2 files changed, 19 insertions, 6 deletions

diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle
index fcf099023..98d183741 100644
--- a/OpenKeychain/build.gradle
+++ b/OpenKeychain/build.gradle
@@ -160,6 +160,19 @@ android {
             // Reference them in .xml files.
             resValue "string", "account_type", "org.sufficientlysecure.keychain.account"
             resValue "string", "provider_content_authority", "org.sufficientlysecure.keychain.provider"
+
+            // Github API ID and secret are read from gradle.properties (not in git!)
+            // must use double escaping in gradle.properties! For example:
+            // githubClientId="\\"7a011b66275f244d3f21\\""
+            // githubClientSecret="\\"eaced8a6655719d8c6848396de97b3f5d7a89fec\\""
+            if (project.hasProperty('githubClientId') &&
+                project.hasProperty('githubClientSecret')) {
+
+                println "Found github oauth properties"
+
+                buildConfigField "String", "GITHUB_CLIENT_ID", githubClientId
+                buildConfigField "String", "GITHUB_CLIENT_SECRET", githubClientSecret
+            }
         }
 
         debug {
@@ -169,14 +182,14 @@ android {
             buildConfigField "String", "ACCOUNT_TYPE", "\"org.sufficientlysecure.keychain.debug.account\""
             buildConfigField "String", "PROVIDER_CONTENT_AUTHORITY", "\"org.sufficientlysecure.keychain.debug.provider\""
 
-            // Github api for debug build only
-            buildConfigField "String", "GITHUB_CLIENT_ID", "\"7a011b66275f244d3f21\""
-            buildConfigField "String", "GITHUB_CLIENT_SECRET", "\"eaced8a6655719d8c6848396de97b3f5d7a89fec\""
-
             // Reference them in .xml files.
             resValue "string", "account_type", "org.sufficientlysecure.keychain.debug.account"
             resValue "string", "provider_content_authority", "org.sufficientlysecure.keychain.debug.provider"
 
+            // Github API for debug build only
+            buildConfigField "String", "GITHUB_CLIENT_ID", "\"7a011b66275f244d3f21\""
+            buildConfigField "String", "GITHUB_CLIENT_SECRET", "\"eaced8a6655719d8c6848396de97b3f5d7a89fec\""
+
             // Enable code coverage (Jacoco)
             testCoverageEnabled true
         }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
index cbd8ce47a..7ad7b4d0f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
@@ -79,8 +79,8 @@ public class PgpSecurityConstants {
      */
     private static HashSet<Integer> sHashAlgorithmsWhitelist = new HashSet<>(Arrays.asList(
             // MD5: broken
-            // SHA1: broken
-            // RIPEMD160: same security properties as SHA1
+            HashAlgorithmTags.SHA1, // TODO: disable when SHA256 is widely deployed
+            HashAlgorithmTags.RIPEMD160, // same security properties as SHA1, TODO: disable when SHA256 is widely deployed
             // DOUBLE_SHA: not used widely
             // MD2: not used widely
             // TIGER_192: not used widely