apply promote operation to specific subkeys present on yubikey only

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java

@@ -19,6 +19,7 @@
 package org.sufficientlysecure.keychain.pgp;
 
 import org.spongycastle.openpgp.PGPKeyRing;
+import org.spongycastle.openpgp.PGPPublicKey;
 import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.util.IterableIterator;
 
@@ -127,7 +128,11 @@ public abstract class CanonicalizedKeyRing extends KeyRing {
     }
 
     public CanonicalizedPublicKey getPublicKey(long id) {
-        return new CanonicalizedPublicKey(this, getRing().getPublicKey(id));
+        PGPPublicKey pubKey = getRing().getPublicKey(id);
+        if (pubKey == null) {
+            return null;
+        }
+        return new CanonicalizedPublicKey(this, pubKey);
     }
 
     public byte[] getEncoded() throws IOException {

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java

@@ -103,9 +103,22 @@ public class CanonicalizedPublicKeyRing extends CanonicalizedKeyRing {
     }
 
     /** Create a dummy secret ring from this key */
-    public UncachedKeyRing createDivertSecretRing (byte[] cardAid) {
+    public UncachedKeyRing createDivertSecretRing (byte[] cardAid, long[] subKeyIds) {
         PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(), cardAid);
-        return new UncachedKeyRing(secRing);
+
+        if (subKeyIds == null) {
+            return new UncachedKeyRing(secRing);
+        }
+
+        // if only specific subkeys should be promoted, construct a
+        // stripped dummy, then move divert-to-card keys over
+        PGPSecretKeyRing newRing = PGPSecretKeyRing.constructDummyFromPublic(getRing());
+        for (long subKeyId : subKeyIds) {
+            newRing = PGPSecretKeyRing.insertSecretKey(newRing, secRing.getSecretKey(subKeyId));
+        }
+
+        return new UncachedKeyRing(newRing);
+
     }
 
 }