From 57a04cb8a14a4777a3d77a92952d9fbdbd72b527 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Thu, 8 Oct 2015 20:07:00 +0200 Subject: Dont allow encryption of app files via Os methods (OKC-01-010) --- .../keychain/operations/SignEncryptOperation.java | 76 +++++++++++++++++++++- 1 file changed, 73 insertions(+), 3 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java index 843a55389..596686e9f 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java @@ -17,9 +17,17 @@ package org.sufficientlysecure.keychain.operations; +import android.annotation.TargetApi; +import android.content.ContentResolver; import android.content.Context; +import android.content.res.AssetFileDescriptor; import android.net.Uri; +import android.os.Build; +import android.os.ParcelFileDescriptor; import android.support.annotation.NonNull; +import android.system.ErrnoException; +import android.system.Os; +import android.system.StructStat; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; @@ -42,19 +50,24 @@ import org.sufficientlysecure.keychain.util.ProgressScaler; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; +import java.io.File; import java.io.FileNotFoundException; +import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.util.ArrayDeque; import java.util.ArrayList; import java.util.concurrent.atomic.AtomicBoolean; -/** This is a high-level operation, which encapsulates one or more sign/encrypt +import static android.system.OsConstants.S_IFMT; +import static android.system.OsConstants.S_IROTH; + +/** + * This is a high-level operation, which encapsulates one or more sign/encrypt * operations, using URIs or byte arrays as input and output. * * This operation is fail-fast: If any sign/encrypt sub-operation fails or returns * a pending result, it will terminate. - * */ public class SignEncryptOperation extends BaseOperation { @@ -63,6 +76,63 @@ public class SignEncryptOperation extends BaseOperation { super(context, providerHelper, progressable, cancelled); } + + /** + * Tests whether a file is readable by others + */ + @TargetApi(Build.VERSION_CODES.LOLLIPOP) + public static boolean S_IROTH(int mode) { + return (mode & S_IROTH) == S_IROTH; + } + + /** + * A replacement for ContentResolver.openInputStream() that does not allow the usage of + * "file" Uris that point to private files owned by the application only. + * + * This is not allowed: + * am start -a android.intent.action.SEND -t text/plain -n + * "org.sufficientlysecure.keychain.debug/org.sufficientlysecure.keychain.ui.EncryptFilesActivity" --eu + * android.intent.extra.STREAM + * file:///data/data/org.sufficientlysecure.keychain.debug/databases/openkeychain.db + * + * @throws FileNotFoundException + */ + @TargetApi(Build.VERSION_CODES.LOLLIPOP) + private InputStream openInputStreamSafe(ContentResolver resolver, Uri uri) + throws FileNotFoundException { + + // Not supported on Android < 5 + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) { + return resolver.openInputStream(uri); + } + + String scheme = uri.getScheme(); + if (ContentResolver.SCHEME_FILE.equals(scheme)) { + ParcelFileDescriptor pfd = ParcelFileDescriptor.open( + new File(uri.getPath()), ParcelFileDescriptor.parseMode("r")); + + try { + final StructStat st = Os.fstat(pfd.getFileDescriptor()); + if (!S_IROTH(st.st_mode)) { + Log.e(Constants.TAG, "File is not readable by others, aborting!"); + throw new FileNotFoundException("Unable to create stream"); + } + } catch (ErrnoException e) { + Log.e(Constants.TAG, "fstat() failed: " + e); + throw new FileNotFoundException("fstat() failed"); + } + + AssetFileDescriptor fd = new AssetFileDescriptor(pfd, 0, -1); + try { + return fd.createInputStream(); + } catch (IOException e) { + throw new FileNotFoundException("Unable to create stream"); + } + } else { + return resolver.openInputStream(uri); + } + } + @NonNull public SignEncryptResult execute(SignEncryptParcel input, CryptoInputParcel cryptoInput) { @@ -115,7 +185,7 @@ public class SignEncryptOperation extends BaseOperation { log.add(LogType.MSG_SE_INPUT_URI, 1); Uri uri = inputUris.removeFirst(); try { - InputStream is = mContext.getContentResolver().openInputStream(uri); + InputStream is = openInputStreamSafe(mContext.getContentResolver(), uri); long fileSize = FileHelper.getFileSize(mContext, uri, 0); String filename = FileHelper.getFilename(mContext, uri); inputData = new InputData(is, fileSize, filename); -- cgit v1.2.3 From 1fb0ed8454c5a6cac16db336dc3af33013308d01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Thu, 8 Oct 2015 20:07:29 +0200 Subject: Revert "Check that the encrypt input uris are not linked to our own internal storage (OKC-01-010)" Fix was not sufficient This reverts commit b10b14d9bc737edc56af0eec3a14bed5ebf3ea39. --- .../keychain/ui/EncryptFilesFragment.java | 29 +++------------------- 1 file changed, 3 insertions(+), 26 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java index ebb9674bf..19603a549 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java @@ -18,7 +18,6 @@ package org.sufficientlysecure.keychain.ui; -import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Date; @@ -451,29 +450,9 @@ public class EncryptFilesFragment } - /** - * Checks that the input uris are not linked to our own internal storage. - * This prevents the encryption of our own database (-> export of whole database) - */ - private void securityCheckInternalStorage() { - for (FilesAdapter.ViewModel model : mFilesAdapter.mDataset) { - File fileInput = new File(model.inputUri.getPath()); - try { - // the canonical path of the file must not start with /data/data/org.sufficientlysecure.keychain/ - if (fileInput.getCanonicalPath().startsWith(getActivity().getApplicationInfo().dataDir)) { - throw new RuntimeException("Encrypting OpenKeychain's private files is not allowed!"); - } - } catch (IOException e) { - Log.e(Constants.TAG, "Getting canonical path failed!", e); - } - } - } - - /** - * Prepares mOutputUris, either directly and returns false, or indirectly - * which returns true and will call cryptoOperation after mOutputUris has - * been set at a later point. - */ + // prepares mOutputUris, either directly and returns false, or indirectly + // which returns true and will call cryptoOperation after mOutputUris has + // been set at a later point. private boolean prepareOutputStreams() { switch (mAfterEncryptAction) { @@ -549,8 +528,6 @@ public class EncryptFilesFragment } - securityCheckInternalStorage(); - return actionsParcel; } -- cgit v1.2.3 From 83fef47ec89ce1baa92340bbd528dd23c66e5f53 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Fri, 9 Oct 2015 01:44:40 +0200 Subject: make openInputStreamSafe static and move to FileHelper --- .../keychain/operations/SignEncryptOperation.java | 89 +++------------------- .../keychain/util/FileHelper.java | 83 +++++++++++++++++--- 2 files changed, 85 insertions(+), 87 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java index 596686e9f..2ca74063c 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/SignEncryptOperation.java @@ -17,17 +17,19 @@ package org.sufficientlysecure.keychain.operations; -import android.annotation.TargetApi; -import android.content.ContentResolver; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.ArrayDeque; +import java.util.ArrayList; +import java.util.concurrent.atomic.AtomicBoolean; + import android.content.Context; -import android.content.res.AssetFileDescriptor; import android.net.Uri; -import android.os.Build; -import android.os.ParcelFileDescriptor; import android.support.annotation.NonNull; -import android.system.ErrnoException; -import android.system.Os; -import android.system.StructStat; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; @@ -48,19 +50,6 @@ import org.sufficientlysecure.keychain.util.InputData; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.ProgressScaler; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.ArrayDeque; -import java.util.ArrayList; -import java.util.concurrent.atomic.AtomicBoolean; - -import static android.system.OsConstants.S_IFMT; -import static android.system.OsConstants.S_IROTH; /** * This is a high-level operation, which encapsulates one or more sign/encrypt @@ -77,62 +66,6 @@ public class SignEncryptOperation extends BaseOperation { } - /** - * Tests whether a file is readable by others - */ - @TargetApi(Build.VERSION_CODES.LOLLIPOP) - public static boolean S_IROTH(int mode) { - return (mode & S_IROTH) == S_IROTH; - } - - /** - * A replacement for ContentResolver.openInputStream() that does not allow the usage of - * "file" Uris that point to private files owned by the application only. - * - * This is not allowed: - * am start -a android.intent.action.SEND -t text/plain -n - * "org.sufficientlysecure.keychain.debug/org.sufficientlysecure.keychain.ui.EncryptFilesActivity" --eu - * android.intent.extra.STREAM - * file:///data/data/org.sufficientlysecure.keychain.debug/databases/openkeychain.db - * - * @throws FileNotFoundException - */ - @TargetApi(Build.VERSION_CODES.LOLLIPOP) - private InputStream openInputStreamSafe(ContentResolver resolver, Uri uri) - throws FileNotFoundException { - - // Not supported on Android < 5 - if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) { - return resolver.openInputStream(uri); - } - - String scheme = uri.getScheme(); - if (ContentResolver.SCHEME_FILE.equals(scheme)) { - ParcelFileDescriptor pfd = ParcelFileDescriptor.open( - new File(uri.getPath()), ParcelFileDescriptor.parseMode("r")); - - try { - final StructStat st = Os.fstat(pfd.getFileDescriptor()); - if (!S_IROTH(st.st_mode)) { - Log.e(Constants.TAG, "File is not readable by others, aborting!"); - throw new FileNotFoundException("Unable to create stream"); - } - } catch (ErrnoException e) { - Log.e(Constants.TAG, "fstat() failed: " + e); - throw new FileNotFoundException("fstat() failed"); - } - - AssetFileDescriptor fd = new AssetFileDescriptor(pfd, 0, -1); - try { - return fd.createInputStream(); - } catch (IOException e) { - throw new FileNotFoundException("Unable to create stream"); - } - } else { - return resolver.openInputStream(uri); - } - } - @NonNull public SignEncryptResult execute(SignEncryptParcel input, CryptoInputParcel cryptoInput) { @@ -185,7 +118,7 @@ public class SignEncryptOperation extends BaseOperation { log.add(LogType.MSG_SE_INPUT_URI, 1); Uri uri = inputUris.removeFirst(); try { - InputStream is = openInputStreamSafe(mContext.getContentResolver(), uri); + InputStream is = FileHelper.openInputStreamSafe(mContext.getContentResolver(), uri); long fileSize = FileHelper.getFileSize(mContext, uri, 0); String filename = FileHelper.getFilename(mContext, uri); inputData = new InputData(is, fileSize, filename); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java index fea3e65b6..feeaf3459 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java @@ -17,11 +17,23 @@ package org.sufficientlysecure.keychain.util; + +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.text.DecimalFormat; + import android.annotation.TargetApi; import android.content.ActivityNotFoundException; import android.content.ContentResolver; import android.content.Context; import android.content.Intent; +import android.content.res.AssetFileDescriptor; import android.database.Cursor; import android.graphics.Bitmap; import android.graphics.Point; @@ -29,22 +41,19 @@ import android.net.Uri; import android.os.Build; import android.os.Build.VERSION_CODES; import android.os.Environment; +import android.os.ParcelFileDescriptor; import android.provider.DocumentsContract; import android.provider.OpenableColumns; -import android.support.annotation.StringRes; import android.support.v4.app.Fragment; +import android.system.ErrnoException; +import android.system.Os; +import android.system.StructStat; import android.widget.Toast; +import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.R; -import java.io.BufferedInputStream; -import java.io.BufferedOutputStream; -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.io.UnsupportedEncodingException; -import java.text.DecimalFormat; +import static android.system.OsConstants.S_IROTH; /** This class offers a number of helper functions for saving documents. @@ -269,6 +278,62 @@ public class FileHelper { return true; } + /** + * Tests whether a file is readable by others + */ + @TargetApi(VERSION_CODES.LOLLIPOP) + public static boolean S_IROTH(int mode) { + return (mode & S_IROTH) == S_IROTH; + } + + /** + * A replacement for ContentResolver.openInputStream() that does not allow the usage of + * "file" Uris that point to private files owned by the application only. + * + * This is not allowed: + * am start -a android.intent.action.SEND -t text/plain -n + * "org.sufficientlysecure.keychain.debug/org.sufficientlysecure.keychain.ui.EncryptFilesActivity" --eu + * android.intent.extra.STREAM + * file:///data/data/org.sufficientlysecure.keychain.debug/databases/openkeychain.db + * + * @throws FileNotFoundException + */ + @TargetApi(VERSION_CODES.LOLLIPOP) + public static InputStream openInputStreamSafe(ContentResolver resolver, Uri uri) + throws FileNotFoundException { + + // Not supported on Android < 5 + if (Build.VERSION.SDK_INT < VERSION_CODES.LOLLIPOP) { + return resolver.openInputStream(uri); + } + + String scheme = uri.getScheme(); + if (ContentResolver.SCHEME_FILE.equals(scheme)) { + ParcelFileDescriptor pfd = ParcelFileDescriptor.open( + new File(uri.getPath()), ParcelFileDescriptor.parseMode("r")); + + try { + final StructStat st = Os.fstat(pfd.getFileDescriptor()); + if (!S_IROTH(st.st_mode)) { + Log.e(Constants.TAG, "File is not readable by others, aborting!"); + throw new FileNotFoundException("Unable to create stream"); + } + } catch (ErrnoException e) { + Log.e(Constants.TAG, "fstat() failed: " + e); + throw new FileNotFoundException("fstat() failed"); + } + + AssetFileDescriptor fd = new AssetFileDescriptor(pfd, 0, -1); + try { + return fd.createInputStream(); + } catch (IOException e) { + throw new FileNotFoundException("Unable to create stream"); + } + } else { + return resolver.openInputStream(uri); + } + } + public interface FileDialogCallback { void onFileSelected(File file, boolean checked); } -- cgit v1.2.3 From 3316cb65e6b739deb7d0652fcd16a9d9bedf8c5b Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Fri, 9 Oct 2015 13:11:25 +0200 Subject: viewkeyactivity: ask for passphrase for backup only if key has one --- .../keychain/ui/ViewKeyActivity.java | 32 ++++++++++++++++++++-- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java index de859724b..0fb7cdf92 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java @@ -65,12 +65,14 @@ import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing; import org.sufficientlysecure.keychain.operations.results.ImportKeyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult; +import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType; import org.sufficientlysecure.keychain.pgp.KeyRing; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing; import org.sufficientlysecure.keychain.provider.KeychainContract; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings; import org.sufficientlysecure.keychain.provider.ProviderHelper; +import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException; import org.sufficientlysecure.keychain.service.ImportKeyringParcel; import org.sufficientlysecure.keychain.ui.ViewKeyFragment.PostponeType; import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity; @@ -450,9 +452,33 @@ public class ViewKeyActivity extends BaseNfcActivity implements } private void startPassphraseActivity(int requestCode) { - Intent intent = new Intent(this, PassphraseDialogActivity.class); - intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, mMasterKeyId); - startActivityForResult(intent, requestCode); + + if (keyHasPassphrase()) { + Intent intent = new Intent(this, PassphraseDialogActivity.class); + intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, mMasterKeyId); + startActivityForResult(intent, requestCode); + } else { + startBackupActivity(); + } + } + + private boolean keyHasPassphrase() { + try { + SecretKeyType secretKeyType = + mProviderHelper.getCachedPublicKeyRing(mMasterKeyId).getSecretKeyType(mMasterKeyId); + switch (secretKeyType) { + // all of these make no sense to ask + case PASSPHRASE_EMPTY: + case GNU_DUMMY: + case DIVERT_TO_CARD: + case UNAVAILABLE: + return false; + default: + return true; + } + } catch (NotFoundException e) { + return false; + } } private void backupToFile() { -- cgit v1.2.3 From e67e8cd8c1677fe95d0fe15df0e0d1342d8cc44e Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Fri, 9 Oct 2015 14:28:25 +0200 Subject: fix variable name mistake (wth did I commit there?!) --- .../java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java index 4067372a1..ed5566bc1 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java @@ -133,7 +133,7 @@ class PgpSignatureChecker { KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId) ); CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId); - if ( ! signingKey.canSign()) { + if ( ! keyCandidate.canSign()) { continue; } signatureIndex = i; @@ -156,7 +156,7 @@ class PgpSignatureChecker { KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId) ); CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId); - if ( ! signingKey.canSign()) { + if ( ! keyCandidate.canSign()) { continue; } signatureIndex = i; -- cgit v1.2.3 From eff4ae5551f286f4c870c3f9db44ceb73c3c2fcf Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Fri, 9 Oct 2015 14:56:46 +0200 Subject: Revert "viewkeyactivity: ask for passphrase for backup only if key has one" This reverts commit 3316cb65e6b739deb7d0652fcd16a9d9bedf8c5b. Committed to wrong branch, derp :) --- .../keychain/ui/ViewKeyActivity.java | 32 ++-------------------- 1 file changed, 3 insertions(+), 29 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java index 0fb7cdf92..de859724b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java @@ -65,14 +65,12 @@ import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing; import org.sufficientlysecure.keychain.operations.results.ImportKeyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult; -import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType; import org.sufficientlysecure.keychain.pgp.KeyRing; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing; import org.sufficientlysecure.keychain.provider.KeychainContract; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings; import org.sufficientlysecure.keychain.provider.ProviderHelper; -import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException; import org.sufficientlysecure.keychain.service.ImportKeyringParcel; import org.sufficientlysecure.keychain.ui.ViewKeyFragment.PostponeType; import org.sufficientlysecure.keychain.ui.base.BaseNfcActivity; @@ -452,33 +450,9 @@ public class ViewKeyActivity extends BaseNfcActivity implements } private void startPassphraseActivity(int requestCode) { - - if (keyHasPassphrase()) { - Intent intent = new Intent(this, PassphraseDialogActivity.class); - intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, mMasterKeyId); - startActivityForResult(intent, requestCode); - } else { - startBackupActivity(); - } - } - - private boolean keyHasPassphrase() { - try { - SecretKeyType secretKeyType = - mProviderHelper.getCachedPublicKeyRing(mMasterKeyId).getSecretKeyType(mMasterKeyId); - switch (secretKeyType) { - // all of these make no sense to ask - case PASSPHRASE_EMPTY: - case GNU_DUMMY: - case DIVERT_TO_CARD: - case UNAVAILABLE: - return false; - default: - return true; - } - } catch (NotFoundException e) { - return false; - } + Intent intent = new Intent(this, PassphraseDialogActivity.class); + intent.putExtra(PassphraseDialogActivity.EXTRA_SUBKEY_ID, mMasterKeyId); + startActivityForResult(intent, requestCode); } private void backupToFile() { -- cgit v1.2.3