1 files changed, 8 insertions, 4 deletions

diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 1cd5862e7..b00c012b8 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -45,6 +45,7 @@ import org.sufficientlysecure.keychain.util.Log;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.ArrayList;
+import java.util.Set;
 
 public class OpenPgpService extends RemoteService {
 
@@ -276,7 +277,7 @@ public class OpenPgpService extends RemoteService {
     }
 
     private Intent decryptAndVerifyImpl(Intent data, ParcelFileDescriptor input,
-                                        ParcelFileDescriptor output, AccountSettings accSettings) {
+                                        ParcelFileDescriptor output, Set<Long> allowedKeyIds) {
         try {
             // Get Input- and OutputStream from ParcelFileDescriptor
             InputStream is = new ParcelFileDescriptor.AutoCloseInputStream(input);
@@ -291,7 +292,7 @@ public class OpenPgpService extends RemoteService {
 
                 PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(this, inputData, os);
                 builder.allowSymmetricDecryption(false) // no support for symmetric encryption
-                        .enforcedKeyId(accSettings.getKeyId()) // allow only the private key for this app for decryption
+                        .allowedKeyIds(allowedKeyIds) // allow only private keys associated with accounts of this app
                         .passphrase(passphrase);
 
                 // TODO: currently does not support binary signed-only content
@@ -299,7 +300,7 @@ public class OpenPgpService extends RemoteService {
 
                 if (PgpDecryptVerifyResult.KEY_PASSHRASE_NEEDED == decryptVerifyResult.getStatus()) {
                     // get PendingIntent for passphrase input, add it to given params and return to client
-                    Intent passphraseBundle = getPassphraseBundleIntent(data, accSettings.getKeyId());
+                    Intent passphraseBundle = getPassphraseBundleIntent(data, decryptVerifyResult.getKeyIdPassphraseNeeded());
                     return passphraseBundle;
                 } else if (PgpDecryptVerifyResult.SYMMETRIC_PASSHRASE_NEEDED == decryptVerifyResult.getStatus()) {
                     throw new PgpGeneralException("Decryption of symmetric content not supported by API!");
@@ -452,7 +453,10 @@ public class OpenPgpService extends RemoteService {
             } else if (OpenPgpApi.ACTION_SIGN_AND_ENCRYPT.equals(action)) {
                 return encryptAndSignImpl(data, input, output, accSettings, true);
             } else if (OpenPgpApi.ACTION_DECRYPT_VERIFY.equals(action)) {
-                return decryptAndVerifyImpl(data, input, output, accSettings);
+                String currentPkg = getCurrentCallingPackage();
+                Set<Long> allowedKeyIds =
+                        ProviderHelper.getAllKeyIdsForApp(mContext, KeychainContract.ApiAccounts.buildBaseUri(currentPkg));
+                return decryptAndVerifyImpl(data, input, output, allowedKeyIds);
             } else if (OpenPgpApi.ACTION_GET_KEY.equals(action)) {
                 return getKeyImpl(data);
             } else if (OpenPgpApi.ACTION_GET_KEY_IDS.equals(action)) {