1 files changed, 17 insertions, 6 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index c85774ead..c5cbcbb71 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -199,7 +199,8 @@ public class OpenPgpService extends Service {
     }
 
     private Intent signImpl(Intent data, InputStream inputStream,
-                            OutputStream outputStream, boolean cleartextSign) {
+                            OutputStream outputStream, boolean cleartextSign,
+                            boolean sshAuth) {
         try {
             boolean asciiArmor = cleartextSign || data.getBooleanExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true);
 
@@ -209,6 +210,7 @@ public class OpenPgpService extends Service {
                     .setCleartextSignature(cleartextSign)
                     .setDetachedSignature(!cleartextSign)
                     .setVersionHeader(null)
+                    .setSshAuth(sshAuth)
                     .setSignatureHashAlgorithm(PgpSecurityConstants.OpenKeychainHashAlgorithmTags.USE_DEFAULT);
 
 
@@ -227,9 +229,15 @@ public class OpenPgpService extends Service {
 
                 // get first usable subkey capable of signing
                 try {
-                    long signSubKeyId = mProviderHelper.getCachedPublicKeyRing(
+                    long subKeyId;
+                    if (sshAuth) {
+                         subKeyId = mProviderHelper.getCachedPublicKeyRing(
+                            pgpData.getSignatureMasterKeyId()).getSecretAuthId();
+                    } else {
+                         subKeyId = mProviderHelper.getCachedPublicKeyRing(
                             pgpData.getSignatureMasterKeyId()).getSecretSignId();
-                    pgpData.setSignatureSubKeyId(signSubKeyId);
+                    }
+                    pgpData.setSignatureSubKeyId(subKeyId);
                 } catch (PgpKeyNotFoundException e) {
                     throw new Exception("signing subkey not found!", e);
                 }
@@ -941,15 +949,18 @@ public class OpenPgpService extends Service {
                 return checkPermissionImpl(data);
             }
             case OpenPgpApi.ACTION_CLEARTEXT_SIGN: {
-                return signImpl(data, inputStream, outputStream, true);
+                return signImpl(data, inputStream, outputStream, true, false);
             }
             case OpenPgpApi.ACTION_SIGN: {
                 // DEPRECATED: same as ACTION_CLEARTEXT_SIGN
                 Log.w(Constants.TAG, "You are using a deprecated API call, please use ACTION_CLEARTEXT_SIGN instead of ACTION_SIGN!");
-                return signImpl(data, inputStream, outputStream, true);
+                return signImpl(data, inputStream, outputStream, true, false);
             }
             case OpenPgpApi.ACTION_DETACHED_SIGN: {
-                return signImpl(data, inputStream, outputStream, false);
+                return signImpl(data, inputStream, outputStream, false, false);
+            }
+            case OpenPgpApi.ACTION_SSH_AUTH: {
+                return signImpl(data, inputStream, outputStream, false, true);
             }
             case OpenPgpApi.ACTION_ENCRYPT: {
                 return encryptAndSignImpl(data, inputStream, outputStream, false);