1 files changed, 8 insertions, 7 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 10a178ae2..6fdcf0a7e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -400,15 +400,21 @@ public class OpenPgpService extends RemoteService {
 
                 String passphrase = null;
                 if (sign) {
+
+                    // Find the appropriate subkey to sign with
+                    CachedPublicKeyRing signingRing =
+                            new ProviderHelper(this).getCachedPublicKeyRing(accSettings.getKeyId());
+                    final long sigSubKeyId = signingRing.getSignId();
+
                     if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
                         passphrase = data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE);
                     } else {
                         passphrase = PassphraseCacheService.getCachedPassphrase(getContext(),
-                                accSettings.getKeyId(), accSettings.getKeyId());
+                                accSettings.getKeyId(), sigSubKeyId);
                     }
                     if (passphrase == null) {
                         // get PendingIntent for passphrase input, add it to given params and return to client
-                        return getPassphraseIntent(data, accSettings.getKeyId());
+                        return getPassphraseIntent(data, sigSubKeyId);
                     }
 
                     byte[] nfcSignedHash = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_SIGNED_HASH);
@@ -419,11 +425,6 @@ public class OpenPgpService extends RemoteService {
                         nfcCreationDate = new Date(nfcCreationTimestamp);
                     }
 
-                    // Find the appropriate subkey to sign with
-                    CachedPublicKeyRing signingRing =
-                            new ProviderHelper(this).getCachedPublicKeyRing(accSettings.getKeyId());
-                    long sigSubKeyId = signingRing.getSignId();
-
                     // sign and encrypt
                     builder.setSignatureHashAlgorithm(accSettings.getHashAlgorithm())
                             .setSignatureMasterKeyId(accSettings.getKeyId())