1 files changed, 12 insertions, 11 deletions

diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index 29255fbbe..003db632d 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -67,6 +67,7 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.SignatureException;
 import java.util.Iterator;
+import java.util.Set;
 
 /**
  * This class uses a Builder pattern!
@@ -79,7 +80,7 @@ public class PgpDecryptVerify {
     private ProgressDialogUpdater mProgressDialogUpdater;
     private boolean mAllowSymmetricDecryption;
     private String mPassphrase;
-    private long mEnforcedKeyId;
+    private Set<Long> mAllowedKeyIds;
 
     private PgpDecryptVerify(Builder builder) {
         // private Constructor can only be called from Builder
@@ -90,7 +91,7 @@ public class PgpDecryptVerify {
         this.mProgressDialogUpdater = builder.mProgressDialogUpdater;
         this.mAllowSymmetricDecryption = builder.mAllowSymmetricDecryption;
         this.mPassphrase = builder.mPassphrase;
-        this.mEnforcedKeyId = builder.mEnforcedKeyId;
+        this.mAllowedKeyIds = builder.mAllowedKeyIds;
     }
 
     public static class Builder {
@@ -103,7 +104,7 @@ public class PgpDecryptVerify {
         private ProgressDialogUpdater mProgressDialogUpdater = null;
         private boolean mAllowSymmetricDecryption = true;
         private String mPassphrase = null;
-        private long mEnforcedKeyId = 0;
+        private Set<Long> mAllowedKeyIds = null;
 
         public Builder(Context context, InputData data, OutputStream outStream) {
             this.mContext = context;
@@ -127,14 +128,14 @@ public class PgpDecryptVerify {
         }
 
         /**
-         * Allow this key id alone for decryption.
-         * This means only ciphertexts encrypted for this private key can be decrypted.
+         * Allow these key ids alone for decryption.
+         * This means only ciphertexts encrypted for one of these private key can be decrypted.
          *
-         * @param enforcedKeyId
+         * @param allowedKeyIds
          * @return
          */
-        public Builder enforcedKeyId(long enforcedKeyId) {
-            this.mEnforcedKeyId = enforcedKeyId;
+        public Builder allowedKeyIds(Set<Long> allowedKeyIds) {
+            this.mAllowedKeyIds = allowedKeyIds;
             return this;
         }
 
@@ -236,16 +237,16 @@ public class PgpDecryptVerify {
                     // secret key exists in database
 
                     // allow only a specific key for decryption?
-                    if (mEnforcedKeyId != 0) {
+                    if (mAllowedKeyIds != null) {
                         // TODO: improve this code! get master key directly!
                         PGPSecretKeyRing secretKeyRing =
                                 ProviderHelper.getPGPSecretKeyRingByKeyId(mContext, encData.getKeyID());
                         long masterKeyId = PgpKeyHelper.getMasterKey(secretKeyRing).getKeyID();
                         Log.d(Constants.TAG, "encData.getKeyID():" + encData.getKeyID());
-                        Log.d(Constants.TAG, "enforcedKeyId: " + mEnforcedKeyId);
+                        Log.d(Constants.TAG, "allowedKeyIds: " + mAllowedKeyIds);
                         Log.d(Constants.TAG, "masterKeyId: " + masterKeyId);
 
-                        if (mEnforcedKeyId != masterKeyId) {
+                        if (!mAllowedKeyIds.contains(masterKeyId)) {
                             throw new PgpGeneralException(
                                     mContext.getString(R.string.error_no_secret_key_found));
                         }