">Odklepanje...</string>
   <string name="label_passphrase_again">Ponovi geslo</string>
+  <string name="label_show_passphrase">Prikaži geslo</string>
   <string name="label_algorithm">Algoritem</string>
   <string name="label_ascii_armor">ASCII oklep datotek</string>
   <string name="label_file_ascii_armor">Omogoči ASCII ovoj</string>
   <string name="label_write_version_header">Daj drugim vedeti, da uporabljate OpenKeychain</string>
   <string name="label_write_version_header_summary">Zapiše \'OpenKeychain v2.7\' v OpenPGP podpis, šifrirano besedilo in izvožene ključe</string>
+  <string name="label_use_default_yubikey_pin">Uporabi privzeto YubiKey PIN kodo</string>
+  <string name="label_use_num_keypad_for_yubikey_pin">Uporabi numerično tipkovnico za YubiKey PIN kodo</string>
+  <string name="label_label_use_default_yubikey_pin_summary">Uporablja privzeto PIN kodo (123456) za dostop do ključev YubiKey preko NFC</string>
   <string name="label_asymmetric_from">Podpisal:</string>
   <string name="label_to">Šifriraj za:</string>
+  <string name="label_delete_after_encryption">Po dešifriranju izbriši datoteke</string>
   <string name="label_delete_after_decryption">Izbriši po dešifriranju</string>
   <string name="label_encryption_algorithm">Šifrirni algoritem</string>
   <string name="label_hash_algorithm">Zgostitveni algoritem</string>
   <string name="label_symmetric">Šifriranje z geslom</string>
+  <string name="label_passphrase_cache_ttl">Čas pomnjenja</string>
+  <string name="label_passphrase_cache_subs">Pomni gesla glede na podključ</string>
+  <string name="label_message_compression">Kompresija besedila</string>
   <string name="label_file_compression">Stiskanje datotek</string>
   <string name="label_keyservers">Strežniki</string>
   <string name="label_key_id">ID ključa</string>
@@ -114,8 +134,18 @@
   <string name="label_name">Ime</string>
   <string name="label_comment">Komentar</string>
   <string name="label_email">E-pošta</string>
+  <string name="label_send_key">Sinhroniziraj z oblakom</string>
   <string name="label_fingerprint">Prstni odtis</string>
   <string name="expiry_date_dialog_title">Določi datum poteka veljavnosti</string>
+  <string name="label_first_keyserver_is_used">(Prednost ima prvi strežnik na seznamu)</string>
+  <string name="label_preferred">prednostni</string>
+  <string name="label_enable_compression">Omogoči kompresijo</string>
+  <string name="label_encrypt_filenames">Šifriraj imena datotek</string>
+  <string name="label_hidden_recipients">Skrij prejemnike</string>
+  <string name="pref_keyserver">Preišči strežnik s ključi</string>
+  <string name="pref_keyserver_summary">Preišči strežnik HKP</string>
+  <string name="pref_keybase">Preišči strežnik Keybase.io</string>
+  <string name="pref_keybase_summary">Preišči seznam Keybase.io</string>
   <string name="user_id_no_name">&lt;brez imena&gt;</string>
   <string name="none">&lt;nič&gt;</string>
   <plurals name="n_keys">
@@ -165,28 +195,49 @@
   <string name="passphrase_must_not_be_empty">Vnesite geslo.</string>
   <string name="passphrase_for_symmetric_encryption">Simetrično šifriranje.</string>
   <string name="passphrase_for">Vnesite geslo za \'%s\'</string>
+  <string name="pin_for">Vnesite PIN kodo za \'%s\'</string>
+  <string name="yubikey_pin_for">Vnesite PIN kodo za dostop YubiKey za \'%s\'</string>
+  <string name="nfc_text">Prislonite YubiKey k hrbtišču mobilne naprave.</string>
+  <string name="file_delete_confirmation_title">Izbrišem izvirne datoteke?</string>
+  <string name="file_delete_confirmation">Izbrisane bodo naslednje datoteke:%s</string>
+  <string name="file_delete_successful">Izbrisanih je bilo %1$d od %2$d datotek.%3$s</string>
   <string name="no_file_selected">Najprej izberite datoteko.</string>
   <string name="encrypt_sign_successful">Uspešno podpisano in/ali šifrirano.</string>
   <string name="encrypt_sign_clipboard_successful">Uspešno podpisano in/ali šifrirano ter poslano v odložišče.</string>
   <string name="select_encryption_key">Izberite vsaj en šifrirni ključ.</string>
   <string name="select_encryption_or_signature_key">Vnesite vsaj en šifrirni ključ ali ključ za podpisovanje.</string>
   <string name="specify_file_to_encrypt_to">Določite datoteko, v katero želite šifrirati vsebino.\nPOZOR: če datoteka že obstaja, bo prepisana.</string>
+  <string name="specify_file_to_decrypt_to">Določite datoteko, v katero želite dešifrirati vsebino.\nPOZOR: če datoteka že obstaja, bo prepisana.</string>
   <string name="specify_file_to_export_to">Določite datoteko, v katero želite izvoziti vsebino.\nPOZOR: če datoteka že obstaja, bo prepisana.</string>
+  <string name="key_deletion_confirmation_multi">Ali zares želite izbrisati vse izbrane ključe?</string>
+  <string name="secret_key_deletion_confirmation">Po izbrisu ne bo več mogoče prebirati sporočil šifriranih s tem ključem! Izgubljene bodo tudi vse z njim narejene potrditve.</string>
+  <string name="public_key_deletetion_confirmation">Izbrišem ključ \'%s\'?</string>
   <string name="also_export_secret_keys">Izvozi tudi zasebne ključe</string>
+  <string name="reinstall_openkeychain">Naleteli ste na poznanega \'hrošča\' v sistemu Android. Za povezavo vaših stikov s ključi ponovno naložite aplikacijo OpenKeycahain.</string>
   <string name="key_exported">Uspešno izvožen 1 ključ.</string>
   <string name="keys_exported">Uspešno izvoženih ključev: %d</string>
   <string name="no_keys_exported">Noben ključ ni bil izvožen.</string>
   <string name="key_creation_el_gamal_info">Pozor: ELGamal podpirajo samo podključi.</string>
   <string name="key_not_found">Ne najdem ključa %08X.</string>
+  <string name="specify_file_to_export_log_to">Določite datoteko, v katero želite izvoziti vsebino.\nPOZOR: če datoteka že obstaja, bo prepisana.</string>
+  <plurals name="bad_keys_encountered">
+    <item quantity="one">Neupoštevan %d slab zasebni ključ. Morda je bil izvožen na način\n --export-secret-subkeys\nPoskrbite, da bo izvožen z\n --export-secret-keys</item>
+    <item quantity="two">Neupoštevana %d slaba zasebna ključa. Morda sta bila izvožena na način\n --export-secret-subkeys\nPoskrbite, da bosta izvožena z\n --export-secret-keys</item>
+    <item quantity="few">Neupoštevani %d slabi zasebni ključi. Morda so bili izvoženi na način\n --export-secret-subkeys\nPoskrbite, da bodo izvoženi z\n --export-secret-keys</item>
+    <item quantity="other">Neupoštevanih %d slabih zasebnih ključev. Morda so bili izvoženi na način\n --export-secret-subkeys\nPoskrbite, da bodo izvoženi z\n --export-secret-keys</item>
+  </plurals>
   <string name="list_empty">Lista je prazna!</string>
   <string name="nfc_successful">Ključ uspešno poslan preko NFC Beam!</string>
   <string name="key_copied_to_clipboard">Ključ je bil prekopiran v odložišče!</string>
   <string name="fingerprint_copied_to_clipboard">Prstni odtis je bil prekopiran v odložišče!</string>
+  <string name="select_key_to_certify">Izberite ključ, ki ga boste uporabljali za potrjevanje!</string>
   <string name="key_too_big_for_sharing">Ključ je prevelik za delitev na ta način!</string>
   <string name="text_copied_to_clipboard">Besedilo je bilo prekopirano v odložišče!</string>
   <!--errors
          no punctuation, all lowercase,
          they will be put after "error_message", e.g. "Error: file not found"-->
+  <string name="error_file_delete_failed">niso bili izbisani. Izbrišite jih ročno!</string>
+  <string name="error_file_added_already">%s je bil že dodan.</string>
   <string name="error_file_not_found">ne najdem datoteke</string>
   <string name="error_no_secret_key_found">ne najdem ustreznega zasebnega ključa</string>
   <string name="error_external_storage_not_ready">zunanja shramba ni na voljo</string>
@@ -196,12 +247,16 @@
   <string name="error_key_needs_a_user_id">potrebujete vsaj eno identiteto</string>
   <string name="error_no_signature_passphrase">dano ni bilo nobeno geslo</string>
   <string name="error_no_signature_key">dan ni bil noben podpisni ključ</string>
+  <string name="error_invalid_data">Ne najdem nobene vsebine šifrirane ali podpisane z OpenPGP!</string>
   <string name="error_integrity_check_failed">Preverba neokrnjenosti ni bila uspešna! Podatki so bili spremenjeni!</string>
   <string name="error_wrong_passphrase">napačno geslo</string>
   <string name="error_could_not_extract_private_key">ne morem izvleči zasebnega ključa</string>
   <!--errors without preceeding Error:-->
   <string name="error_jelly_bean_needed">Za uporabo storitve NFC Beam potrebujete najmanj Android 4.1!</string>
+  <string name="error_nfc_needed">Vključen mora biti NFC!</string>
+  <string name="error_beam_needed">Vključen mora biti Beam!</string>
   <string name="error_nothing_import">Najden ni bil noben ključ!</string>
+  <string name="error_contacts_key_id_missing">Pridobivanje ID-jev ključev iz vaših stikov ni bilo uspešno!</string>
   <string name="error_generic_report_bug">Pripetila se je splošna napaka, prosimo ustvarite poročilo o \'hrošču\'.</string>
   <!--results shown after decryption/verification-->
   <string name="decrypt_result_no_signature">Ni podpisano</string>
@@ -215,6 +270,8 @@
   <string name="decrypt_result_not_encrypted">Nešifrirano</string>
   <string name="decrypt_result_action_show">Prikaži</string>
   <string name="decrypt_result_action_Lookup">Poišči</string>
+  <string name="decrypt_invalid_text">Nekaj ni v redu: ali je neveljaven podpis ali pa je ključ potekel oz. bil preklican. Zato se ne da reči, kdo je v resnici napisal besedilo. Naj ga vseeno prikažem?</string>
+  <string name="decrypt_invalid_button">Seznanjen sem s tveganji, prikaži!</string>
   <!--Add keys-->
   <string name="add_keys_my_key">Moj ključ:</string>
   <!--progress dialogs, usually ending in '…'-->
@@ -223,6 +280,7 @@
   <string name="progress_cancelling">preklic...</string>
   <string name="progress_saving">shranjujem...</string>
   <string name="progress_importing">uvažam...</string>
+  <string name="progress_updating">Posodabljam ključe...</string>
   <string name="progress_exporting">izvažam...</string>
   <string name="progress_uploading">pošiljanje...</string>
   <string name="progress_building_key">ustvarjam ključ...</string>
@@ -232,9 +290,15 @@
   <string name="progress_generating_elgamal">ustvarjanje novega ElGamal ključa...</string>
   <string name="progress_generating_ecdsa">ustvarjanje novega ECDSA ključa...</string>
   <string name="progress_generating_ecdh">ustvarjanje novega ECDH ključa...</string>
-  <string name="progress_modify_primaryuid">menjavam glavno identiteto uporabnika...</string>
+  <string name="progress_modify">spreminjam zbirko ključev...</string>
+  <string name="progress_modify_unlock">odklepam zbirko ključev...</string>
+  <string name="progress_modify_adduid">dodajam ID-je uporabnikov...</string>
+  <string name="progress_modify_adduat">dodajam lastnosti uporabnikov...</string>
+  <string name="progress_modify_revokeuid">razveljavljam ID-je uporabnikov...</string>
+  <string name="progress_modify_primaryuid">menjavam glavni ID...</string>
   <string name="progress_modify_subkeychange">spreminjanje podključev...</string>
   <string name="progress_modify_subkeyrevoke">preklicevanje podključev...</string>
+  <string name="progress_modify_subkeystrip">razstavljam podključe...</string>
   <string name="progress_modify_subkeyadd">dodajanje podključev...</string>
   <string name="progress_modify_passphrase">menjava gesla...</string>
   <plurals name="progress_exporting_key">
@@ -260,7 +324,10 @@
   <string name="progress_verifying_integrity">preverjam neokrnjenost...</string>
   <string name="progress_deleting_securely">varno brišem \'%s\'…</string>
   <string name="progress_deleting">brisanje ključev...</string>
+  <string name="progress_con_saving">združevanje: spravljanje v spomin...</string>
+  <string name="progress_con_reimport">združevanje: ponoven uvoz...</string>
   <!--action strings-->
+  <string name="hint_cloud_search_hint">Iskanje po Imenu, E-pošti...</string>
   <!--key bit length selections-->
   <string name="key_size_512">512</string>
   <string name="key_size_768">768</string>
@@ -288,6 +355,7 @@
   <!--Help-->
   <string name="help_tab_start">Start</string>
   <string name="help_tab_faq">Pogosta vprašanja</string>
+  <string name="help_tab_wot">Potrjevanje ključev</string>
   <string name="help_tab_nfc_beam">NFC Beam</string>
   <string name="help_tab_changelog">Dnevnik sprememb</string>
   <string name="help_tab_about">O aplikaciji</string>
@@ -296,15 +364,101 @@
   <string name="import_tab_keyserver">Strežnik</string>
   <string name="import_tab_cloud">Iskanje v oblaku</string>
   <string name="import_tab_direct">Datoteka/odložišče</string>
+  <string name="import_tab_qr_code">Koda QR/NFC</string>
   <string name="import_import">Uvozi izbrane ključe</string>
   <string name="import_qr_code_wrong">Koda QR je deformirana! Poskusite znova!</string>
   <string name="import_qr_code_too_short_fingerprint">Prstni odtis je prekratek (&lt; 16 znakov)</string>
+  <string name="import_qr_code_button">Skeniraj kodo QR</string>
+  <string name="import_qr_code_text">Zajamite kodo QR s kamero!</string>
   <!--Generic result toast-->
+  <string name="view_log">Podrobnosti</string>
+  <string name="with_warnings">, z opozorili</string>
+  <string name="with_cancelled">, do preklica</string>
   <!--Import result toast-->
+  <plurals name="import_keys_added_and_updated_1">
+    <item quantity="one">Uspešno uvožen ključ</item>
+    <item quantity="two">Uspešno uvožena %1$d ključa</item>
+    <item quantity="few">Uspešno uvoženi %1$d ključi</item>
+    <item quantity="other">Uspešno uvoženih %1$d ključev</item>
+  </plurals>
+  <plurals name="import_keys_added_and_updated_2">
+    <item quantity="one">in posodobljen ključ%2$s.</item>
+    <item quantity="two">in posodobljena %1$d ključa%2$s.</item>
+    <item quantity="few">in posodobljeni %1$d ključi%2$s.</item>
+    <item quantity="other">in posodobljenih %1$d ključev%2$s.</item>
+  </plurals>
+  <plurals name="import_keys_added">
+    <item quantity="one">Uspešno uvožen ključ%2$s.</item>
+    <item quantity="two">Uspešno uvožena %1$d ključa%2$s.</item>
+    <item quantity="few">Uspešno uvoženi %1$d ključi%2$s.</item>
+    <item quantity="other">Uspešno uvoženih %1$d ključev%2$s.</item>
+  </plurals>
+  <plurals name="import_keys_updated">
+    <item quantity="one">Uspešno posodobljen ključ%2$s.</item>
+    <item quantity="two">Uspešno posodobljena %1$d ključa%2$s.</item>
+    <item quantity="few">Uspešno posodobljeni %1$d ključi%2$s.</item>
+    <item quantity="other">Uspešno posodobljenih %1$d ključev%2$s.</item>
+  </plurals>
+  <plurals name="import_keys_with_errors">
+    <item quantity="one">Neuspešen uvoz enega ključa!</item>
+    <item quantity="two">Neuspešen uvoz %d ključev!</item>
+    <item quantity="few">Neuspešen uvoz %d ključev!</item>
+    <item quantity="other">Neuspešen uvoz %d ključev!</item>
+  </plurals>
+  <plurals name="import_error">
+    <item quantity="one">Uvoz neuspešen!</item>
+    <item quantity="two">Uvoz %d ključev neuspešen!!</item>
+    <item quantity="few">Uvoz %d ključev neuspešen!!</item>
+    <item quantity="other">Uvoz %d ključev neuspešen!!</item>
+  </plurals>
   <string name="import_error_nothing">Nič za uvoziti.</string>
   <string name="import_error_nothing_cancelled">Uvoz preklican.</string>
   <!--Delete result toast-->
+  <plurals name="delete_ok_but_fail_1">
+    <item quantity="one">Uspešno izbrisan en ključ</item>
+    <item quantity="two">Uspešno izbrisana %1$d ključa</item>
+    <item quantity="few">Uspešno izbrisani %1$d ključi</item>
+    <item quantity="other">Uspešno izbrisanih %1$d ključev</item>
+  </plurals>
+  <plurals name="delete_ok_but_fail_2">
+    <item quantity="one">, en ključ%2$s ni bil izbrisan.</item>
+    <item quantity="two">, %1$d ključa%2$s nista bila izbrisana.</item>
+    <item quantity="few">, %1$d ključi%2$s niso bili izbrisani.</item>
+    <item quantity="other">, %1$d ključev%2$s ni bilo izbrisanih.</item>
+  </plurals>
+  <plurals name="delete_ok">
+    <item quantity="one">Uspešno izbrisanih ključ%2$s.</item>
+    <item quantity="two">Uspešno izbrisana %1$d ključa%2$s.</item>
+    <item quantity="few">Uspešno izbrisani %1$d ključi%2$s.</item>
+    <item quantity="other">Uspešno izbrisanih %1$d ključev%2$s.</item>
+  </plurals>
+  <plurals name="delete_fail">
+    <item quantity="one">Napaka pri brisanju enega ključa%2$s.</item>
+    <item quantity="two">Napaka pri brisanju %1$d ključev.</item>
+    <item quantity="few">Napaka pri brisanju %1$d ključev.</item>
+    <item quantity="other">Napaka pri brisanju %1$d ključev.</item>
+  </plurals>
+  <string name="delete_nothing">Ničesar ni za izbrisati.</string>
+  <string name="delete_cancelled">Operacija brisanja prekinjena.</string>
   <!--Certify result toast-->
+  <plurals name="certify_keys_ok">
+    <item quantity="one">Uspešno potrjen ključ%2$s.</item>
+    <item quantity="two">Uspešno potrjena %1$d ključa%2$s.</item>
+    <item quantity="few">Uspešno potrjeni %1$d ključi%2$s.</item>
+    <item quantity="other">Uspešno potrjenih %1$d ključev%2$s.</item>
+  </plurals>
+  <plurals name="certify_keys_with_errors">
+    <item quantity="one">Ključ ni bil potrjen!</item>
+    <item quantity="two">%d ključa nista bila potrjena!</item>
+    <item quantity="few">%d ključi niso bili potrjeni!</item>
+    <item quantity="other">%d ključev ni bilo potrjenih!</item>
+  </plurals>
+  <plurals name="certify_error">
+    <item quantity="one">Potrditev neuspešna!</item>
+    <item quantity="two">Potrditev %d ključev neuspešna!</item>
+    <item quantity="few">Potrditev %d ključev neuspešna!</item>
+    <item quantity="other">Potrditev %d ključev neuspešna!</item>
+  </plurals>
   <!--Intent labels-->
   <string name="intent_decrypt_file">Dešifriraj datoteko z OpenKeychain</string>
   <string name="intent_import_key">Uvozi ključ z OpenKeychain</string>
@@ -317,21 +471,33 @@
   <string name="api_settings_hide_advanced">Skrij napredne nastavitve</string>
   <string name="api_settings_no_key">Izbran ni bil noben ključ</string>
   <string name="api_settings_select_key">Izberite ključ</string>
+  <string name="api_settings_create_key">Ustvari nov ključ</string>
   <string name="api_settings_save">Shrani</string>
+  <string name="api_settings_save_msg">Račun je bil shranjen</string>
   <string name="api_settings_cancel">Prekliči</string>
   <string name="api_settings_revoke">Prekliči dostop</string>
   <string name="api_settings_start">Zaženi aplikacijo</string>
   <string name="api_settings_delete_account">Izbriši račun</string>
   <string name="api_settings_package_name">Ime paketa</string>
   <string name="api_settings_package_signature">SHA-256 podpisa paketa</string>
+  <string name="api_settings_accounts">Računi (opuščen API)</string>
+  <string name="api_settings_advanced">Dodatne informacije</string>
+  <string name="api_settings_allowed_keys">Dovoljeni ključi</string>
   <string name="api_settings_settings">Nastavitve</string>
+  <string name="api_settings_key">Ključ računa:</string>
   <string name="api_settings_accounts_empty">S to aplikacijo ni povezan noben račun</string>
+  <string name="api_create_account_text">Za ta račun ni nastavljen noben ključ. Izberite enega izmed svojih obstoječih ključev, oziroma ustvarite novega.\nAplikacije lahko dešifrirajo/podpisujejo le s tu izbranimi ključi!</string>
+  <string name="api_update_account_text">Ključ nastavljen za ta račun je bil izbrisan. Prosimo izberite drugega.\nAplikacije lahko dešifrirajo/podpisujejo le s tu izbranimi ključi!</string>
+  <string name="api_register_text">Prikazane aplikacije želijo šifrirati/dešifrirati sporočila ter jih podpisovati v vašem imenu.\nDovolim dostop?\n\nPOZOR: Če ne veste zakaj se je pojavilo to obvestilo, ne dovolite dostopa! Dostop lahko prekličete tudi kasneje, v oknu \'Aplikacije\'.</string>
   <string name="api_register_allow">Dovoli dostop</string>
   <string name="api_register_disallow">Zavrni dostop</string>
   <string name="api_register_error_select_key">Izberite ključ!</string>
+  <string name="api_select_pub_keys_missing_text">Za te identitete ni bil najden noben ključ:</string>
+  <string name="api_select_pub_keys_dublicates_text">Za te identitete obstaja več ključev:</string>
   <string name="api_select_pub_keys_text">Preverite seznam prejemnikov!</string>
   <string name="api_select_pub_keys_text_no_user_ids">Prosim, izberite prejemnike!</string>
   <string name="api_error_wrong_signature">Preverjanje podpisa ni uspelo! Ste namestili to aplikacijo iz drugega vira? Če ste prepričani, da to ni napad, prekličite registracijo te aplikacije v OpenKeychain in jo izvedite znova.</string>
+  <string name="api_select_sign_key_text">Prosimo izberite enega od svojih obstoječih ključev, oziroma ustvarite novega.</string>
   <!--Share-->
   <string name="share_qr_code_dialog_title">Deli s kodo QR</string>
   <string name="share_nfc_dialog">Deli preko NFC</string>
@@ -342,10 +508,14 @@
     <item quantity="few">Izbrani %d ključi.</item>
     <item quantity="other">Izbranih %d ključev.</item>
   </plurals>
+  <string name="key_list_empty_text1">Najden ni bil noben ključ!</string>
+  <string name="key_list_filter_show_all">Prikaži vse ključe</string>
+  <string name="key_list_filter_show_certified">Prikaži samo overjene ključe</string>
   <!--Key view-->
   <string name="key_view_action_edit">Uredi ključ</string>
   <string name="key_view_action_encrypt">Šifriraj besedilo</string>
   <string name="key_view_action_encrypt_files">datoteke</string>
+  <string name="key_view_action_certify">Potrdi ključ</string>
   <string name="key_view_action_update">Posodobi s strežnika</string>
   <string name="key_view_action_share_with">Deli z...</string>
   <string name="key_view_action_share_nfc">Deli preko NFC</string>
@@ -353,27 +523,102 @@
   <string name="key_view_tab_main">Glavne informacije</string>
   <string name="key_view_tab_share">Deli</string>
   <string name="key_view_tab_keys">Podključi</string>
-  <string name="key_view_tab_certs">Certifikati</string>
+  <string name="key_view_tab_certs">Potrdila</string>
+  <string name="key_view_tab_keybase">Keybase.io</string>
   <string name="user_id_info_revoked_title">Preklican</string>
   <string name="user_id_info_revoked_text">Lastnik ključa je preklical to identiteto. Ta ni več veljavna.</string>
+  <string name="user_id_info_certified_title">Overjeno</string>
+  <string name="user_id_info_certified_text">Ta identiteta je bila overjena z vaše strani.</string>
+  <string name="user_id_info_uncertified_title">Neoverjeno</string>
+  <string name="user_id_info_uncertified_text">Ta identiteta še ni bila overjena, zato ni mogoče vedeti, če ustreza osebi za katero se predstavlja.</string>
   <string name="user_id_info_invalid_title">Neveljaven</string>
+  <string name="user_id_info_invalid_text">Nekaj je narobe s to identiteto!</string>
   <!--Key trust-->
+  <string name="key_trust_already_verified">Ta ključ ste že potrdili!</string>
+  <string name="key_trust_it_is_yours">To je en izmed vaših ključev!</string>
+  <string name="key_trust_maybe">Ta ključ ni niti preklican, niti potečen.\nNiste ga potrdili, a mogoče mu zaupate.</string>
+  <string name="key_trust_revoked">Ta ključ je bil preklican s strani lastnika, zato mu ne gre zaupati.</string>
+  <string name="key_trust_expired">Ta ključ je potekel, zato mu ne gre zaupati.</string>
+  <string name="key_trust_old_keys">Uporaba tega ključa za dešifriranje starejših sporočil iz časa, ko ključ še ni potekel, oz. bil preklican, ni kritična.</string>
+  <string name="key_trust_no_cloud_evidence">Ni podatkov z oblaka o pristnosti tega ključa.</string>
+  <string name="key_trust_start_cloud_search">Začni iskanje</string>
+  <string name="key_trust_results_prefix">Keybase.io ponuja \"dokazilo\", da je lastnik tega kluča:</string>
+  <string name="key_trust_header_text">Pozor: Dokazila Keybase.io v aplikaciji OpenKeychain so eksperimantalne narave. Za večjo zanesljivost priporočamo, da dodatno skenirate kode QR ali izmenjate ključe preko NFC.</string>
   <!--keybase proof stuff-->
+  <string name="keybase_narrative_twitter">Objavlja na Twitterju kot</string>
+  <string name="keybase_narrative_github">Prisoten na GitHub-u kot</string>
+  <string name="keybase_narrative_dns">Upravlja domeno(e)</string>
+  <string name="keybase_narrative_web_site">Objavlja na spletni strani(eh)</string>
+  <string name="keybase_narrative_reddit">Objavlja na Reddit-u kot</string>
+  <string name="keybase_narrative_coinbase">Prisoten na Coinbase-u kot</string>
+  <string name="keybase_narrative_hackernews">Objavlja na Hacker News kot</string>
+  <string name="keybase_narrative_unknown">Neznano dokazilo</string>
+  <string name="keybase_proof_failure">Dokazila se žal ne da preveriti.</string>
+  <string name="keybase_unknown_proof_failure">Neznan problem pri pregledovalniku dokazil</string>
+  <string name="keybase_problem_fetching_evidence">Problem z dokazilom</string>
+  <string name="keybase_key_mismatch">Prstni odtis ključa ne ustreza tistemu v dokazilu</string>
+  <string name="keybase_message_payload_mismatch">Dešifrirano dokazilo ne ustreza pričakovani vrednosti</string>
+  <string name="keybase_message_fetching_data">Pridobivam dokazilo</string>
+  <string name="keybase_proof_succeeded">To dokazilo je bilo overjeno!</string>
+  <string name="keybase_a_post">Objava</string>
+  <string name="keybase_fetched_from">pridobljeno od</string>
+  <string name="keybase_for_the_domain">za domeno</string>
+  <string name="keybase_contained_signature">vsebuje sporočilo, ki ga je lahko ustvaril samo lastnik tega ključa.</string>
+  <string name="keybase_twitter_proof">Čivk</string>
+  <string name="keybase_web_site_proof">Datoteka z besedilom</string>
+  <string name="keybase_github_proof">Gist</string>
+  <string name="keybase_reddit_proof">Datoteka JSON</string>
+  <string name="keybase_verify">Overi</string>
   <!--Edit key-->
   <string name="edit_key_action_change_passphrase">Zamenjaj geslo</string>
   <string name="edit_key_action_add_identity">Dodaj identiteto</string>
   <string name="edit_key_action_add_subkey">Dodaj podključ</string>
   <string name="edit_key_edit_user_id_title">Izberite dejanje!</string>
+  <string-array name="edit_key_edit_user_id">
+    <item>Zamenjaj za primarno identiteto</item>
+    <item>Prekliči identitetoy</item>
+  </string-array>
   <string-array name="edit_key_edit_user_id_revert_revocation">
     <item>Revert revocation</item>
   </string-array>
+  <string name="edit_key_edit_user_id_revoked">Identiteta je bila preklicana. Ta poteza ne more biti razveljavljena.</string>
   <string name="edit_key_edit_subkey_title">Izberite dejanje!</string>
+  <string-array name="edit_key_edit_subkey">
+    <item>Spremeni datum poteka</item>
+    <item>Prekliči podključ</item>
+    <item>Razstavi podključ</item>
+  </string-array>
+  <string name="edit_key_new_subkey">nov podključ</string>
+  <string name="edit_key_select_flag">Izberite vsaj eno oznako!</string>
+  <string name="edit_key_error_add_identity">Dodajte vsaj eno identiteto!</string>
+  <string name="edit_key_error_add_subkey">Dodajte vsaj en podključ!</string>
   <!--Create key-->
+  <string name="create_key_upload">Sinhroniziraj z oblakom</string>
   <string name="create_key_empty">To polje je obvezno</string>
   <string name="create_key_passphrases_not_equal">Gesli se ne ujemata</string>
+  <string name="create_key_final_text">Vnesli ste identiteto:</string>
+  <string name="create_key_final_robot_text">Ustvarjanje ključa zna potrajati. Privoščite si kavo...</string>
+  <string name="create_key_rsa">(3 podključi, RSA, 4096 bit)</string>
+  <string name="create_key_custom">(konfiguracija po meri)</string>
+  <string name="create_key_name_text">Izberite ime povezano s tem ključem. Lahko je polno ime, npr. \'Marjan Novak\', ali nadimek, npr. \'Mare\'.</string>
+  <string name="create_key_email_text">Vnesite svoj glavni e-poštni naslov za varno komunikacijo.</string>
+  <string name="create_key_passphrase_text">Izberite močno geslo. To bo varovalo vaš ključ v primeru odtujitve naprave.</string>
+  <string name="create_key_hint_full_name">Polno ime ali nadimek</string>
+  <string name="create_key_edit">Spremeni konfiguracijo ključa.</string>
+  <string name="create_key_add_email">Dodaj naslov e-pošte</string>
+  <string name="create_key_add_email_text">Dodatni e-poštni naslovi so prav tako povezani s tem ključem in so na voljo za varno komunikacijo.</string>
+  <string name="create_key_email_already_exists_text">E-poštni naslov je že bil dodan</string>
   <!--View key-->
+  <string name="view_key_revoked">Ključ je preklican: ne smete ga več uporabljati!</string>
+  <string name="view_key_expired">Ključ je potekel: stvaritelj mora podaljšati njegovo veljavo!</string>
+  <string name="view_key_expired_secret">Ključ je potekel: njegovo veljavnost lahko podaljšate, če ga popravite!</string>
+  <string name="view_key_my_key">Moj ključ</string>
+  <string name="view_key_verified">Potrjen ključ</string>
+  <string name="view_key_unverified">Ključ ni potrjen: za potrditev skenirajte kodo QR!</string>
+  <string name="view_key_fragment_no_system_contact">&lt;brez&gt;</string>
   <!--Navigation Drawer-->
   <string name="nav_keys">Ključi</string>
+  <string name="nav_encrypt_decrypt">Šifriraj/Dešifriraj</string>
   <string name="nav_apps">Aplikacije</string>
   <string name="drawer_open">Odprite navigacijski poteznik</string>
   <string name="drawer_close">Zaprite navigacijski poteznik</string>
@@ -391,6 +636,7 @@
   <string name="cert_verify_error">napaka!</string>
   <string name="cert_verify_unavailable">ključ ni na voljo</string>
   <!--LogType log messages. Errors should have _ERROR_ in their name and end with a !-->
+  <string name="msg_internal_error">Interna napaka!</string>
   <string name="msg_cancelled">Dejanje preklicano.</string>
   <!--Import Public log entries-->
   <string name="msg_ip_apply_batch">Uveljavljam serijsko dodajanje.</string>
@@ -398,35 +644,208 @@
   <string name="msg_ip_delete_old_fail">Noben star ključ ni bil izbrisan (ustvarim novega?)</string>
   <string name="msg_ip_delete_old_ok">Star ključ je bil izbrisan iz baze</string>
   <string name="msg_ip_encode_fail">Operacija ni uspela zaradi napake</string>
+  <string name="msg_ip_error_io_exc">Postopek ni uspel zaradi napake i/o</string>
+  <string name="msg_ip_error_op_exc">Postopek ni uspel zaradi napake v bazi podatkov</string>
+  <string name="msg_ip_error_remote_ex">Postopek ni uspel zaradi interne napake</string>
   <string name="msg_ip">Uvažam javno zbirko ključev %s</string>
   <string name="msg_ip_insert_keyring">Šifriram podatke zbirke klučev</string>
+  <string name="msg_ip_insert_keys">Razčlenjujem ključe</string>
   <string name="msg_ip_prepare">Pripravljam </string>
   <string name="msg_ip_master">Obdelujem glavni ključ %s</string>
+  <string name="msg_ip_master_expired">Zbirka ključev je potekla %s</string>
+  <string name="msg_ip_master_expires">Zbirka ključev poteče %s</string>
+  <string name="msg_ip_master_flags_unspecified">Glavne oznake: nedoločeno (najverjetneje vse)</string>
+  <string name="msg_ip_master_flags_cesa">Glavne oznake: potrdi, šifriraj, podpiši, overi</string>
+  <string name="msg_ip_master_flags_cesx">Glavne oznake: potrdi. šifriraj, podpiši</string>
+  <string name="msg_ip_master_flags_cexa">Glavne oznake: potrdi, šifriraj, overi</string>
+  <string name="msg_ip_master_flags_cexx">Glavne oznake: potrdi, šifriraj</string>
+  <string name="msg_ip_master_flags_cxsa">Glavne oznake: potrdi, podpiši, overi</string>
+  <string name="msg_ip_master_flags_cxsx">Glavne oznake: potrdi, podpiši</string>
+  <string name="msg_ip_master_flags_cxxa">Glavne oznake: potrdi, overi</string>
+  <string name="msg_ip_master_flags_cxxx">Glavne oznake: potrdi</string>
+  <string name="msg_ip_master_flags_xesa">Glavne oznake: šifriraj, podpiši, overi</string>
+  <string name="msg_ip_master_flags_xesx">Glavne oznake: šifriraj, podpiši</string>
+  <string name="msg_ip_master_flags_xexa">Glavne oznake: šifriraj, overi</string>
+  <string name="msg_ip_master_flags_xexx">Glavne oznake: šifriraj</string>
+  <string name="msg_ip_master_flags_xxsa">Glavne oznake: podpiši, overi</string>
+  <string name="msg_ip_master_flags_xxsx">Glavne oznake: podpiši</string>
+  <string name="msg_ip_master_flags_xxxa">Glavne oznake: overi</string>
+  <string name="msg_ip_master_flags_xxxx">Glavne oznake: brez</string>
+  <string name="msg_ip_merge_public">Združujem uvožene podatke z obstoječo zbirko javnih ključev</string>
+  <string name="msg_ip_merge_secret">Združujem uvožene podatke z obstoječo zbirko javnih ključev</string>
   <string name="msg_ip_subkey">Obdelujem podključ %s</string>
   <string name="msg_ip_subkey_expired">Podključ je potekel %s</string>
   <string name="msg_ip_subkey_expires">Podključ poteče %s</string>
+  <string name="msg_ip_subkey_flags_unspecified">Oznake podključev: nedoločeno (najverjetneje vse)</string>
+  <string name="msg_ip_subkey_flags_cesa">Oznake podključev: potrdi, šifriraj, podpiši, overi</string>
+  <string name="msg_ip_subkey_flags_cesx">Oznake podključev: potrdi, šifriraj, podpiši</string>
+  <string name="msg_ip_subkey_flags_cexa">Oznake podključev: potrdi, šifriraj, overi</string>
+  <string name="msg_ip_subkey_flags_cexx">Oznake podključev: potrdi, šifriraj</string>
+  <string name="msg_ip_subkey_flags_cxsa">Oznake podključev: potrdi, podpiši, overi</string>
+  <string name="msg_ip_subkey_flags_cxsx">Oznake podključev: potrdi, podpiši</string>
+  <string name="msg_ip_subkey_flags_cxxa">Oznake podključev: potrdi, overi</string>
+  <string name="msg_ip_subkey_flags_cxxx">Oznake podključev: potrdi</string>
+  <string name="msg_ip_subkey_flags_xesa">Oznake podključev: šifriraj, podpiši, overi</string>
+  <string name="msg_ip_subkey_flags_xesx">Oznake podključev: šifriraj, podpiši</string>
+  <string name="msg_ip_subkey_flags_xexa">Oznake podključev: šifriraj, overi</string>
+  <string name="msg_ip_subkey_flags_xexx">Oznake podključev: šifriraj</string>
+  <string name="msg_ip_subkey_flags_xxsa">Oznake podključev: podpiši, overi</string>
+  <string name="msg_ip_subkey_flags_xxsx">Oznake podključev: podpiši</string>
+  <string name="msg_ip_subkey_flags_xxxa">Oznake podključev: overi</string>
+  <string name="msg_ip_subkey_flags_xxxx">Oznake podključev: brez</string>
   <string name="msg_ip_success">Uspešno uvožena javna zbirka klučev </string>
+  <string name="msg_ip_success_identical">Zbirka ključev ne vsebuje novih podatkov. Nič za storiti.</string>
   <string name="msg_ip_reinsert_secret">Ponovno vnašam zasebni ključ</string>
-  <string name="msg_ip_uid_cert_bad">Naleteli ste na slab certifikat!</string>
-  <string name="msg_ip_uid_cert_error">Napaka pri obdelavi certifikata!</string>
+  <string name="msg_ip_uid_cert_bad">Naleteli ste na slabo potrdilo!</string>
+  <string name="msg_ip_uid_cert_error">Napaka pri obdelavi potrdila!</string>
+  <string name="msg_ip_uid_cert_nonrevoke">Že posedujete ne-preklicna potrdila. Izpuščam.</string>
+  <string name="msg_ip_uid_cert_old">Potrdilo je starejše od trenutnega. Izpuščam.</string>
+  <string name="msg_ip_uid_cert_new">Potrdilo je novejše. Menjam trenutnega.</string>
+  <string name="msg_ip_uid_cert_good">Najdeno uporabno potrdilo od %1$s</string>
+  <string name="msg_ip_uid_cert_good_revoke">Najdeno preklicano potrdilo od %1$s</string>
+  <plurals name="msg_ip_uid_certs_unknown">
+    <item quantity="one">Izpuščam potrdilo, potrjeno s strani neznanih javnih ključev.</item>
+    <item quantity="two">Izpuščam %s potrdili, potrjeni s strani neznanih javnih ključev.</item>
+    <item quantity="few">Izpuščam %s potrdila, potrjena s strani neznanih javnih ključev.</item>
+    <item quantity="other">Izpuščam %s potrdil, potrjenih s strani neznanih javnih ključev.</item>
+  </plurals>
+  <string name="msg_ip_uid_classifying_zero">Razvrščam ID-je (na voljo ni noben ključ vreden zaupanja)</string>
+  <plurals name="msg_ip_uid_classifying">
+    <item quantity="one">Razvrščam ID-je (uporabljam en ključ vreden zaupanja)</item>
+    <item quantity="two">Razvrščam ID-je (uporabljam %s ključa vredna zaupanja)</item>
+    <item quantity="few">Razvrščam ID-je (uporabljam %s ključe vredne zaupanja)</item>
+    <item quantity="other">Razvrščam ID-je (uporabljam %s ključev vrednih zaupanja)</item>
+  </plurals>
+  <string name="msg_ip_uid_reorder">Prerazvrščam ID-je</string>
+  <string name="msg_ip_uid_processing">Procesiram ID %s</string>
+  <string name="msg_ip_uid_revoked">ID je preklican</string>
+  <string name="msg_ip_uat_cert_bad">Najdeno slabo potrdilo!</string>
+  <string name="msg_ip_uat_cert_error">Napaka pri obdelavi potrdil!</string>
+  <string name="msg_ip_uat_cert_nonrevoke">Že posedujete ne-preklicno potrdilo. Izpuščam.</string>
+  <string name="msg_ip_uat_cert_old">Potrdilo je starejše od trenutnega. Izpuščam.</string>
+  <string name="msg_ip_uat_cert_new">Potrdilo je novejše. Menjam trenutnega.</string>
+  <string name="msg_ip_uat_cert_good">Najdeno uporabno potrdilo od %1$s</string>
+  <string name="msg_ip_uat_cert_good_revoke">Najden preklic potrdila od %1$s</string>
+  <plurals name="msg_ip_uat_certs_unknown">
+    <item quantity="one">Izpuščam potrdilo, potrjenio s strani neznanih javnih ključev</item>
+    <item quantity="two">Izpuščam %s potrdii, potrjeni s strani neznanih javnih ključev</item>
+    <item quantity="few">Izpuščam %s potrdila, potrjena s strani neznanih javnih ključev</item>
+    <item quantity="other">Izpuščam %s potrdil, potrjenih s strani neznanih javnih ključev</item>
+  </plurals>
   <string name="msg_is_bad_type_public">Poskus uvoza javne zbirke ključev kot zasebne. Prosimo prijavite dogodek kot \'hrošč\' (napako).</string>
   <!--Import Secret log entries-->
   <string name="msg_is">Uvažam zasebni ključ %s</string>
+  <string name="msg_is_db_exception">Napaka v bazi podatkov!</string>
   <string name="msg_is_importing_subkeys">Procesiram zasebne podključe</string>
+  <string name="msg_is_error_io_exc">Napaka pri kodiranju zbirke ključev</string>
+  <string name="msg_is_merge_public">Združujem uvožene podatke v obstoječo zbirko ključev</string>
+  <string name="msg_is_merge_secret">Združujem uvožene podatke v obstoječo javno zbirko ključev</string>
+  <string name="msg_is_merge_special">Združujem podatke o samo-potrdilih iz javne zbirke ključev</string>
+  <string name="msg_is_pubring_generate">Generiram javno zbirko ključev iz zasebne</string>
+  <string name="msg_is_subkey_nonexistent">Podključ %s ni na voljo v zasebnem ključu</string>
+  <string name="msg_is_subkey_ok">Zasebni podključ %s označen kot razpoložljiv</string>
+  <string name="msg_is_subkey_empty">Zasebni podključ %s označen kot razpoložljiv, s praznim geslom</string>
+  <string name="msg_is_subkey_pin">Zasebni podključ %s označen kot razpoložljiv, s PIN kodo</string>
+  <string name="msg_is_subkey_stripped">Zasebni podključ %s označen kot razstavljen</string>
+  <string name="msg_is_subkey_divert">Zasebni podključ %s označen kot \'preusmerjen na pamtno kartico/NFC\'</string>
+  <string name="msg_is_success_identical">Zbirka ključev ne vsebuje nobenih novih podatkov. Nič za storiti.</string>
   <string name="msg_is_success">Zasebna zbirka ključev uspešno uvožena</string>
   <!--Keyring Canonicalization log entries-->
+  <string name="msg_kc_public">Kanoniziram javno zbirko ključev %s</string>
+  <string name="msg_kc_secret">Kanoniziram zasebno zbirko ključev %s</string>
+  <string name="msg_kc_error_v3">Toje ključ verzije OpenPGP 3, ki je zastarela in ni več podprta!</string>
+  <string name="msg_kc_error_no_uid">Zbirka ključev nima nobenega veljavnega ID-ja!</string>
+  <string name="msg_kc_error_master_algo">Glavni ključ uporablja neznan (%s) algoritem!</string>
   <string name="msg_kc_master">Obdelujem glavni ključ...</string>
-  <string name="msg_kc_revoke_dup">Umikam odvečen certifikat za preklic zbirk ključev</string>
+  <string name="msg_kc_master_bad_type">Odstranjujem potrdilo glavnega ključa neznanega tipa (%s)</string>
+  <string name="msg_kc_master_bad_local">Odstranjujem potrdilo glavnega ključa z oznako \'lokalno\'</string>
+  <string name="msg_kc_master_bad_err">Odstranjujem slabo potrdilo glavnega ključa</string>
+  <string name="msg_kc_master_bad_time">Odstranjujem preklicno potrdilo zbirke ključev s časovno znamko v prihodnosti</string>
+  <string name="msg_kc_master_bad_type_uid">Odstranjujem potrdilo ID-ja na slabi poziciji</string>
+  <string name="msg_kc_master_bad">Odstranjujem slabo potrdilo glavnega ključa</string>
+  <string name="msg_kc_master_local">Odstranjujem potrdilo glavnega ključa z oznako \"lokalno\"</string>
+  <string name="msg_kc_revoke_dup">Odstranjujem odvečno preklicno potrdilo zbirke ključev</string>
+  <string name="msg_kc_notation_dup">Odstranjujem odvečno potrdilo notacije</string>
+  <string name="msg_kc_notation_empty">Odstranjujem prazno potrdilo notacije</string>
   <string name="msg_kc_sub">Obdelujem podključ %s</string>
-  <string name="msg_kc_sub_bad">Umikam neveljaven certifikat za povezovanje podključev</string>
-  <string name="msg_kc_sub_bad_err">Umikam slab certifikat za povezovanje podključev</string>
-  <string name="msg_kc_sub_bad_time">Umikam certifikat za povezovanje podključev z časovno znamko v prihodnosti</string>
+  <string name="msg_kc_sub_bad">Umikam neveljavno potrdilo za povezovanje podključev</string>
+  <string name="msg_kc_sub_bad_err">Umikam slabo potrdilo za povezovanje podključev</string>
+  <string name="msg_kc_sub_bad_local">Odstranjujem povezano potrdilo podključa z oznako \'lokalno\'</string>
+  <string name="msg_kc_sub_bad_time">Umikam potrdilo za povezovanje podključev z časovno znamko v prihodnosti</string>
+  <string name="msg_kc_sub_bad_type">Neznano potrdilo podključa tipa %s</string>
+  <string name="msg_kc_sub_dup">Odstranjujem odvečno povezano potrdilo podključa</string>
+  <string name="msg_kc_sub_primary_bad">Zaradi neveljavnega primarnega povezanega potrdila odstranjujem povezano potrdilo podključa</string>
+  <string name="msg_kc_sub_primary_bad_err">Zaradi slabega glavnega povezanega potrdila odstranjujem povezano potrdilo podključa</string>
+  <string name="msg_kc_sub_primary_none">Zaradi manjkajočega primarnega povezanega potrdila odstranjujem povezano potrdilo podključa</string>
+  <string name="msg_kc_sub_no_cert">Najti ni nobenega veljavnega potrdila za %s. Odstranjujem iz zbirke.</string>
+  <string name="msg_kc_sub_revoke_bad_err">Odstranjujem slabo preklicno potrdilo podključa</string>
+  <string name="msg_kc_sub_revoke_bad">Odstranjujem slabo preklicno potrdilo podključa</string>
+  <string name="msg_kc_sub_revoke_dup">Odstranjujem odvečno preklicno potrdilo podključa</string>
+  <string name="msg_kc_sub_algo_bad_encrpyt">Podključ je označen za šifriranje, toda algoritem tega ne podpira.</string>
+  <string name="msg_kc_sub_algo_bad_sign">Podključ je označen za podpisovanje, toda algoritem tega ne podpira.</string>
+  <plurals name="msg_kc_success_bad">
+    <item quantity="one">Kanonizacija zbirke ključev uspešna. Odstranjeno je bilo eno napačno potrdilo.</item>
+    <item quantity="two">Kanonizacija zbirke ključev uspešna. Odstranjeni sta bili %d napačni potrdili.</item>
+    <item quantity="few">Kanonizacija zbirke ključev uspešna. Odstranjena so bila %d napačna potrdila.</item>
+    <item quantity="other">Kanonizacija zbirke ključev uspešna. Odstranjenih je bilo %d napačnih potrdil.</item>
+  </plurals>
+  <string name="msg_kc_success_bad_and_red">Kanonizacija zbirke ključev uspešna. Odstranjenih je bilo %1$s napačnih in %2$s odvečnih potrdil.</string>
+  <plurals name="msg_kc_success_redundant">
+    <item quantity="one">Kanonizacija zbirke ključev uspešna. Odstranjeno je bilo eno odvečno potrdilo.</item>
+    <item quantity="two">Kanonizacija zbirke ključev uspešna. Odstranjeni sta bili %d odvečni potrdili.</item>
+    <item quantity="few">Kanonizacija zbirke ključev uspešna. Odstranjena so bila %d odvečna potrdia.</item>
+    <item quantity="other">Kanonizacija zbirke ključev uspešna. Odstranjenih je bilo %d odvečnih potrdil.</item>
+  </plurals>
+  <string name="msg_kc_uid_bad_err">Odstranjujem slabo samo-potrdilo ID-ja \'%s\'</string>
+  <string name="msg_kc_uid_bad_local">Odstranjujem potrdilo ID-ja z oznako \'lokalno\'</string>
+  <string name="msg_kc_uid_bad_time">Odstranjujem ID z časovno oznako v prihodnosti</string>
+  <string name="msg_kc_uid_bad_type">Odstranjujem potrdilo ID-ja neznanega tipa (%s)</string>
+  <string name="msg_kc_uid_bad">Odstranujem slabo samo-potrdilo ID-ja \'%s\'</string>
+  <string name="msg_kc_uid_cert_dup">Odstranujem zastarelo samo-potrdilo ID-ja \'%s\'</string>
+  <string name="msg_kc_uid_foreign">Odstranjuejm potrdilo tujega ID-ja od \'%s\'</string>
+  <string name="msg_kc_uid_revoke_dup">Odstranjujem odvečno preklicno potrdilo ID-ja \'%s\'</string>
+  <string name="msg_kc_uid_revoke_old">Odstranjujem zastarelo preklicno potrdilo za ID %s\'</string>
+  <string name="msg_kc_uid_no_cert">Ne najdem veljavnega samo-potrdila za ID %s\'. Odstranjujem iz zbirke.</string>
+  <string name="msg_kc_uid_remove">Odstranjujem neveljaven ID \'%s\'</string>
+  <string name="msg_kc_uid_dup">Odstranjujem podvojeo identiteto %s\'. Ključ je vseboval dve. To lahko privede do manjkajočih potrdil!</string>
+  <string name="msg_kc_uid_warn_encoding">ID ni potrjen kot UTF-8!</string>
+  <string name="msg_kc_uat_bad_err">Odstranjujem slabo samo-potrdilo za povezanega uporabnika</string>
+  <string name="msg_kc_uat_bad_local">Odstranjujem potrdilo s strani uporabnika z oznako \'lokalno\'</string>
+  <string name="msg_kc_uat_bad_type">Odstranjujem potrdilo povezanega uporabnika neznanega tipa (%s)</string>
+  <string name="msg_kc_uat_bad">Odstranjujem slabo samo-potrdilo za povezanega uporabnika</string>
+  <string name="msg_kc_uat_cert_dup">Odstranjujem zastarelo samo-potrdilo za povezanega uporabnika</string>
+  <string name="msg_kc_uat_dup">Odstranjujem podvojenega povezanega uporabnika. Ključ je vseboval dva. To lahko privede do manjkajočih potrdil!</string>
+  <string name="msg_kc_uat_foreign">Odstranjujem potrdilo tujega povezanega uporabnika od</string>
+  <string name="msg_kc_uat_revoke_dup">Odstranjujem odvečno preklicno potrdilo za povezanega uporabnika</string>
+  <string name="msg_kc_uat_revoke_old">Odstranjujem zastarelo preklicno potrdilo za povezanega uporabnika</string>
+  <string name="msg_kc_uat_no_cert">Najdeno ni bilo nobeno veljavno samo-potrdilo povezanega uporabnika. Odstranjujem iz zbirke.</string>
+  <string name="msg_kc_uat_remove">Odstranjujem neveljavnega povezanega uporabnika</string>
+  <string name="msg_kc_uat_warn_encoding">ID ni potrjen kot UTF-8!</string>
   <!--Keyring merging log entries-->
+  <string name="msg_mg_found_new">Najdenih %s novih potrdil v zbirki ključev</string>
   <!--createSecretKeyRing-->
+  <string name="msg_cr_error_no_user_id">Zbirke ključev morajo biti ustvarjene z najmanj enim ID-jem!</string>
+  <string name="msg_cr_error_no_certify">Glavni ključ mora biti označen za potrjevanje!</string>
+  <string name="msg_cr_error_flags_dsa">Ključ vsebuje napačne oznake, DSA ne more biti uporabljen za šifriranje!</string>
+  <string name="msg_cr_error_flags_elgamal">Ključ vsebuje napačne oznake, ElGamal ne more biti uporabljen za podpisovanje!</string>
+  <string name="msg_cr_error_flags_ecdsa">Ključ vsebuje napačne oznake, ECDSA ne more biti uporabljen za šifriranje!</string>
+  <string name="msg_cr_error_flags_ecdh">Ključ vsebuje napačne oznake, ECDH ne more biti uporabljen za podpisovanje!</string>
   <!--modifySecretKeyRing-->
+  <string name="msg_mf_error_keyid">NI ID-ja ključa. To je interna napaka, prosimo prijavite hrošča!</string>
+  <string name="msg_mf_error_master_none">Najdeno ni bilo nobeno uporabno glavno potrdilo (so vsa odstranjena?)</string>
+  <string name="msg_mf_error_noexist_primary">Naveden je slab primarni ID!</string>
+  <string name="msg_mf_error_noexist_revoke">Naveden je slab ID za preklic!</string>
+  <string name="msg_mf_error_revoked_primary">Preklican ID ne more biti primaren!</string>
+  <string name="msg_mf_primary_replace_old">Menjavam potrdilo prejšnjega ID-ja</string>
+  <string name="msg_mf_primary_new">Ustvarjam novo potrdilo za nov primaren ID</string>
   <string name="msg_mf_subkey_new_id">Nov podključ z ID-jem: %s</string>
   <string name="msg_mf_subkey_revoke">Preklic podključa %s</string>
+  <string name="msg_mf_uid_add">Dodajam ID %s</string>
+  <string name="msg_mf_uid_primary">Menjam primarni ID za %s</string>
+  <string name="msg_mf_uid_revoke">Preklicujem ID %s</string>
+  <string name="msg_mf_uid_error_empty">ID ne more biti prazen!</string>
   <!--Consolidate-->
+  <string name="msg_con">Konsolidiram bazo podatkov</string>
   <string name="msg_con_db_clear">Čiščenje podatkovne baze</string>
   <!--Edit Key (higher level than modify)-->
   <!--Promote key-->
@@ -436,7 +855,15 @@
   <!--Messages for VerifySignedLiteralData operation-->
   <!--Messages for SignEncrypt operation-->
   <!--Messages for PgpSignEncrypt operation-->
+  <plurals name="msg_crt_certify_uids">
+    <item quantity="one">Potrjujem en ID za ključ %2$s</item>
+    <item quantity="two">Potrjujem %1$d ID-ja za ključ %2$s</item>
+    <item quantity="few">Potrjujem %1$d ID-je za ključ %2$s</item>
+    <item quantity="other">Potrjujem %1$d ID-jev za ključ %2$s</item>
+  </plurals>
+  <string name="msg_crt_error_self">Tak način izdajanja samo-potrdil ni mogoč!</string>
   <string name="msg_crt_warn_not_found">Ključ ni bil najden!</string>
+  <string name="msg_crt_warn_cert_failed">Generacija potrdila ni uspela!</string>
   <plurals name="error_import_non_pgp_part">
     <item quantity="one">Del naložene datoteke je veljavnen objekt OpenPGP a ni ključ.</item>
     <item quantity="two">Deli naložene datoteke so veljavni objekti OpenPGP a niso ključi.</item>
@@ -458,6 +885,7 @@
   <string name="label_user_id">Identiteta</string>
   <string name="unknown_uid">&lt;neznan&gt;</string>
   <string name="empty_certs">Ni potrdil za ta ključ</string>
+  <string name="certs_text">Tu so prikazana samo preverjena samo-potrdila in preverjena potrdila ustvarjena z vašimi ključi</string>
   <string name="label_revocation">Razlog za preklic</string>
   <string name="label_cert_type">Vrsta</string>
   <string name="error_key_not_found">Ključ ni bil najden!</string>
@@ -466,7 +894,7 @@
   <string name="key_divert">preusmeri na pametno kartico/NFC</string>
   <string name="key_no_passphrase">brez gesla</string>
   <string name="key_unavailable">ni na voljo</string>
-  <string name="title_view_cert">Preglej podrobosti certifikata</string>
+  <string name="title_view_cert">Preglej podrobosti potrdila</string>
   <string name="unknown_algorithm">neznan</string>
   <string name="can_sign_not">ne more podpisati</string>
   <string name="error_no_encrypt_subkey">Ni nobenega podključa za šifriranje!</string>
diff --git a/OpenKeychain/src/main/res/values-sv/strings.xml b/OpenKeychain/src/main/res/values-sv/strings.xml
index e17fcdddc..f73be4861 100644
--- a/OpenKeychain/src/main/res/values-sv/strings.xml
+++ b/OpenKeychain/src/main/res/values-sv/strings.xml
@@ -4,8 +4,6 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Välj nycklar</string>
-  <string name="title_select_secret_key">Välj din nyckel</string>
   <string name="title_encrypt_text">Kryptera</string>
   <string name="title_encrypt_files">Kryptera</string>
   <string name="title_decrypt">Dekryptera</string>
@@ -13,7 +11,6 @@
   <string name="title_add_subkey">Lägg till undernyckel</string>
   <string name="title_edit_key">Redigera nyckel</string>
   <string name="title_preferences">Inställningar</string>
-  <string name="title_cloud_search_preferences">Inställningar för molnsökning</string>
   <string name="title_api_registered_apps">Appar</string>
   <string name="title_key_server_preference">Nyckelservrar</string>
   <string name="title_change_passphrase">Ändra lösenordsfras</string>
@@ -24,7 +21,6 @@
   <string name="title_encrypt_to_file">Kryptera till fil</string>
   <string name="title_decrypt_to_file">Dekryptera till fil</string>
   <string name="title_import_keys">Importera nycklar</string>
-  <string name="title_add_keys">Lägg till nycklar</string>
   <string name="title_export_key">Exportera nyckel</string>
   <string name="title_export_keys">Exportera nycklar</string>
   <string name="title_key_not_found">Nyckel hittades inte</string>
@@ -33,10 +29,8 @@
   <string name="title_key_details">Nyckelinformation</string>
   <string name="title_help">Hjälp</string>
   <string name="title_log_display">Logg</string>
-  <string name="title_create_key">Skapa nyckel</string>
   <string name="title_exchange_keys">Utbyt nycklar</string>
   <string name="title_advanced_key_info">Avancerad nyckelinfo</string>
-  <string name="title_keys">Nycklar</string>
   <string name="title_delete_secret_key">Radera DIN nyckel \'%s\'?</string>
   <string name="title_export_log">Exportera logg</string>
   <!--section-->
@@ -46,27 +40,18 @@
   <string name="section_cloud_evidence">Bevis från molnet</string>
   <string name="section_keys">Undernycklar</string>
   <string name="section_cloud_search">Molnsökning</string>
-  <string name="section_general">Allmänt</string>
-  <string name="section_defaults">Förval</string>
-  <string name="section_advanced">Avancerat</string>
   <string name="section_passphrase_cache">Cache för lösenordsfras</string>
   <string name="section_certify">Bekräfta</string>
   <string name="section_actions">Åtgärder</string>
   <string name="section_share_key">Nyckel</string>
-  <string name="section_upload_key">Synkronisera nyckel</string>
   <string name="section_key_server">Nyckelserver</string>
   <string name="section_fingerprint">Fingeravtryck</string>
-  <string name="section_decrypt_files">Filer</string>
-  <string name="section_decrypt_text">Text</string>
-  <string name="section_certs">Certifikat</string>
   <string name="section_encrypt">Kryptera</string>
   <string name="section_decrypt">Dekryptera</string>
   <string name="section_current_expiry">Aktuellt utgångsdatum</string>
   <string name="section_new_expiry">Nytt utgångsdaum</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Dekryptera, verifiera och spara fil</string>
-  <string name="btn_decrypt_verify_message">Avkryptera och verifiera text</string>
-  <string name="btn_encrypt_file">Kryptera och spara fil</string>
   <string name="btn_encrypt_share_file">Kryptera och dela fil</string>
   <string name="btn_encrypt_save_file">Kryptera och spara fil</string>
   <string name="btn_save">Spara</string>
@@ -79,7 +64,6 @@
   <string name="btn_back">Föregående</string>
   <string name="btn_no">Nej</string>
   <string name="btn_match">Fingeravtrycken matchar</string>
-  <string name="btn_lookup_key">Sök efter nyckel</string>
   <string name="btn_share_encrypted_signed">Kryptera och dela text</string>
   <string name="btn_copy_encrypted_signed">Kryptera och kopiera text</string>
   <string name="btn_view_cert_key">Visa nyckel för certifiering</string>
@@ -97,15 +81,11 @@
   <string name="menu_help">Hjälp</string>
   <string name="menu_export_key">Exportera till fil</string>
   <string name="menu_delete_key">Radera nyckel</string>
-  <string name="menu_import_existing_key">Importera från fil</string>
   <string name="menu_search">Sök</string>
   <string name="menu_nfc_preferences">NFC-inställningar</string>
   <string name="menu_beam_preferences">Beam-inställningar</string>
-  <string name="menu_key_edit_cancel">Avbryt</string>
   <string name="menu_encrypt_to">Kryptera till…</string>
   <string name="menu_select_all">Markera alla</string>
-  <string name="menu_add_keys">Lägg till nycklar</string>
-  <string name="menu_search_cloud">Sök i molnet</string>
   <string name="menu_export_all_keys">Exportera alla nycklar</string>
   <string name="menu_advanced">Visa avancerad information</string>
   <string name="menu_certify_fingerprint">Bekräfta via fingeravtrycksjämförelse</string>
@@ -213,9 +193,6 @@
   <string name="encrypt_sign_clipboard_successful">Signerades och/eller krypterades till urklipp.</string>
   <string name="select_encryption_key">Välj åtminstone en krypteringsnyckel.</string>
   <string name="select_encryption_or_signature_key">Välj åtminstone en krypterings- eller signeringsnyckel.</string>
-  <string name="specify_file_to_encrypt_to">Ange vilken fil som du vill kryptera till.\nVARNING: Om filen redan finns kommer den att skrivas över.</string>
-  <string name="specify_file_to_decrypt_to">Ange vilken fil som du vill dekryptera till.\nVARNING: Om filen redan finns kommer den att skrivas över.</string>
-  <string name="specify_file_to_export_to">Ange vilken fil som du vill exportera till.\nVARNING: Om filen redan finns kommer den att skrivas över.</string>
   <string name="key_deletion_confirmation_multi">Vill du verkligen radera alla markerade nycklar?</string>
   <string name="secret_key_deletion_confirmation">Efter radering kommer du inte kunna läsa meddelande krypterade med den här nyckeln samt förlora alla nyckelbekräftningar som gjorts med den!</string>
   <string name="public_key_deletetion_confirmation">Radera nyckel \'%s\'?</string>
diff --git a/OpenKeychain/src/main/res/values-tr/strings.xml b/OpenKeychain/src/main/res/values-tr/strings.xml
index 2e55eb620..12115e93b 100644
--- a/OpenKeychain/src/main/res/values-tr/strings.xml
+++ b/OpenKeychain/src/main/res/values-tr/strings.xml
@@ -4,12 +4,9 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Anahtarları Seç</string>
-  <string name="title_select_secret_key">Anahtarını Seç</string>
   <string name="title_decrypt">Şifre çöz</string>
   <string name="title_add_subkey">Alt anahtar ekle</string>
   <string name="title_edit_key">Anahtarı düzenle</string>
-  <string name="title_cloud_search_preferences">Bulut Arama Seçenekleri</string>
   <string name="title_api_registered_apps">Uygulamalar</string>
   <string name="title_change_passphrase">Parolayı Değiştir</string>
   <string name="title_share_fingerprint_with">Parmak izini paylaş...</string>
@@ -18,7 +15,6 @@
   <string name="title_encrypt_to_file">Dosyaya Şifrele</string>
   <string name="title_decrypt_to_file">Dosyaya Çözümle</string>
   <string name="title_import_keys">Anahtarları Al</string>
-  <string name="title_add_keys">Anahtarlar Ekle</string>
   <string name="title_export_key">Anahtarı Ver</string>
   <string name="title_export_keys">Anahtarları Ver</string>
   <string name="title_key_not_found">Anahtar Bulunamadı</string>
@@ -26,28 +22,19 @@
   <string name="title_key_details">Anahtar Detayları</string>
   <string name="title_help">Yardım</string>
   <string name="title_log_display">Günlük</string>
-  <string name="title_create_key">Anahtar Oluştur</string>
   <string name="title_exchange_keys">Anahtarları Değiş Tokuş Et</string>
   <string name="title_advanced_key_info">Gelişmiş Anahtar Bilgisi</string>
   <!--section-->
   <string name="section_user_ids">Kimlikler</string>
   <string name="section_keys">Alt anahtarlar</string>
   <string name="section_cloud_search">Bulut araması</string>
-  <string name="section_general">Genel</string>
-  <string name="section_defaults">Varsayılanlar</string>
-  <string name="section_advanced">Gelişmiş</string>
   <string name="section_passphrase_cache">Parola Önbelleği</string>
   <string name="section_actions">Eylemler</string>
   <string name="section_share_key">Anahtar</string>
-  <string name="section_upload_key">Anahtarı Eşitle</string>
   <string name="section_key_server">Anahtar Sunucusu</string>
   <string name="section_fingerprint">Parmak izi</string>
-  <string name="section_decrypt_files">Dosyalar</string>
-  <string name="section_decrypt_text">Metin</string>
-  <string name="section_certs">Sertifikalar</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Şifreyi çöz, doğrula ve dosyayı kaydet</string>
-  <string name="btn_encrypt_file">Şifrele ve dosyayı kaydet</string>
   <string name="btn_encrypt_share_file">Şifrele ve dosyayı paylaş</string>
   <string name="btn_save">Kaydet</string>
   <string name="btn_do_not_save">İptal</string>
@@ -57,7 +44,6 @@
   <string name="btn_export_to_server">Anahtar Sunucusuna Yükle</string>
   <string name="btn_next">İleri</string>
   <string name="btn_back">Geri</string>
-  <string name="btn_lookup_key">Anahtarı ara</string>
   <string name="btn_view_cert_key">Tasdikleme anahtarını görüntüle</string>
   <string name="btn_create_key">Anahtar oluştur</string>
   <string name="btn_add_files">Dosya(lar) ekle</string>
@@ -69,13 +55,10 @@
   <string name="menu_help">Yardım</string>
   <string name="menu_export_key">Dosyaya ver</string>
   <string name="menu_delete_key">Anahtar sil</string>
-  <string name="menu_import_existing_key">Dosyadan al</string>
   <string name="menu_search">Ara</string>
   <string name="menu_beam_preferences">NFC ayarları</string>
-  <string name="menu_key_edit_cancel">İptal</string>
   <string name="menu_encrypt_to">Şuna şifrele...</string>
   <string name="menu_select_all">Hepsini seç</string>
-  <string name="menu_add_keys">Anahtar ekle</string>
   <string name="menu_export_all_keys">Tüm anahtarları ver</string>
   <string name="menu_advanced">Gelişmiş bilgiyi göster</string>
   <!--label-->
@@ -170,9 +153,6 @@
   <string name="encrypt_sign_clipboard_successful">Kopyalama önbelleğine başarıyla imzalandı ve/veya şifrelendi.</string>
   <string name="select_encryption_key">En az bir şifreleme anahtarı seçiniz.</string>
   <string name="select_encryption_or_signature_key">En az bir şifreleme anahtarı veya imza anahtarı seçiniz.</string>
-  <string name="specify_file_to_encrypt_to">Lütfen şifreleme sonucu hangi dosyanın oluşturulması gerektiğini belirtin.\nUYARI: Eğer dosya mevcutsa üzerine yazılacaktır.</string>
-  <string name="specify_file_to_decrypt_to">Lütfen şifre çözme sonucu hangi dosyanın oluşturulması gerektiğini belirtin.\nUYARI: Eğer dosya mevcutsa üzerine yazılacaktır.</string>
-  <string name="specify_file_to_export_to">Lütfen dışa aktarım için hangi dosyanın kullanılması gerektiğini belirtin.\nUYARI: Eğer dosya mevcutsa üzerine yazılacaktır.</string>
   <string name="also_export_secret_keys">Özel anahtarları da dışa aktar</string>
   <string name="reinstall_openkeychain">Android için bilinen bir hataya denk geldiniz. Eğer kişilerinizi anahtarlarla eşlemek istiyorsanız, lütfen OpenKeychain uygulamasını yeniden yükleyin.</string>
   <string name="key_exported">1 anahtar başarıyla dışa aktarıldı.</string>
diff --git a/OpenKeychain/src/main/res/values-uk/strings.xml b/OpenKeychain/src/main/res/values-uk/strings.xml
index ecd5592be..58272c597 100644
--- a/OpenKeychain/src/main/res/values-uk/strings.xml
+++ b/OpenKeychain/src/main/res/values-uk/strings.xml
@@ -4,12 +4,9 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">Вибрати ключі</string>
-  <string name="title_select_secret_key">Виберіть ваш ключ</string>
   <string name="title_decrypt">Розшифрувати</string>
   <string name="title_add_subkey">Додати підключ</string>
   <string name="title_edit_key">Редагувати ключ</string>
-  <string name="title_cloud_search_preferences">Налаштування хмарного пошуку</string>
   <string name="title_api_registered_apps">Програми</string>
   <string name="title_change_passphrase">Змінити парольну фразу</string>
   <string name="title_share_fingerprint_with">Поділитися відбитком із…</string>
@@ -18,7 +15,6 @@
   <string name="title_encrypt_to_file">Зашифрувати до файлу</string>
   <string name="title_decrypt_to_file">Розшифрувати до файлу</string>
   <string name="title_import_keys">Імпортувати ключі</string>
-  <string name="title_add_keys">Додати ключі</string>
   <string name="title_export_key">Експортувати ключ</string>
   <string name="title_export_keys">Експортувати ключі</string>
   <string name="title_key_not_found">Ключ не знайдено</string>
@@ -26,28 +22,19 @@
   <string name="title_key_details">Подробиці про ключ</string>
   <string name="title_help">Довідка</string>
   <string name="title_log_display">Журнал</string>
-  <string name="title_create_key">Створити ключ</string>
   <string name="title_exchange_keys">Обміняти ключі</string>
   <string name="title_advanced_key_info">Додаткова інформація про ключ</string>
   <!--section-->
   <string name="section_user_ids">Сутності</string>
   <string name="section_keys">Підключі</string>
   <string name="section_cloud_search">Хмарний пошук</string>
-  <string name="section_general">Загальне</string>
-  <string name="section_defaults">Типове</string>
-  <string name="section_advanced">Додаткове</string>
   <string name="section_passphrase_cache">Кеш парольної фрази</string>
   <string name="section_actions">Дії</string>
   <string name="section_share_key">Ключ</string>
-  <string name="section_upload_key">Синхронізувати ключ</string>
   <string name="section_key_server">Сервер ключів</string>
   <string name="section_fingerprint">Відбиток</string>
-  <string name="section_decrypt_files">Файли</string>
-  <string name="section_decrypt_text">Текст</string>
-  <string name="section_certs">Сертифікати</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">Розшифрувати, перевірити та зберегти файл</string>
-  <string name="btn_encrypt_file">Шифрувати і зберегти файл</string>
   <string name="btn_encrypt_share_file">Зашифрувати та поширити файл</string>
   <string name="btn_save">Зберегти</string>
   <string name="btn_do_not_save">Скасувати</string>
@@ -57,7 +44,6 @@
   <string name="btn_export_to_server">Завантажити на сервер ключів</string>
   <string name="btn_next">Далі</string>
   <string name="btn_back">Назад</string>
-  <string name="btn_lookup_key">Шукати ключ</string>
   <string name="btn_view_cert_key">Переглянути ключ сертифікації</string>
   <string name="btn_create_key">Створити ключ</string>
   <string name="btn_add_files">Додати файл(и)</string>
@@ -69,13 +55,10 @@
   <string name="menu_help">Довідка</string>
   <string name="menu_export_key">Експорт до файлу</string>
   <string name="menu_delete_key">Вилучити ключ</string>
-  <string name="menu_import_existing_key">Імпорт з файлу</string>
   <string name="menu_search">Пошук</string>
   <string name="menu_beam_preferences">Налаштування променя</string>
-  <string name="menu_key_edit_cancel">Скасувати</string>
   <string name="menu_encrypt_to">Зашифрувати…</string>
   <string name="menu_select_all">Вибрати усе</string>
-  <string name="menu_add_keys">Додати ключі</string>
   <string name="menu_export_all_keys">Експортувати усі ключі</string>
   <string name="menu_advanced">Показати додаткову інформацію</string>
   <!--label-->
@@ -171,9 +154,6 @@
   <string name="encrypt_sign_clipboard_successful">Успішно підписано та/або зашифровано до буфера обміну.</string>
   <string name="select_encryption_key">Виберіть принаймні один ключ шифрування.</string>
   <string name="select_encryption_or_signature_key">Виберіть принаймні один ключ шифрування або ключ підпису.</string>
-  <string name="specify_file_to_encrypt_to">Будь ласка, виберіть файл для шифрування.\nУВАГА! Якщо файл існує, то він буде переписаний.</string>
-  <string name="specify_file_to_decrypt_to">Будь ласка, виберіть файл для розшифрування.\nУВАГА! Якщо файл існує, то він буде переписаний.</string>
-  <string name="specify_file_to_export_to">Будь ласка, виберіть файл для експорту.\nУВАГА! Якщо файл існує, то він буде переписаний.</string>
   <string name="also_export_secret_keys">Також експортувати секретні ключі</string>
   <string name="key_exported">Успішно експортовано 1 ключ.</string>
   <string name="keys_exported">Успішно експортовано %d ключів.</string>
diff --git a/OpenKeychain/src/main/res/values-zh-rTW/strings.xml b/OpenKeychain/src/main/res/values-zh-rTW/strings.xml
index a6fd905e1..ffe2d0aae 100644
--- a/OpenKeychain/src/main/res/values-zh-rTW/strings.xml
+++ b/OpenKeychain/src/main/res/values-zh-rTW/strings.xml
@@ -4,47 +4,53 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">選擇金鑰</string>
-  <string name="title_select_secret_key">選擇私鑰</string>
+  <string name="title_encrypt_text">加密</string>
+  <string name="title_encrypt_files">加密</string>
   <string name="title_decrypt">解密</string>
+  <string name="title_unlock">解鎖金鑰</string>
   <string name="title_add_subkey">新增子金鑰</string>
   <string name="title_edit_key">編輯金鑰</string>
-  <string name="title_cloud_search_preferences">雲端查詢設定</string>
+  <string name="title_preferences">設定</string>
   <string name="title_api_registered_apps">應用程式</string>
+  <string name="title_key_server_preference">金鑰伺服器</string>
   <string name="title_change_passphrase">變更口令</string>
   <string name="title_share_fingerprint_with">分享指紋…</string>
   <string name="title_share_key">分享金鑰…</string>
   <string name="title_share_file">分享檔案…</string>
+  <string name="title_share_message">分享文字...</string>
   <string name="title_encrypt_to_file">加密到檔案</string>
   <string name="title_decrypt_to_file">解密到檔案</string>
   <string name="title_import_keys">匯入金鑰</string>
-  <string name="title_add_keys">新增金鑰</string>
   <string name="title_export_key">匯出金鑰</string>
   <string name="title_export_keys">匯出所有金鑰</string>
   <string name="title_key_not_found">找不到金鑰</string>
   <string name="title_send_key">上傳到金鑰伺服器</string>
+  <string name="title_certify_key">確認金鑰</string>
   <string name="title_key_details">金鑰內容</string>
   <string name="title_help">說明</string>
   <string name="title_log_display">紀錄</string>
-  <string name="title_create_key">建立金鑰</string>
   <string name="title_exchange_keys">交換金鑰</string>
   <string name="title_advanced_key_info">進階資訊</string>
+  <string name="title_delete_secret_key">刪除您的金鑰 \'%s\'？</string>
+  <string name="title_export_log">匯出記錄</string>
+  <string name="title_manage_my_keys">管理我的金鑰</string>
   <!--section-->
   <string name="section_user_ids">身份</string>
+  <string name="section_should_you_trust">您信任這把金鑰嗎？</string>
   <string name="section_keys">子金鑰</string>
   <string name="section_cloud_search">雲端查詢</string>
-  <string name="section_general">一般</string>
-  <string name="section_defaults">預設</string>
-  <string name="section_advanced">進階</string>
   <string name="section_passphrase_cache">口令快取</string>
+  <string name="section_certify">確認</string>
+  <string name="section_actions">操作</string>
+  <string name="section_share_key">金鑰</string>
   <string name="section_key_server">金鑰伺服器</string>
   <string name="section_fingerprint">指紋</string>
-  <string name="section_decrypt_files">檔案</string>
-  <string name="section_decrypt_text">文字</string>
+  <string name="section_encrypt">加密</string>
+  <string name="section_decrypt">解密</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">解密並驗證檔案</string>
-  <string name="btn_encrypt_file">加密檔案</string>
   <string name="btn_encrypt_share_file">加密並分享檔案</string>
+  <string name="btn_encrypt_save_file">加密並儲存檔案</string>
   <string name="btn_save">儲存</string>
   <string name="btn_do_not_save">取消</string>
   <string name="btn_delete">刪除</string>
@@ -53,42 +59,61 @@
   <string name="btn_export_to_server">上傳到金鑰伺服器</string>
   <string name="btn_next">下一步</string>
   <string name="btn_back">返回</string>
-  <string name="btn_lookup_key">尋找金鑰</string>
+  <string name="btn_no">不</string>
+  <string name="btn_match">指紋符合</string>
+  <string name="btn_share_encrypted_signed">加密並分享文字</string>
+  <string name="btn_copy_encrypted_signed">加密並複製文字</string>
   <string name="btn_view_cert_key">檢視簽署的金鑰</string>
   <string name="btn_create_key">建立金鑰</string>
   <string name="btn_add_files">加入檔案</string>
   <string name="btn_add_share_decrypted_text">解密並分享訊息</string>
+  <string name="btn_decrypt_clipboard">解密剪貼簿裏的文字</string>
   <string name="btn_decrypt_and_verify">並且驗證簽名</string>
   <string name="btn_decrypt_files">解密檔案</string>
+  <string name="btn_encrypt_files">加密檔案</string>
+  <string name="btn_encrypt_text">加密文字</string>
+  <string name="btn_add_email">增加額外的電子郵件信箱</string>
   <!--menu-->
   <string name="menu_preferences">設定</string>
   <string name="menu_help">說明</string>
   <string name="menu_export_key">匯出到檔案</string>
   <string name="menu_delete_key">刪除金鑰</string>
-  <string name="menu_import_existing_key">從檔案匯入</string>
+  <string name="menu_manage_keys">管理我的金鑰</string>
   <string name="menu_search">搜尋</string>
+  <string name="menu_nfc_preferences">NFC 設定</string>
   <string name="menu_beam_preferences">Beam 設定</string>
-  <string name="menu_key_edit_cancel">取消</string>
+  <string name="menu_encrypt_to">加密到...</string>
   <string name="menu_select_all">全選</string>
-  <string name="menu_add_keys">加入金鑰</string>
   <string name="menu_export_all_keys">匯出所有金鑰</string>
+  <string name="menu_update_all_keys">上傳所有金鑰</string>
   <string name="menu_advanced">顯示進階資訊</string>
+  <string name="menu_certify_fingerprint">藉由指紋比對來認證</string>
+  <string name="menu_export_log">匯出記錄</string>
   <!--label-->
+  <string name="label_message">文字</string>
   <string name="label_file">檔案</string>
   <string name="label_files">檔案</string>
+  <string name="label_file_colon">檔案：</string>
   <string name="label_no_passphrase">沒有口令</string>
   <string name="label_passphrase">口令</string>
+  <string name="label_unlock">解鎖中...</string>
   <string name="label_passphrase_again">再次輸入口令</string>
+  <string name="label_show_passphrase">顯示口令</string>
   <string name="label_algorithm">演算法</string>
   <string name="label_write_version_header">讓別人知道我在使用OpenKeychain</string>
   <string name="label_write_version_header_summary">在簽名、密文與匯出的金鑰裡寫入\'OpenKeychain v2.7\'</string>
+  <string name="label_use_default_yubikey_pin">使用預設的 Yubikey PIN</string>
+  <string name="label_use_num_keypad_for_yubikey_pin">輸入 YubiKey PIN 時使用數字鍵盤</string>
+  <string name="label_label_use_default_yubikey_pin_summary">使用預設的 PIN (123456) 來使用 NFC 存取 Yubikeys</string>
   <string name="label_asymmetric_from">簽名自:</string>
   <string name="label_to">加密給:</string>
+  <string name="label_delete_after_encryption">加密後刪除檔案</string>
   <string name="label_delete_after_decryption">解密後刪除檔案</string>
   <string name="label_encryption_algorithm">加密演算法</string>
   <string name="label_hash_algorithm">雜湊演算法</string>
   <string name="label_symmetric">使用口令加密</string>
   <string name="label_passphrase_cache_ttl">快取時間</string>
+  <string name="label_message_compression">文字壓縮</string>
   <string name="label_file_compression">檔案壓縮</string>
   <string name="label_keyservers">金鑰伺服器</string>
   <string name="label_key_id">金鑰ID</string>
@@ -100,12 +125,30 @@
   <string name="label_main_user_id">主身份</string>
   <string name="label_name">名字</string>
   <string name="label_comment">註記</string>
-  <string name="label_email">Email</string>
+  <string name="label_email">電子郵件</string>
   <string name="label_send_key">與雲端同步</string>
   <string name="label_fingerprint">指紋</string>
   <string name="expiry_date_dialog_title">設定效期</string>
+  <string name="label_first_keyserver_is_used">(先列出的金鑰伺服器爲優先)</string>
+  <string name="label_preferred">優先</string>
+  <string name="label_enable_compression">啓用壓縮</string>
+  <string name="label_encrypt_filenames">加密檔名</string>
+  <string name="label_hidden_recipients">隱藏收件人</string>
+  <string name="pref_keyserver">搜尋金鑰伺服器</string>
+  <string name="pref_keyserver_summary">搜尋 HKP 金鑰伺服器</string>
+  <string name="pref_keybase">搜尋 Keybase.io</string>
+  <string name="pref_keybase_summary">搜尋 Keybase.io 索引</string>
+  <string name="user_id_no_name">&lt;無名&gt;</string>
+  <string name="none">&lt;無&gt;</string>
+  <plurals name="n_keys">
+    <item quantity="other">%d 金鑰</item>
+  </plurals>
+  <plurals name="n_keyservers">
+    <item quantity="other">%d 金鑰伺服器</item>
+  </plurals>
   <string name="secret_key">密鑰:</string>
   <!--choice-->
+  <string name="choice_none">無</string>
   <string name="choice_15secs">15秒</string>
   <string name="choice_1min">1分鐘</string>
   <string name="choice_3mins">3分鐘</string>
@@ -137,58 +180,93 @@
   <string name="passphrases_do_not_match">口令不相符。</string>
   <string name="passphrase_must_not_be_empty">請輸入口令。</string>
   <string name="passphrase_for_symmetric_encryption">對稱加密。</string>
+  <string name="passphrase_for">輸入 \'%s\' 的口令</string>
+  <string name="pin_for">輸入 \'%s\' 的 PIN</string>
+  <string name="yubikey_pin_for">輸入 PIN 來存取 \'%s\' 的 YubiKey</string>
+  <string name="file_delete_confirmation_title">刪除原始檔案？</string>
+  <string name="file_delete_confirmation">下列的檔案將會被刪除：%s</string>
+  <string name="file_delete_successful">%1$d 之 %2$d 的檔案已經被刪除。%3$s</string>
   <string name="no_file_selected">請先選擇檔案。</string>
   <string name="encrypt_sign_successful">成功簽名並/或加密。</string>
   <string name="encrypt_sign_clipboard_successful">成功簽名並/或加密到剪貼簿。</string>
   <string name="select_encryption_key">選擇至少一把加密金鑰。</string>
   <string name="select_encryption_or_signature_key">選擇至少一把加密或簽名金鑰。</string>
-  <string name="specify_file_to_encrypt_to">請選擇要將檔案加密到哪。\n警告：已經存在的檔案將被覆蓋。</string>
-  <string name="specify_file_to_decrypt_to">請選擇要將檔案解密到哪。\n警告：已經存在的檔案將被覆蓋。</string>
-  <string name="specify_file_to_export_to">請選擇要將檔案匯出到哪。\n警告：已經存在的檔案將被覆蓋。</string>
+  <string name="specify_file_to_encrypt_to">請指定欲加密的檔案。\n警告：已經存在的檔案將被覆蓋。</string>
+  <string name="specify_file_to_decrypt_to">請指定欲解密的檔案。\n警告：已經存在的檔案將被覆蓋。</string>
+  <string name="specify_file_to_export_to">請指定欲輸出的檔案。\n警告：已經存在的檔案將被覆蓋。</string>
+  <string name="key_deletion_confirmation_multi">您真的想要刪除所有已選金鑰嗎？</string>
+  <string name="secret_key_deletion_confirmation">刪除之後您將無法閱讀以這把金鑰加密的訊息，而且所有用這把金鑰做的認證都會失效！</string>
+  <string name="public_key_deletetion_confirmation">刪除金鑰 \'%s\' ?</string>
   <string name="also_export_secret_keys">一併匯出私鑰</string>
+  <string name="reinstall_openkeychain">您遇到了一個已知的 Android 錯誤。如果您想要鏈接聯絡人和金鑰，請重新安裝 OpenKeychain。</string>
   <string name="key_exported">成功匯出 1 把金鑰。</string>
   <string name="keys_exported">成功匯出 %d 把金鑰。</string>
+  <string name="no_keys_exported">沒有金鑰被匯出。</string>
+  <string name="key_creation_el_gamal_info">注意：只有子金鑰支援 ElGamal。</string>
+  <string name="key_not_found">無法找到金鑰 %08X。</string>
+  <string name="specify_file_to_export_log_to">請指定欲匯出的檔案。\n警告：已經存在的檔案將被覆蓋。</string>
+  <plurals name="bad_keys_encountered">
+    <item quantity="other">%d 忽略不良的密鑰。或許您在輸出時使用\n --export-secret-subkeys 選項\n 請確認您使用\n --export-secret-keys\n 作爲選項。\"</item>
+  </plurals>
+  <string name="list_empty">這個清單是空的 !</string>
   <string name="nfc_successful">NFC Beam發送金鑰成功!</string>
   <string name="key_copied_to_clipboard">金鑰已複製到剪貼簿!</string>
   <string name="fingerprint_copied_to_clipboard">指紋已複製到剪貼簿!</string>
+  <string name="select_key_to_certify">請選擇一把金鑰來做認證 !</string>
   <string name="key_too_big_for_sharing">金鑰太大無法使用此方式分享!</string>
   <string name="text_copied_to_clipboard">文字已複製到剪貼簿!</string>
   <!--errors
          no punctuation, all lowercase,
          they will be put after "error_message", e.g. "Error: file not found"-->
+  <string name="error_file_delete_failed">尚未被刪除。請手動刪除他們 !</string>
+  <string name="error_file_added_already">%s 已經加入。</string>
   <string name="error_file_not_found">找不到檔案</string>
   <string name="error_no_secret_key_found">沒有適合的私鑰</string>
   <string name="error_external_storage_not_ready">外部儲存空間尚未就緒</string>
   <string name="error_key_size_minimum512bit">金鑰長度必須大於512位元</string>
+  <string name="error_unknown_algorithm_choice">不明的演算法選擇</string>
   <string name="error_user_id_no_email">沒有找到電子郵件</string>
   <string name="error_key_needs_a_user_id">需要至少一個身分識別</string>
   <string name="error_no_signature_passphrase">沒有提供口令</string>
   <string name="error_no_signature_key">找不到簽名金鑰</string>
+  <string name="error_invalid_data">沒有有效的 OpenPGP 加密或簽署內容 !</string>
   <string name="error_integrity_check_failed">完整性檢查失敗！資料已被修改！</string>
   <string name="error_wrong_passphrase">口令錯誤</string>
   <string name="error_could_not_extract_private_key">無法抽取私鑰</string>
   <!--errors without preceeding Error:-->
   <string name="error_jelly_bean_needed">需要Android 4.1以上才能使用NFC Beam功能！</string>
+  <string name="error_nfc_needed">NFC 必須開啓 !</string>
+  <string name="error_beam_needed">Bean 必須開啓 !</string>
   <string name="error_nothing_import">找不到金鑰！</string>
+  <string name="error_contacts_key_id_missing">從聯絡人取回金鑰 ID 失敗 !</string>
+  <string name="error_generic_report_bug">發生錯誤，請建立一個新的錯誤回報給 OpenKeychain。</string>
   <!--results shown after decryption/verification-->
   <string name="decrypt_result_no_signature">尚未簽名</string>
   <string name="decrypt_result_invalid_signature">無效的簽章!</string>
+  <string name="decrypt_result_signature_uncertified">簽署自 (未認證 !)</string>
+  <string name="decrypt_result_signature_certified">簽署自</string>
   <string name="decrypt_result_signature_expired_key">金鑰已過期！</string>
   <string name="decrypt_result_signature_revoked_key">金鑰已被撤銷！</string>
   <string name="decrypt_result_signature_missing_key">未知的公鑰</string>
   <string name="decrypt_result_encrypted">已加密</string>
   <string name="decrypt_result_not_encrypted">未加密</string>
+  <string name="decrypt_result_action_show">顯示</string>
+  <string name="decrypt_result_action_Lookup">查詢</string>
   <string name="decrypt_invalid_text">簽名無效或是金鑰已經過期/被撤銷，無法確認訊息內容的作者。是否繼續顯示？</string>
   <string name="decrypt_invalid_button">我明白這樣做的風險，顯示它！</string>
   <!--Add keys-->
+  <string name="add_keys_my_key">我的金鑰：</string>
   <!--progress dialogs, usually ending in '…'-->
   <string name="progress_done">完成。</string>
   <string name="progress_cancel">取消</string>
   <string name="progress_cancelling">正在取消…</string>
   <string name="progress_saving">正在儲存…</string>
   <string name="progress_importing">匯入中…</string>
+  <string name="progress_updating">正在更新金鑰...</string>
   <string name="progress_exporting">匯出中…</string>
   <string name="progress_uploading">正在上傳…</string>
+  <string name="progress_building_key">正在建立金鑰...</string>
+  <string name="progress_building_master_key">正在建立主環...</string>
   <string name="progress_generating_rsa">正在產生新的RSA金鑰…</string>
   <string name="progress_generating_dsa">正在產生新的DSA金鑰…</string>
   <string name="progress_generating_elgamal">正在產生新的ElGamal金鑰…</string>
@@ -197,10 +275,12 @@
   <string name="progress_modify">正在變更鑰匙圈…</string>
   <string name="progress_modify_unlock">正在解鎖鑰匙圈…</string>
   <string name="progress_modify_adduid">正在新增使用者身份…</string>
+  <string name="progress_modify_adduat">正在增加使用者屬性...</string>
   <string name="progress_modify_revokeuid">正在撤銷使用者身份…</string>
   <string name="progress_modify_primaryuid">正在變更主要使用者身份…</string>
   <string name="progress_modify_subkeychange">正在變更子金鑰…</string>
   <string name="progress_modify_subkeyrevoke">正在撤銷子金鑰…</string>
+  <string name="progress_modify_subkeystrip">正在卸下子金鑰...</string>
   <string name="progress_modify_subkeyadd">正在新增子金鑰…</string>
   <string name="progress_modify_passphrase">正在變更口令…</string>
   <plurals name="progress_exporting_key">
@@ -221,8 +301,10 @@
   <string name="progress_finding_key">正在尋找金鑰…</string>
   <string name="progress_decompressing_data">正在解壓縮…</string>
   <string name="progress_verifying_integrity">正在驗證完整性…</string>
+  <string name="progress_deleting_securely">正在安全地刪除 \'%s\'...</string>
   <string name="progress_deleting">正在刪除金鑰…</string>
   <!--action strings-->
+  <string name="hint_cloud_search_hint">使用姓名，電子郵件尋找...</string>
   <!--key bit length selections-->
   <string name="key_size_512">512</string>
   <string name="key_size_768">768</string>
@@ -233,6 +315,9 @@
   <string name="key_size_4096">4096</string>
   <string name="key_size_8192">8192</string>
   <string name="key_size_custom">自訂金鑰長度</string>
+  <string name="key_size_custom_info">輸入自定金鑰長度 (位元數)：</string>
+  <string name="key_size_custom_info_rsa">RSA 金鑰長度必須要大於 1024 最多 16384。且必須爲 8 的倍數。</string>
+  <string name="key_size_custom_info_dsa">DSA 金鑰長度必須要大於 512 最多 1024。且必須爲 64 的倍數。</string>
   <!--elliptic curve names-->
   <string name="key_curve_nist_p256">NIST P-256</string>
   <string name="key_curve_nist_p384">NIST P-384</string>
@@ -247,6 +332,7 @@
   <!--Help-->
   <string name="help_tab_start">快速上手</string>
   <string name="help_tab_faq">常見問題</string>
+  <string name="help_tab_wot">金鑰認證</string>
   <string name="help_tab_nfc_beam">NFC Beam</string>
   <string name="help_tab_changelog">更新紀錄</string>
   <string name="help_tab_about">關於</string>
@@ -257,8 +343,14 @@
   <string name="import_tab_direct">檔案/剪貼簿</string>
   <string name="import_tab_qr_code">二維條碼/NFC</string>
   <string name="import_import">匯入選擇的金鑰</string>
+  <string name="import_qr_code_wrong">QR Code 異常 ! 請再試一次 !</string>
+  <string name="import_qr_code_too_short_fingerprint">指紋過短 (&lt; 16 個字元)</string>
   <string name="import_qr_code_button">掃描二維條碼</string>
+  <string name="import_qr_code_text">將您的相機對準 QR Code !</string>
   <!--Generic result toast-->
+  <string name="view_log">詳細</string>
+  <string name="with_warnings">，包含警告</string>
+  <string name="with_cancelled">，直到被取消</string>
   <!--Import result toast-->
   <plurals name="import_keys_added_and_updated_1">
     <item quantity="other">成功匯入%1$d金鑰</item>
@@ -272,12 +364,39 @@
   <plurals name="import_keys_updated">
     <item quantity="other">成功更新%1$d金鑰%2$s。</item>
   </plurals>
+  <plurals name="import_keys_with_errors">
+    <item quantity="other">匯入 %d 金鑰失敗 !</item>
+  </plurals>
+  <plurals name="import_error">
+    <item quantity="other">匯入 %d 金鑰失敗 !</item>
+  </plurals>
   <string name="import_error_nothing">沒有東西可以匯入。</string>
   <string name="import_error_nothing_cancelled">匯入已取消。</string>
   <!--Delete result toast-->
+  <plurals name="delete_ok_but_fail_1">
+    <item quantity="other">成功刪除 %1$d 金鑰</item>
+  </plurals>
+  <plurals name="delete_ok_but_fail_2">
+    <item quantity="other">，但刪除 %1$d 金鑰%2$s 失敗。</item>
+  </plurals>
+  <plurals name="delete_ok">
+    <item quantity="other">成功刪除 %1$d 金鑰%2$s。</item>
+  </plurals>
+  <plurals name="delete_fail">
+    <item quantity="other">錯誤刪除 %1$d 金鑰。</item>
+  </plurals>
   <string name="delete_nothing">沒有東西可以刪除。</string>
   <string name="delete_cancelled">刪除已取消。</string>
   <!--Certify result toast-->
+  <plurals name="certify_keys_ok">
+    <item quantity="other">成功認證 %1$d 金鑰%2$s。</item>
+  </plurals>
+  <plurals name="certify_keys_with_errors">
+    <item quantity="other">認證 %d 金鑰失敗 !</item>
+  </plurals>
+  <plurals name="certify_error">
+    <item quantity="other">認證 %d 金鑰失敗 !</item>
+  </plurals>
   <!--Intent labels-->
   <string name="intent_decrypt_file">使用OpenKeychain解密檔案</string>
   <string name="intent_import_key">匯入金鑰至OpenKeychain</string>
@@ -290,12 +409,15 @@
   <string name="api_settings_hide_advanced">隱藏進階設定</string>
   <string name="api_settings_no_key">沒有選擇金鑰</string>
   <string name="api_settings_select_key">選擇金鑰</string>
+  <string name="api_settings_create_key">建立新金鑰</string>
   <string name="api_settings_save">儲存</string>
   <string name="api_settings_save_msg">帳戶已儲存</string>
   <string name="api_settings_cancel">取消</string>
   <string name="api_settings_revoke">撤銷存取</string>
   <string name="api_settings_start">開啟應用程式</string>
   <string name="api_settings_delete_account">移除帳戶</string>
+  <string name="api_settings_package_name">打包名稱</string>
+  <string name="api_settings_package_signature">SHA-256 所打包的簽章</string>
   <string name="api_settings_settings">設定</string>
   <string name="api_settings_key">帳戶金鑰：</string>
   <string name="api_settings_accounts_empty">沒有帳戶被指派給這個應用程式。</string>
@@ -421,5 +543,15 @@
   <!--Passphrase wizard-->
   <!--TODO: rename all the things!-->
   <!--<string name="enter_passphrase_twice">Enter passphrase twice</string>-->
+  <string name="passphrase_again">再一次</string>
+  <string name="unlock_method">解鎖方法</string>
+  <string name="set_passphrase">設定口令</string>
+  <string name="nfc_title">NFC</string>
   <!--<string name="nfc_text">Please place a NFC tag near your device</string>-->
+  <string name="nfc_wrong_tag">錯誤的標籤。請再試一次。</string>
+  <string name="enable_nfc">請在您的設定中啓用 NFC</string>
+  <string name="no_nfc_support">該裝置不支援 NFC</string>
+  <string name="nfc_write_succesful">成功寫入 NFC 標籤</string>
+  <string name="unlocked">解鎖</string>
+  <string name="nfc_settings">設定</string>
 </resources>
diff --git a/OpenKeychain/src/main/res/values-zh/strings.xml b/OpenKeychain/src/main/res/values-zh/strings.xml
index 86059840a..f43cb3ebd 100644
--- a/OpenKeychain/src/main/res/values-zh/strings.xml
+++ b/OpenKeychain/src/main/res/values-zh/strings.xml
@@ -4,13 +4,10 @@
     http://developer.android.com/guide/topics/resources/string-resource.html (scroll down to "Escaping apostrophes and quotes").-->
   <string name="app_name">OpenKeychain</string>
   <!--title-->
-  <string name="title_select_recipients">选择密钥</string>
-  <string name="title_select_secret_key">选择私钥</string>
   <string name="title_decrypt">解密</string>
   <string name="title_add_subkey">添加子密钥</string>
   <string name="title_edit_key">编辑密钥</string>
   <string name="title_preferences">设置</string>
-  <string name="title_cloud_search_preferences">云搜索设置</string>
   <string name="title_api_registered_apps">已注册应用</string>
   <string name="title_key_server_preference">密钥服务器</string>
   <string name="title_change_passphrase">变更密码</string>
@@ -21,7 +18,6 @@
   <string name="title_encrypt_to_file">加密至文件</string>
   <string name="title_decrypt_to_file">解密至文件</string>
   <string name="title_import_keys">导入密钥</string>
-  <string name="title_add_keys">添加密钥</string>
   <string name="title_export_key">导出密钥</string>
   <string name="title_export_keys">导出密钥</string>
   <string name="title_key_not_found">无法找到密钥</string>
@@ -30,27 +26,19 @@
   <string name="title_key_details">密钥详情</string>
   <string name="title_help">帮助</string>
   <string name="title_log_display">日志</string>
-  <string name="title_create_key">创建密钥</string>
   <string name="title_advanced_key_info">更多密钥详情</string>
-  <string name="title_keys">密钥</string>
   <string name="title_export_log">导出日志</string>
   <!--section-->
   <string name="section_user_ids">用户名</string>
   <string name="section_should_you_trust">应该相信此密钥?</string>
   <string name="section_keys">子密钥</string>
   <string name="section_cloud_search">在线搜索</string>
-  <string name="section_general">常规</string>
-  <string name="section_defaults">缺省</string>
-  <string name="section_advanced">高级</string>
   <string name="section_passphrase_cache">密语缓存</string>
   <string name="section_certify">确认</string>
   <string name="section_key_server">密钥服务器</string>
   <string name="section_fingerprint">签名</string>
-  <string name="section_decrypt_files">解密文件</string>
-  <string name="section_decrypt_text">解密文本</string>
   <!--button-->
   <string name="btn_decrypt_verify_file">解密并验证文件</string>
-  <string name="btn_encrypt_file">加密文件</string>
   <string name="btn_encrypt_share_file">加密并分享文件</string>
   <string name="btn_save">保存</string>
   <string name="btn_do_not_save">取消</string>
@@ -73,10 +61,8 @@
   <string name="menu_delete_key">删除密钥</string>
   <string name="menu_search">搜索</string>
   <string name="menu_beam_preferences">参数</string>
-  <string name="menu_key_edit_cancel">取消</string>
   <string name="menu_encrypt_to">加密到...</string>
   <string name="menu_select_all">选择全部</string>
-  <string name="menu_add_keys">添加密钥</string>
   <string name="menu_export_all_keys">导出全部密钥</string>
   <string name="menu_advanced">高级</string>
   <!--label-->

From 191784bf4b129fcf5cfc15e1052172053d106bf4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 14 Apr 2015 00:48:45 +0200
Subject: [PATCH 68/80] Update libs

---
 OpenKeychain/build.gradle | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle
index 8b04af766..0f9446713 100644
--- a/OpenKeychain/build.gradle
+++ b/OpenKeychain/build.gradle
@@ -13,15 +13,15 @@ dependencies {
 
     // JCenter etc.
     compile 'com.eftimoff:android-patternview:1.0.1@aar'
-    compile 'com.journeyapps:zxing-android-embedded:2.1.0@aar'
-    compile 'com.journeyapps:zxing-android-integration:2.1.0@aar'
+    compile 'com.journeyapps:zxing-android-embedded:2.3.0@aar'
+    compile 'com.journeyapps:zxing-android-integration:2.3.0@aar'
     compile 'com.google.zxing:core:3.2.0'
     compile 'com.jpardogo.materialtabstrip:library:1.0.9'
     compile 'it.neokree:MaterialNavigationDrawer:1.3.2'
     compile 'com.getbase:floatingactionbutton:1.9.0'
     compile 'org.commonjava.googlecode.markdown4j:markdown4j:2.2-cj-1.0'
     compile "com.splitwise:tokenautocomplete:1.3.3@aar"
-    compile 'se.emilsjolander:stickylistheaders:2.5.2'
+    compile 'se.emilsjolander:stickylistheaders:2.6.0'
     compile 'org.sufficientlysecure:html-textview:1.1'
 
     // libs as submodules
@@ -46,15 +46,15 @@ dependencyVerification {
             'com.android.support:recyclerview-v7:859ed80e3761f8fc3126901260b208505120b5678bcf36ad2cfe9c453958b9c7',
             'com.android.support:cardview-v7:4c03f2acce9925aa4f8845cb8cb37b3772c712b2438ff15f76c9e3d3bc63ead7',
             'com.eftimoff:android-patternview:cec80e7265b8d8278b3c55b5fcdf551e4600ac2c8bf60d8dd76adca538af0b1e',
-            'com.journeyapps:zxing-android-embedded:57fdf8a262135976201fd89f1bd8016ed16510be92e7ea721b999daeeeab8f7e',
-            'com.journeyapps:zxing-android-integration:12caeb2608f11b6df77d27edc505ac8580abfc97a09a814b638cb9df0ba06906',
+            'com.journeyapps:zxing-android-embedded:702a4f58154dbd9baa80f66b6a15410f7a4d403f3e73b66537a8bfb156b4b718',
+            'com.journeyapps:zxing-android-integration:562737821b6d34c899b6fd2234ce0a8a31e02ff1fd7c59f6211961ce9767c7c8',
             'com.google.zxing:core:7fe5a8ff437635a540e56317649937b768b454795ce999ed5f244f83373dee7b',
             'com.jpardogo.materialtabstrip:library:c6ef812fba4f74be7dc4a905faa4c2908cba261a94c13d4f96d5e67e4aad4aaa',
             'it.neokree:MaterialNavigationDrawer:a1221a410c5f71bf078c5c4768fdf06b402d6006c74f8e7b61199e4edc2aea57',
             'com.getbase:floatingactionbutton:052aa2a94e49e5dccc97cb99f2add87e8698b84859f0e3ac181100c0bc7640ca',
             'org.commonjava.googlecode.markdown4j:markdown4j:e952e825d29e1317d96f79f346bfb6786c7c5eef50bd26e54a80823704b62e13',
             'com.splitwise:tokenautocomplete:20bee71cc59b3828eb000b684d46ddf738efd56b8fee453a509cd16fda42c8cb',
-            'se.emilsjolander:stickylistheaders:bc158f51be842a5f92c6e2adc5782f6329b69796d76ebb8f39c77f611cdef573',
+            'se.emilsjolander:stickylistheaders:8c05981ec5725be33f7cee5e68c13f3db49cd5c75f1aaeb04024920b1ef96ad4',
             'org.sufficientlysecure:html-textview:ca24b1522be88378634093815ce9ff1b4920c72e7513a045a7846e14069ef988',
 //            'OpenKeychain.extern:openpgp-api-lib:f05a9215cdad3a6597e4c5ece6fcec92b178d218195a3e88d2c0937c48dd9580',
 //            'OpenKeychain.extern:openkeychain-api-lib:50f6ebb5452d3fdc7be137ccf857a0ff44d55539fcb7b91baef495766ed7f429',

From 66554607d0d7ef07bac071251fdaf5d3a230d996 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 14 Apr 2015 09:37:17 +0200
Subject: [PATCH 69/80] Remove unused includes in settings.gradle

---
 settings.gradle | 2 --
 1 file changed, 2 deletions(-)

diff --git a/settings.gradle b/settings.gradle
index 16be28694..19f651b89 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -1,14 +1,12 @@
 include ':OpenKeychain'
 include ':extern:openpgp-api-lib'
 include ':extern:openkeychain-api-lib'
-include ':extern:StickyListHeaders:library'
 include ':extern:spongycastle:core'
 include ':extern:spongycastle:pg'
 include ':extern:spongycastle:pkix'
 include ':extern:spongycastle:prov'
 include ':extern:minidns'
 include ':extern:KeybaseLib:Lib'
-include ':extern:TokenAutoComplete:library'
 include ':extern:safeslinger-exchange'
 include ':extern:snackbar:lib'
 include ':OpenKeychain-Test'

From 789a320127970e2d4b0e36fe446de523cb534fd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 14 Apr 2015 17:44:48 +0200
Subject: [PATCH 70/80] Contribution info

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b57582e30..f7b035640 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Translations are managed at Transifex, please contribute there at https://www.tr
 ### Contribute Code
 
 1. Join the development mailinglist at http://groups.google.com/d/forum/openpgp-keychain-dev
-2. Lookout for interesting issues on our issue page at Github: https://github.com/open-keychain/open-keychain/issues
+2. Lookout for interesting issues on our issue page at Github. We have some tagged some issues were we explicitly like to see contributions: https://github.com/open-keychain/open-keychain/labels/help-wanted
 3. Tell us about your plans on the mailinglist
 4. Read this README, especially the notes about coding style
 5. Fork OpenKeychain and contribute code (the best part ;) )

From ddeb88e72aaddd2f2b33c9b5eb06d6f3b79729f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Tue, 14 Apr 2015 17:46:10 +0200
Subject: [PATCH 71/80] Contribution info

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f7b035640..48b649b22 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Translations are managed at Transifex, please contribute there at https://www.tr
 ### Contribute Code
 
 1. Join the development mailinglist at http://groups.google.com/d/forum/openpgp-keychain-dev
-2. Lookout for interesting issues on our issue page at Github. We have some tagged some issues were we explicitly like to see contributions: https://github.com/open-keychain/open-keychain/labels/help-wanted
+2. Lookout for interesting issues on Github. We have tagged issues were we explicitly like to see contributions: https://github.com/open-keychain/open-keychain/labels/help-wanted
 3. Tell us about your plans on the mailinglist
 4. Read this README, especially the notes about coding style
 5. Fork OpenKeychain and contribute code (the best part ;) )

From f981c36bf4124f892c5b4c75f89437f320772fbd Mon Sep 17 00:00:00 2001
From: Joey Castillo <jose.castillo@gmail.com>
Date: Tue, 14 Apr 2015 15:34:25 -0400
Subject: [PATCH 72/80] Move PIN verify inside sign/decrypt operation and set
 correct mode.

---
 .../keychain/ui/base/BaseNfcActivity.java     | 64 +++++++++++++------
 1 file changed, 45 insertions(+), 19 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index 9b10ccdb1..1faa5f6b5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -185,25 +185,6 @@ public abstract class BaseNfcActivity extends BaseActivity {
             throw new IOException("Initialization failed!");
         }
 
-        if (mPin != null) {
-
-            byte[] pin = new String(mPin.getCharArray()).getBytes();
-
-            // Command APDU for VERIFY command (page 32)
-            String login =
-                    "00" // CLA
-                            + "20" // INS
-                            + "00" // P1
-                            + "82" // P2 (PW1)
-                            + String.format("%02x", pin.length) // Lc
-                            + Hex.toHexString(pin);
-            if (!nfcCommunicate(login).equals(accepted)) { // login
-                handlePinError();
-                return;
-            }
-
-        }
-
         onNfcPerform();
 
         mIsoDep.close();
@@ -321,6 +302,28 @@ public abstract class BaseNfcActivity extends BaseActivity {
      */
     public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
 
+        if (mPin != null) {
+
+            byte[] pin = new String(mPin.getCharArray()).getBytes();
+            // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
+            // See specification, page 51
+            String accepted = "9000";
+
+            // Command APDU for VERIFY command (page 32)
+            String login =
+            "00" // CLA
+            + "20" // INS
+            + "00" // P1
+            + "81" // P2 (PW1 with mode 81 for signing)
+            + String.format("%02x", pin.length) // Lc
+            + Hex.toHexString(pin);
+            if (!nfcCommunicate(login).equals(accepted)) { // login
+                handlePinError();
+                throw new IOException("Bad PIN!");
+            }
+
+        }
+
         // dsi, including Lc
         String dsi;
 
@@ -413,6 +416,29 @@ public abstract class BaseNfcActivity extends BaseActivity {
      * @return the decoded session key
      */
     public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
+
+        if (mPin != null) {
+
+            byte[] pin = new String(mPin.getCharArray()).getBytes();
+            // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
+            // See specification, page 51
+            String accepted = "9000";
+
+            // Command APDU for VERIFY command (page 32)
+            String login =
+            "00" // CLA
+            + "20" // INS
+            + "00" // P1
+            + "82" // P2 (PW1 with mode 82 for decryption)
+            + String.format("%02x", pin.length) // Lc
+            + Hex.toHexString(pin);
+            if (!nfcCommunicate(login).equals(accepted)) { // login
+                handlePinError();
+                throw new IOException("Bad PIN!");
+            }
+
+        }
+
         String firstApdu = "102a8086fe";
         String secondApdu = "002a808603";
         String le = "00";

From f85befd98284663bf58cf9eb42238e2f0f4b2459 Mon Sep 17 00:00:00 2001
From: Joey Castillo <jose.castillo@gmail.com>
Date: Tue, 14 Apr 2015 16:19:28 -0400
Subject: [PATCH 73/80] Consolidate PIN verify operation in nfcVerifyPIN
 method.

---
 .../keychain/ui/base/BaseNfcActivity.java     | 72 ++++++++-----------
 1 file changed, 28 insertions(+), 44 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index 1faa5f6b5..b36b9b89e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -301,28 +301,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
      * @return a big integer representing the MPI for the given hash
      */
     public byte[] nfcCalculateSignature(byte[] hash, int hashAlgo) throws IOException {
-
-        if (mPin != null) {
-
-            byte[] pin = new String(mPin.getCharArray()).getBytes();
-            // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
-            // See specification, page 51
-            String accepted = "9000";
-
-            // Command APDU for VERIFY command (page 32)
-            String login =
-            "00" // CLA
-            + "20" // INS
-            + "00" // P1
-            + "81" // P2 (PW1 with mode 81 for signing)
-            + String.format("%02x", pin.length) // Lc
-            + Hex.toHexString(pin);
-            if (!nfcCommunicate(login).equals(accepted)) { // login
-                handlePinError();
-                throw new IOException("Bad PIN!");
-            }
-
-        }
+        nfcVerifyPIN(0x81); // (Verify PW1 with mode 81 for signing)
 
         // dsi, including Lc
         String dsi;
@@ -416,28 +395,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
      * @return the decoded session key
      */
     public byte[] nfcDecryptSessionKey(byte[] encryptedSessionKey) throws IOException {
-
-        if (mPin != null) {
-
-            byte[] pin = new String(mPin.getCharArray()).getBytes();
-            // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
-            // See specification, page 51
-            String accepted = "9000";
-
-            // Command APDU for VERIFY command (page 32)
-            String login =
-            "00" // CLA
-            + "20" // INS
-            + "00" // P1
-            + "82" // P2 (PW1 with mode 82 for decryption)
-            + String.format("%02x", pin.length) // Lc
-            + Hex.toHexString(pin);
-            if (!nfcCommunicate(login).equals(accepted)) { // login
-                handlePinError();
-                throw new IOException("Bad PIN!");
-            }
-
-        }
+        nfcVerifyPIN(0x82); // (Verify PW1 with mode 82 for decryption)
 
         String firstApdu = "102a8086fe";
         String secondApdu = "002a808603";
@@ -462,6 +420,32 @@ public abstract class BaseNfcActivity extends BaseActivity {
         return Hex.decode(decryptedSessionKey);
     }
 
+    /** Verifies the user's PW1 with the appropriate mode.
+     *
+     * @param mode This is 0x81 for signing, 0x82 for everything else
+     */
+    public void nfcVerifyPIN(int mode) throws IOException {
+        if (mPin != null) {
+            byte[] pin = new String(mPin.getCharArray()).getBytes();
+            // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
+            // See specification, page 51
+            String accepted = "9000";
+
+            // Command APDU for VERIFY command (page 32)
+            String login =
+            "00" // CLA
+            + "20" // INS
+            + "00" // P1
+            + String.format("%02x", mode) // P2
+            + String.format("%02x", pin.length) // Lc
+            + Hex.toHexString(pin);
+            if (!nfcCommunicate(login).equals(accepted)) { // login
+                handlePinError();
+                throw new IOException("Bad PIN!");
+            }
+        }
+    }
+
     /**
      * Prints a message to the screen
      *

From 84deba98867607e139f761cd34665fb44f14069f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 15 Apr 2015 09:50:34 +0200
Subject: [PATCH 74/80] Reformat nfcVerifyPIN

---
 .../keychain/ui/base/BaseNfcActivity.java            | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index b36b9b89e..ff5268c7c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -433,12 +433,12 @@ public abstract class BaseNfcActivity extends BaseActivity {
 
             // Command APDU for VERIFY command (page 32)
             String login =
-            "00" // CLA
-            + "20" // INS
-            + "00" // P1
-            + String.format("%02x", mode) // P2
-            + String.format("%02x", pin.length) // Lc
-            + Hex.toHexString(pin);
+                    "00" // CLA
+                        + "20" // INS
+                        + "00" // P1
+                        + String.format("%02x", mode) // P2
+                        + String.format("%02x", pin.length) // Lc
+                        + Hex.toHexString(pin);
             if (!nfcCommunicate(login).equals(accepted)) { // login
                 handlePinError();
                 throw new IOException("Bad PIN!");

From f41758261ffa51274267110d5b0d4dc1de44837e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 15 Apr 2015 09:55:29 +0200
Subject: [PATCH 75/80] Clean up NfcOperationActivity

---
 .../keychain/ui/NfcOperationActivity.java          | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index a0b38c2b2..25cc13fcb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -27,10 +27,9 @@ import java.io.IOException;
 /**
  * This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
  * NFC devices.
- *
+ * <p/>
  * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
  */
-@TargetApi(Build.VERSION_CODES.GINGERBREAD_MR1)
 public class NfcOperationActivity extends BaseNfcActivity {
 
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
@@ -71,16 +70,15 @@ public class NfcOperationActivity extends BaseNfcActivity {
         CryptoInputParcel inputParcel = new CryptoInputParcel(mRequiredInput.mSignatureTime);
 
         switch (mRequiredInput.mType) {
-
-            case NFC_DECRYPT:
+            case NFC_DECRYPT: {
                 for (int i = 0; i < mRequiredInput.mInputHashes.length; i++) {
                     byte[] hash = mRequiredInput.mInputHashes[i];
                     byte[] decryptedSessionKey = nfcDecryptSessionKey(hash);
                     inputParcel.addCryptoData(hash, decryptedSessionKey);
                 }
                 break;
-
-            case NFC_SIGN:
+            }
+            case NFC_SIGN: {
                 for (int i = 0; i < mRequiredInput.mInputHashes.length; i++) {
                     byte[] hash = mRequiredInput.mInputHashes[i];
                     int algo = mRequiredInput.mSignAlgos[i];
@@ -88,6 +86,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
                     inputParcel.addCryptoData(hash, signedHash);
                 }
                 break;
+            }
         }
 
         if (mServiceIntent != null) {
@@ -100,7 +99,6 @@ public class NfcOperationActivity extends BaseNfcActivity {
         }
 
         finish();
-
     }
 
     @Override
@@ -120,6 +118,6 @@ public class NfcOperationActivity extends BaseNfcActivity {
                 this, mRequiredInput.getMasterKeyId(), mRequiredInput.getSubKeyId());
 
         obtainYubikeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
-
     }
+
 }

From 3668c8897d88989780da800ecd648c7b33a0e8f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 15 Apr 2015 10:02:41 +0200
Subject: [PATCH 76/80] Fix YubiKey naming, cleanup

---
 .../keychain/remote/OpenPgpService.java       |  2 +-
 .../service/PassphraseCacheService.java       |  8 +++---
 .../keychain/ui/DecryptFragment.java          | 19 -------------
 .../keychain/ui/NfcOperationActivity.java     |  8 ++----
 .../keychain/ui/PassphraseDialogActivity.java |  2 +-
 .../keychain/ui/SettingsActivity.java         | 28 +++++++++----------
 .../keychain/ui/ViewKeyActivity.java          |  8 +++---
 ...gment.java => ViewKeyYubiKeyFragment.java} |  8 ++----
 .../keychain/ui/base/BaseNfcActivity.java     | 25 +++++++++++++----
 .../keychain/util/Preferences.java            |  8 +++---
 .../src/main/res/raw/help_changelog.md        | 10 +++----
 11 files changed, 59 insertions(+), 67 deletions(-)
 rename OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/{ViewKeyYubikeyFragment.java => ViewKeyYubiKeyFragment.java} (96%)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 71843cd7f..c51edf59c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -167,7 +167,7 @@ public class OpenPgpService extends RemoteService {
         switch (requiredInput.mType) {
             case NFC_DECRYPT:
             case NFC_SIGN: {
-                // build PendingIntent for Yubikey NFC operations
+                // build PendingIntent for YubiKey NFC operations
                 Intent intent = new Intent(context, NfcOperationActivity.class);
                 // pass params through to activity that it can be returned again later to repeat pgp operation
                 intent.putExtra(NfcOperationActivity.EXTRA_SERVICE_INTENT, data);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index 03c250035..78137170d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -245,11 +245,11 @@ public class PassphraseCacheService extends Service {
 
         switch (keyType) {
             case DIVERT_TO_CARD:
-                if (Preferences.getPreferences(this).useDefaultYubikeyPin()) {
-                    Log.d(Constants.TAG, "PassphraseCacheService: Using default Yubikey PIN: 123456");
-                    return new Passphrase("123456"); // default Yubikey PIN, see http://www.yubico.com/2012/12/yubikey-neo-openpgp/
+                if (Preferences.getPreferences(this).useDefaultYubiKeyPin()) {
+                    Log.d(Constants.TAG, "PassphraseCacheService: Using default YubiKey PIN: 123456");
+                    return new Passphrase("123456"); // default YubiKey PIN, see http://www.yubico.com/2012/12/yubikey-neo-openpgp/
                 } else {
-                    Log.d(Constants.TAG, "PassphraseCacheService: NOT using default Yubikey PIN");
+                    Log.d(Constants.TAG, "PassphraseCacheService: NOT using default YubiKey PIN");
                     break;
                 }
             case PASSPHRASE_EMPTY:
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index f320a6d84..68b758bab 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -85,25 +85,6 @@ public abstract class DecryptFragment extends CryptoOperationFragment {
         startActivity(viewKeyIntent);
     }
 
-//    protected void startPassphraseDialog(long subkeyId) {
-//        Intent intent = new Intent(getActivity(), PassphraseDialogActivity.class);
-//        intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, subkeyId);
-//        startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
-//    }
-//
-//    protected void startNfcDecrypt(long subKeyId, Passphrase pin, byte[] encryptedSessionKey) {
-//        // build PendingIntent for Yubikey NFC operations
-//        Intent intent = new Intent(getActivity(), NfcActivity.class);
-//        intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
-//        intent.putExtra(NfcActivity.EXTRA_SERVICE_INTENT, new Intent()); // not used, only relevant to OpenPgpService
-//        intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId);
-//        intent.putExtra(NfcActivity.EXTRA_PIN, pin);
-//
-//        intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey);
-//
-//        startActivityForResult(intent, REQUEST_CODE_NFC_DECRYPT);
-//    }
-
     /**
      *
      * @return returns false if signature is invalid, key is revoked or expired.
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
index 25cc13fcb..aa66053fa 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcOperationActivity.java
@@ -6,9 +6,7 @@
 
 package org.sufficientlysecure.keychain.ui;
 
-import android.annotation.TargetApi;
 import android.content.Intent;
-import android.os.Build;
 import android.os.Bundle;
 import android.view.WindowManager;
 
@@ -56,7 +54,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
         mServiceIntent = data.getParcelable(EXTRA_SERVICE_INTENT);
 
         // obtain passphrase for this subkey
-        obtainYubikeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
+        obtainYubiKeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
     }
 
     @Override
@@ -106,7 +104,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
 
         // avoid a loop
         Preferences prefs = Preferences.getPreferences(this);
-        if (prefs.useDefaultYubikeyPin()) {
+        if (prefs.useDefaultYubiKeyPin()) {
             toast(getString(R.string.error_pin_nodefault));
             setResult(RESULT_CANCELED);
             finish();
@@ -117,7 +115,7 @@ public class NfcOperationActivity extends BaseNfcActivity {
         PassphraseCacheService.clearCachedPassphrase(
                 this, mRequiredInput.getMasterKeyId(), mRequiredInput.getSubKeyId());
 
-        obtainYubikeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
+        obtainYubiKeyPin(RequiredInputParcel.createRequiredPassphrase(mRequiredInput));
     }
 
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
index 84612002f..4e926c0fe 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
@@ -314,7 +314,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
                 mPassphraseEditText.setImeActionLabel(getString(android.R.string.ok), EditorInfo.IME_ACTION_DONE);
                 mPassphraseEditText.setOnEditorActionListener(this);
 
-                if (keyType == CanonicalizedSecretKey.SecretKeyType.DIVERT_TO_CARD && Preferences.getPreferences(activity).useNumKeypadForYubikeyPin()) {
+                if (keyType == CanonicalizedSecretKey.SecretKeyType.DIVERT_TO_CARD && Preferences.getPreferences(activity).useNumKeypadForYubiKeyPin()) {
                     mPassphraseEditText.setRawInputType(InputType.TYPE_CLASS_NUMBER | InputType.TYPE_TEXT_VARIATION_PASSWORD);
                 } else if (keyType == CanonicalizedSecretKey.SecretKeyType.PIN) {
                     mPassphraseEditText.setRawInputType(InputType.TYPE_CLASS_NUMBER | InputType.TYPE_TEXT_VARIATION_PASSWORD);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsActivity.java
index 210960b65..442bdf8f7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SettingsActivity.java
@@ -107,10 +107,10 @@ public class SettingsActivity extends PreferenceActivity {
                 values[i] = "" + valueIds[i];
             }
 
-            initializeUseDefaultYubikeyPin(
+            initializeUseDefaultYubiKeyPin(
                     (CheckBoxPreference) findPreference(Constants.Pref.USE_DEFAULT_YUBIKEY_PIN));
 
-            initializeUseNumKeypadForYubikeyPin(
+            initializeUseNumKeypadForYubiKeyPin(
                     (CheckBoxPreference) findPreference(Constants.Pref.USE_NUMKEYPAD_FOR_YUBIKEY_PIN));
 
         }
@@ -262,10 +262,10 @@ public class SettingsActivity extends PreferenceActivity {
                 values[i] = "" + valueIds[i];
             }
 
-            initializeUseDefaultYubikeyPin(
+            initializeUseDefaultYubiKeyPin(
                     (CheckBoxPreference) findPreference(Constants.Pref.USE_DEFAULT_YUBIKEY_PIN));
 
-            initializeUseNumKeypadForYubikeyPin(
+            initializeUseNumKeypadForYubiKeyPin(
                     (CheckBoxPreference) findPreference(Constants.Pref.USE_NUMKEYPAD_FOR_YUBIKEY_PIN));
         }
     }
@@ -335,23 +335,23 @@ public class SettingsActivity extends PreferenceActivity {
         return serverSummary + "; " + context.getString(R.string.label_preferred) + ": " + sPreferences.getPreferredKeyserver();
     }
 
-    private static void initializeUseDefaultYubikeyPin(final CheckBoxPreference mUseDefaultYubikeyPin) {
-        mUseDefaultYubikeyPin.setChecked(sPreferences.useDefaultYubikeyPin());
-        mUseDefaultYubikeyPin.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
+    private static void initializeUseDefaultYubiKeyPin(final CheckBoxPreference mUseDefaultYubiKeyPin) {
+        mUseDefaultYubiKeyPin.setChecked(sPreferences.useDefaultYubiKeyPin());
+        mUseDefaultYubiKeyPin.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
             public boolean onPreferenceChange(Preference preference, Object newValue) {
-                mUseDefaultYubikeyPin.setChecked((Boolean) newValue);
-                sPreferences.setUseDefaultYubikeyPin((Boolean) newValue);
+                mUseDefaultYubiKeyPin.setChecked((Boolean) newValue);
+                sPreferences.setUseDefaultYubiKeyPin((Boolean) newValue);
                 return false;
             }
         });
     }
 
-    private static void initializeUseNumKeypadForYubikeyPin(final CheckBoxPreference mUseNumKeypadForYubikeyPin) {
-        mUseNumKeypadForYubikeyPin.setChecked(sPreferences.useNumKeypadForYubikeyPin());
-        mUseNumKeypadForYubikeyPin.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
+    private static void initializeUseNumKeypadForYubiKeyPin(final CheckBoxPreference mUseNumKeypadForYubiKeyPin) {
+        mUseNumKeypadForYubiKeyPin.setChecked(sPreferences.useNumKeypadForYubiKeyPin());
+        mUseNumKeypadForYubiKeyPin.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
             public boolean onPreferenceChange(Preference preference, Object newValue) {
-                mUseNumKeypadForYubikeyPin.setChecked((Boolean) newValue);
-                sPreferences.setUseNumKeypadForYubikeyPin((Boolean) newValue);
+                mUseNumKeypadForYubiKeyPin.setChecked((Boolean) newValue);
+                sPreferences.setUseNumKeypadForYubiKeyPin((Boolean) newValue);
                 return false;
             }
         });
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
index b063df2fb..5466c0b9a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
@@ -281,7 +281,7 @@ public class ViewKeyActivity extends BaseNfcActivity implements
             byte[] nfcFingerprints = intent.getByteArrayExtra(EXTRA_NFC_FINGERPRINTS);
             String nfcUserId = intent.getStringExtra(EXTRA_NFC_USER_ID);
             byte[] nfcAid = intent.getByteArrayExtra(EXTRA_NFC_AID);
-            showYubikeyFragment(nfcFingerprints, nfcUserId, nfcAid);
+            showYubiKeyFragment(nfcFingerprints, nfcUserId, nfcAid);
         }
 
     }
@@ -593,12 +593,12 @@ public class ViewKeyActivity extends BaseNfcActivity implements
             }
         }
 
-        showYubikeyFragment(nfcFingerprints, nfcUserId, nfcAid);
+        showYubiKeyFragment(nfcFingerprints, nfcUserId, nfcAid);
 
     }
 
-    public void showYubikeyFragment(byte[] nfcFingerprints, String nfcUserId, byte[] nfcAid) {
-        ViewKeyYubikeyFragment frag = ViewKeyYubikeyFragment.newInstance(
+    public void showYubiKeyFragment(byte[] nfcFingerprints, String nfcUserId, byte[] nfcAid) {
+        ViewKeyYubiKeyFragment frag = ViewKeyYubiKeyFragment.newInstance(
                 nfcFingerprints, nfcUserId, nfcAid);
 
         FragmentManager manager = getSupportFragmentManager();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java
similarity index 96%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java
index 1482b70a7..a2c158e7d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubikeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java
@@ -4,7 +4,6 @@ package org.sufficientlysecure.keychain.ui;
 import java.nio.ByteBuffer;
 import java.util.Arrays;
 
-import android.app.ProgressDialog;
 import android.content.Intent;
 import android.database.Cursor;
 import android.os.Bundle;
@@ -29,11 +28,10 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
 import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
-import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 
 
-public class ViewKeyYubikeyFragment extends Fragment
+public class ViewKeyYubiKeyFragment extends Fragment
         implements LoaderCallbacks<Cursor> {
 
     public static final String ARG_FINGERPRINT = "fingerprint";
@@ -46,9 +44,9 @@ public class ViewKeyYubikeyFragment extends Fragment
     private Button vButton;
     private TextView vStatus;
 
-    public static ViewKeyYubikeyFragment newInstance(byte[] fingerprints, String userId, byte[] aid) {
+    public static ViewKeyYubiKeyFragment newInstance(byte[] fingerprints, String userId, byte[] aid) {
 
-        ViewKeyYubikeyFragment frag = new ViewKeyYubikeyFragment();
+        ViewKeyYubiKeyFragment frag = new ViewKeyYubiKeyFragment();
 
         Bundle args = new Bundle();
         args.putByteArray(ARG_FINGERPRINT, fingerprints);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index ff5268c7c..f55c8b17a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -1,5 +1,21 @@
-package org.sufficientlysecure.keychain.ui.base;
+/*
+ * Copyright (C) 2014-2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
+package org.sufficientlysecure.keychain.ui.base;
 
 import java.io.IOException;
 import java.nio.ByteBuffer;
@@ -35,7 +51,6 @@ import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.Preferences;
 
-
 public abstract class BaseNfcActivity extends BaseActivity {
 
     public static final int REQUEST_CODE_PASSPHRASE = 1;
@@ -108,10 +123,10 @@ public abstract class BaseNfcActivity extends BaseActivity {
         enableNfcForegroundDispatch();
     }
 
-    protected void obtainYubikeyPin(RequiredInputParcel requiredInput) {
+    protected void obtainYubiKeyPin(RequiredInputParcel requiredInput) {
 
         Preferences prefs = Preferences.getPreferences(this);
-        if (prefs.useDefaultYubikeyPin()) {
+        if (prefs.useDefaultYubiKeyPin()) {
             mPin = new Passphrase("123456");
             return;
         }
@@ -123,7 +138,7 @@ public abstract class BaseNfcActivity extends BaseActivity {
 
     }
 
-    protected void setYubikeyPin(Passphrase pin) {
+    protected void setYubiKeyPin(Passphrase pin) {
         mPin = pin;
     }
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
index 44c1e6b6c..8a7638054 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
@@ -109,21 +109,21 @@ public class Preferences {
         return mSharedPreferences.getBoolean(Constants.Pref.FIRST_TIME, true);
     }
 
-    public boolean useDefaultYubikeyPin() {
+    public boolean useDefaultYubiKeyPin() {
         return mSharedPreferences.getBoolean(Pref.USE_DEFAULT_YUBIKEY_PIN, false);
     }
 
-    public void setUseDefaultYubikeyPin(boolean useDefaultYubikeyPin) {
+    public void setUseDefaultYubiKeyPin(boolean useDefaultYubikeyPin) {
         SharedPreferences.Editor editor = mSharedPreferences.edit();
         editor.putBoolean(Pref.USE_DEFAULT_YUBIKEY_PIN, useDefaultYubikeyPin);
         editor.commit();
     }
 
-    public boolean useNumKeypadForYubikeyPin() {
+    public boolean useNumKeypadForYubiKeyPin() {
         return mSharedPreferences.getBoolean(Pref.USE_NUMKEYPAD_FOR_YUBIKEY_PIN, true);
     }
 
-    public void setUseNumKeypadForYubikeyPin(boolean useNumKeypadForYubikeyPin) {
+    public void setUseNumKeypadForYubiKeyPin(boolean useNumKeypadForYubikeyPin) {
         SharedPreferences.Editor editor = mSharedPreferences.edit();
         editor.putBoolean(Pref.USE_NUMKEYPAD_FOR_YUBIKEY_PIN, useNumKeypadForYubikeyPin);
         editor.commit();
diff --git a/OpenKeychain/src/main/res/raw/help_changelog.md b/OpenKeychain/src/main/res/raw/help_changelog.md
index 18203b1c5..104454f39 100644
--- a/OpenKeychain/src/main/res/raw/help_changelog.md
+++ b/OpenKeychain/src/main/res/raw/help_changelog.md
@@ -35,7 +35,7 @@
   * Redesigned decrypt screen
   * New icon usage and colors
   * Fix import of secret keys from Symantec Encryption Desktop
-  * Subkey IDs on Yubikeys are now checked correctly
+  * Subkey IDs on YubiKeys are now checked correctly
 
 
 ## 3.0.1
@@ -46,7 +46,7 @@
 
 ## 3.0
 
-  * Full support for Yubikey signature generation and decryption!
+  * Full support for YubiKey signature generation and decryption!
   * Propose installable compatible apps in apps list
   * New design for decryption screens
   * Many fixes for key import, also fixes stripped keys
@@ -60,7 +60,7 @@
 ## 2.9.2
 
   * Fix keys broken in 2.9.1
-  * Yubikey decryption now working via API
+  * YubiKey decryption now working via API
 
 
 ## 2.9.1
@@ -69,7 +69,7 @@
   * Fix key flags handling (now supporting Mailvelope 0.7 keys)
   * Improved passphrase handling
   * Key sharing via SafeSlinger
-  * Yubikey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain
+  * YubiKey: preference to allow other PINs, currently only signing via the OpenPGP API works, not inside of OpenKeychain
   * Fix usage of stripped keys
   * SHA256 as default for compatibility
   * Intent API has changed, see https://github.com/open-keychain/open-keychain/wiki/Intent-API
@@ -80,7 +80,7 @@
 
   * Fixing crashes introduced in v2.8
   * Experimental ECC support
-  * Experimental Yubikey support (signing-only with imported keys)
+  * Experimental YubiKey support (signing-only with imported keys)
 
 
 ## 2.8

From e332699c9c67ca29a077c500e840b6005126f92b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 15 Apr 2015 10:10:53 +0200
Subject: [PATCH 77/80] More cleanup

---
 .../keychain/ui/CertifyKeyFragment.java       |   1 +
 .../keychain/ui/DecryptFragment.java          |   1 +
 .../keychain/ui/EditKeyFragment.java          |   4 +-
 .../keychain/ui/EncryptFilesFragment.java     |   1 +
 .../keychain/ui/EncryptTextFragment.java      |   1 +
 .../keychain/ui/NfcIntentActivity.java        | 314 ------------------
 .../keychain/ui/ViewKeyYubiKeyFragment.java   |  22 +-
 .../keychain/ui/base/BaseNfcActivity.java     |   4 +-
 .../{ => base}/CryptoOperationFragment.java   |   4 +-
 9 files changed, 28 insertions(+), 324 deletions(-)
 delete mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java
 rename OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/{ => base}/CryptoOperationFragment.java (96%)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
index 20a280a54..59623a610 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyFragment.java
@@ -56,6 +56,7 @@ import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.adapter.MultiUserIdsAdapter;
+import org.sufficientlysecure.keychain.ui.base.CryptoOperationFragment;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.ui.widget.CertifyKeySpinner;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index 68b758bab..33209be86 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -29,6 +29,7 @@ import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
+import org.sufficientlysecure.keychain.ui.base.CryptoOperationFragment;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils.State;
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
index bf17c2991..390efddce 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
@@ -17,8 +17,6 @@
 
 package org.sufficientlysecure.keychain.ui;
 
-import java.util.Date;
-
 import android.app.Activity;
 import android.app.ProgressDialog;
 import android.content.Intent;
@@ -53,7 +51,6 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
-import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
@@ -62,6 +59,7 @@ import org.sufficientlysecure.keychain.ui.adapter.SubkeysAdapter;
 import org.sufficientlysecure.keychain.ui.adapter.SubkeysAddedAdapter;
 import org.sufficientlysecure.keychain.ui.adapter.UserIdsAdapter;
 import org.sufficientlysecure.keychain.ui.adapter.UserIdsAddedAdapter;
+import org.sufficientlysecure.keychain.ui.base.CryptoOperationFragment;
 import org.sufficientlysecure.keychain.ui.dialog.*;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index ddced7cce..ccb4a6355 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -53,6 +53,7 @@ import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.ui.adapter.SpacesItemDecoration;
+import org.sufficientlysecure.keychain.ui.base.CryptoOperationFragment;
 import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.FormattingUtils;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
index 47645099d..b37a2ca79 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
@@ -44,6 +44,7 @@ import org.sufficientlysecure.keychain.pgp.SignEncryptParcel;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.ui.base.CryptoOperationFragment;
 import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
 import org.sufficientlysecure.keychain.ui.util.Notify;
 import org.sufficientlysecure.keychain.util.Log;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java
deleted file mode 100644
index a1affbc39..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcIntentActivity.java
+++ /dev/null
@@ -1,314 +0,0 @@
-/**
- * Copyright (c) 2013-2014 Philipp Jakubeit, Signe Rüsch, Dominik Schürmann
- *
- * Licensed under the Bouncy Castle License (MIT license). See LICENSE file for details.
- */
-
-package org.sufficientlysecure.keychain.ui;
-
-import android.annotation.TargetApi;
-import android.app.PendingIntent;
-import android.content.Intent;
-import android.content.IntentFilter;
-import android.nfc.NfcAdapter;
-import android.nfc.Tag;
-import android.nfc.tech.IsoDep;
-import android.os.Build;
-import android.os.Bundle;
-import android.view.WindowManager;
-import android.widget.Toast;
-
-import org.spongycastle.util.encoders.Hex;
-import org.sufficientlysecure.keychain.Constants;
-import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.ui.base.BaseActivity;
-import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
-import org.sufficientlysecure.keychain.util.Iso7816TLV;
-import org.sufficientlysecure.keychain.util.Log;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
-
-/**
- * This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
- * NFC devices.
- *
- * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
- */
-@TargetApi(Build.VERSION_CODES.GINGERBREAD_MR1)
-public class NfcIntentActivity extends BaseActivity {
-
-    // special extra for OpenPgpService
-    public static final String EXTRA_DATA = "data";
-
-    private Intent mServiceIntent;
-
-    private static final int TIMEOUT = 100000;
-
-    private NfcAdapter mNfcAdapter;
-
-    @Override
-    protected void onCreate(Bundle savedInstanceState) {
-        super.onCreate(savedInstanceState);
-        Log.d(Constants.TAG, "NfcActivity.onCreate");
-
-        getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
-
-        Intent intent = getIntent();
-        Bundle data = intent.getExtras();
-        String action = intent.getAction();
-
-        Log.d(Constants.TAG, action);
-        Log.d(Constants.TAG, intent.getDataString());
-
-        // TODO check fingerprint
-        // mFingerprint = data.getByteArray(EXTRA_FINGERPRINT);
-
-        if (!NfcAdapter.ACTION_NDEF_DISCOVERED.equals(action)) {
-            Log.d(Constants.TAG, "Action not supported: " + action);
-            finish();
-        }
-
-        try {
-            Tag detectedTag = intent.getParcelableExtra(NfcAdapter.EXTRA_TAG);
-
-            // Connect to the detected tag, setting a couple of settings
-            IsoDep isoDep = IsoDep.get(detectedTag);
-            isoDep.setTimeout(TIMEOUT); // timeout is set to 100 seconds to avoid cancellation during calculation
-            isoDep.connect();
-
-            nfcGreet(isoDep);
-            // nfcPin(isoDep, "yoloswag");
-            nfcGetFingerprint(isoDep);
-
-        } catch (IOException e) {
-            Log.e(Constants.TAG, "IOException!", e);
-            finish();
-        }
-    }
-
-    @Override
-    protected void initLayout() {
-        setContentView(R.layout.nfc_activity);
-    }
-
-    /**
-     * Called when the system is about to start resuming a previous activity,
-     * disables NFC Foreground Dispatch
-     */
-    public void onPause() {
-        super.onPause();
-        Log.d(Constants.TAG, "NfcActivity.onPause");
-
-        // disableNfcForegroundDispatch();
-    }
-
-    /**
-     * Called when the activity will start interacting with the user,
-     * enables NFC Foreground Dispatch
-     */
-    public void onResume() {
-        super.onResume();
-        Log.d(Constants.TAG, "NfcActivity.onResume");
-
-        // enableNfcForegroundDispatch();
-    }
-
-    /** Handle NFC communication and return a result.
-     *
-     * This method is called by onNewIntent above upon discovery of an NFC tag.
-     * It handles initialization and login to the application, subsequently
-     * calls either nfcCalculateSignature() or nfcDecryptSessionKey(), then
-     * finishes the activity with an appropiate result.
-     *
-     * On general communication, see also
-     * http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_annex-a.aspx
-     *
-     * References to pages are generally related to the OpenPGP Application
-     * on ISO SmartCard Systems specification.
-     *
-     */
-    private void nfcGreet(IsoDep isoDep) throws IOException {
-
-        // SW1/2 0x9000 is the generic "ok" response, which we expect most of the time.
-        // See specification, page 51
-        String accepted = "9000";
-
-        // Command APDU (page 51) for SELECT FILE command (page 29)
-        String opening =
-                "00" // CLA
-                        + "A4" // INS
-                        + "04" // P1
-                        + "00" // P2
-                        + "06" // Lc (number of bytes)
-                        + "D27600012401" // Data (6 bytes)
-                        + "00"; // Le
-        if (!card(isoDep, opening).equals(accepted)) { // activate connection
-            toast("Opening Error!");
-            setResult(RESULT_CANCELED, mServiceIntent);
-            finish();
-        }
-    }
-
-    private void nfcPin(IsoDep isoDep, String pin) throws IOException {
-
-        String data = "00CA006E00";
-        String fingerprint = card(isoDep, data);
-
-        // Command APDU for VERIFY command (page 32)
-        String login =
-              "00" // CLA
-            + "20" // INS
-            + "00" // P1
-            + "82" // P2 (PW1)
-            + String.format("%02x", pin.length()) // Lc
-            + Hex.toHexString(pin.getBytes());
-        if ( ! card(isoDep, login).equals("9000")) { // login
-            toast("Pin Error!");
-            setResult(RESULT_CANCELED, mServiceIntent);
-            finish();
-        }
-
-    }
-
-    /**
-     * Gets the user ID
-     *
-     * @return the user id as "name <email>"
-     * @throws java.io.IOException
-     */
-    public static String getUserId(IsoDep isoDep) throws IOException {
-        String info = "00CA006500";
-        String data = "00CA005E00";
-        return getName(card(isoDep, info)) + " <" + (new String(Hex.decode(getDataField(card(isoDep, data))))) + ">";
-    }
-
-    /**
-     * Gets the long key ID
-     *
-     * @return the long key id (last 16 bytes of the fingerprint)
-     * @throws java.io.IOException
-     */
-    public static long getKeyId(IsoDep isoDep) throws IOException {
-        String keyId = nfcGetFingerprint(isoDep).substring(24);
-        Log.d(Constants.TAG, "keyId: " + keyId);
-        return Long.parseLong(keyId, 16);
-    }
-
-    /**
-     * Gets the fingerprint of the signature key
-     *
-     * @return the fingerprint
-     * @throws java.io.IOException
-     */
-    public static String nfcGetFingerprint(IsoDep isoDep) throws IOException {
-        String data = "00CA006E00";
-        byte[] buf = isoDep.transceive(Hex.decode(data));
-
-        Iso7816TLV tlv = Iso7816TLV.readSingle(buf, true);
-        Log.d(Constants.TAG, "nfc tlv data:\n" + tlv.prettyPrint());
-
-        Iso7816TLV fptlv = Iso7816TLV.findRecursive(tlv, 0xc5);
-        if (fptlv != null) {
-            ByteBuffer fpbuf = ByteBuffer.wrap(fptlv.mV);
-            byte[] fp = new byte[20];
-            fpbuf.get(fp);
-            Log.d(Constants.TAG, "fingerprint 1: " + KeyFormattingUtils.convertFingerprintToHex(fp));
-            fpbuf.get(fp);
-            Log.d(Constants.TAG, "fingerprint 2: " + KeyFormattingUtils.convertFingerprintToHex(fp));
-            fpbuf.get(fp);
-            Log.d(Constants.TAG, "fingerprint 3: " + KeyFormattingUtils.convertFingerprintToHex(fp));
-        }
-
-        return "nope";
-    }
-
-    /**
-     * Prints a message to the screen
-     *
-     * @param text the text which should be contained within the toast
-     */
-    private void toast(String text) {
-        Toast.makeText(this, text, Toast.LENGTH_LONG).show();
-    }
-
-    /**
-     * Receive new NFC Intents to this activity only by enabling foreground dispatch.
-     * This can only be done in onResume!
-     */
-    public void enableNfcForegroundDispatch() {
-        mNfcAdapter = NfcAdapter.getDefaultAdapter(this);
-        Intent nfcI = new Intent(this, NfcIntentActivity.class)
-                .addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
-        PendingIntent nfcPendingIntent = PendingIntent.getActivity(this, 0, nfcI, 0);
-        IntentFilter[] writeTagFilters = new IntentFilter[]{
-                new IntentFilter(NfcAdapter.ACTION_TAG_DISCOVERED)
-        };
-
-        // https://code.google.com/p/android/issues/detail?id=62918
-        // maybe mNfcAdapter.enableReaderMode(); ?
-        try {
-            mNfcAdapter.enableForegroundDispatch(this, nfcPendingIntent, writeTagFilters, null);
-        } catch (IllegalStateException e) {
-            Log.i(Constants.TAG, "NfcForegroundDispatch Error!", e);
-        }
-        Log.d(Constants.TAG, "NfcForegroundDispatch has been enabled!");
-    }
-
-    /**
-     * Disable foreground dispatch in onPause!
-     */
-    public void disableNfcForegroundDispatch() {
-        mNfcAdapter.disableForegroundDispatch(this);
-        Log.d(Constants.TAG, "NfcForegroundDispatch has been disabled!");
-    }
-
-    /**
-     * Gets the name of the user out of the raw card output regarding card holder related data
-     *
-     * @param name the raw card holder related data from the card
-     * @return the name given in this data
-     */
-    public static  String getName(String name) {
-        String slength;
-        int ilength;
-        name = name.substring(6);
-        slength = name.substring(0, 2);
-        ilength = Integer.parseInt(slength, 16) * 2;
-        name = name.substring(2, ilength + 2);
-        name = (new String(Hex.decode(name))).replace('<', ' ');
-        return (name);
-    }
-
-    /**
-     * Reduces the raw data from the card by four characters
-     *
-     * @param output the raw data from the card
-     * @return the data field of that data
-     */
-    private static String getDataField(String output) {
-        return output.substring(0, output.length() - 4);
-    }
-
-    /**
-     * Communicates with the OpenPgpCard via the APDU
-     *
-     * @param hex the hexadecimal APDU
-     * @return The answer from the card
-     * @throws java.io.IOException throws an exception if something goes wrong
-     */
-    public static String card(IsoDep isoDep, String hex) throws IOException {
-        return getHex(isoDep.transceive(Hex.decode(hex)));
-    }
-
-    /**
-     * Converts a byte array into an hex string
-     *
-     * @param raw the byte array representation
-     * @return the  hexadecimal string representation
-     */
-    public static String getHex(byte[] raw) {
-        return new String(Hex.encode(raw));
-    }
-
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java
index a2c158e7d..812874456 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java
@@ -1,5 +1,22 @@
-package org.sufficientlysecure.keychain.ui;
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2015 Vincent Breitmoser <v.breitmoser@mugenguild.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
+package org.sufficientlysecure.keychain.ui;
 
 import java.nio.ByteBuffer;
 import java.util.Arrays;
@@ -30,7 +47,6 @@ import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 
-
 public class ViewKeyYubiKeyFragment extends Fragment
         implements LoaderCallbacks<Cursor> {
 
@@ -45,7 +61,6 @@ public class ViewKeyYubiKeyFragment extends Fragment
     private TextView vStatus;
 
     public static ViewKeyYubiKeyFragment newInstance(byte[] fingerprints, String userId, byte[] aid) {
-
         ViewKeyYubiKeyFragment frag = new ViewKeyYubiKeyFragment();
 
         Bundle args = new Bundle();
@@ -55,7 +70,6 @@ public class ViewKeyYubiKeyFragment extends Fragment
         frag.setArguments(args);
 
         return frag;
-
     }
 
     @Override
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
index f55c8b17a..95c1690b1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseNfcActivity.java
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2014-2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2015 Vincent Breitmoser <v.breitmoser@mugenguild.com>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -213,7 +214,6 @@ public abstract class BaseNfcActivity extends BaseActivity {
         final String nfcUserId = nfcGetUserId();
         final byte[] nfcAid = nfcGetAid();
 
-        String fp = KeyFormattingUtils.convertFingerprintToHex(nfcFingerprints);
         final long masterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(nfcFingerprints);
 
         try {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/CryptoOperationFragment.java
similarity index 96%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/CryptoOperationFragment.java
index b136492b4..232a39f86 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CryptoOperationFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/CryptoOperationFragment.java
@@ -16,7 +16,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-package org.sufficientlysecure.keychain.ui;
+package org.sufficientlysecure.keychain.ui.base;
 
 import android.app.Activity;
 import android.content.Intent;
@@ -29,6 +29,8 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.service.ServiceProgressHandler;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.ui.NfcOperationActivity;
+import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
 
 /**
  * All fragments executing crypto operations need to extend this class.

From b440456acc1e846f19f663a2987cb1bc292f14bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Wed, 15 Apr 2015 10:25:56 +0200
Subject: [PATCH 78/80] Use portrait mode for qr code scanning

---
 .../keychain/ui/ImportKeysProxyActivity.java   | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java
index 21747f77b..b9f1bf870 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java
@@ -20,6 +20,7 @@ package org.sufficientlysecure.keychain.ui;
 import android.annotation.TargetApi;
 import android.app.ProgressDialog;
 import android.content.Intent;
+import android.content.pm.ActivityInfo;
 import android.net.Uri;
 import android.nfc.NdefMessage;
 import android.nfc.NfcAdapter;
@@ -83,25 +84,22 @@ public class ImportKeysProxyActivity extends FragmentActivity {
 
             returnResult = false;
             processScannedContent(dataUri);
-        } else if (ACTION_SCAN_IMPORT.equals(action)) {
+        } else if (ACTION_SCAN_IMPORT.equals(action) || ACTION_QR_CODE_API.equals(action)) {
             returnResult = false;
             IntentIntegrator integrator = new IntentIntegrator(this);
             integrator.setDesiredBarcodeFormats(IntentIntegrator.QR_CODE_TYPES)
                     .setPrompt(getString(R.string.import_qr_code_text))
-                    .setResultDisplayDuration(0)
-                    .initiateScan();
+                    .setResultDisplayDuration(0);
+            integrator.setOrientation(ActivityInfo.SCREEN_ORIENTATION_PORTRAIT);
+            integrator.initiateScan();
         } else if (ACTION_SCAN_WITH_RESULT.equals(action)) {
             returnResult = true;
             IntentIntegrator integrator = new IntentIntegrator(this);
             integrator.setDesiredBarcodeFormats(IntentIntegrator.QR_CODE_TYPES)
                     .setPrompt(getString(R.string.import_qr_code_text))
-                    .setResultDisplayDuration(0)
-                    .initiateScan();
-        } else if (ACTION_QR_CODE_API.equals(action)) {
-            // scan using xzing's Barcode Scanner from outside OpenKeychain
-
-            returnResult = false;
-            new IntentIntegrator(this).initiateScan();
+                    .setResultDisplayDuration(0);
+            integrator.setOrientation(ActivityInfo.SCREEN_ORIENTATION_PORTRAIT);
+            integrator.initiateScan();
         } else if (NfcAdapter.ACTION_NDEF_DISCOVERED.equals(getIntent().getAction())) {
             // Check to see if the Activity started due to an Android Beam
             if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {

From 413c4bce59c19e633359063777304cb5080bc17e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 17 Apr 2015 17:29:45 +0200
Subject: [PATCH 79/80] Use https for zxing lib

---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 0b06e229b..baa1f8d97 100644
--- a/build.gradle
+++ b/build.gradle
@@ -16,7 +16,7 @@ allprojects {
 
         maven {
             // for zxing-android-embedded lib
-            url "http://dl.bintray.com/journeyapps/maven"
+            url "https://dl.bintray.com/journeyapps/maven"
         }
     }
 }

From baac30508d24dcda6135bf8ae338c99d8c3b8ad8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 17 Apr 2015 17:30:03 +0200
Subject: [PATCH 80/80] Graphic stuff

---
 .../drawables/glyph_authlite.png              | Bin
 .../material-launcher/vector-src.pdf          | Bin 0 -> 12126 bytes
 .../material-launcher/vector-src.svg          | 347 +++++++-----------
 3 files changed, 134 insertions(+), 213 deletions(-)
 rename glyph_authlite.png => Graphics/drawables/glyph_authlite.png (100%)
 create mode 100644 Graphics/drawables/material-launcher/vector-src.pdf

diff --git a/glyph_authlite.png b/Graphics/drawables/glyph_authlite.png
similarity index 100%
rename from glyph_authlite.png
rename to Graphics/drawables/glyph_authlite.png
diff --git a/Graphics/drawables/material-launcher/vector-src.pdf b/Graphics/drawables/material-launcher/vector-src.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..68807173d036e33ec6eac406b5d0c34aa39c002c
GIT binary patch
literal 12126
zcma)ibx<8&v+coMgX=+qyA#|41P@MdKR^!d?(Xgy+&#Fvb8vTuAW4vy{J#6$`_+B#
zkGE@T&+Ikby?b@fOx08^8f8goW_A{CWSXXn>fgwmKsKPgu{H9C4?tE0Gdl|>OCZ-D
zNEI0f1hPt7**ckl|D0`&oXjN6Ozcg~kcEYj9i6~tMj&LjEN^}Jxx03|EE`-hi|sIb
zFrl{im`0oHwtbxGn}(Qcpoel7f8rZeERDPuAX+-`^$O&h+Et46<#$IiAGlT|!Q=Ia
zyvFx!`sF_MZ9|;-s%}`5=wd_0=jD5!T`tDn@lPEkuTZ^8i%to}rB5zrPh$_GoftN$
zk2z!Jq&xa*Ufu?G%?(Gte;xhQpy-yVcw)E;_wIDGfB2@l)mCgFGj>7>eW~_Ku(?rN
z$-8vvi?c66hxXW>{)KkAko9zp`fkUX<3x!s4cT7z>!dVobo<&MkEEliacy->ymr^^
z)lcQ=BZI9;kJVQ)x2fVIf$DLHuP<t5?1fE-%c3jBQ=E`tv$^kbTxI&j))R8C`Je&)
z+VDd_8{$c}T64_nR6c0Qh*f=<aqYcL%TLrjeQ-lFTE>e_>cA~}|0UM7#yxI=kcaO<
znQo~17L{q{b=oE~xNm$)Y>d9M@IEMGt7=8)X4cZCDB87Uc-r0f5!+#~7AeYQ-gZmF
z_I|)GbA_hud!nM0!mNQ1$;C9|;WLX>R&H(jPQ{u|*v9H2p3KRE-a~I10*lp6wrUfZ
zZo_28!zqs?|1fXqLXOAww*c-2Z?gI18=@z-evSr}rjvfzeRIdfYoEzO+hN09<g;&D
zCd~xWO}-bz5+7|-F(EA9?am=6n=p=6`ZcDJt{8)M!kblVGA2!MR!aDpphnwR3$-;i
zt>e+r&Dxg7&AP?PKvw1Ry7L=j-zy&Hy7!rV1B~ZiZ4uc3#jA|Q$aUryf_1y!LH#*`
zhYyZEeFCb35kel~^WZQZg0^nx92*QhHa67WX6;_%;R;;c@n%U|k!EDZxt|Oa+@4K#
zfreY3Q8XcRxO>Z>+xn_Hf-UE?<T}j}A$z@)6=7qZNHsq*;=~X=`^e;MTcM)Qn@H1U
zDDCGU^fnM0aS_S2-nUh<hDCT?9yVRvx32S(+gjo@4fg&gqV%&7VFT#Y1|iVaogUoU
zcup0XC$(p$&h9v#b0x%tz86Oa0e(c-{))rcdnJaI@N+(-K(0ooO<cGpdVIppRA^C}
zaV63)S9=~lN->Su=8|+?Nx~%Y^SRK)cjKl-t2M(ObO>sRaS26!HZuOpI{&HPNu8OA
z+9@eyDnH|*u_dww%l5k3#7w^9B0K~RZz+T8R*Uu`SmXQN9t`n-Fo<fA{h`@<Vja@8
za-kR)ZQ9r1?pgh9x~YHj$GA)X5^3!j&oxg^G$Z-i<bzr54V&6$f!s-f_Vmi2(z;}e
zwbl%0xn38VhdSnL0)8Lv?X?NEnZAtdz7MMn(raII>+P$|aq-mN(l7IAo-GV|CwA;$
z%u(3VQt2Hq@~KxNOjFP^m)8lh&`Kslgp38XJjtJegwP)XysOf?k|wBABu%W&-qB7o
zC4wsZJp0hU>TBpiXx4`6o#Q9=<^XBIUUzbnSu3yT5Btrp2`f`MwuUhe+n(Mr=)X@l
zJ_9pabG_M9=rag3J3o&2c<N&6*1yfxIU+MvDO%KVo2TF@ts}ceUnu&*#Z=x?E4cM`
z@-+7!6AOx?o<a~<<+z@{t&+@Hr92GLJSZL3u3*b%V-VI+E~Zp04~YmTyc5!>^%i8?
zA%t(L1$hSVh3NV`kwU`h(@Cw(Ok}14B}5`Z3h*02e!92$D9Q7<wY4Bi+gtt)wj$xT
zwK_npHS~u3p*ZnjysZj^suxEa;UU4>`!qVlAH#Yp<m9Hr+o~_mP;NpgO^TJLwpA=Z
zmp3q-(JQE`V2q|$cde)=X%z<kZVC<1uO|`y<1X7~=!4iv7F5Gta80wLAR;1c*J{ia
zm!L+*5@-R=+`loJ%JnUE%b0PH7TZQ3Z8)Opgiv6j6BPXCeaF~pOkSz`O8tb2wN+)*
zXW$=*LgHh4Lt!yu2GB(NVC`B9bsxVOlP}Bzx->_uv$EmDmsPOHY<V{yY^16Eg)4B2
zv946REWn)?Q$A3`@&~paC(ndmRdXqXir0@&BT$!n)j;0-SAEsFrF5yW8k|wMr9HOA
zxUl{7+U+csk>kZzqjJClWr`+rA0i+(-F&SJif6$?`ogxKaVG(u*ESFZ(@*eFYklVK
zTUBTo0jZa*+aabqiW}Lw@xE|3tlg5wgvA+uIg{nFEm6^&$vwm^cyhtO%Fzf0#E9)X
z$B_B$Q+5tF;cJxK6$N>&?ZCv=&NtMbJ))QOyq0@~mg89iosQoqAHw{A{+aAV93kD&
zY@WDR77a@QwTAn`(ioS)%~c*YYp#$bnGWNbN>cf|;nf?cr>JNcD7rA7-l8f?x7n3u
zl-ggQz;DCCR`!;}{$J!es->DpE0E>m1!=ze0<@pMo~cVJEm4sh+4m{7#UARi)@KXo
zVZNR=jdlTxdY5`K4Rv|aICQl_ew)?>g*w<czPm<0M0YFxiQiDv+z6j%@lmq3hu<Gc
zr`(~or!JiAaGVSv5s3j(gvvr!{OzZSV!M_KnUn@LzG1H4c-j=nbBWrrNwC6Lpm&z>
zb0F{`e&l@QxQ-$O_CTOvBz!Ss!g#zSxs(x282872g4}GNH$=<q#|a2zL76ajP8xhJ
zKCoTWLnodO1O+65EXZkvY{#jbkB(;7QWLi-mW!0%NuWDTm!Md&Z&@4>CK!nIb-!ZD
zTR>IlbF6tb!$qP)=1fIN3nO`!u;E$XCH7jRTlAqC()Vj?Vc_wvhEX5i8w#>(e=jfO
z-GCJxsw~L=1^X7bD7--HK#F)W5tcD6b^L0i)I{S?)_O!{SuEbb8*(8gJ7@NWgF-6}
zZho3{rQWq97L$Y(bYaU_!DFn{FQ1KX{@#8M88B)iySNO?r&pKjz=IRW&@J#D?rTX#
zOhcAXGyGY#0WOXwX!O*I#Cxx$L}MV{VMvIZCRDWn&?SXpKfRVGP}9bMNh}0?foCn3
zhlJcL;?W0{h}sb6I`&8sF)b@|Px0q5ii%Xr){F71K+!Gk&GUscCka*W%tr&b`$9Qu
zd&okM1}n^Wn1~JBvV$!7``1=0XDR^0PBQ4>D#hAIF;yVl3SbEASddXTQAVtvLMfq`
z1B|Zdo*`%o0d2`ei-~|;_j|M(u+Il`chxlgOH1%a{QHBYo-fUc6ZG7DMWiEGY7(Mh
zZUHEh4-o*A5InMt&p2I#kx6GA9FW5VQvwSZvI9KZ=pGD!G8NI=DntF+8fryoel(#O
zG3FIw4_5OhW;)hG2COpU!hm=F-pvnPFxeqJvATTOe%(7`SnKOs#1c@Nuykb1hf#t<
z(3>b*VIw*@S%w+=Fj1rv&E6J`Em7joY{T2b5Hnq9(lE7|lvMP_V>WB5N%_WR>>IvS
zNQ!M}`-Z?a4%cVIa7)4tfDG#<y2eEwV}zi~oB?qMV3WPo$$!zCK1=<x=Q7RuK$s}Z
z4e6@WLUNh8BkL+;cHgB`j<=9T#3r>b4`*QJ!K=3=9h5R8#>)k(9=M^4LtTI%EDFk_
zc@3A5DqCK}yTO8?#J)G2m&*G#<IHR8mgdO`*o3V;qXu^Fjia~Lm8GGiU|>OKY6Tx}
zvwaI}sr}A9MYb+6MQo27ac=cZ;}Ah~Wug|89qkpxM^?*#cBdgr0Iw`02Rnsc<Ire?
z7CvR6gi-Ki#t3gvpxzkX21B$lhAqwSE5;Plg~$5_LBzbtZ-im;dY{8hNd#J@d%Ps=
z`zbL5OrF;a&JOu%pWcQ)Y=Mw~bM+Tp+w}WSjW0X&hSnj1q&zMCy}pMCwD3;_Ff62Q
zbDKPYNTg9jP&DT|JLYP{`%}#rZY0v5^mmxwPJXPc98SH4KX>m+2)h};JDNTrM<KS7
zC<in_lID(sP(DFh!r8gz@ET&DfA#0+36J*(4~GR6Hi*Yw97O9w77V`tWc@UtttzKP
z$u1-hp@krq$GslVVu>#Cot^``klqm~m#_%2X$LZbHPX)sU&IZxE*7BIR&_;Lv7|`{
zYJOS|1@?HH1B6HuXz^uP6BuYaf=ae_=b+@DHIC(7+Ay;yLxPZ|qui>(YsPHHgkdX3
zBTyLn!&w6rJhf*FJV(!g<Ag@roP;(5M+J(6seSX(SW98MVp^9f6IY^o@S)NvBs&-{
zl+U=kM3KFSzqeQ1<~uoiLKtCx1Hgn=uN39=S}yOlY>8oQ$ZX)8xNZunq~cIMDftqp
zEda4eFfqgq?Un@b6{!4E%-018kl<$A8mRERN`+_)5N~2u-o+m-`lCUiU_&9;Z{oZQ
zh?u?>cu<G9=FQeY2@f0rK)^ApM-aWqm@PGt>^`g$WX6cj6w?{#>^BH=tm>}>O+kd`
zjb=fd$&`S5N7kXe))uXHjO;aGP7B17oD<!8NQ)N(7Tlu_LH|%U)areLak2wEH|(%T
zB&mgQJ)lxSdmhW63P)8d0UYx-#Ek^4+(4g+F*)0}OIL-zu{G2<{ceg-X5p$6t&t$_
zQO-lVB?0jzBj+SJBwSz!0mKY6BA|oRY0ozo`|1^fkblHnd%0QMW8%<&*44!jGDz1+
z-%&Euy0Ni6`9awV3-+Fi>@sgF)jIkQaOaFIaqwb3X$_S&QzObjLvad@i0U{lzr}7w
zSYMhm@_Kb~{s26~&d2hcBos|xu7-8b9`?ZX&zsWL!c6)Yd-}^s601o7k?ec?+V3K$
zC88fg1Iuo$sS`8AE4a|7Y#qU|%@EsAM^Am*&sPX7uK5p7;RGz_<RiToedxj`{mF)%
z>~V}TZHk6oh3uLcj?Ltf$Gyn`A2(R^PNQvJJ{&`?#vs*Emk*hDRk9=MrF2pzHZ;FU
z!Aq_Hh2w|?ue$mBe3NCG!uru=2f!~Z%}sbuNy#fBMcs=KYu?q93DE_-lH1G)Sd77V
z{}6A(bi?n^u>Q6Y){fozR6TT_)2Uh1XwlAqMoMk&57GmXd5S}WYvjM)Rco9P=8ezz
ze>Ia4deUzi2$(~jddm(^cmX%3Yb@Y9DEifhr^+~7Ubzj3270<Po<V-!7YBT1Fy1RC
zv0Fyt6eklcs-9+y51;wQb}D6eC2yyR63}X4f}n>XfGA!7#+I$JLKvpR>l7FXM!?ua
zZ}<DD?ev5f<G6@Ko;YwQi$jx;)h~=6<{Z}mf25vu5F<wFhmuc<)YVf)BBU@4jPSRT
z5Cq!*i9=~&79DF~O^XIo(4<4<EU}NfsCU)($LoGVZ%}!R7za9xOWc?tu*VA`6*hRE
zZx_CwIog%)tH!~cgl&5QQS4pWzKk8#IK5F(T#pcZa731060-`YvHxmLFFZXlBy?4`
zFIB6HGD@OM1OtVM9a^Lo@H!ZSUu8gWBCiV^(>YNJfdj6H8wC)6XvN=07RXz^F*(2{
zNR@L{5GH5Ad&3fy#Nqcyh*F7dcAAuJGsyE<IuH<gz)Q#KwYk$`V(y@=W+%Mkgx5PK
zq$8qWH|6{|mX9*KOz<PYmdZ;!b2Kh{8^h}sb6=tU4iC?W+nz%)>{jf@qF4vaD+{`z
za|_o<+$ZVe6pOe7V|A+(X$1k*m0mOiOsqJJ6k34L3h#F0ZaAGX=7<W1VF)SU4ax-{
z7Q@Xdi2Y$<q^stJRQo2_?$uLy?n}F}xh!1(y;GhbQ-%-(eLl6Ek}$|h${MZ5E5u;(
z#btMDQtTYYA8^};$ugtuX9%-{Duj^8kNAsF3wOiFU0GFh^d;j+|255=A`(L$AWWRT
z#S)|w$iY2($3a;<tHv=e#HD8GYD+xOxnq$-%Mgw&Y4xgbua|o|5h%r}FruAG501cd
zUt?x^fS-ZVpYxMS%MKd}=p=HqfdnA(WN^N^334)B(`6%)_FKybr~B8{p=C-b>9%Rs
z3vu|7o4_+GDzJS9_N4o>`@xd~YQLG<%C+0f5P3cT6KumEXD0d3NUznlMx`DM46cKs
z(Qoqkm@}$0C@ifqdXOMs2M&|+XPn9v(b`Xz5}2?aSY7CNK|j+0H=}uChUH!T6*xKq
zMb*%%Fb;aPf%VMI9cYwxKX$Z899Uan)~)c4DCH(5h8*jFXO}`>z%fM%voI_u3LNuD
z;Vd5qczNtyh=j$({agoGE|95{@<&h?#3a%7L!ha?`Y^j`Q;Too^;|*>4PAG{;xnVs
zdaN+%_>LfhrrXH7DObgejN`E}3ky*Aemu8Ewrd7bo_u_wogS4YfxdWE-*bEoNvWE`
zp1SB1UK4MT{Obp+WsCgnU{Or2KAoLSEX~5><K;K6#IV5bP3H87BOF*4DUHOb;>a{;
zZMDfV!<S;wYgN3<9HRk#gg?tO<uOm-;6v3{RZePiA7?cXpBQw>XNd^Q3S7mc;$4Z2
z<)nTwl<h(Zu7AnXs-~Xk8-pY~-}d@-fJkNc(i?7VLo_}G%l4w8PS*mO_IV_uAsL~y
z^sb;xIh2NI40|nK<usDq;{@v|!JcSUQ;&6WNAz~iwM&iH^n&zgQY1H9ZJfr9LQJaw
zG^mT~_nOG3sMIDP+dC<+CYXqcO8Q-c{HKr%fT&e1SDpcLz}LDx!?dsozBY8z+6dDi
zV>U;>_xODgn1(A=BU{rkk*t|Q6I8Hs6uUeTy2}N5o8JmCJTqW9;+>cT2tLQHC0wGG
zBQ%b)pyag4`w6)2XNu!-TidIKO~j`|H;XrZ`~f!*NDVMFM;bd-bCjBnkGY}TDeUC0
zl`WscWNTxrK@A3go3{-S1@p;i8<QP49a%72`!#WjKF1l68-B07mo}wcNrVmIkQLI!
zz;xm2S#m=uZ?24Pgvm6+SCk&zC>d@jt^Eoc8AdC|Mm_EPT^n9!hhm?ahDzNfjl3~_
zccVlqos`^MYA3-Q0~RK&Zv^KT@MPNFcI-pYCzVQA*nWCnmi_D^c|a_A8!j~o8XFkV
z8AM1kmOtC?HtOMW=-e@|(uz>r5vK+%q}>traG)4rXS^1)rP{a$Eu`ZD1>KmSs&Y@8
zP5Hz#P(iR*k~v4qe48<?&j=;@f~htkIZNM?2Q17DKt1KIN8u^SGwEOu02_z-k%=#5
zee;wg29kpO_x3ySpJ`nfJY;LtLJ?KQ<MvEH`L~RaEex&73hr!Jt2GDDj#OW#LF3SW
z4}HJHrcg+CjZ9+ov`WVT;xjc7=2JU(!dm#ayO+T+AUoe6r1LE0y*V<weQxD^+o%Uo
z$E=*dpNu8JIsZ5-ET?DbA)c3iM$P;!Wy~}rT|{T1qS3)sZaG)o2(jDHtPEshZvi6w
z5{cJZ2ThIMOzc?8fr4^h3x2m4_!`*RT2D+K%uf)s+sYh{L<5BkCzTU#?>MNE2f<;7
z+0A7`{3*$bH(U85K0RgK9g2Wr8747qV$ty`i~-loxTa4x%){>;v=AB|%sz$bLfWI>
zwWD;qe4dTDeFt2>O>Jk;yiLzb)JU$_?}A=k8jp%FdvQJ#29$c=Gjau(%{xZloB$Pg
z+E9y-Lxj)J8LOYTq#Bb+LCLvp=kO~ebHPX_&F>F&+42L2;64vAR^nWLFgl1($Yq0D
zL!}QqKWAQruv%Wp2EjP6Rq&8UYS1w0Is8foV<zkR9e59YkBWjyF}Hk1%w{}@Ooe!$
zb=&X!R8k>ywlF%KlB`&EIh`wb|Al3Yy9k5lVSyS%jO2c;P;?UcF*b$^_A`9|<}-O0
z0$&!3$r3=B{quz0`Nkt6MK8+~tRbpGXu>v+KsAnNP@gp>%a<RLObAZBG6gWm(#=q0
zs4oE&=7Myaw?V$d6T7Bn-f@KFz|51#hXHh?qn+<PP5Gfac#<&==}RS=65wnjh(a~v
zOZEN-{KEI*7GMJ?_6Ap$BD#cviF4tGH<?@CLSaBcvIM!GLi`WcY%#t9T?auXQNO*b
z`nPvx^ogeOj_)u{0F{;OtJjp476{g3BK4*40xolgmg844h}<*MGm^l#kS|~Pz}6H2
zNf=a)D|u-0sIEo9xHuYiu(}TCZi(Vtvr=tq)zrZaSMxlW^rWJ4kn+axBG@WRxZoxd
z*<hGxZ`k4hDxSLQ1<NFqBADD<r4a-N7;iXsBbR;Z*&@+G(SvaMBc=-G-6BLGa&p2s
zc*Xs(3;ddy6v!jAH`Ls(pdsyT{`FZ$K{x5XGs=r4sP4#mNlRB@9ExYC??o}?@B3s>
zmFL)5$fc091$K23b7&q2rP$csneHevq9Vx<^s&Lg2=(K@a;(hTwfb@MN-m31Xf%0b
zlZns`B9{`)GwaN~whgJ33w_vQ{+K%*hbl%)IY8J*QO39t*bZ(sGjAb$)W(;P7>2IP
zil;Ij&#11WDNq{2H2-lT8@pp=Bw2EtoFu%bo76~p1Cr8m4CxMj@<WWV2^{q;gR$1&
zX;ZImjiL|a-a($Qjg*RfkfaOE$W>NOa0`{pf<X%yhE&5z)(6MNC&zHShhCOpma-99
zz<*m;bzra9fSbD)K}S#0@?&egN)=-IIu_idW~ufO78rd1O=pl*VWqzpUfJ3sj;R&f
zhn^%4efVzAw16hs*EpP*gC|c6MDG&79e!E&JN<({)FXjF{YPh7ne`8~CsGK7H~B6y
zdYBl!H_4)|&t?dwASto;8Eh6(w!|5R0{-xVkK~B9lmWeCWvtv2aqI^}Xb9a(w(4yV
zm2vrB#lKdk1x=Eog(MD&uRpb^R6})<1jCPHa(&jh&@iT85Qo_MD+1ZM<eDb2n-m5~
z$T6^>oIWZ4aH62O9{al8!MDp#*Eu28i(qNZRMF`OQr3ux^2ln6&5NOUVN5EhKTImZ
zNw0`f=WA{KRdN{wR~C+Bulm}P+c)^b0<$TxTCw_mNE+@Tz~AV;x>Qgv0#%q#Og+8S
zw1rAGq#nWpHoY;HEJFH$;HGiXKYxjgyWn8t$&a_*buLD<=-I^>$r^(T9Wa{jgCtQ#
z<68ajd)3bAvKkhn^UBmy3h~R&?Qi-Y==LfHevZ<MXdTVUCFCvftF?tMEU^g5ReW^z
zugNnE3Yx#<9z<R668t!Ub!<g|L}jHZnc5HM@TB5)Y}ooSKd^czOD>s*FpVi9Lwq~Z
zMYxR97JdvR!V9X0c@eIP;gzi1nn?v~lE{nRP^Gct_#CTKsG#H2**EIVCn$6p07hdk
z^b`uoTdQGnMl)R&bwvxJfrX&c^gOcQ5>!*SA|ly+44f{Ig3!KssWCDchh(nzlK)}}
zqbq25EzU8H*A<OnXGvuZh`tCdF<JCNO|{ZDrNrMDNgZkvtq&`Z4bBYz3iI&ZX5G8X
zYClmXlL7UDNv{W)au#~hXWa)sWRp>5d2BBC7xk1uR_C++wv(FZ_abg%A7PXk{Mi!A
zei~2`>y5`W#&m)fv1kL;v<T)H>$leK(#AL17uE)W?aw4Vzx*#$MIGqb40+5I8AY(C
z<qdwx?0U$7YQEXi4A-=M4f0;2@$8~qCSQ5v7V@3kdb~*3C3kws-J<l<pq^PoS8LM&
zud;j$jKqdI5Ywy@Pb6$BBeaxe0VC-AsGt-tDDN;1@QCm_ruVs4*5g^z<J}q_^I+;c
z8%uh<D%k8--dOP7D}BW%>w^n;3H7TLjCA{mnoBewQK&`EFf^@y(Aoyiu_YN7`B7DT
zOijieS4TBLiT+TUxdipPe5td7f0*IPY1j)ZnB&4jGkTM{*ec>vO~!mE-Qx9*%e$(a
z^3O;XN-K=+XywLAD(6x>nPrV$3^p}mYp?Q|o{3j@nvcf$YMYr?Om117{50X(rIlea
z7*mCs7OQ)vt1WU<YLiVB0j6}DG9yEE;9qb`6#hm*_7XN>AFY^F8_@Bb8cV9w1&YZN
z2rP2M3YY!cGfGi$Kr-8G3?<5gsS!gAVY((pxm-hO*#(s%!<$!ZI6d-=S>?-5I3bO5
zwZ#PtJb2`V%uvWVHH(Euj7Z3(Nk=1jEbszfsc{$*R6iWRjNs^X7hwp^MfCTxJ4#A(
zsx*XDaxiG9D<6iR49yd%3!|5ykxHIo^1+TW%L+*-%^%WaMN^|8uYNm5-j!nD!t4eX
zXXAV<(KgB{69;{)4!XRcGs<2Qwo(`k{se>Mh&M<8j{Ou)Z%pvhOj1aZ(A@o%64jo^
zJ&I!N11F)nHgWZY$Tk;J92<+d7d|umPgcO!WfjWYaM^uOTvq_+pFeF{_qT<t<rO(J
zOrEb7ICFa{CmflE9EynZ8ng`!l&de~ejf(hg+{WCbV52fm)0N+O{c-!020~fue92H
zn&p&e5FI_8;-C42)3cL&*Ep5D(Y2ez7qZ0i9G?$2rkl%Dp<twI(c#{;S4<?go`%{U
z(VnlA{5UFjZll5;ZROCvO8W5<FG3>{9e|HHFdFM&xFc_&%TcrOGh3F&%B>eB>5F?R
z#fI}Oima~3s(wSkEou&isZf0I$*#ML0wrgh*db}t6^?*kcE1xaZOr(n2Qj==uBEcX
z6Z1eQnW#A2om!f8@Y*;S{3Gf@o5h#Dbjy77rE2$;Y3$0NE_XV?TSlP#MALnzXK0PZ
z?5)KS$_Wg(TRR$s8lQz0Xp(eRS+mI&lQuIij^huOl6*aj#bI1xD#vSs9`;#aD!0uo
zb}jF$U}(>Oa=Sb2l)2f|*?e?Q0{Hl9AhBo!r7}n?lj|d6shOqkRU?~R-KY*-sE$8X
zx^ymy=V&D4X$4x4bfV3o*)ZR!*!;Y=o^bkXB3#b>q7J*{c&dkz<Ym{ee<ve%++gWM
z&#1BSEj3$ptaW^5aewyVyBqf_ot<||H+;Of0p;(8pa;78<kNi_!s-<4ai<nf`kLm$
zrll69;vRW^(;pyd`Y2_oA4N(X)ZQF-k&lg-;L9SL2p+s(=AdrH4nK_?wp0N)>c}@4
zgv(?n59P{_p5?U$Z@FDaA5j=SP{zVpo<f}A_yToxpG9KOdUMRs^vp9E!^@{C_qd*n
zeQy02wXl8zmUqu~_9K(ry*0ba7u}eerb(`%_3I+6r}QhZx{S?rXE)8*-LAEFBSKC|
zd&zl4u${v1!M%@mE<1GC3=8Q=`$g<ZoZFik7>x`cN}xfuwaUdfQI!Sp3#D{08cuBJ
zuIAV@JZ^kZ`?d`)vxh^Iiw!@05R8J>F4Mp`#$ZocWS^O(Gg^E=e&~^z+jQ#i9IPm&
z6FYB6(DG%-h?Gnta{o^|5>NjD7K?J{)$tUkDX}~Y0|kb*$Ag*pZt~#-RQ`E)+tEAI
z#QoA%Jq(dH@@OzWzf@>>T>{JKw>@I_R^>S^&=~rouFF$~$W+dksg~#4mvfv_-g4@>
zX%Qe#6~n~C-uu@}ruWk>dg(J)YWebT_8WSAzh|C&$ON{pB<K}rzACa%Z~9n8*I1h>
z!)X5bD19?Wp90{>t&m3?=Wd^&PXiYBg6!9V+{E3$wXpshVunspbjpZhHwY0pQ|ly_
z0+`Iu1<>VyT2M~hqhEbc`@LU#=Js`K!4869SHQ{p1w4YSPh2d}DwaZT&_A^8nMY!+
zB2pcI^xyl!#O^g8^Nf)M`h=K9)t))`@MhG>AS6-@$lhactQ&!aUa{Hr2%0_*abNra
zl_i9J8!%iB<{}b&DWqS6TR<WHsdU#^?+tckt?_EUmO!h(UPVa??eVGG78>4@jT^7p
z&)PjarA~h%`%0UGm?L(_U4~BP?3q<fkYVI5?19tVa)I6QMZ#0(#pe1;M<UFNI6B`(
z1i}!B5AEPKYTyr`!`6Ga-oj;;=Yc-MxE&y<-ZAhsj<`BtK&tjQV~E~rUrptK;M2+;
zL!=k-drhn2#?&>OFRw`!2IASmIq@^x>e!Cp$PyoTT^qh;SligJOPLv0G?cs8+8ewS
zTl7)8((<a%>KBH`6Be{!Na$rgYz;nxGd=xoX54$TTO?IG0BH{Dz`0uST^=5d6R3Y0
z>SGz{pydu%I0X$b1u9Lpz7NFWMyKx<%U}%Pa+wrZOygczFgaVyek2f6DmIc%{1V<k
zTaREOcCo6SfY#cZH%%XG;G6@0dp?q&5}RcQHqHL&$dHmqp5rE);TxW#1`1t2Vidzv
zc&0$aW<3tbpOljF#=^z2C99_b7nCwsS!CQ)>w=9GsS}cZ$nBCbIfNIEQN|PyTu|oj
zuFxiE%8}w?(0sa;*DITv_)Ls^;*f)SSjHa-iN(qH;Bhh1^;(glLvCWD2j0A?A1EW1
zVE>MkI42w2F|S?~C*;Ak*AJXE+wM%kl8Fu$Pm~q1m|p)(naf$MT7^NHNG(Ru?qoh|
zI-QxMkk`iVHQ6tjU0lLwxY8LqI<hIWsr1aYYBiK1JHNSI-Q_aEhJ>Xw(3u^Vp7sm9
zJabo2X2b8`t33h(zC+EsR{NNPpCs>7FgnPCopyamq8y_!ELB*=q_T#$zMcK1!loCn
zzX($=kEEK?Dp9T8+nFkHD;tvku%HDHTFaGDzt@Lh#hB1)--%!0bm@?CJwR<?o!z1l
z&EgJtBmhUV=c*htD`)$kyF{Ai)?HE&RbOB;f7v_fUuVU7B#LLH_)SxG#d)|jmG_3g
z?0}V|>WSsltVirqtNx(hO&%D$eoe+&uvlP9?OHx=P;4~$`#K42DmaC0$+@AQl*cf7
zJdUO+`A5Ke6?w1BZ#H>}8N2H?et4n#cB#M^fqj~h4rzb2HoXtbWqN#)*qON&rR&)-
zSsGDP2lW+nY%T&EHLcPDETN}2>D8r|2M5Ys9I+RPMRDSKr02`ehTVJ^ukW16pP7(3
zLY>J*Cgx$}cr=I>)=mQ4$+Wc$1bmgpM9qnR%gf+|$alycg7xMO+4n`J#1v$EvJhxC
z#aHe+S=5n_mhUivy0y@xno6%Vd{4u7j(=`?Z2K*~>kOS=NUSG*M%*lUpTJ^Ch5sYp
zsa&Nl!6`z3ro*<cCO`Z>g1|HN7FQqDuaLkrqNW{3-f-EWoko&eo$Z8eKptaU%^g77
z`N^Rv&9$uL{`Tjo40OH4^6apGX@y$GuxX&9(dn4}k=?D>4EmUi^3Bn$un0eS3+b*8
zR(x+0O|llfQePp(@YIU=rGyu<&sShYC|~ypA|o9&pCKJuc>$WNy)VI9T=Qx&;HZrW
zxD<d5Kfxb}bVu&@bZv;P<B<j5m&6fU`Iz|Ho{Ol{_wr%-$Uk@7Kd%)4V=(j~o4h^s
zPHXmedSNW5+_IW{s)V9%mWKyFzB51fy?f>9p-fG)`;XJ<LhYK+7N2K7P14l3!x%)L
zWB5MTtJ4Cnk2VdZRyOg~;vJ{hurQC=EnmCMPZ<m<+k@coD0PF{vuha{9oKP&^Wi=f
zz<)7IKYfn_ZSp3uzCsH7&STF&61vv})d`bHHXxocHeBY(Z)>4eyN{nPKRoTV_WjrG
zrZ$c{rv>R-S7yIjhD^2>%Y;gXA1tj|s07JrJ%nwSs}T%p()4U*&N%npT8}876%HZ^
z@WDn3`sUO^S_*M`Y*X(R`O+la(}QLiVdZ4|F})jq*QkoVj(K;h%__uO6e>%L0K}3l
z+QL3uF(_M0vM+{PFv>~jd_p^+ji>(t4^?2JjDd8@pdwYrea*_H@5a4td5#+vqJpzP
zA7zZ&IAnIzh?ByB_R<yd$+mC=HXr5PNAhU)W>uL4%RQ3oV-u0SHsr)$_cBz0CkdiJ
zDBeRYnHZUx8jBG4Fs=l#z67Awn1OB}_khEvZqvAm{ie3#BI#tpg>zh7ZKr+sDn^9z
za=*4Shtl8X+Yh3oSs-5A=+y_&;w0u~ETlvZUpJ~--#dH-^>=IqZ!u`aLp-0>ltGlM
z*GxIGgRD8*W=8C3_1pG`T+R*!RLfWsFuo9)@>LVlBkUQNG0!qK#*WrSaRq=6SH5LK
z$rww_Z(N-yGz)E+giHvu?dT`=;-$qB0QfyH^Syqldj{#0mFX#hOZiFG5KqxN_-tOK
z<E0&?EQdT`CLKh*T`<PM1fl70Q;q)+F^L;4&}4n+Oqgn7fE9coB7#$}g&v&N<wHjF
zm0x3*&)xX0@cq;mm(yaCo*Z9-1a0@<-MAPhI6r=`%(wJ^E4^E-zWmg^1OC;&Xe6wE
zI(VYm*uZztu{DHSVev(%ySCQ_4#A+nI~c>&>qZjD8&&@T%Z{J5=R+`_qg6&5s`iex
z7{*}IJ!6s>(%w@y4O8c>sZhG-YfQj9!;3+1gPczG!dCZ=-#Q*fOW>Ai4b8)PEqB{V
zs;1zHw(Dix<2bV$Bk#Fbw-@Wfg2dywP*b^#NLjERtIl&1Qx-&Oj0Ar~PdcI|{Z@=0
z!MfG?nRxSj__d4BZ<1NET_>#H=fnB9Ym?}fRep0txDIL>ap!zb72dTSIl?F7PJ)@i
z9&1YUyWh3byuZH-P5j<iss+6gfpBVI7b)_?k!crP;dJVC#tw5I$!?5~MOQ`1#bn|Q
z14JTZ@)@%@9ew$1(`1@{t-MK`UM<Ru1`qZJyZ2o<IACBvk~Z=~CzRfPUf0NJm!A0I
zKPo(aSA2WX7J7aR2UG)$;4s%L;0REj+zb=@+JXM5#I-wDVwF7zD{4OIzmV0DR*0ZR
z`=BW$vH0NQir5^rf<m<!-_8zBUzlDa#uS0`Lj)fLo)5Jt1e!j}ffj=~W8fYKTX8Kk
z%7;+>T23Xjpe+ma!cV<#kEW56b<xHjn84Z<hA9H+o}`La^U0u4*5CMWU@;L_o-?hk
znl%duC*14PEXmXOJ%%zs#NMlWvZkgTcX6U1a}wiT?+k2CKdsX?Z+$<Ovn`=}G-D@h
z_Bd+~zD->j6)vV^<sLl{7}Y^stHbURS^5}HEU+{OYWptyh|3=qS$%fjo^TgS+2|R)
zS``5Lt+HD})LIB@R~4s=d|Z9tOq`oEj5M(;ICjk1<Q}{FUDs@@=~k&br9KIsVZ#jv
zoh3O~{vdyu#?HcMx60wBVSz`Wt$sn+fPt!|*y)yYoH6!v>?#&|LdKic7wJ%^w{6L7
zGeXoiCEValw&jaiiENv}newvgq6NK;S$2VDhk)lJ`Pv&4F>z@svYDOfe<^(bT>aGs
z{}lxPJ^zsev$Jz>aQ?OUyXN?B?eITpVJSB!88xRrN@3uK4}XC_gVl)b&jQFQAqHdz
zvYHtEng8gA|J?X9|2h6E4)=e@0kW#QJD34km5nUS{)wq<1U9pC`s4O*NwT7usg;qq
zy&F*X55xxKW@BUF<>%+;<NMD`{eOHV?CqTXI6DIWYMlQiXqExnJ3IVGdjHz(AN1cD
ztNqCVY-H!?@ONhu_kY83Kqs*CKRNxSCGp2f(#*xm#7tF2{IAKsSh1>_IodmeP0SpD
ze`}-q9~}QO__xmbe>gh+lc>CvspB6$f6Jf>{CDooe`)_m0G|H{An`|k?PL!I(wP`p
zf$f3pEbJUC96&ltCnpC1)<0$b16qKM94xI&99ita7WDN0Y@-aeH+44oqv!trcl)0n
z@&3p5|H@y&$jQjo-r`@O|Mbi8zq<54K5k$$b7VFkA2Qp24<HXWHzzmH9QZGcot=l1
zANbE*pxu9Coc|a0$AbM&dH#<7wEKTxT<m`;{lDyZ+5SAi{|n>e{0}=Pu#uIm8TcO&
zyqcAV*`JjEc3IWl-U;}Z_`e<=IXiQE;NLd<(^p3)Be2sy4B6TF_&AYiXrz>+k^c|I
CPBJC{

literal 0
HcmV?d00001

diff --git a/Graphics/drawables/material-launcher/vector-src.svg b/Graphics/drawables/material-launcher/vector-src.svg
index a4d255d48..975d085f2 100644
--- a/Graphics/drawables/material-launcher/vector-src.svg
+++ b/Graphics/drawables/material-launcher/vector-src.svg
@@ -1,213 +1,134 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 15.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="626px"
-	 height="626px" viewBox="0 0 626 626" enable-background="new 0 0 626 626" xml:space="preserve">
-<g id="Layer_9">
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#94C061" d="M313.25,252H265.3c1.047-0.933,2.105-1.85,3.175-2.75h44.775V252z
-		 M313.25,313v18.75h-80.5V292.3c1.324-2.403,2.724-4.778,4.2-7.125V313H313.25z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#658D38" d="M232.75,292.3v39.45h80.5V313h3.7v-61h-3.7v-2.75h-44.775
-		c1.307-1.109,2.632-2.192,3.975-3.25c2.202-1.742,4.435-3.408,6.7-5c4.153-2.919,8.412-5.585,12.775-8
-		c9.974-5.517,20.499-9.717,31.575-12.6c12.134-3.167,24.934-4.75,38.4-4.75c9.199,0,18.083,0.75,26.649,2.25c3,0.5,6,1.117,9,1.85
-		c24.967,6,47.217,18.583,66.75,37.75c0.334,0.333,0.667,0.667,1,1c21.334,21.367,34.717,45.983,40.15,73.85
-		c0.2,1.167,0.416,2.351,0.649,3.551c1.4,8.3,2.101,16.85,2.101,25.649c0,0.134,0,0.283,0,0.45c0,22.934-4.601,43.967-13.8,63.1
-		c-4.601,9.434-10.284,18.417-17.051,26.95c-2,2.4-4.033,4.783-6.1,7.15c-1.934,2.133-3.917,4.217-5.95,6.25
-		c-3.5,3.5-7.066,6.8-10.7,9.899c-4.833,4.034-9.833,7.717-15,11.051c-5.333,3.399-10.833,6.416-16.5,9.05
-		c-0.533,0.2-1.033,0.416-1.5,0.649c-17.466,7.867-36.483,11.967-57.05,12.301c-0.533,0-1.05,0-1.55,0c-0.366,0-0.733,0-1.1,0
-		c-40.434,0-74.934-14.317-103.5-42.95c-0.467-0.467-0.917-0.917-1.35-1.351c-27.7-28.3-41.55-62.333-41.55-102.1
-		c0-0.167,0-0.316,0-0.45c0.042-14.928,2.042-29.053,6-42.375c0.517-1.738,1.067-3.464,1.65-5.175
-		C225.71,306.504,228.91,299.271,232.75,292.3z"/>
-</g>
-<g id="Layer_6">
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#BBD89C" d="M304.3,301.2c-0.614-0.905-1.206-1.821-1.775-2.75
-		c0.907-1.061,1.598-2.144,2.075-3.25c1.167-2.333,1.75-4.9,1.75-7.7c0-1.033-0.083-2.033-0.25-3
-		c-0.368-2.332-1.21-4.482-2.525-6.45c0.112,0.118,0.204,0.209,0.275,0.275L304,278.5c2.9,3.256,4.35,7.09,4.35,11.5
-		c0,1.759-0.233,3.425-0.7,5c-0.266,0.932-0.616,1.833-1.05,2.7C306.085,298.895,305.318,300.062,304.3,301.2z M296.825,306.425
-		c-1.841,0.65-3.816,0.975-5.925,0.975c-2.68,0-5.146-0.533-7.4-1.6c-1.783-0.85-3.433-2.033-4.95-3.55
-		c-0.894-0.895-1.669-1.836-2.325-2.825c0.106,0.106,0.214,0.214,0.325,0.325c3.434,3.433,7.55,5.15,12.35,5.15
-		c2.171,0,4.205-0.35,6.1-1.05C295.588,304.717,296.197,305.575,296.825,306.425z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#7BAD45" d="M333.575,324.85c0.758-1.002,1.6-1.968,2.524-2.899
-		c4.9-4.867,10.801-7.3,17.7-7.3c3.473,0,6.689,0.616,9.65,1.85c-0.393-0.553-0.81-1.095-1.25-1.625
-		c0.193,0.112,0.385,0.229,0.575,0.35c0.349,0.262,0.69,0.537,1.024,0.825c1.32,1.517,2.354,3.133,3.101,4.851
-		c0.1,0.199,0.199,0.383,0.3,0.55c1.1,2.033,1.866,4.184,2.3,6.45c0.063,0.356,0.121,0.715,0.175,1.074
-		c-3.332,0.468-6.757,0.7-10.274,0.7C350.13,329.677,341.521,328.068,333.575,324.85z M436.125,303.05
-		c-0.209-0.221-0.417-0.438-0.625-0.65c-1.628-1.637-3.294-3.195-5-4.675c2.639-5.218,4.613-10.71,5.925-16.475l25.851-25.775
-		c0.342,0.343,0.684,0.685,1.024,1.025c21.334,21.367,34.717,45.983,40.15,73.85c0.2,1.167,0.416,2.351,0.649,3.551
-		c1.4,8.3,2.101,16.85,2.101,25.649c0,0.134,0,0.283,0,0.45c0,22.934-4.601,43.967-13.8,63.1
-		c-4.601,9.434-10.284,18.417-17.051,26.95c-0.075,0.091-0.15,0.183-0.225,0.275l5.975-21.976c0.101-0.399,0.051-0.816-0.149-1.25
-		c-0.167-0.366-0.417-0.683-0.75-0.949c-0.134-0.034-8.167-8.784-24.101-26.25c3.448-7.858,5.157-14.851,5.125-20.976
-		c-0.005-1.372-0.005-2.605,0-3.7c0.547-2.661,0.964-5.245,1.25-7.75c0.469-4.224,0.561-8.232,0.275-12.024
-		c0.033-0.367,0.033-0.783,0-1.25c-0.4-2.634-0.884-5.25-1.45-7.851c-2.666-11.433-7.75-22.116-15.25-32.05
-		c-1.333-1.7-2.7-3.383-4.1-5.05c-1.467-1.7-2.95-3.317-4.45-4.85C437.044,303.941,436.586,303.491,436.125,303.05z M255.05,462.1
-		l46.725-46.574c1.695,2.331,3.52,4.623,5.475,6.875c0.874,0.999,1.757,1.975,2.65,2.925l51.075,81.075c-0.362,0-0.721,0-1.074,0
-		c-40.434,0-74.934-14.317-103.5-42.95C255.947,462.998,255.498,462.548,255.05,462.1z M368.6,340.05
-		c-1.316,3.908-3.649,7.324-7,10.25c-0.066,0.033-0.149,0.117-0.25,0.25c-0.1,0.033-0.149,0.084-0.149,0.15
-		c-0.101,0.033-0.167,0.083-0.2,0.149c-0.434,0.367-0.866,0.733-1.3,1.101c-0.101,0.033-0.2,0.1-0.3,0.2
-		c-2.434,1.8-4.9,3.017-7.4,3.649l-2.85,0.601c-0.267,0-0.517,0.033-0.75,0.1c-1,0.1-2.034,0.15-3.101,0.15c-0.1,0-0.2,0-0.3,0
-		s-0.2,0-0.3,0c-0.101,0-0.2,0-0.3,0c-0.134-0.067-0.284-0.101-0.45-0.101h-0.25c-4.182-0.275-7.89-1.476-11.125-3.6
-		c-2.517-3.904-3.775-8.338-3.775-13.3c0-2.092,0.226-4.092,0.675-6c9.717,4.448,20.358,6.682,31.926,6.699
-		C363.842,340.347,366.242,340.246,368.6,340.05z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#94C061" d="M301.775,415.525L255.05,462.1
-		c-27.7-28.304-41.55-62.337-41.55-102.1c0-0.167,0-0.316,0-0.45c0.089-36.006,11.589-67.339,34.5-94
-		c1.905-2.214,3.888-4.397,5.95-6.55c0.805-0.837,1.622-1.671,2.45-2.5c4.5-4.5,9.184-8.667,14.05-12.5
-		c0.165-0.13,0.332-0.264,0.5-0.4c0.336-0.264,0.669-0.522,1-0.775c0.154-0.119,0.304-0.235,0.45-0.35l13.15-8.95
-		c0.752-0.458,1.511-0.908,2.275-1.35v0.025c0.41-0.238,0.818-0.479,1.225-0.725l1.225-0.675c0.469-0.25,0.935-0.5,1.4-0.75
-		c4.524-2.416,9.158-4.565,13.9-6.45c4.045-1.601,8.171-3.009,12.375-4.225c1.177-0.34,2.36-0.665,3.55-0.975
-		c12.141-3.167,24.94-4.75,38.4-4.75c9.199,0,18.083,0.75,26.649,2.25c3,0.5,6,1.117,9,1.85c7.557,1.815,14.865,4.231,21.925,7.25
-		c6.836,10.689,10.252,22.79,10.25,36.3c0.002,10.708-2.14,20.524-6.425,29.45c-8.328-5.511-17.444-9.411-27.35-11.7
-		c-0.233-0.066-0.45-0.117-0.65-0.15c-1.434-0.333-2.916-0.633-4.45-0.9c-0.199-0.033-0.35-0.05-0.449-0.05
-		c-5.301-0.7-8.25-1.067-8.851-1.1h-0.05c-18.967-1.267-36.134,2.783-51.5,12.15c-4.233,2.567-8.316,5.55-12.25,8.95
-		c-0.1,0.066-0.167,0.15-0.2,0.25c-0.133,0.1-0.283,0.233-0.45,0.4c-0.53,0.462-1.056,0.929-1.574,1.4
-		c-2.051,1.869-3.984,3.803-5.8,5.8c-1.214-1.499-2.355-3.032-3.425-4.6c1.019-1.139,1.785-2.305,2.3-3.5
-		c0.434-0.868,0.784-1.768,1.05-2.7c0.467-1.575,0.7-3.241,0.7-5c0-4.41-1.45-8.244-4.35-11.5l-0.15-0.175
-		c-0.071-0.066-0.163-0.158-0.275-0.275c-0.069-0.076-0.144-0.159-0.225-0.25c-0.051-0.051-0.102-0.101-0.15-0.15
-		c-0.633-0.633-1.317-1.217-2.05-1.75c-2.26-1.695-4.768-2.728-7.525-3.1H293.6c-0.432-0.1-0.898-0.149-1.4-0.15
-		c-0.434-0.066-0.867-0.1-1.3-0.1c-0.333,0-0.65,0.034-0.95,0.1c-0.667,0-1.317,0.05-1.95,0.15h-0.05
-		c-0.256,0.041-0.506,0.091-0.75,0.15l-2.2,0.6c-0.44,0.165-0.874,0.348-1.3,0.55c-0.117,0.05-0.233,0.1-0.35,0.15
-		c-1.731,0.798-3.332,1.931-4.8,3.4c-0.2,0.2-0.383,0.417-0.55,0.65c-0.062,0.066-0.12,0.133-0.175,0.2
-		c-1.904,2.117-3.179,4.5-3.825,7.15c-0.333,1.4-0.5,2.85-0.5,4.35c0,3.525,0.908,6.667,2.725,9.425
-		c0.656,0.989,1.431,1.931,2.325,2.825c1.517,1.517,3.167,2.7,4.95,3.55c2.253,1.067,4.72,1.6,7.4,1.6
-		c2.109,0,4.084-0.325,5.925-0.975c1.599,2.163,3.333,4.271,5.2,6.325c0.039-0.053,0.081-0.103,0.125-0.15
-		c-0.357,0.478-0.708,0.961-1.05,1.45c-0.7,1-1.35,2-1.95,3c-1.6,2.434-3.083,4.967-4.45,7.601c-0.016,0.033-0.033,0.066-0.05,0.1
-		c-1.014,2.101-1.964,4.217-2.85,6.35c-0.633,1.601-1.216,3.233-1.75,4.9c-2.267,6.967-3.683,14.384-4.25,22.25
-		C284.278,379.587,289.603,398.679,301.775,415.525z M462.275,255.475l-25.851,25.775c1.307-5.716,1.966-11.699,1.976-17.95
-		c-0.018-11.181-2.109-21.498-6.275-30.95C442.807,238.525,452.856,246.234,462.275,255.475z M362.2,314.875
-		c-0.057-0.069-0.115-0.136-0.175-0.2c0.254,0.176,0.504,0.359,0.75,0.55C362.585,315.104,362.394,314.987,362.2,314.875z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#6C983D" d="M433,487.2c-3.879,2.285-7.846,4.368-11.9,6.25
-		c-0.533,0.2-1.033,0.416-1.5,0.649c-17.453,7.864-36.47,11.956-57.05,12.275c-0.523,0.01-1.049,0.019-1.575,0.025L309.9,425.325
-		c0.931,0.984,1.873,1.943,2.825,2.875c2.176,2.226,4.417,4.309,6.725,6.25c2.767,2.366,5.684,4.533,8.75,6.5
-		c10.033,6.566,21.25,10.816,33.649,12.75c0.101,0,0.233,0,0.4,0c5.441-0.049,10.25-0.207,14.425-0.476
-		c1.525-0.091,2.968-0.199,4.325-0.324c5.1-0.467,10.3-1.184,15.6-2.15l1.4,1.4v0.699c0.2-0.03,0.399-0.063,0.6-0.1L433,487.2z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#E2E2E2" d="M414.8,207.875c-14.804-14.35-32.604-21.525-53.399-21.525
-		c-21.301,0-39.467,7.5-54.5,22.5c-3.536,3.543-6.652,7.26-9.35,11.15c-2.247,3.233-4.206,6.583-5.875,10.05
-		c-0.465,0.25-0.931,0.5-1.4,0.75l-1.225,0.675c-0.406,0.246-0.815,0.487-1.225,0.725v-0.025
-		c3.759-9.244,9.451-17.686,17.075-25.325c15.042-15.012,33.208-22.521,54.5-22.525c21.259,0.003,39.392,7.512,54.399,22.525
-		C414.137,207.187,414.47,207.528,414.8,207.875z M408.7,213.95c0.331,0.331,0.664,0.665,1,1c3.316,3.316,6.225,6.799,8.725,10.45
-		c7.55,11.081,11.325,23.714,11.325,37.9c0,10.513-2.066,20.171-6.2,28.975c-0.072,0.155-0.147,0.314-0.225,0.475
-		c-0.525,1.09-1.084,2.165-1.675,3.225c-3.098,5.593-7.081,10.818-11.95,15.675c-4.908,4.92-10.191,8.937-15.851,12.05
-		c-5.304,2.91-10.937,5.027-16.899,6.35c-1.729,0.384-3.486,0.7-5.275,0.95c-0.607,0.085-1.216,0.16-1.825,0.225
-		c-2.757,0.317-5.573,0.476-8.449,0.476c-10.305,0-19.788-1.983-28.45-5.95c-2.097-0.97-4.146-2.053-6.15-3.25l-0.325,0.55
-		c-0.111,0.182-0.22,0.365-0.324,0.55c0.322-0.596,0.673-1.18,1.05-1.75c2.078,1.124,4.203,2.124,6.375,3
-		c7.946,3.219,16.555,4.827,25.825,4.825c3.518,0,6.942-0.232,10.274-0.7c0.526-0.073,1.052-0.156,1.575-0.25
-		c1.565-0.254,3.106-0.562,4.625-0.925c11.948-2.813,22.557-8.863,31.825-18.15c5.637-5.626,10.078-11.743,13.325-18.35
-		c0.096-0.186,0.188-0.369,0.274-0.55c4.285-8.926,6.427-18.742,6.425-29.45c0.002-13.51-3.414-25.61-10.25-36.3
-		C414.997,221.133,412.072,217.45,408.7,213.95z M295,303.85c-6.065-8.954-9.948-18.82-11.65-29.6c0.117-0.05,0.233-0.1,0.35-0.15
-		c0.426-0.203,0.859-0.386,1.3-0.55c1.337,10.945,4.862,20.97,10.575,30.075c0.549,0.882,1.115,1.757,1.7,2.625
-		c0.852,1.233,1.744,2.45,2.675,3.65c0.707,0.909,1.44,1.809,2.2,2.7c-0.044,0.047-0.086,0.097-0.125,0.15
-		c-1.867-2.054-3.601-4.163-5.2-6.325C296.197,305.575,295.588,304.717,295,303.85z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#D3D3D3" d="M305.575,223.6c-4.743,1.884-9.376,4.034-13.9,6.45
-		c1.669-3.466,3.628-6.816,5.875-10.05c2.698-3.89,5.814-7.606,9.35-11.15c15.034-15,33.2-22.5,54.5-22.5
-		c20.796,0,38.596,7.175,53.399,21.525c0.335,0.318,0.668,0.643,1,0.975c7.129,7.129,12.571,14.962,16.325,23.5
-		c4.166,9.452,6.258,19.769,6.275,30.95c-0.01,6.251-0.669,12.234-1.976,17.95c-1.312,5.765-3.286,11.257-5.925,16.475
-		c-0.037,0.074-0.07,0.148-0.1,0.225c-3.637,7.117-8.504,13.716-14.601,19.8c-10.662,10.686-22.903,17.577-36.725,20.675
-		c-0.104,0.029-0.203,0.054-0.3,0.075c-2.47,0.547-4.986,0.972-7.551,1.275c-0.869,0.103-1.744,0.194-2.625,0.274
-		c-2.357,0.196-4.758,0.297-7.199,0.3c-11.567-0.018-22.209-2.251-31.926-6.699c-1.929-0.879-3.821-1.846-5.675-2.9
-		c0.047-0.277,0.098-0.552,0.15-0.825c0.015-0.092,0.031-0.184,0.05-0.274c0.173-0.857,0.39-1.69,0.65-2.5
-		c0.388-1.194,0.871-2.336,1.449-3.426l0.051-0.125c0.104-0.185,0.213-0.368,0.324-0.55l0.325-0.55
-		c2.004,1.197,4.054,2.28,6.15,3.25c8.662,3.967,18.146,5.95,28.45,5.95c2.876,0,5.692-0.158,8.449-0.476
-		c0.609-0.064,1.218-0.14,1.825-0.225c1.789-0.25,3.547-0.566,5.275-0.95c5.963-1.322,11.596-3.439,16.899-6.35
-		c5.659-3.113,10.942-7.13,15.851-12.05c4.869-4.857,8.853-10.082,11.95-15.675c0.591-1.061,1.149-2.135,1.675-3.225
-		c0.077-0.161,0.152-0.32,0.225-0.475c4.134-8.804,6.2-18.462,6.2-28.975c0-14.186-3.775-26.819-11.325-37.9
-		c-2.5-3.65-5.408-7.134-8.725-10.45c-0.336-0.335-0.669-0.669-1-1c-13.142-12.666-28.908-18.983-47.3-18.95
-		c-18.9-0.033-35.034,6.617-48.4,19.95C310.24,217.717,307.766,220.6,305.575,223.6z M421.35,435.4l-3.1,2.449
-		c-0.2,0.134-0.366,0.25-0.5,0.351c-0.267,0.2-0.517,0.366-0.75,0.5c-1.134,0.733-2.267,1.467-3.4,2.2
-		c-0.1,0.033-0.183,0.083-0.25,0.149l65.601,65.75c0.133,0.134,0.316,0.316,0.55,0.55l1.1,1.101c1.4,1.366,3.067,2.05,5,2.05
-		c1.634-0.066,3.051-0.55,4.25-1.45c0.301-0.166,0.551-0.383,0.75-0.649c0.233-0.167,1.25,0.399,3.051,1.699
-		c1.767,1.334,5.116,4.817,10.05,10.45c4.866,5.533,11.833,9.533,20.899,12c-5.933,1-14.783,1.7-26.55,2.101
-		c-11.121,0.349-19.721-2.201-25.8-7.65c-1.462-1.316-2.778-2.8-3.95-4.45l-20.1-20.1h0.05L433,487.2l-34.4-34.45l-0.6-0.6l-1.4-1.4
-		c-5.3,0.967-10.5,1.684-15.6,2.15c-1.357,0.125-2.8,0.233-4.325,0.324l33.95-33.925c0.542,0.528,1.075,1.045,1.6,1.55
-		c4.902,4.798,8.96,8.848,12.176,12.15c-0.167,0.066-0.284,0.167-0.351,0.3c-0.899,0.733-1.767,1.45-2.6,2.15L421.35,435.4z
-		 M302.15,312.6c-0.759-0.891-1.493-1.791-2.2-2.7c-0.932-1.2-1.823-2.417-2.675-3.65c-0.584-0.868-1.151-1.743-1.7-2.625
-		c-5.713-9.105-9.238-19.13-10.575-30.075l2.2-0.6c0.244-0.06,0.494-0.109,0.75-0.15H288c0.633-0.1,1.283-0.15,1.95-0.15
-		c0.3-0.066,0.617-0.1,0.95-0.1c0.434,0,0.867,0.034,1.3,0.1c0.501,0,0.968,0.05,1.4,0.15h0.025c0.946,7.487,3.054,14.487,6.325,21
-		c0.793,1.581,1.651,3.131,2.575,4.65c0.569,0.929,1.161,1.845,1.775,2.75c1.07,1.567,2.211,3.101,3.425,4.6
-		c-0.236,0.257-0.469,0.515-0.7,0.775L302.15,312.6z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#B6B6B6" d="M309.9,425.325c-0.893-0.95-1.776-1.926-2.65-2.925
-		c-1.955-2.252-3.78-4.544-5.475-6.875c-12.172-16.847-17.497-35.938-15.975-57.275c0.567-7.866,1.983-15.283,4.25-22.25
-		c0.534-1.667,1.117-3.3,1.75-4.9c0.886-2.133,1.836-4.249,2.85-6.35c0.017-0.033,0.034-0.066,0.05-0.1
-		c1.367-2.634,2.85-5.167,4.45-7.601c0.6-1,1.25-2,1.95-3c0.342-0.488,0.692-0.972,1.05-1.45l4.875-6.025
-		c0.231-0.26,0.464-0.519,0.7-0.775c1.816-1.997,3.75-3.931,5.8-5.8c0.519-0.471,1.044-0.938,1.574-1.4
-		c0.167-0.167,0.317-0.3,0.45-0.4c0.033-0.1,0.101-0.184,0.2-0.25c3.934-3.4,8.017-6.383,12.25-8.95
-		c15.366-9.367,32.533-13.417,51.5-12.15h0.05c0.601,0.033,3.55,0.4,8.851,1.1c0.1,0,0.25,0.017,0.449,0.05
-		c1.534,0.267,3.017,0.567,4.45,0.9c0.2,0.033,0.417,0.083,0.65,0.15c9.905,2.289,19.021,6.189,27.35,11.7
-		c-0.087,0.181-0.179,0.364-0.274,0.55c-7.707-4.751-16.065-8.167-25.075-10.25c-0.233-0.066-0.45-0.117-0.65-0.15
-		c-1.434-0.333-2.916-0.633-4.45-0.9c-0.199-0.033-0.35-0.05-0.449-0.05c-5.301-0.7-8.25-1.067-8.851-1.1h-0.05
-		c-18.98-1.281-36.146,2.769-51.5,12.15c-4.22,2.58-8.303,5.563-12.25,8.95c-0.1,0.066-0.167,0.15-0.2,0.25
-		c-0.133,0.1-0.283,0.233-0.45,0.4c-5.433,4.733-10.1,9.883-14,15.45c-0.7,1-1.35,2-1.95,3c-1.6,2.434-3.083,4.967-4.45,7.601
-		c-1.034,2.133-2,4.283-2.9,6.449c-0.634,1.608-1.217,3.242-1.75,4.9c-2.268,6.971-3.685,14.388-4.25,22.25
-		c-1.451,20.351,3.324,38.659,14.325,54.925c2.144,3.148,4.519,6.224,7.125,9.226c0.08,0.091,0.163,0.183,0.25,0.274
-		c1.057,1.209,2.132,2.384,3.225,3.525C311.773,427.269,310.831,426.31,309.9,425.325z M363.8,316.05
-		c0.185,0.165,0.368,0.332,0.55,0.5c2.034,1.934,3.551,4.05,4.551,6.351c0.1,0.199,0.199,0.383,0.3,0.55
-		c0.91,1.683,1.594,3.44,2.05,5.274c-0.523,0.094-1.049,0.177-1.575,0.25c-0.054-0.359-0.112-0.718-0.175-1.074
-		c-0.434-2.267-1.2-4.417-2.3-6.45c-0.101-0.167-0.2-0.351-0.3-0.55C366.153,319.183,365.12,317.566,363.8,316.05z M329.9,350.9
-		c0.853,0.762,1.744,1.445,2.675,2.05c3.235,2.124,6.943,3.324,11.125,3.6h0.25c0.166,0,0.316,0.033,0.45,0.101c0.1,0,0.199,0,0.3,0
-		c0.1,0,0.2,0,0.3,0s0.2,0,0.3,0c1.066,0,2.101-0.051,3.101-0.15c0.233-0.066,0.483-0.1,0.75-0.1L352,355.8
-		c2.5-0.633,4.967-1.85,7.4-3.649c0.1-0.101,0.199-0.167,0.3-0.2c0.434-0.367,0.866-0.733,1.3-1.101
-		c0.033-0.066,0.1-0.116,0.2-0.149c0-0.066,0.05-0.117,0.149-0.15c0.101-0.133,0.184-0.217,0.25-0.25
-		c3.351-2.926,5.684-6.342,7-10.25c0.881-0.08,1.756-0.172,2.625-0.274c-1.101,4.872-3.643,9.047-7.625,12.524
-		c-0.066,0.033-0.149,0.117-0.25,0.25c-0.1,0.033-0.149,0.084-0.149,0.15c-0.101,0.033-0.167,0.083-0.2,0.149
-		c-0.434,0.367-0.866,0.733-1.3,1.101c-0.101,0.033-0.2,0.1-0.3,0.2c-2.434,1.8-4.9,3.017-7.4,3.649l-2.85,0.601
-		c-0.267,0-0.517,0.033-0.75,0.1c-1,0.1-2.034,0.15-3.101,0.15c-0.1,0-0.2,0-0.3,0s-0.2,0-0.3,0c-0.101,0-0.2,0-0.3,0
-		c-0.134-0.067-0.284-0.101-0.45-0.101h-0.25c-5.009-0.33-9.343-1.98-13-4.95C331.72,352.795,330.787,351.895,329.9,350.9z
-		 M430.5,297.725c1.706,1.48,3.372,3.038,5,4.675c0.208,0.212,0.416,0.429,0.625,0.65c-1.864-1.801-3.772-3.501-5.725-5.1
-		C430.43,297.874,430.463,297.799,430.5,297.725z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#A3A3A3" d="M462.475,367.475l-51.85,51.825l-33.95,33.925
-		c-4.175,0.269-8.983,0.427-14.425,0.476c-0.167,0-0.3,0-0.4,0c-12.399-1.934-23.616-6.184-33.649-12.75
-		c-3.066-1.967-5.983-4.134-8.75-6.5c-2.308-1.941-4.549-4.024-6.725-6.25c-1.093-1.142-2.168-2.316-3.225-3.525
-		c-0.087-0.092-0.17-0.184-0.25-0.274c-2.606-3.002-4.981-6.077-7.125-9.226c-11.001-16.266-15.776-34.574-14.325-54.925
-		c0.565-7.862,1.982-15.279,4.25-22.25c0.533-1.658,1.116-3.292,1.75-4.9c0.9-2.166,1.867-4.316,2.9-6.449
-		c1.367-2.634,2.85-5.167,4.45-7.601c0.6-1,1.25-2,1.95-3c3.9-5.566,8.566-10.716,14-15.45c0.167-0.167,0.317-0.3,0.45-0.4
-		c0.033-0.1,0.101-0.184,0.2-0.25c3.947-3.387,8.03-6.37,12.25-8.95c15.354-9.381,32.52-13.431,51.5-12.15h0.05
-		c0.601,0.033,3.55,0.4,8.851,1.1c0.1,0,0.25,0.017,0.449,0.05c1.534,0.267,3.017,0.567,4.45,0.9c0.2,0.033,0.417,0.083,0.65,0.15
-		c9.01,2.083,17.368,5.499,25.075,10.25c-3.247,6.607-7.688,12.724-13.325,18.35c-9.269,9.287-19.877,15.336-31.825,18.15
-		c-1.519,0.363-3.06,0.671-4.625,0.925c-0.456-1.834-1.14-3.592-2.05-5.274c-0.101-0.167-0.2-0.351-0.3-0.55
-		c-1-2.301-2.517-4.417-4.551-6.351c-0.182-0.168-0.365-0.335-0.55-0.5c-0.334-0.288-0.676-0.563-1.024-0.825
-		c-0.246-0.19-0.496-0.374-0.75-0.55c-3.474-2.444-7.615-3.87-12.426-4.275c-2.301-0.139-4.501,0.011-6.6,0.45
-		c-3.92,0.822-7.487,2.656-10.7,5.5c-0.233,0.167-0.45,0.351-0.649,0.551c-1.766,1.505-3.249,3.154-4.45,4.949
-		c-0.377,0.57-0.728,1.154-1.05,1.75l-0.051,0.125c-0.578,1.09-1.062,2.231-1.449,3.426c-0.261,0.81-0.478,1.643-0.65,2.5
-		c-0.019,0.091-0.035,0.183-0.05,0.274c-0.053,0.273-0.104,0.548-0.15,0.825c-0.114,0.75-0.198,1.517-0.25,2.3
-		c0,0.033,0,0.084,0,0.15c-0.09,1.646-0.04,3.246,0.15,4.8c0.082,0.744,0.199,1.478,0.35,2.2c0.834,3.666,2.601,7.066,5.3,10.2
-		c0.018,0.016,0.034,0.032,0.051,0.05h0.1c0.133,0.155,0.266,0.306,0.4,0.45c0.887,0.994,1.819,1.895,2.8,2.699
-		c3.657,2.97,7.991,4.62,13,4.95h0.25c0.166,0,0.316,0.033,0.45,0.101c0.1,0,0.199,0,0.3,0c0.1,0,0.2,0,0.3,0s0.2,0,0.3,0
-		c1.066,0,2.101-0.051,3.101-0.15c0.233-0.066,0.483-0.1,0.75-0.1L354,357.8c2.5-0.633,4.967-1.85,7.4-3.649
-		c0.1-0.101,0.199-0.167,0.3-0.2c0.434-0.367,0.866-0.733,1.3-1.101c0.033-0.066,0.1-0.116,0.2-0.149c0-0.066,0.05-0.117,0.149-0.15
-		c0.101-0.133,0.184-0.217,0.25-0.25c3.982-3.478,6.524-7.652,7.625-12.524c2.564-0.304,5.081-0.729,7.551-1.275
-		c0.097-0.021,0.196-0.046,0.3-0.075c13.821-3.098,26.063-9.989,36.725-20.675c6.097-6.083,10.964-12.683,14.601-19.8
-		c1.952,1.598,3.86,3.298,5.725,5.1c0.461,0.441,0.919,0.892,1.375,1.35c1.5,1.533,2.983,3.15,4.45,4.85
-		c1.399,1.667,2.767,3.35,4.1,5.05c7.5,9.934,12.584,20.617,15.25,32.05c0.566,2.601,1.05,5.217,1.45,7.851
-		c0.033,0.467,0.033,0.883,0,1.25C463.035,359.242,462.943,363.251,462.475,367.475z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#8F8F8F" d="M474.175,453.9h-0.024v0.05c-0.367,0.066-0.75,0.033-1.15-0.101
-		c-0.192-0.096-0.359-0.229-0.5-0.399c-0.115-0.131-0.216-0.281-0.3-0.45v-0.15c-0.134-0.333-0.134-0.683,0-1.05l-0.05,0.101
-		l6.949-25.551c0.101-0.399,0.051-0.816-0.149-1.25c-0.167-0.366-0.417-0.683-0.75-0.949c-0.134-0.034-8.167-8.784-24.101-26.25
-		c1.967-3.834,4.051-10.117,6.25-18.851c0.32-1.295,0.612-2.57,0.875-3.825c-0.005,1.095-0.005,2.328,0,3.7
-		c0.032,6.125-1.677,13.117-5.125,20.976c15.934,17.466,23.967,26.216,24.101,26.25c0.333,0.267,0.583,0.583,0.75,0.949
-		c0.2,0.434,0.25,0.851,0.149,1.25l-5.975,21.976l-0.975,3.575l0.05-0.101C474.188,453.832,474.18,453.865,474.175,453.9z
-		 M527.95,473.35c6.564,5.904,9.681,14.588,9.35,26.051c-0.467,13.733-1.383,23.517-2.75,29.35c-0.233,1.167-0.767,2.25-1.6,3.25
-		l-0.15,0.3c-0.333,0.233-0.649,0.45-0.95,0.65c-0.8,0.533-1.666,0.866-2.6,1c-0.8,0.2-1.684,0.399-2.65,0.6
-		c-5.933,1-14.783,1.7-26.55,2.101c-12.402,0.389-21.669-2.827-27.8-9.65c6.079,5.449,14.679,7.999,25.8,7.65
-		c11.767-0.4,20.617-1.101,26.55-2.101c0.967-0.2,1.851-0.399,2.65-0.6c0.934-0.134,1.8-0.467,2.6-1
-		c0.301-0.2,0.617-0.417,0.95-0.65l0.15-0.3c0.833-1,1.366-2.083,1.6-3.25c1.367-5.833,2.283-15.616,2.75-29.35
-		C535.596,487.171,533.146,479.154,527.95,473.35z M496.825,476.575c-0.357,0.039-0.698,0.014-1.025-0.075
-		c-0.333-0.2-0.6-0.467-0.8-0.8c-0.066-0.066-0.1-0.15-0.1-0.25c-0.134-0.334-0.15-0.667-0.051-1l0.051-0.05l6.75-25.051
-		c0.1-0.433,0.083-0.85-0.051-1.25c1.423,1.927,2.105,3.01,2.051,3.25L496.9,476.4l-0.051,0.05
-		C496.838,476.489,496.83,476.531,496.825,476.575z M398.6,452.75c-0.2,0.036-0.399,0.069-0.6,0.1v-0.699L398.6,452.75z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#DBDBDB" d="M410.625,419.3l51.85-51.825c-0.286,2.505-0.703,5.089-1.25,7.75
-		c-0.263,1.255-0.555,2.53-0.875,3.825c-2.199,8.733-4.283,15.017-6.25,18.851c15.934,17.466,23.967,26.216,24.101,26.25
-		c0.333,0.267,0.583,0.583,0.75,0.949c0.2,0.434,0.25,0.851,0.149,1.25L472.15,451.9l0.05-0.101c-0.134,0.367-0.134,0.717,0,1.05
-		V453c0.084,0.169,0.185,0.319,0.3,0.45c0.141,0.17,0.308,0.304,0.5,0.399c0.4,0.134,0.783,0.167,1.15,0.101v-0.05h0.024
-		l25.325-6.65c0.434-0.233,0.833-0.217,1.2,0.05c0.333,0.167,0.633,0.434,0.899,0.8c0.134,0.4,0.15,0.817,0.051,1.25L494.9,474.4
-		l-0.051,0.05c-0.1,0.333-0.083,0.666,0.051,1c0,0.1,0.033,0.184,0.1,0.25c0.2,0.333,0.467,0.6,0.8,0.8
-		c0.327,0.089,0.668,0.114,1.025,0.075c0.039-0.01,0.081-0.018,0.125-0.025v0.101l0.1-0.101l26.65-7
-		c1.576,1.142,2.992,2.408,4.25,3.8c5.195,5.805,7.646,13.821,7.35,24.051c-0.467,13.733-1.383,23.517-2.75,29.35
-		c-0.233,1.167-0.767,2.25-1.6,3.25l-0.15,0.3c-0.333,0.233-0.649,0.45-0.95,0.65c-0.8,0.533-1.666,0.866-2.6,1
-		c-0.8,0.2-1.684,0.399-2.65,0.6c-21.5-21.6-32.816-32.934-33.949-34L430.55,438.2c-0.2-0.101-0.366-0.233-0.5-0.4l-5.2-5.25
-		l-0.149,0.15c-0.101,0.066-0.2,0.166-0.3,0.3c-3.216-3.303-7.273-7.353-12.176-12.15C411.7,420.345,411.167,419.828,410.625,419.3z
-		 M421.35,435.4l0.101,0.05h-0.101V435.4z"/>
-	<path fill-rule="evenodd" clip-rule="evenodd" fill="#C8C8C8" d="M421.35,435.4v0.05h0.101c0.833-0.7,1.7-1.417,2.6-2.15
-		c0.066-0.133,0.184-0.233,0.351-0.3c0.1-0.134,0.199-0.233,0.3-0.3l0.149-0.15l5.2,5.25c0.134,0.167,0.3,0.3,0.5,0.4l60.101,60.35
-		c1.133,1.066,12.449,12.4,33.949,34c-9.066-2.467-16.033-6.467-20.899-12c-4.934-5.633-8.283-9.116-10.05-10.45
-		c-1.801-1.3-2.817-1.866-3.051-1.699c-0.199,0.267-0.449,0.483-0.75,0.649c-1.199,0.9-2.616,1.384-4.25,1.45
-		c-1.933,0-3.6-0.684-5-2.05l-1.1-1.101c-0.233-0.233-0.417-0.416-0.55-0.55l-65.601-65.75c0.067-0.066,0.15-0.116,0.25-0.149
-		c1.134-0.733,2.267-1.467,3.4-2.2c0.233-0.134,0.483-0.3,0.75-0.5c0.134-0.101,0.3-0.217,0.5-0.351L421.35,435.4z"/>
-</g>
-</svg>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Generator: Adobe Illustrator 15.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   version="1.1"
+   x="0px"
+   y="0px"
+   width="626px"
+   height="626px"
+   viewBox="0 0 626 626"
+   enable-background="new 0 0 626 626"
+   xml:space="preserve"
+   id="svg2"
+   inkscape:version="0.48.3.1 r9886"
+   sodipodi:docname="vector-src.svg"><metadata
+   id="metadata36"><rdf:RDF><cc:Work
+       rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
+         rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
+   id="defs34" /><sodipodi:namedview
+   pagecolor="#ffffff"
+   bordercolor="#666666"
+   borderopacity="1"
+   objecttolerance="10"
+   gridtolerance="10"
+   guidetolerance="10"
+   inkscape:pageopacity="0"
+   inkscape:pageshadow="2"
+   inkscape:window-width="2558"
+   inkscape:window-height="1419"
+   id="namedview32"
+   showgrid="false"
+   inkscape:zoom="0.266577"
+   inkscape:cx="-305.84541"
+   inkscape:cy="354.73238"
+   inkscape:window-x="0"
+   inkscape:window-y="19"
+   inkscape:window-maximized="1"
+   inkscape:current-layer="svg2" />
+
+<g
+   id="g3013"
+   transform="translate(-20.480691,-1.8781185)"><g
+     transform="matrix(1.6991779,0,0,1.6991779,-304.41094,-297.68272)"
+     id="Layer_9">
+	<path
+   style="fill:#94c061;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path5"
+   d="M 313.25,252 H 265.3 c 1.047,-0.933 2.105,-1.85 3.175,-2.75 H 313.25 V 252 z m 0,61 v 18.75 h -80.5 V 292.3 c 1.324,-2.403 2.724,-4.778 4.2,-7.125 V 313 h 76.3 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#658d38;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path7"
+   d="m 232.75,292.3 v 39.45 h 80.5 V 313 h 3.7 v -61 h -3.7 v -2.75 h -44.775 c 1.307,-1.109 2.632,-2.192 3.975,-3.25 2.202,-1.742 4.435,-3.408 6.7,-5 4.153,-2.919 8.412,-5.585 12.775,-8 9.974,-5.517 20.499,-9.717 31.575,-12.6 12.134,-3.167 24.934,-4.75 38.4,-4.75 9.199,0 18.083,0.75 26.649,2.25 3,0.5 6,1.117 9,1.85 24.967,6 47.217,18.583 66.75,37.75 0.334,0.333 0.667,0.667 1,1 21.334,21.367 34.717,45.983 40.15,73.85 0.2,1.167 0.416,2.351 0.649,3.551 1.4,8.3 2.101,16.85 2.101,25.649 0,0.134 0,0.283 0,0.45 0,22.934 -4.601,43.967 -13.8,63.1 -4.601,9.434 -10.284,18.417 -17.051,26.95 -2,2.4 -4.033,4.783 -6.1,7.15 -1.934,2.133 -3.917,4.217 -5.95,6.25 -3.5,3.5 -7.066,6.8 -10.7,9.899 -4.833,4.034 -9.833,7.717 -15,11.051 -5.333,3.399 -10.833,6.416 -16.5,9.05 -0.533,0.2 -1.033,0.416 -1.5,0.649 -17.466,7.867 -36.483,11.967 -57.05,12.301 -0.533,0 -1.05,0 -1.55,0 -0.366,0 -0.733,0 -1.1,0 -40.434,0 -74.934,-14.317 -103.5,-42.95 -0.467,-0.467 -0.917,-0.917 -1.35,-1.351 -27.7,-28.3 -41.55,-62.333 -41.55,-102.1 0,-0.167 0,-0.316 0,-0.45 0.042,-14.928 2.042,-29.053 6,-42.375 0.517,-1.738 1.067,-3.464 1.65,-5.175 2.562,-7.495 5.762,-14.728 9.602,-21.699 z"
+   clip-rule="evenodd" />
+</g><g
+     transform="matrix(1.6991779,0,0,1.6991779,-304.41094,-297.68272)"
+     id="Layer_6">
+	<path
+   style="fill:#bbd89c;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path10"
+   d="m 304.3,301.2 c -0.614,-0.905 -1.206,-1.821 -1.775,-2.75 0.907,-1.061 1.598,-2.144 2.075,-3.25 1.167,-2.333 1.75,-4.9 1.75,-7.7 0,-1.033 -0.083,-2.033 -0.25,-3 -0.368,-2.332 -1.21,-4.482 -2.525,-6.45 0.112,0.118 0.204,0.209 0.275,0.275 L 304,278.5 c 2.9,3.256 4.35,7.09 4.35,11.5 0,1.759 -0.233,3.425 -0.7,5 -0.266,0.932 -0.616,1.833 -1.05,2.7 -0.515,1.195 -1.282,2.362 -2.3,3.5 z m -7.475,5.225 c -1.841,0.65 -3.816,0.975 -5.925,0.975 -2.68,0 -5.146,-0.533 -7.4,-1.6 -1.783,-0.85 -3.433,-2.033 -4.95,-3.55 -0.894,-0.895 -1.669,-1.836 -2.325,-2.825 0.106,0.106 0.214,0.214 0.325,0.325 3.434,3.433 7.55,5.15 12.35,5.15 2.171,0 4.205,-0.35 6.1,-1.05 0.588,0.867 1.197,1.725 1.825,2.575 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#7bad45;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path12"
+   d="m 333.575,324.85 c 0.758,-1.002 1.6,-1.968 2.524,-2.899 4.9,-4.867 10.801,-7.3 17.7,-7.3 3.473,0 6.689,0.616 9.65,1.85 -0.393,-0.553 -0.81,-1.095 -1.25,-1.625 0.193,0.112 0.385,0.229 0.575,0.35 0.349,0.262 0.69,0.537 1.024,0.825 1.32,1.517 2.354,3.133 3.101,4.851 0.1,0.199 0.199,0.383 0.3,0.55 1.1,2.033 1.866,4.184 2.3,6.45 0.063,0.356 0.121,0.715 0.175,1.074 -3.332,0.468 -6.757,0.7 -10.274,0.7 -9.27,0.001 -17.879,-1.608 -25.825,-4.826 z m 102.55,-21.8 c -0.209,-0.221 -0.417,-0.438 -0.625,-0.65 -1.628,-1.637 -3.294,-3.195 -5,-4.675 2.639,-5.218 4.613,-10.71 5.925,-16.475 l 25.851,-25.775 c 0.342,0.343 0.684,0.685 1.024,1.025 21.334,21.367 34.717,45.983 40.15,73.85 0.2,1.167 0.416,2.351 0.649,3.551 1.4,8.3 2.101,16.85 2.101,25.649 0,0.134 0,0.283 0,0.45 0,22.934 -4.601,43.967 -13.8,63.1 -4.601,9.434 -10.284,18.417 -17.051,26.95 -0.075,0.091 -0.15,0.183 -0.225,0.275 l 5.975,-21.976 c 0.101,-0.399 0.051,-0.816 -0.149,-1.25 -0.167,-0.366 -0.417,-0.683 -0.75,-0.949 -0.134,-0.034 -8.167,-8.784 -24.101,-26.25 3.448,-7.858 5.157,-14.851 5.125,-20.976 -0.005,-1.372 -0.005,-2.605 0,-3.7 0.547,-2.661 0.964,-5.245 1.25,-7.75 0.469,-4.224 0.561,-8.232 0.275,-12.024 0.033,-0.367 0.033,-0.783 0,-1.25 -0.4,-2.634 -0.884,-5.25 -1.45,-7.851 -2.666,-11.433 -7.75,-22.116 -15.25,-32.05 -1.333,-1.7 -2.7,-3.383 -4.1,-5.05 -1.467,-1.7 -2.95,-3.317 -4.45,-4.85 -0.455,-0.458 -0.913,-0.908 -1.374,-1.349 z M 255.05,462.1 301.775,415.526 c 1.695,2.331 3.52,4.623 5.475,6.875 0.874,0.999 1.757,1.975 2.65,2.925 l 51.075,81.075 c -0.362,0 -0.721,0 -1.074,0 -40.434,0 -74.934,-14.317 -103.5,-42.95 -0.454,-0.453 -0.903,-0.903 -1.351,-1.351 z M 368.6,340.05 c -1.316,3.908 -3.649,7.324 -7,10.25 -0.066,0.033 -0.149,0.117 -0.25,0.25 -0.1,0.033 -0.149,0.084 -0.149,0.15 -0.101,0.033 -0.167,0.083 -0.2,0.149 -0.434,0.367 -0.866,0.733 -1.3,1.101 -0.101,0.033 -0.2,0.1 -0.3,0.2 -2.434,1.8 -4.9,3.017 -7.4,3.649 l -2.85,0.601 c -0.267,0 -0.517,0.033 -0.75,0.1 -1,0.1 -2.034,0.15 -3.101,0.15 -0.1,0 -0.2,0 -0.3,0 -0.1,0 -0.2,0 -0.3,0 -0.101,0 -0.2,0 -0.3,0 -0.134,-0.067 -0.284,-0.101 -0.45,-0.101 h -0.25 c -4.182,-0.275 -7.89,-1.476 -11.125,-3.6 -2.517,-3.904 -3.775,-8.338 -3.775,-13.3 0,-2.092 0.226,-4.092 0.675,-6 9.717,4.448 20.358,6.682 31.926,6.699 2.441,-0.001 4.841,-0.102 7.199,-0.298 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#94c061;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path14"
+   d="M 301.775,415.525 255.05,462.1 C 227.35,433.796 213.5,399.763 213.5,360 c 0,-0.167 0,-0.316 0,-0.45 0.089,-36.006 11.589,-67.339 34.5,-94 1.905,-2.214 3.888,-4.397 5.95,-6.55 0.805,-0.837 1.622,-1.671 2.45,-2.5 4.5,-4.5 9.184,-8.667 14.05,-12.5 0.165,-0.13 0.332,-0.264 0.5,-0.4 0.336,-0.264 0.669,-0.522 1,-0.775 0.154,-0.119 0.304,-0.235 0.45,-0.35 l 13.15,-8.95 c 0.752,-0.458 1.511,-0.908 2.275,-1.35 v 0.025 c 0.41,-0.238 0.818,-0.479 1.225,-0.725 l 1.225,-0.675 c 0.469,-0.25 0.935,-0.5 1.4,-0.75 4.524,-2.416 9.158,-4.565 13.9,-6.45 4.045,-1.601 8.171,-3.009 12.375,-4.225 1.177,-0.34 2.36,-0.665 3.55,-0.975 12.141,-3.167 24.94,-4.75 38.4,-4.75 9.199,0 18.083,0.75 26.649,2.25 3,0.5 6,1.117 9,1.85 7.557,1.815 14.865,4.231 21.925,7.25 6.836,10.689 10.252,22.79 10.25,36.3 0.002,10.708 -2.14,20.524 -6.425,29.45 -8.328,-5.511 -17.444,-9.411 -27.35,-11.7 -0.233,-0.066 -0.45,-0.117 -0.65,-0.15 -1.434,-0.333 -2.916,-0.633 -4.45,-0.9 -0.199,-0.033 -0.35,-0.05 -0.449,-0.05 -5.301,-0.7 -8.25,-1.067 -8.851,-1.1 h -0.05 c -18.967,-1.267 -36.134,2.783 -51.5,12.15 -4.233,2.567 -8.316,5.55 -12.25,8.95 -0.1,0.066 -0.167,0.15 -0.2,0.25 -0.133,0.1 -0.283,0.233 -0.45,0.4 -0.53,0.462 -1.056,0.929 -1.574,1.4 -2.051,1.869 -3.984,3.803 -5.8,5.8 -1.214,-1.499 -2.355,-3.032 -3.425,-4.6 1.019,-1.139 1.785,-2.305 2.3,-3.5 0.434,-0.868 0.784,-1.768 1.05,-2.7 0.467,-1.575 0.7,-3.241 0.7,-5 0,-4.41 -1.45,-8.244 -4.35,-11.5 l -0.15,-0.175 c -0.071,-0.066 -0.163,-0.158 -0.275,-0.275 -0.069,-0.076 -0.144,-0.159 -0.225,-0.25 -0.051,-0.051 -0.102,-0.101 -0.15,-0.15 -0.633,-0.633 -1.317,-1.217 -2.05,-1.75 -2.26,-1.695 -4.768,-2.728 -7.525,-3.1 H 293.6 c -0.432,-0.1 -0.898,-0.149 -1.4,-0.15 -0.434,-0.066 -0.867,-0.1 -1.3,-0.1 -0.333,0 -0.65,0.034 -0.95,0.1 -0.667,0 -1.317,0.05 -1.95,0.15 h -0.05 c -0.256,0.041 -0.506,0.091 -0.75,0.15 l -2.2,0.6 c -0.44,0.165 -0.874,0.348 -1.3,0.55 -0.117,0.05 -0.233,0.1 -0.35,0.15 -1.731,0.798 -3.332,1.931 -4.8,3.4 -0.2,0.2 -0.383,0.417 -0.55,0.65 -0.062,0.066 -0.12,0.133 -0.175,0.2 -1.904,2.117 -3.179,4.5 -3.825,7.15 -0.333,1.4 -0.5,2.85 -0.5,4.35 0,3.525 0.908,6.667 2.725,9.425 0.656,0.989 1.431,1.931 2.325,2.825 1.517,1.517 3.167,2.7 4.95,3.55 2.253,1.067 4.72,1.6 7.4,1.6 2.109,0 4.084,-0.325 5.925,-0.975 1.599,2.163 3.333,4.271 5.2,6.325 0.039,-0.053 0.081,-0.103 0.125,-0.15 -0.357,0.478 -0.708,0.961 -1.05,1.45 -0.7,1 -1.35,2 -1.95,3 -1.6,2.434 -3.083,4.967 -4.45,7.601 -0.016,0.033 -0.033,0.066 -0.05,0.1 -1.014,2.101 -1.964,4.217 -2.85,6.35 -0.633,1.601 -1.216,3.233 -1.75,4.9 -2.267,6.967 -3.683,14.384 -4.25,22.25 -1.522,21.336 3.803,40.428 15.975,57.274 z m 160.5,-160.05 -25.851,25.775 c 1.307,-5.716 1.966,-11.699 1.976,-17.95 -0.018,-11.181 -2.109,-21.498 -6.275,-30.95 10.682,6.175 20.731,13.884 30.15,23.125 z m -100.075,59.4 c -0.057,-0.069 -0.115,-0.136 -0.175,-0.2 0.254,0.176 0.504,0.359 0.75,0.55 -0.19,-0.121 -0.381,-0.238 -0.575,-0.35 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#6c983d;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path16"
+   d="m 433,487.2 c -3.879,2.285 -7.846,4.368 -11.9,6.25 -0.533,0.2 -1.033,0.416 -1.5,0.649 -17.453,7.864 -36.47,11.956 -57.05,12.275 -0.523,0.01 -1.049,0.019 -1.575,0.025 L 309.9,425.325 c 0.931,0.984 1.873,1.943 2.825,2.875 2.176,2.226 4.417,4.309 6.725,6.25 2.767,2.366 5.684,4.533 8.75,6.5 10.033,6.566 21.25,10.816 33.649,12.75 0.101,0 0.233,0 0.4,0 5.441,-0.049 10.25,-0.207 14.425,-0.476 1.525,-0.091 2.968,-0.199 4.325,-0.324 5.1,-0.467 10.3,-1.184 15.6,-2.15 l 1.4,1.4 v 0.699 c 0.2,-0.03 0.399,-0.063 0.6,-0.1 L 433,487.2 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#e2e2e2;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path18"
+   d="m 414.8,207.875 c -14.804,-14.35 -32.604,-21.525 -53.399,-21.525 -21.301,0 -39.467,7.5 -54.5,22.5 -3.536,3.543 -6.652,7.26 -9.35,11.15 -2.247,3.233 -4.206,6.583 -5.875,10.05 -0.465,0.25 -0.931,0.5 -1.4,0.75 l -1.225,0.675 c -0.406,0.246 -0.815,0.487 -1.225,0.725 v -0.025 c 3.759,-9.244 9.451,-17.686 17.075,-25.325 15.042,-15.012 33.208,-22.521 54.5,-22.525 21.259,0.003 39.392,7.512 54.399,22.525 0.337,0.337 0.67,0.678 1,1.025 z m -6.1,6.075 c 0.331,0.331 0.664,0.665 1,1 3.316,3.316 6.225,6.799 8.725,10.45 7.55,11.081 11.325,23.714 11.325,37.9 0,10.513 -2.066,20.171 -6.2,28.975 -0.072,0.155 -0.147,0.314 -0.225,0.475 -0.525,1.09 -1.084,2.165 -1.675,3.225 -3.098,5.593 -7.081,10.818 -11.95,15.675 -4.908,4.92 -10.191,8.937 -15.851,12.05 -5.304,2.91 -10.937,5.027 -16.899,6.35 -1.729,0.384 -3.486,0.7 -5.275,0.95 -0.607,0.085 -1.216,0.16 -1.825,0.225 -2.757,0.317 -5.573,0.476 -8.449,0.476 -10.305,0 -19.788,-1.983 -28.45,-5.95 -2.097,-0.97 -4.146,-2.053 -6.15,-3.25 l -0.325,0.55 c -0.111,0.182 -0.22,0.365 -0.324,0.55 0.322,-0.596 0.673,-1.18 1.05,-1.75 2.078,1.124 4.203,2.124 6.375,3 7.946,3.219 16.555,4.827 25.825,4.825 3.518,0 6.942,-0.232 10.274,-0.7 0.526,-0.073 1.052,-0.156 1.575,-0.25 1.565,-0.254 3.106,-0.562 4.625,-0.925 11.948,-2.813 22.557,-8.863 31.825,-18.15 5.637,-5.626 10.078,-11.743 13.325,-18.35 0.096,-0.186 0.188,-0.369 0.274,-0.55 4.285,-8.926 6.427,-18.742 6.425,-29.45 0.002,-13.51 -3.414,-25.61 -10.25,-36.3 -2.478,-3.868 -5.403,-7.551 -8.775,-11.051 z M 295,303.85 c -6.065,-8.954 -9.948,-18.82 -11.65,-29.6 0.117,-0.05 0.233,-0.1 0.35,-0.15 0.426,-0.203 0.859,-0.386 1.3,-0.55 1.337,10.945 4.862,20.97 10.575,30.075 0.549,0.882 1.115,1.757 1.7,2.625 0.852,1.233 1.744,2.45 2.675,3.65 0.707,0.909 1.44,1.809 2.2,2.7 -0.044,0.047 -0.086,0.097 -0.125,0.15 -1.867,-2.054 -3.601,-4.163 -5.2,-6.325 -0.628,-0.85 -1.237,-1.708 -1.825,-2.575 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#d3d3d3;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path20"
+   d="m 305.575,223.6 c -4.743,1.884 -9.376,4.034 -13.9,6.45 1.669,-3.466 3.628,-6.816 5.875,-10.05 2.698,-3.89 5.814,-7.606 9.35,-11.15 15.034,-15 33.2,-22.5 54.5,-22.5 20.796,0 38.596,7.175 53.399,21.525 0.335,0.318 0.668,0.643 1,0.975 7.129,7.129 12.571,14.962 16.325,23.5 4.166,9.452 6.258,19.769 6.275,30.95 -0.01,6.251 -0.669,12.234 -1.976,17.95 -1.312,5.765 -3.286,11.257 -5.925,16.475 -0.037,0.074 -0.07,0.148 -0.1,0.225 -3.637,7.117 -8.504,13.716 -14.601,19.8 -10.662,10.686 -22.903,17.577 -36.725,20.675 -0.104,0.029 -0.203,0.054 -0.3,0.075 -2.47,0.547 -4.986,0.972 -7.551,1.275 -0.869,0.103 -1.744,0.194 -2.625,0.274 -2.357,0.196 -4.758,0.297 -7.199,0.3 -11.567,-0.018 -22.209,-2.251 -31.926,-6.699 -1.929,-0.879 -3.821,-1.846 -5.675,-2.9 0.047,-0.277 0.098,-0.552 0.15,-0.825 0.015,-0.092 0.031,-0.184 0.05,-0.274 0.173,-0.857 0.39,-1.69 0.65,-2.5 0.388,-1.194 0.871,-2.336 1.449,-3.426 l 0.051,-0.125 c 0.104,-0.185 0.213,-0.368 0.324,-0.55 l 0.325,-0.55 c 2.004,1.197 4.054,2.28 6.15,3.25 8.662,3.967 18.146,5.95 28.45,5.95 2.876,0 5.692,-0.158 8.449,-0.476 0.609,-0.064 1.218,-0.14 1.825,-0.225 1.789,-0.25 3.547,-0.566 5.275,-0.95 5.963,-1.322 11.596,-3.439 16.899,-6.35 5.659,-3.113 10.942,-7.13 15.851,-12.05 4.869,-4.857 8.853,-10.082 11.95,-15.675 0.591,-1.061 1.149,-2.135 1.675,-3.225 0.077,-0.161 0.152,-0.32 0.225,-0.475 4.134,-8.804 6.2,-18.462 6.2,-28.975 0,-14.186 -3.775,-26.819 -11.325,-37.9 -2.5,-3.65 -5.408,-7.134 -8.725,-10.45 -0.336,-0.335 -0.669,-0.669 -1,-1 -13.142,-12.666 -28.908,-18.983 -47.3,-18.95 -18.9,-0.033 -35.034,6.617 -48.4,19.95 -2.754,2.768 -5.228,5.651 -7.419,8.651 z m 115.775,211.8 -3.1,2.449 c -0.2,0.134 -0.366,0.25 -0.5,0.351 -0.267,0.2 -0.517,0.366 -0.75,0.5 -1.134,0.733 -2.267,1.467 -3.4,2.2 -0.1,0.033 -0.183,0.083 -0.25,0.149 l 65.601,65.75 c 0.133,0.134 0.316,0.316 0.55,0.55 l 1.1,1.101 c 1.4,1.366 3.067,2.05 5,2.05 1.634,-0.066 3.051,-0.55 4.25,-1.45 0.301,-0.166 0.551,-0.383 0.75,-0.649 0.233,-0.167 1.25,0.399 3.051,1.699 1.767,1.334 5.116,4.817 10.05,10.45 4.866,5.533 11.833,9.533 20.899,12 -5.933,1 -14.783,1.7 -26.55,2.101 -11.121,0.349 -19.721,-2.201 -25.8,-7.65 -1.462,-1.316 -2.778,-2.8 -3.95,-4.45 l -20.1,-20.1 h 0.05 L 433,487.2 l -34.4,-34.45 -0.6,-0.6 -1.4,-1.4 c -5.3,0.967 -10.5,1.684 -15.6,2.15 -1.357,0.125 -2.8,0.233 -4.325,0.324 l 33.95,-33.925 c 0.542,0.528 1.075,1.045 1.6,1.55 4.902,4.798 8.96,8.848 12.176,12.15 -0.167,0.066 -0.284,0.167 -0.351,0.3 -0.899,0.733 -1.767,1.45 -2.6,2.15 l -0.1,-0.049 z M 302.15,312.6 c -0.759,-0.891 -1.493,-1.791 -2.2,-2.7 -0.932,-1.2 -1.823,-2.417 -2.675,-3.65 -0.584,-0.868 -1.151,-1.743 -1.7,-2.625 -5.713,-9.105 -9.238,-19.13 -10.575,-30.075 l 2.2,-0.6 c 0.244,-0.06 0.494,-0.109 0.75,-0.15 H 288 c 0.633,-0.1 1.283,-0.15 1.95,-0.15 0.3,-0.066 0.617,-0.1 0.95,-0.1 0.434,0 0.867,0.034 1.3,0.1 0.501,0 0.968,0.05 1.4,0.15 h 0.025 c 0.946,7.487 3.054,14.487 6.325,21 0.793,1.581 1.651,3.131 2.575,4.65 0.569,0.929 1.161,1.845 1.775,2.75 1.07,1.567 2.211,3.101 3.425,4.6 -0.236,0.257 -0.469,0.515 -0.7,0.775 l -4.875,6.025 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#b6b6b6;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path22"
+   d="m 309.9,425.325 c -0.893,-0.95 -1.776,-1.926 -2.65,-2.925 -1.955,-2.252 -3.78,-4.544 -5.475,-6.875 -12.172,-16.847 -17.497,-35.938 -15.975,-57.275 0.567,-7.866 1.983,-15.283 4.25,-22.25 0.534,-1.667 1.117,-3.3 1.75,-4.9 0.886,-2.133 1.836,-4.249 2.85,-6.35 0.017,-0.033 0.034,-0.066 0.05,-0.1 1.367,-2.634 2.85,-5.167 4.45,-7.601 0.6,-1 1.25,-2 1.95,-3 0.342,-0.488 0.692,-0.972 1.05,-1.45 l 4.875,-6.025 c 0.231,-0.26 0.464,-0.519 0.7,-0.775 1.816,-1.997 3.75,-3.931 5.8,-5.8 0.519,-0.471 1.044,-0.938 1.574,-1.4 0.167,-0.167 0.317,-0.3 0.45,-0.4 0.033,-0.1 0.101,-0.184 0.2,-0.25 3.934,-3.4 8.017,-6.383 12.25,-8.95 15.366,-9.367 32.533,-13.417 51.5,-12.15 h 0.05 c 0.601,0.033 3.55,0.4 8.851,1.1 0.1,0 0.25,0.017 0.449,0.05 1.534,0.267 3.017,0.567 4.45,0.9 0.2,0.033 0.417,0.083 0.65,0.15 9.905,2.289 19.021,6.189 27.35,11.7 -0.087,0.181 -0.179,0.364 -0.274,0.55 -7.707,-4.751 -16.065,-8.167 -25.075,-10.25 -0.233,-0.066 -0.45,-0.117 -0.65,-0.15 -1.434,-0.333 -2.916,-0.633 -4.45,-0.9 -0.199,-0.033 -0.35,-0.05 -0.449,-0.05 -5.301,-0.7 -8.25,-1.067 -8.851,-1.1 h -0.05 c -18.98,-1.281 -36.146,2.769 -51.5,12.15 -4.22,2.58 -8.303,5.563 -12.25,8.95 -0.1,0.066 -0.167,0.15 -0.2,0.25 -0.133,0.1 -0.283,0.233 -0.45,0.4 -5.433,4.733 -10.1,9.883 -14,15.45 -0.7,1 -1.35,2 -1.95,3 -1.6,2.434 -3.083,4.967 -4.45,7.601 -1.034,2.133 -2,4.283 -2.9,6.449 -0.634,1.608 -1.217,3.242 -1.75,4.9 -2.268,6.971 -3.685,14.388 -4.25,22.25 -1.451,20.351 3.324,38.659 14.325,54.925 2.144,3.148 4.519,6.224 7.125,9.226 0.08,0.091 0.163,0.183 0.25,0.274 1.057,1.209 2.132,2.384 3.225,3.525 -0.952,-0.93 -1.894,-1.889 -2.825,-2.874 z M 363.8,316.05 c 0.185,0.165 0.368,0.332 0.55,0.5 2.034,1.934 3.551,4.05 4.551,6.351 0.1,0.199 0.199,0.383 0.3,0.55 0.91,1.683 1.594,3.44 2.05,5.274 -0.523,0.094 -1.049,0.177 -1.575,0.25 -0.054,-0.359 -0.112,-0.718 -0.175,-1.074 -0.434,-2.267 -1.2,-4.417 -2.3,-6.45 -0.101,-0.167 -0.2,-0.351 -0.3,-0.55 -0.748,-1.718 -1.781,-3.335 -3.101,-4.851 z m -33.9,34.85 c 0.853,0.762 1.744,1.445 2.675,2.05 3.235,2.124 6.943,3.324 11.125,3.6 h 0.25 c 0.166,0 0.316,0.033 0.45,0.101 0.1,0 0.199,0 0.3,0 0.1,0 0.2,0 0.3,0 0.1,0 0.2,0 0.3,0 1.066,0 2.101,-0.051 3.101,-0.15 0.233,-0.066 0.483,-0.1 0.75,-0.1 L 352,355.8 c 2.5,-0.633 4.967,-1.85 7.4,-3.649 0.1,-0.101 0.199,-0.167 0.3,-0.2 0.434,-0.367 0.866,-0.733 1.3,-1.101 0.033,-0.066 0.1,-0.116 0.2,-0.149 0,-0.066 0.05,-0.117 0.149,-0.15 0.101,-0.133 0.184,-0.217 0.25,-0.25 3.351,-2.926 5.684,-6.342 7,-10.25 0.881,-0.08 1.756,-0.172 2.625,-0.274 -1.101,4.872 -3.643,9.047 -7.625,12.524 -0.066,0.033 -0.149,0.117 -0.25,0.25 -0.1,0.033 -0.149,0.084 -0.149,0.15 -0.101,0.033 -0.167,0.083 -0.2,0.149 -0.434,0.367 -0.866,0.733 -1.3,1.101 -0.101,0.033 -0.2,0.1 -0.3,0.2 -2.434,1.8 -4.9,3.017 -7.4,3.649 l -2.85,0.601 c -0.267,0 -0.517,0.033 -0.75,0.1 -1,0.1 -2.034,0.15 -3.101,0.15 -0.1,0 -0.2,0 -0.3,0 -0.1,0 -0.2,0 -0.3,0 -0.101,0 -0.2,0 -0.3,0 -0.134,-0.067 -0.284,-0.101 -0.45,-0.101 h -0.25 c -5.009,-0.33 -9.343,-1.98 -13,-4.95 -0.979,-0.805 -1.912,-1.705 -2.799,-2.7 z m 100.6,-53.175 c 1.706,1.48 3.372,3.038 5,4.675 0.208,0.212 0.416,0.429 0.625,0.65 -1.864,-1.801 -3.772,-3.501 -5.725,-5.1 0.03,-0.076 0.063,-0.151 0.1,-0.225 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#a3a3a3;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path24"
+   d="m 462.475,367.475 -51.85,51.825 -33.95,33.925 c -4.175,0.269 -8.983,0.427 -14.425,0.476 -0.167,0 -0.3,0 -0.4,0 -12.399,-1.934 -23.616,-6.184 -33.649,-12.75 -3.066,-1.967 -5.983,-4.134 -8.75,-6.5 -2.308,-1.941 -4.549,-4.024 -6.725,-6.25 -1.093,-1.142 -2.168,-2.316 -3.225,-3.525 -0.087,-0.092 -0.17,-0.184 -0.25,-0.274 -2.606,-3.002 -4.981,-6.077 -7.125,-9.226 -11.001,-16.266 -15.776,-34.574 -14.325,-54.925 0.565,-7.862 1.982,-15.279 4.25,-22.25 0.533,-1.658 1.116,-3.292 1.75,-4.9 0.9,-2.166 1.867,-4.316 2.9,-6.449 1.367,-2.634 2.85,-5.167 4.45,-7.601 0.6,-1 1.25,-2 1.95,-3 3.9,-5.566 8.566,-10.716 14,-15.45 0.167,-0.167 0.317,-0.3 0.45,-0.4 0.033,-0.1 0.101,-0.184 0.2,-0.25 3.947,-3.387 8.03,-6.37 12.25,-8.95 15.354,-9.381 32.52,-13.431 51.5,-12.15 h 0.05 c 0.601,0.033 3.55,0.4 8.851,1.1 0.1,0 0.25,0.017 0.449,0.05 1.534,0.267 3.017,0.567 4.45,0.9 0.2,0.033 0.417,0.083 0.65,0.15 9.01,2.083 17.368,5.499 25.075,10.25 -3.247,6.607 -7.688,12.724 -13.325,18.35 -9.269,9.287 -19.877,15.336 -31.825,18.15 -1.519,0.363 -3.06,0.671 -4.625,0.925 -0.456,-1.834 -1.14,-3.592 -2.05,-5.274 -0.101,-0.167 -0.2,-0.351 -0.3,-0.55 -1,-2.301 -2.517,-4.417 -4.551,-6.351 -0.182,-0.168 -0.365,-0.335 -0.55,-0.5 -0.334,-0.288 -0.676,-0.563 -1.024,-0.825 -0.246,-0.19 -0.496,-0.374 -0.75,-0.55 -3.474,-2.444 -7.615,-3.87 -12.426,-4.275 -2.301,-0.139 -4.501,0.011 -6.6,0.45 -3.92,0.822 -7.487,2.656 -10.7,5.5 -0.233,0.167 -0.45,0.351 -0.649,0.551 -1.766,1.505 -3.249,3.154 -4.45,4.949 -0.377,0.57 -0.728,1.154 -1.05,1.75 l -0.051,0.125 c -0.578,1.09 -1.062,2.231 -1.449,3.426 -0.261,0.81 -0.478,1.643 -0.65,2.5 -0.019,0.091 -0.035,0.183 -0.05,0.274 -0.053,0.273 -0.104,0.548 -0.15,0.825 -0.114,0.75 -0.198,1.517 -0.25,2.3 0,0.033 0,0.084 0,0.15 -0.09,1.646 -0.04,3.246 0.15,4.8 0.082,0.744 0.199,1.478 0.35,2.2 0.834,3.666 2.601,7.066 5.3,10.2 0.018,0.016 0.034,0.032 0.051,0.05 h 0.1 c 0.133,0.155 0.266,0.306 0.4,0.45 0.887,0.994 1.819,1.895 2.8,2.699 3.657,2.97 7.991,4.62 13,4.95 h 0.25 c 0.166,0 0.316,0.033 0.45,0.101 0.1,0 0.199,0 0.3,0 0.1,0 0.2,0 0.3,0 0.1,0 0.2,0 0.3,0 1.066,0 2.101,-0.051 3.101,-0.15 0.233,-0.066 0.483,-0.1 0.75,-0.1 L 354,357.8 c 2.5,-0.633 4.967,-1.85 7.4,-3.649 0.1,-0.101 0.199,-0.167 0.3,-0.2 0.434,-0.367 0.866,-0.733 1.3,-1.101 0.033,-0.066 0.1,-0.116 0.2,-0.149 0,-0.066 0.05,-0.117 0.149,-0.15 0.101,-0.133 0.184,-0.217 0.25,-0.25 3.982,-3.478 6.524,-7.652 7.625,-12.524 2.564,-0.304 5.081,-0.729 7.551,-1.275 0.097,-0.021 0.196,-0.046 0.3,-0.075 13.821,-3.098 26.063,-9.989 36.725,-20.675 6.097,-6.083 10.964,-12.683 14.601,-19.8 1.952,1.598 3.86,3.298 5.725,5.1 0.461,0.441 0.919,0.892 1.375,1.35 1.5,1.533 2.983,3.15 4.45,4.85 1.399,1.667 2.767,3.35 4.1,5.05 7.5,9.934 12.584,20.617 15.25,32.05 0.566,2.601 1.05,5.217 1.45,7.851 0.033,0.467 0.033,0.883 0,1.25 0.284,3.789 0.192,7.798 -0.276,12.022 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#8f8f8f;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path26"
+   d="m 474.175,453.9 h -0.024 v 0.05 c -0.367,0.066 -0.75,0.033 -1.15,-0.101 -0.192,-0.096 -0.359,-0.229 -0.5,-0.399 -0.115,-0.131 -0.216,-0.281 -0.3,-0.45 v -0.15 c -0.134,-0.333 -0.134,-0.683 0,-1.05 l -0.05,0.101 6.949,-25.551 c 0.101,-0.399 0.051,-0.816 -0.149,-1.25 -0.167,-0.366 -0.417,-0.683 -0.75,-0.949 -0.134,-0.034 -8.167,-8.784 -24.101,-26.25 1.967,-3.834 4.051,-10.117 6.25,-18.851 0.32,-1.295 0.612,-2.57 0.875,-3.825 -0.005,1.095 -0.005,2.328 0,3.7 0.032,6.125 -1.677,13.117 -5.125,20.976 15.934,17.466 23.967,26.216 24.101,26.25 0.333,0.267 0.583,0.583 0.75,0.949 0.2,0.434 0.25,0.851 0.149,1.25 l -5.975,21.976 -0.975,3.575 0.05,-0.101 c -0.012,0.032 -0.02,0.065 -0.025,0.1 z m 53.775,19.45 c 6.564,5.904 9.681,14.588 9.35,26.051 -0.467,13.733 -1.383,23.517 -2.75,29.35 -0.233,1.167 -0.767,2.25 -1.6,3.25 l -0.15,0.3 c -0.333,0.233 -0.649,0.45 -0.95,0.65 -0.8,0.533 -1.666,0.866 -2.6,1 -0.8,0.2 -1.684,0.399 -2.65,0.6 -5.933,1 -14.783,1.7 -26.55,2.101 -12.402,0.389 -21.669,-2.827 -27.8,-9.65 6.079,5.449 14.679,7.999 25.8,7.65 11.767,-0.4 20.617,-1.101 26.55,-2.101 0.967,-0.2 1.851,-0.399 2.65,-0.6 0.934,-0.134 1.8,-0.467 2.6,-1 0.301,-0.2 0.617,-0.417 0.95,-0.65 l 0.15,-0.3 c 0.833,-1 1.366,-2.083 1.6,-3.25 1.367,-5.833 2.283,-15.616 2.75,-29.35 0.296,-10.23 -2.154,-18.247 -7.35,-24.051 z m -31.125,3.225 c -0.357,0.039 -0.698,0.014 -1.025,-0.075 -0.333,-0.2 -0.6,-0.467 -0.8,-0.8 -0.066,-0.066 -0.1,-0.15 -0.1,-0.25 -0.134,-0.334 -0.15,-0.667 -0.051,-1 l 0.051,-0.05 6.75,-25.051 c 0.1,-0.433 0.083,-0.85 -0.051,-1.25 1.423,1.927 2.105,3.01 2.051,3.25 l -6.75,25.051 -0.051,0.05 c -0.011,0.039 -0.019,0.081 -0.024,0.125 z M 398.6,452.75 c -0.2,0.036 -0.399,0.069 -0.6,0.1 v -0.699 l 0.6,0.599 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#dbdbdb;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path28"
+   d="m 410.625,419.3 51.85,-51.825 c -0.286,2.505 -0.703,5.089 -1.25,7.75 -0.263,1.255 -0.555,2.53 -0.875,3.825 -2.199,8.733 -4.283,15.017 -6.25,18.851 15.934,17.466 23.967,26.216 24.101,26.25 0.333,0.267 0.583,0.583 0.75,0.949 0.2,0.434 0.25,0.851 0.149,1.25 l -6.95,25.55 0.05,-0.101 c -0.134,0.367 -0.134,0.717 0,1.05 V 453 c 0.084,0.169 0.185,0.319 0.3,0.45 0.141,0.17 0.308,0.304 0.5,0.399 0.4,0.134 0.783,0.167 1.15,0.101 v -0.05 h 0.024 l 25.325,-6.65 c 0.434,-0.233 0.833,-0.217 1.2,0.05 0.333,0.167 0.633,0.434 0.899,0.8 0.134,0.4 0.15,0.817 0.051,1.25 l -6.749,25.05 -0.051,0.05 c -0.1,0.333 -0.083,0.666 0.051,1 0,0.1 0.033,0.184 0.1,0.25 0.2,0.333 0.467,0.6 0.8,0.8 0.327,0.089 0.668,0.114 1.025,0.075 0.039,-0.01 0.081,-0.018 0.125,-0.025 v 0.101 l 0.1,-0.101 26.65,-7 c 1.576,1.142 2.992,2.408 4.25,3.8 5.195,5.805 7.646,13.821 7.35,24.051 -0.467,13.733 -1.383,23.517 -2.75,29.35 -0.233,1.167 -0.767,2.25 -1.6,3.25 l -0.15,0.3 c -0.333,0.233 -0.649,0.45 -0.95,0.65 -0.8,0.533 -1.666,0.866 -2.6,1 -0.8,0.2 -1.684,0.399 -2.65,0.6 -21.5,-21.6 -32.816,-32.934 -33.949,-34 L 430.55,438.2 c -0.2,-0.101 -0.366,-0.233 -0.5,-0.4 l -5.2,-5.25 -0.149,0.15 c -0.101,0.066 -0.2,0.166 -0.3,0.3 -3.216,-3.303 -7.273,-7.353 -12.176,-12.15 -0.525,-0.505 -1.058,-1.022 -1.6,-1.55 z m 10.725,16.1 0.101,0.05 h -0.101 v -0.05 z"
+   clip-rule="evenodd" />
+	<path
+   style="fill:#c8c8c8;fill-rule:evenodd"
+   inkscape:connector-curvature="0"
+   id="path30"
+   d="m 421.35,435.4 v 0.05 h 0.101 c 0.833,-0.7 1.7,-1.417 2.6,-2.15 0.066,-0.133 0.184,-0.233 0.351,-0.3 0.1,-0.134 0.199,-0.233 0.3,-0.3 l 0.149,-0.15 5.2,5.25 c 0.134,0.167 0.3,0.3 0.5,0.4 l 60.101,60.35 c 1.133,1.066 12.449,12.4 33.949,34 -9.066,-2.467 -16.033,-6.467 -20.899,-12 -4.934,-5.633 -8.283,-9.116 -10.05,-10.45 -1.801,-1.3 -2.817,-1.866 -3.051,-1.699 -0.199,0.267 -0.449,0.483 -0.75,0.649 -1.199,0.9 -2.616,1.384 -4.25,1.45 -1.933,0 -3.6,-0.684 -5,-2.05 l -1.1,-1.101 c -0.233,-0.233 -0.417,-0.416 -0.55,-0.55 l -65.601,-65.75 c 0.067,-0.066 0.15,-0.116 0.25,-0.149 1.134,-0.733 2.267,-1.467 3.4,-2.2 0.233,-0.134 0.483,-0.3 0.75,-0.5 0.134,-0.101 0.3,-0.217 0.5,-0.351 l 3.1,-2.449 z"
+   clip-rule="evenodd" />
+</g></g>
+</svg>
\ No newline at end of file